Problem
Compiler-inserted stack canary code adds noise to decompiled output:
// Entry:
local_58 = ___stack_chk_guard;
// Exit:
if (local_58 - ___stack_chk_guard != 0) {
__stack_chk_fail(&__stack_chk_guard, 0, local_58 - ___stack_chk_guard);
}This is compiler-generated security boilerplate, not user code. It obscures the actual function logic.
Root Cause
No detection or removal of the stack protection pattern exists in the pipeline. The `___stack_chk_guard` global load, the comparison, and the `__stack_chk_fail` call are all emitted as regular statements.
Proposed Fix
In `FunctionBuilder::create_basic_block()` or `create_operation()`:
- Detect operations referencing globals named `___stack_chk_guard` or `__stack_chk_guard`
- Detect CALL operations targeting `__stack_chk_fail`
- Skip emitting the associated statements (the entry LOAD, the exit comparison, and the fail call)
- Also skip the local variable declaration for the canary temp
Alternative simpler approach: Add `__stack_chk_fail` and `___stack_chk_guard` to `IGNORED_NAMES` in PcodeSerializer.java to suppress at serialization time.
Files
- `lib/patchestry/AST/FunctionBuilder.cpp`
- `lib/patchestry/AST/OperationStmt.cpp`
- `scripts/ghidra/util/PcodeSerializer.java` (IGNORED_NAMES set)
Problem
Compiler-inserted stack canary code adds noise to decompiled output:
This is compiler-generated security boilerplate, not user code. It obscures the actual function logic.
Root Cause
No detection or removal of the stack protection pattern exists in the pipeline. The `___stack_chk_guard` global load, the comparison, and the `__stack_chk_fail` call are all emitted as regular statements.
Proposed Fix
In `FunctionBuilder::create_basic_block()` or `create_operation()`:
Alternative simpler approach: Add `__stack_chk_fail` and `___stack_chk_guard` to `IGNORED_NAMES` in PcodeSerializer.java to suppress at serialization time.
Files