search

angr / angr-management

The official angr GUI.
BSD 2-Clause "Simplified" License
864 stars 108 forks source link

`SimulationManager` `explore` fails with _ReferenceError: weakly-referenced object no longer exists_ #1156

Open rickhg12hs opened 6 months ago

rickhg12hs commented 6 months ago

Description

No exploration solutions can be found because weakrefs to needed objects allow the gc to remove them too early.

ERROR    | 2024-01-09 11:58:05,299 | angrmanagement.data.object_container | Error raised from event of (container: Active simulation manager)(container: phony monster)<SimulationManager with 1 active, 13 deadended>
Traceback (most recent call last):
  File "/home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/angrmanagement/data/object_container.py", line 32, in am_event
    listener(**kwargs)
  File "/home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/angrmanagement/ui/widgets/qpathtree.py", line 139, in _watch_simgr
    self.reload()
  File "/home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/angrmanagement/ui/widgets/qpathtree.py", line 40, in reload
    graph = self._generate_graph([state.history for state in states], hierarchy, self.symexec_view)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/angrmanagement/ui/widgets/qpathtree.py", line 131, in _generate_graph
    history_to_block[src] = QStateBlock(False, symexec_view, history=src)
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/angrmanagement/ui/widgets/qstate_block.py", line 39, in __init__
    self._init_widgets()
  File "/home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/angrmanagement/ui/widgets/qstate_block.py", line 52, in _init_widgets
    if self.state.regs._ip.symbolic:
       ^^^^^^^^^^^^^^^
ReferenceError: weakly-referenced object no longer exists

Steps to reproduce the bug

  1. Load binary https://github.com/angr/angr-examples/blob/master/examples/defcamp_r100/r100
  2. Configure a new simulation manager as per https://github.com/angr/angr-examples/blob/master/examples/defcamp_r100/solve.py
  3. Click Explore
  4. Note that nothing is found and errors are generated

Environment

$ python -m angr.misc.bug_report
angr environment report
=============================
Date: 2024-01-09 12:13:58.770735
Running in virtual environment at /home/rick/Python/venvs/_angr
/home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/angr/misc/bug_report.py:88: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html
  import pkg_resources  # pylint:disable=import-outside-toplevel
Platform: linux-x86_64
Python version: 3.11.7 (main, Dec 18 2023, 00:00:00) [GCC 13.2.1 20231011 (Red Hat 13.2.1-4)]
######## angr #########
Python found it in /home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/angr/__init__.py
Pip version angr 9.2.83
Couldn't find git info
######## ailment #########
Python found it in /home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/ailment/__init__.py
Pip version ailment 9.2.83
Couldn't find git info
######## cle #########
Python found it in /home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/cle/__init__.py
Pip version cle 9.2.83
Couldn't find git info
######## pyvex #########
Python found it in /home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/pyvex/__init__.py
Pip version pyvex 9.2.83
Couldn't find git info
######## claripy #########
Python found it in /home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/claripy/__init__.py
Pip version claripy 9.2.83
Couldn't find git info
######## archinfo #########
Python found it in /home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/archinfo/__init__.py
Pip version archinfo 9.2.83
Couldn't find git info
######## z3 #########
Python found it in /home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/z3/__init__.py
Pip version z3-solver 4.10.2.0
Couldn't find git info
######## unicorn #########
Python found it in /home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/unicorn/__init__.py
Pip version unicorn 2.0.1.post1
Couldn't find git info
######### Native Module Info ##########
angr: <CDLL '/home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/angr/state_plugins/../lib/angr_native.so', handle 562a6355d330 at 0x7ff359067a90>
unicorn: <CDLL '/home/rick/Python/venvs/_angr/lib64/python3.11/site-packages/unicorn/lib/libunicorn.so.2', handle 562a62649f90 at 0x7ff35ec57a10>
pyvex: <cffi.api._make_ffi_library.<locals>.FFILibrary object at 0x7ff35d096450>
z3: <CDLL '/home/rick/Python/venvs/_angr/lib/python3.11/site-packages/z3/lib/libz3.so', handle 562a62bcc5a0 at 0x7ff35ef5bd10>

Additional context

Running python solve.py works fine and completes in a few seconds.