tcpdump-142-a9e4211.tar.gz,failed,'WrTmp' object has no attribute 'guard' tcpdump-

<a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github

Should fixed in <a class="issue-link js-issue-link" data-error-text="Failed to load ti

WrTmp object has no attribute 'guard' about hase HOT 15 OPEN

hase-project commented on July 18, 2024

WrTmp object has no attribute 'guard'

from hase.

Comments (15)

Airtnp commented on July 18, 2024

angr vex error, no idea now

from hase.

Mic92 commented on July 18, 2024

Is this some compatibility issue?

from hase.

Airtnp commented on July 18, 2024

I would say it's angr internal bug/feature for my first impression

from hase.

Airtnp commented on July 18, 2024

I actually cannot replay it due to limited memory... Can you give me the stacktrace?

from hase.

Airtnp commented on July 18, 2024

Hmmm not a easy-to-solve problem. Open a issue at angr repo.
I can have a temporary fix and make less-accurate CFG for now.

from hase.

Airtnp commented on July 18, 2024

hase-project/angr@767777a
This might be fix, the consequence is not well-considered.

from hase.

Mic92 commented on July 18, 2024

I have not tried you're workaround yet, but this is the stacktrace:

hase replay recordings/tcpdump-142-a9e4211.tar.gz failed
Traceback (most recent call last):
  File "./replay.py", line 54, in process_trace
    except Exception as e:
  File "/local/incoop/hase/hase/__init__.py", line 14, in main
    return args.func(args)
  File "/local/incoop/hase/hase/cli.py", line 56, in lazy_import_replay_command
    return replay_command(args)
  File "/local/incoop/hase/hase/replay.py", line 136, in replay_command
    with replay_trace(args.report) as rt:
  File "/local/incoop/hase/hase/replay.py", line 109, in __enter__
    self.tracer = create_tracer(self.report, self.tempdir)
  File "/local/incoop/hase/hase/replay.py", line 99, in create_tracer
    return Tracer(executable, trace, coredump, loader.load_options(), name=report)
  File "/local/incoop/hase/hase/symbex/tracer.py", line 97, in __init__
    self.elf.statically_linked,
  File "/local/incoop/hase/hase/symbex/filter.py", line 167, in __init__
    super().__init__(project, trace, hooked_symbol, gdb, omitted_section)
  File "/local/incoop/hase/hase/symbex/filter.py", line 53, in __init__
    self.main_cfg = self.project.analyses.CFGFast(show_progressbar=True)
  File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/analyses/analysis.py", line 108, in __call__
    oself.__init__(*args, **kwargs)
  File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/analyses/cfg/cfg_fast.py", line 1013, in __init__
    self._analyze()
  File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/analyses/forward_analysis.py", line 552, in _analyze
    self._analysis_core_baremetal()
  File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/analyses/forward_analysis.py", line 653, in _analysis_core_baremetal
    self._job_queue_empty()
  File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/analyses/cfg/cfg_fast.py", line 1484, in _job_queue_empty
    self._process_unresolved_indirect_jumps()
  File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/analyses/cfg/cfg_base.py", line 2171, in _process_unresolved_indirect_jumps
    all_targets |= self._process_one_indirect_jump(jump)
  File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/analyses/cfg/cfg_base.py", line 2197, in _process_one_indirect_jump
    resolved, targets = resolver.resolve(self, jump.addr, jump.func_addr, block, jump.jumpkind)
  File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/analyses/cfg/indirect_jump_resolvers/jumptable.py", line 70, in resolve
    max_level=3, base_state=self.base_state)
  File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/blade.py", line 62, in __init__
    self._backward_slice()
  File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/blade.py", line 275, in _backward_slice
    data.get('stmt_idx', None)
  File "/local/incoop/hase/.direnv/python-3.6.6/lib/python3.6/site-packages/angr/blade.py", line 297, in _backward_slice_recursive
    if type(exit_stmt.guard) is pyvex.IRExpr.RdTmp:
AttributeError: 'WrTmp' object has no attribute 'guard'

from hase.

Airtnp commented on July 18, 2024

Should fixed in hase-project/angr#4
Need to update archinfo to latest version

from hase.

Mic92 commented on July 18, 2024

Unfortunately the latest rebasing also brought the following error:

$ hase replay recordings/coreutils-6.10-paste.tar.gz
ERROR   | 2018-12-11 13:40:03,361 | hase.symbex.procedures.file_operation | <claripy.backends.backend_concrete.BackendConcrete object at 0x7f893bd587b8> can't handle operation __eq__ (Bool) due to a failed conversion on a child node
Traceback (most recent call last):
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/claripy/frontends/light_frontend.py", line 40, in eval
    return tuple(self._solver_backend.eval(e, n))
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/claripy/backends/__init__.py", line 492, in eval
    self.convert(expr), n, extra_constraints=self.convert_list(extra_constraints),
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/claripy/backends/__init__.py", line 154, in convert
    converted = self._convert(ast)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/claripy/backends/backend_concrete.py", line 87, in _convert
    raise BackendError("can't handle AST of type %s" % type(a))
claripy.errors.BackendError: can't handle AST of type <class 'str'>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/angr/state_plugins/solver.py", line 85, in wrapped_f
    return f(*args, **kwargs)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/angr/state_plugins/solver.py", line 484, in _eval
    return self._solver.eval(e, n, extra_constraints=self._adjust_constraint_list(extra_constraints), exact=exact)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/claripy/frontend_mixins/concrete_handler_mixin.py", line 7, in eval
    return super(ConcreteHandlerMixin, self).eval(e, n, **kwargs)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/claripy/frontend_mixins/constraint_filter_mixin.py", line 40, in eval
    return super(ConstraintFilterMixin, self).eval(e, n, extra_constraints=ec, **kwargs)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/claripy/frontends/light_frontend.py", line 42, in eval
    raise ClaripyFrontendError("Light solver can't handle this eval().")
claripy.errors.ClaripyFrontendError: Light solver can't handle this eval().

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/angr/state_plugins/posix.py", line 350, in get_fd
    fd = self.state.solver.eval_one(fd)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/angr/state_plugins/solver.py", line 724, in eval_one
    return self.eval_exact(e, 1, **{k: v for (k, v) in kwargs.items() if k != 'default'})[0]
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/angr/state_plugins/solver.py", line 775, in eval_exact
    r = self.eval_upto(e, n + 1, **kwargs)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/angr/state_plugins/solver.py", line 692, in eval_upto
    cast_vals = [self._cast_to(e, v, cast_to) for v in self._eval(e, n, **kwargs)]
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/angr/state_plugins/solver.py", line 152, in concrete_shortcut_tuple
    return f(self, *args, **kwargs)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/angr/state_plugins/sim_action_object.py", line 55, in ast_stripper
    return f(*new_args, **new_kwargs)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/angr/state_plugins/solver.py", line 89, in wrapped_f
    raise SimSolverModeError("Claripy threw an error") from e
angr.errors.SimSolverModeError: Claripy threw an error

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/claripy/backends/__init__.py", line 333, in is_false
    return self._false_cache[e.cache_key]
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/weakref.py", line 394, in __getitem__
    return self.data[ref(key)]
KeyError: <weakref at 0x7f892e2caae8; to 'ASTCacheKey' at 0x7f890c38f668>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/local/incoop/hase/hase/symbex/procedures/file_operation.py", line 53, in run
    ret_expr = self.inline_call(fputc, ch, file_ptr).ret_expr
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/angr/sim_procedure.py", line 289, in inline_call
    return p.execute(self.state, None, arguments=e_args)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/angr/sim_procedure.py", line 174, in execute
    r = getattr(inst, inst.run_func)(*sim_args, **inst.kwargs)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/angr/procedures/libc/fputc.py", line 15, in run
    simfd = self.state.posix.get_fd(fileno)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/angr/state_plugins/posix.py", line 355, in get_fd
    if not self.state.solver.satisfiable():
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/angr/state_plugins/sim_action_object.py", line 55, in ast_stripper
    return f(*new_args, **new_kwargs)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/angr/state_plugins/solver.py", line 85, in wrapped_f
    return f(*args, **kwargs)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/angr/state_plugins/solver.py", line 625, in satisfiable
    return self._solver.satisfiable(extra_constraints=self._adjust_constraint_list(extra_constraints), exact=exact)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/claripy/frontend_mixins/constraint_filter_mixin.py", line 34, in satisfiable
    return super(ConstraintFilterMixin, self).satisfiable(extra_constraints=ec, **kwargs)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/claripy/frontends/light_frontend.py", line 85, in satisfiable
    reversed(self.constraints + list(extra_constraints))
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/claripy/frontends/light_frontend.py", line 84, in <genexpr>
    self._solver_backend.is_false(c) for c in
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/claripy/backends/backend_concrete.py", line 161, in is_false
    return super().is_false(e, extra_constraints=extra_constraints, solver=solver, model_callback=model_callback)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/claripy/backends/__init__.py", line 335, in is_false
    f = self._is_false(self.convert(e), extra_constraints=extra_constraints, solver=solver, model_callback=model_callback)
  File "/local/incoop/hase/.direnv/python-3.6.7/lib/python3.6/site-packages/claripy/backends/__init__.py", line 160, in convert
    "conversion on a child node" % (self, ast.op, ast.__class__.__name__))
claripy.errors.BackendError: <claripy.backends.backend_concrete.BackendConcrete object at 0x7f893bd587b8> can't handle operation __eq__ (Bool) due to a failed conversion on a child node

from hase.

Airtnp commented on July 18, 2024

Again the angr CFG utilities are broken. Another issue then.
Actually the bug presents in angr-8.18.10.25
And I found my __underflow/__uflow calling is buggy (however even for buggy code it should work)
After fix it, the CFG will still be incorrect and cause a AssertionError on merging two CFG nodes (that's the new bug introduced by rebasing).

from hase.

Mic92 commented on July 18, 2024

Can we slice our own CFG with the trace we have?

from hase.

Airtnp commented on July 18, 2024

The CFG is actually not used. It's just Angr needs to analyze CFG to get all function/symbol/address information in binary and library. Without Angr's analysis on functions, I don't know how to get enough information for our filtering (gdb message passing is too slow).

from hase.

Airtnp commented on July 18, 2024

It says that latest commit of angr master fixed this issue. But it also states that CFG generation is far more slower here. If you accept it, can you do a new rebasing to latest angr version?

from hase.

Mic92 commented on July 18, 2024

Seems they have also optimized performance afterwards: https://github.com/angr/angr/commits/master

from hase.

ltfish commented on July 18, 2024

I think this bug has been fixed in angr master. Please ping me if you still see it happening in your project.

But it also states that CFG generation is far more slower here.

@Airtnp I do intend to optimize angr's CFG generation even more. Let me know if the speed is a problem for you right now.

from hase.

WrTmp object has no attribute 'guard' about hase HOT 15 OPEN

Comments (15)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent