[Array Access Detection] Array access not detected properly

[fnhartmann]

Proposal

See the following example: example.zip

Dewolf is currently creating the following code:

int main(int argc, char ** argv, char ** envp) {
    unsigned long var_1;
    long i;
    long var_0;
    __builtin_strcpy(/* dest */ &var_0, /* src */ "This is an example.");
    var_1 = strlen(&var_0);
    for (i = 0L; i < var_1; i++) {
        if ((int)*(&var_0 + i) != 32) {
            *(&var_0 + i) = *(&var_0 + i) ^ ' ';
        }
        printf(/* format */ "%c", (unsigned int)(int)*(&var_0 + i));
    }
    return 0;
}

(The ouput is generated with deactivated CSE. See #398 for more information.)

It seems like the Array Access Detection is not detecting the array here. Dewolf should recognize this and provide code that looks more like the source code in terms of array access, like the following:

        for (size_t i = 0; i < length; i++) {
                if (str[i] != 0x20)
                        str[i] = str[i] ^ 0x20;
                printf("%c", str[i]);
        }

Used Binary Ninja version: 3.5.4526

Approach

Analyze and debug why Array Access Detection is not working properly here. Adjust the stage depending on the result.