What to do if seeing false positives/negatives?

[jeshan]

With the --self-diagnose arg, I'm seeing this message in my (rather big binary):

Perfoming self diagnose (this will only give the right results if the target program contains all the relocation information)
False positives: 302
False negatives: 12

1. Should I be worried about that many errors? What should we do about it?
2. How should I ensure that I have the required relocation information with gcc ?

[aeflores]

1. I am afraid self-diagnose is currently broken. It should get fixed simply by updating the version of LIEF that we use (@kwarrick). This has been in our plans for a while, but we did not get to it yet. I'll let you know once it is fixed.

   Regardless, one thing you can do is to generate assembly code with the --debug flag. Each false positive and false negative will be annotated with a comment, so you can examine them directly. If they look real it would be great if you could share the binary, so we can take a look.

2. Typically, a binary with all relocation information will have a .rela.* for each section. For example, it will have a .rela.text section for the .text section. Now that I think about it, we might be able to detect this automatically... maybe.

[jeshan]

Thank you, @aeflores .

Please clarify:

the version of LIEF that we use

Are you referring to the master branch in https://github.com/kwarrick/LIEF ? There are some other branches in the fork so that's why I'm confused: https://github.com/kwarrick/LIEF/branches/all

Each false positive and false negative will be annotated with a comment ... a binary with all relocation information will have a .rela.*

Understood, thanks.

it would be great if you could share the binary

I want to try a bit more first but I can say it was the qemu-x86_64 static (not normal) build. There are many configuration options that I need to experiment.

[kwarrick]

@jeshan

We currently depend on LIEF version 0.10.0. The official LIEF release.