`SimplifyDualSwitch` incorrectly handles `switch` with two cases and `default`

[yangzao]

Original code:

switch (i_l) {
        case 0:
            i_l = 15;
            i_l = 15;
            break;
        case 1:
            s_l = 456;
            s_l = 456;
            break;

Decompiled code: (_stack._offset_44 corresponds to i_l, _stack._offset_42 corresponds to s_l)

if (!(_stack._offset_44)) {
    _stack._offset_44 = 15;     // i_l = 15; (case 0)
  } else {
    _stack._offset_42 = 456;    // s_l = 456; (case 1)
  }

Description:
Before this code snippet, variable i_l is 2, so none of these two case bodies are executed.

In the decompiled code the if condition only checks if _stack._offset_44 is 0 or not.
So the else body (original case 1) is actually executed.

Files:
2.zip

(original code orig.c, original exec orig_exec, PTML file dec.ptml, and decompiled code dec_default.c are included)
Reproduce the issue:

1. compiled orig.c with CLANG and -O0.
2. decompile the program with rev.ng into C code.
3. this issue is in func_1() near the end of decompiled code, at the second if statement.

[aleclearmind]

This is a bug in the pass that turns switches into ifs.
Disabling SimplifyDualSwitch fixes the problem.
Assigning to @andrealinux1 and moving to revng-c.

Thanks for the report!

[andrealinux1]

This is a bug in the pass that turns switches into ifs. Disabling SimplifyDualSwitch fixes the problem. Assigning to @andrealinux1 and moving to revng-c.

Thanks for the report!

I implemented a fix for this misdecompilation in #14, it can now be reviewed

[pfez]

#14 was merged!

The updated decompiled code is:

  switch (_stack._offset_44) {
    case 0:
    {
      _stack._offset_44 = 15;
    } break;
    case 1:
    {
      _stack._offset_42 = 456;
    } break;
  }

This is now semantically correct.
The bug is fixed. I'm closing this.