[Phi-Pre] There are variables in the phi-function that are not live at any predecessor block

[NeoQuix]

What happened?

Error in bin/wscript.exe in 0x140008880
[pipeline.py:107 run()] ERROR - Failed to decompile ?OnError@XMLScrSite@@UEAAJKPEAUIScriptletError@@@Z, error during stage phi-function-fixer: There are variables in the phi-function that are not live at any predecessor block
Traceback (most recent call last):
  File "/home/neoquix/Git-Repos/DeWolf/decompile.py", line 76, in <module>
    main(Decompiler)
  File "/home/neoquix/Git-Repos/DeWolf/decompiler/util/commandline.py", line 80, in main
    task = decompiler.decompile(function_name, options)
  File "/home/neoquix/Git-Repos/DeWolf/decompile.py", line 51, in decompile
    pipeline.run(task)
  File "/home/neoquix/Git-Repos/DeWolf/decompiler/pipeline/pipeline.py", line 109, in run
    raise e
  File "/home/neoquix/Git-Repos/DeWolf/decompiler/pipeline/pipeline.py", line 102, in run
    instance.run(task)
  File "/home/neoquix/Git-Repos/DeWolf/decompiler/pipeline/preprocessing/phi_predecessors.py", line 29, in run
    self.extend_phi_functions()
  File "/home/neoquix/Git-Repos/DeWolf/decompiler/pipeline/preprocessing/phi_predecessors.py", line 41, in extend_phi_functions
    raise ValueError("There are variables in the phi-function that are not live at any predecessor block")
ValueError: There are variables in the phi-function that are not live at any predecessor block

How to reproduce?

Decompile wscript at 0x140008880

Affected Binary Ninja Version(s)

3.3.3996

[ebehner]

@NeoQuix I can not reproduce this error, the sample decompiles without any error. Do you have another sample with the same error?

[NeoQuix]

Nope it's the only function which yields this error.
On my machine it still persists.
Will try it on my PC instead of notebook later.

Looked up the error, and rax_10#15 is the variable which is not live at any block before.
Even in Bninja i did not find the assignment of rax_10#15.

What version of bninja are you using?
And can you maybe provide the output of the decompiler?

[steffenenders]

I get the same error using both 3.4.4263-dev and 3.3.3996.

[ebehner]

I am using binary ninja 3.3.3996 and the current main (546b31e)

[ebehner]

here the output:

╰(.venv)─λ python decompile.py /home/eva/Downloads/samples/wscript.exe 140008880                                             0 (1.416s) < 13:09:09
[0:0 Default error] Error searching remote symbol server https://msdl.microsoft.com/download/symbols: Err(Bytes written mismatch!)

unsigned long sub_140008880(void * arg1, int arg2, long * arg3) {
    void vVar0;
    BSTR NoneVar13;
    BSTR NoneVar6;
    int iVar12;
    int iVar7;
    int iVar8;
    unsigned long ulVar9;
    void * vpVar1;
    void * vpVar1;
    short * spVar10;
    short * spVar3;
    long * lpVar11;
    long * lpVar3;
    long * lpVar6;
    long * lpVar98;
    long * lpVar98;
    long * lpVar98;
    spVar10 = 0x0;
    ulVar9 = *(*lpVar3_0 + 24L)(lpVar3, &vVar0);
    if ((unsigned int)ulVar9 >= 0) {
        vpVar1 += 32L;
        *(*vpVar1 + 40L) = 0x0;
        lpVar11 = 0x0;
        if (lppVar2 == 0x8004fffc) {
            vpVar1 += 48L;
            if (*vpVar1 != 0) {
                NoneVar13 = 0x0;
                lpVar11 = 0x0;
            }
            else {
                *vpVar1 = 0x1;
                iVar12 = *(*lpVar6_4 + 40L)();
                if (iVar12 >= 0) {
                    iVar12 = sub_140005164(*vpVar1, &lpVar11);
                    if (iVar12 >= 0) {
                        iVar12 = *(*lpVar98_8 + 40L)();
                        if (iVar12 >= 0) {
                            iVar12 = *(*lpVar98_9 + 48L)();
                            NoneVar13 = 0x0;
                        }
                        else if (iVar12 != 0x80020006) {
                            NoneVar13 = 0x0;
                        }
                        if (iVar12 == 0x80020006) {
                            NoneVar13 = 0x0;
                        }
                    }
                    else {
                        NoneVar13 = 0x0;
                    }
                }
                else {
                    NoneVar13 = 0x0;
                }
            }
        }
        else {
            if ((lppVar2 != 0x80004004) && (lppVar2 != 0x8004fffd) && (lppVar2 != 0x8004fffe) && ((spVar3 == 0L) || (0 == *spVar3))) {
                iVar12 = sub_1400067cc(lppVar2, &spVar10);
                if (iVar12 < 0) {
                    NoneVar13 = 0x0;
                    lpVar11 = 0x0;
                }
            }
            if ((lppVar2 != 0x80004004) && (lppVar2 != 0x8004fffd) && (lppVar2 != 0x8004fffe) && ((spVar3 != 0L) || (iVar12 >= 0)) && ((0 != *spVar3) || (iVar12 >= 0))) {
                NoneVar13 = 0x0;
                lpVar11 = 0x0;
                iVar12 = *(*lpVar3_0 + 32L)(lpVar3, &iVar7, &iVar8);
                iVar12 = *(*lpVar3_0 + 40L)(lpVar3, &NoneVar13);
                if (iVar12 < 0) {
                    NoneVar6 = 0x0;
                }
                else {
                    NoneVar6 = NoneVar13;
                }
                iVar12 = *(**(vpVar1_0 + 32L) + 40L)();
                NoneVar13 = NoneVar6;
            }
        }
        if (lppVar2 == 0x8004fffd) {
            NoneVar13 = 0x0;
            lpVar11 = 0x0;
        }
        if ((lppVar2 == 0x80004004) || (lppVar2 == 0x8004fffe)) {
            iVar12 = *(**(vpVar1_0 + 32L) + 64L)();
            if (iVar12 >= 0) {
                iVar12 = 0;
            }
            NoneVar13 = 0x0;
            lpVar11 = 0x0;
        }
        else if (((lppVar2 == 0x8004fffd) || (lppVar2 == 0x8004fffc) || (spVar3 != 0L) || (iVar12 >= 0)) && ((lppVar2 == 0x8004fffd) || (0 != *spVar3) || (lppVar2 == 0x8004fffc) || (iVar12 >= 0)) && ((lppVar2 == 0x8004fffd) || (lppVar2 == 0x8004fffc) || (iVar12 >= 0)) && ((lppVar2 != 0x8004fffc) || (*vpVar1 != 0) || (iVar12 >= 0)) && ((lppVar2 != 0x8004fffc) || (iVar12 >= 0) || (*vpVar1 != 0)) && ((lppVar2 != 0x8004fffc) || (*vpVar1 != 0) || (iVar12 < 0) || (iVar12 >= 0)) && ((lppVar2 != 0x8004fffc) || (iVar12 >= 0) || (*vpVar1 != 0) || (iVar12 == 0x80020006))) {
            iVar12 = 0;
        }
        SysFreeString(/* bstrString */ spVar3);
        SysFreeString(/* bstrString */ NoneVar4);
        SysFreeString(/* bstrString */ NoneVar5);
        SysFreeString(/* bstrString */ NoneVar13);
        SysFreeString(/* bstrString */ spVar10);
        if (lpVar11 != 0L) {
            *(*lpVar98_29 + 16L)();
        }
        ulVar9 = (unsigned int)iVar12;
    }
    return ulVar9;
}

[ebehner]

Do you have the error-message: Error searching remote symbol server https://msdl.microsoft.com/download/symbols: Err(Bytes written mismatch!)? Perhaps the imports change something?

[0x6e62]

rax_15#10 ist nicht definiert, wird aber in Zeile 91 (MLIL SSA) in XMLScrSite::OnError

[ebehner]

Niklas and I found the, let say, problem.
At some point we set the Download Provider to Python, not sure why. If it is set, Binary Ninja does not load the symbols and the decompilation works. If the default Download Provider, the symbols are found and the error occurs. What a nice bug 🙄

[0x6e62]

Ja löschen der gecachten Symbole in ~/-binaryninja/symbols und abschalten des PDB parsings behebt den Fehler

</issue>

[NeoQuix]

Tried it and it did work indeed.

So what to do about this issue in general?
Make a small note in the README.md?

Make a bninja issue?