[MissingDefinitions] ValueError: list_op [] unknown type = list_op [] unknown type is not in list

[mm4rks]

What happened?

Traceback (most recent call last):
  File "/home/user/dewolf/decompile.py", line 82, in <module>
    main(Decompiler)
  File "/home/user/dewolf/decompiler/util/commandline.py", line 87, in main
    task = decompiler.decompile(function_name, options)
  File "/home/user/dewolf/decompile.py", line 56, in decompile
    pipeline.run(task)
  File "/home/user/dewolf/decompiler/pipeline/pipeline.py", line 109, in run
    raise e
  File "/home/user/dewolf/decompiler/pipeline/pipeline.py", line 102, in run
    instance.run(task)
  File "/home/user/dewolf/decompiler/pipeline/preprocessing/missing_definitions.py", line 99, in run
    self.insert_missing_definitions()
  File "/home/user/dewolf/decompiler/pipeline/preprocessing/missing_definitions.py", line 133, in insert_missing_definitions
    self._insert_definition_if_undefined(variable, previous_ssa_labels, undefined_variables)
  File "/home/user/dewolf/decompiler/pipeline/preprocessing/missing_definitions.py", line 158, in _insert_definition_if_undefined
    self._insert_definition_of_aliased(variable, previous_ssa_labels)
  File "/home/user/dewolf/decompiler/pipeline/preprocessing/missing_definitions.py", line 176, in _insert_definition_of_aliased
    position_insert_definition = self._find_position_to_insert_aliased_definition(basicblock_for_definition, memory_instruction)
  File "/home/user/dewolf/decompiler/pipeline/preprocessing/missing_definitions.py", line 202, in _find_position_to_insert_aliased_definition
    position_insert_definition = self._get_insertion_position(memory_instruction, basicblock)
  File "/home/user/dewolf/decompiler/pipeline/preprocessing/missing_definitions.py", line 218, in _get_insertion_position
    position_insert_definition = basicblock.instructions.index(memory_instruction, starting_search) + 1
ValueError: list_op [] unknown type = list_op [] unknown type is not in list

How to reproduce?

python decompile.py 7923f949e7422ac02c2dc5148950861f8102c83859f00b7d09857b95f16f7caf ___scrt_fastfail --pipeline.debug

Affected Binary Ninja Version(s)

3.3.3996 (Build ID e34a955e)

[NeoQuix]

Another binary with error in main: x.zip

[ebehner]

It seems that the problem occurs because variables with the same name and ssa-label have different types. This should not happen at this time. The pipeline-stage Coherence does not handle this. Here, we check only for each variable together with its SSA-label whether they have the same type. I think for aliased variables they should have the same type independent of the label.

Non-SSA-Block with variable var_33c:

SSA-Block with variable var_33c, we add the SSA-label here:

The problem is that var_33c#1 has type int * aliased: False, whereas var_33c#3 has type unkown type aliased: True:

The coherence stage sets all aliased values to true, but it only checks for the same label, whether they have the same type.
At least for aliased-variables, this should not be the case. For all other, we can discuss this.