HLIL incorrectly resolving union fields in some cases #7407
Description
Version and Platform (required):
- Binary Ninja Version: 5.2.8284-dev Personal (47c97600)
- Edition: Non-Commercial
- OS: MacOS
- OS Version: 15.5
- CPU Architecture: M1
Bug Description:
HLIL can't resolve union fields properly. Here is an example with 2 things:
1 - you can see that in if condition HLIL failed to resolve token->_long.size.b and generated token->_long.b instead;
2 - in true-branch instead of token->_long.data for some reason there is token->_long.__offset(0x10).q.
In MLIL however fields resolved correctly, buggy behaviour only in HLIL.
In attached screenshots you can see how it looks like in HLIL (first screenshot) and MLIL (second screenshot):
And here is how it looks in HLIL, if i change the type of token from union to regular structure (string::_long), fields resolved correctly:
The type for the repro:
struct string::_long
{
uint64_t size;
uint64_t cap;
char* data;
};
union string
{
struct string::_long _long;
};Steps To Reproduce:
Please provide all steps required to reproduce the behavior:
- Go to 0x077d050
- Apply provided union type to the second argument
Expected Behavior:
HLIL should resolve union fields correctly.
Binary:
https://github.com/user-attachments/files/22319368/bin.zip