Analysis: .back_edge miscomputed, preventing loop detection

[lwerdna]

Binary Ninja Version
2.4-dev

Describe the bug
The .back_edge field is not computed properly for a basic block.

To Reproduce
Steps to reproduce the behavior:

1. open the attached busybox executable
2. go to function sub_40a9e5
3. execute the following commands in the python console:

>>> bbs[30]
<block: x86_64@0x40abdf-0x40abe8>
>>> bbs[30].outgoing_edges
[<UnconditionalBranch: x86_64@0x40aa9f>]
>>> bbs[30].outgoing_edges[0].back_edge
True
>>> bbs[15] in bbs[30].dominators
False

Expected behavior
A back edge B -> A is an edge where A dominates B. In other words, it's return a block that was previously executed (A) to get to the current position (B). Here b30 -> b15, but b15 is not a dominator of b30, so this should not be a back edge, yet it's reported as so.

Screenshots

Version and Platform (required):

• Binary Ninja: Dev 2.4
• OS: macos

Additional context
This field is correct 99% of the time, tested on many basic blocks in many functions in busybox, so it could be pretty difficult to debug.

busybox-x86_64.zip

[lwerdna]

Binary Ninja's definition of back edge doesn't require the ancestor node to dominate the descendent. The field is computed and used in internal processing of basic blocks, so not easily changed. If you want the more strict definition, you can simply check that edge.target in edge.source.dominators.