Activity viewType "in" predicate appears to match everything

[bdash]

Version and Platform (required):

• Binary Ninja Version: 5.1.7363-dev (acd6c39c)
• OS: macOS 15.4.1
• CPU Architecture: arm64

Bug Description:
I was experimenting with fixing #6779 locally and was surprised to see that activities registered by the shared cache were running on standalone Mach-O files despite having a predicate to restrict them to DSCView.

Steps To Reproduce:

1. Apply this patch to the shared cache plug-in and ensure you're using this version

diff --git a/view/sharedcache/workflow/SharedCacheWorkflow.cpp b/view/sharedcache/workflow/SharedCacheWorkflow.cpp
index dcccfe74f9..03cdf23f36 100644
--- a/view/sharedcache/workflow/SharedCacheWorkflow.cpp
+++ b/view/sharedcache/workflow/SharedCacheWorkflow.cpp
@@ -313,6 +313,7 @@

 void AnalyzeFunction(Ref<AnalysisContext> ctx)
 {
+       LogError("AnalyzeFunction from SharedCacheWorkflow called: %s", ctx->GetBinaryView()->GetTypeName().c_str());
        const auto func = ctx->GetFunction();
        const auto view = func->GetView();
        const auto mlil = ctx->GetMediumLevelILFunction();
@@ -365,21 +366,28 @@

 void SharedCacheWorkflow::Register()
 {
-       Ref<Workflow> workflow = Workflow::Instance("core.function.baseAnalysis")->Clone("core.function.sharedCache");
+       Ref<Workflow> workflow = Workflow::Instance("core.function.metaAnalysis")->Clone("core.function.metaAnalysis");

        // Register and insert activities here.
        ObjCActivity::Register(*workflow);
-       workflow->RegisterActivity(new Activity("core.analysis.sharedCache.analysis", &AnalyzeFunction));
+       workflow->RegisterActivity(new Activity(R"({
+         "name": "core.analysis.sharedCache.analysis",
+         "eligibility": {
+           "predicates": [
+             {
+               "type": "viewType",
+               "operator": "in",
+               "value": [
+                 "DSCView"
+               ]
+             }
+           ]
+         }
+       })", &AnalyzeFunction));
        std::vector<std::string> inserted = { "core.analysis.sharedCache.analysis" };
        workflow->Insert("core.function.analyzeTailCalls", inserted);

-       static constexpr auto WORKFLOW_DESCRIPTION = R"({
-         "title": "Shared Cache Workflow",
-         "description": "Shared Cache Workflow",
-         "capabilities": []
-       })";
-
-       Workflow::RegisterWorkflow(workflow, WORKFLOW_DESCRIPTION);
+       Workflow::RegisterWorkflow(workflow);
 }

 extern "C"

2. Load a normal Mach-O binary from disk. I picked /usr/libexec/syspolicyd.
3. Check the logs.

Expected Behavior:
AnalyzeFunction should not be called as the view is a Mach-O view and not DSCView.

Actual Behavior:

[Default error] AnalyzeFunction from SharedCacheWorkflow called: Mach-O
[Default error] AnalyzeFunction from SharedCacheWorkflow called: Mach-O
[Default error] AnalyzeFunction from SharedCacheWorkflow called: Mach-O
[Default error] AnalyzeFunction from SharedCacheWorkflow called: Mach-O
[...]

Additional Information:
not in view type predicates appear to work correctly.

[bdash]

dev...bdash:binaryninja-api:dsc-workflow has a more complete version of the change for the shared cache, minus the LogError. To reproduce using it you can use the Workflow view's logging to see that the shared cache activities are running despite a view type that should not match the predicate.

[bpotchik]

I'll push a quick fix for it.

[bpotchik]

Fixed in 5.1.7368-dev.