search

cmu-sei / pharos

Automated static analysis tools for binary programs
Other
1.55k stars 190 forks source link

`OOAN[ERROR]: Unable to find fallthru edge for call`, `Segmentation fault`, and `Aborted` #273

Closed widberg closed 2 months ago

widberg commented 2 months ago

I am using ooanalyzer from the latest docker 741e42901d13845e24c91fef26c7d86581bdb6704de7a8cc6900937f07ccec57 and running into some errors.

root@be08938f3ea8:/# ooanalyzer -j=/FUEL/FUEL.exe.json --maximum-memory 300000 --threads 4 /FUEL/FUEL.exe
OPTI[INFO ]: Analyzing executable: /FUEL/FUEL.exe
OPTI[INFO ]: OOAnalyzer version 1.0.
OPTI[INFO ]: ROSE stock partitioning took 2256.43 seconds.
OPTI[INFO ]: Partitioned 3296992 bytes, 977614 instructions, 195378 basic blocks, 285 data blocks and 8857 functions.
OPTI[INFO ]: Pharos function partitioning took 6760.04 seconds.
OPTI[INFO ]: Partitioned 5148475 bytes, 1490348 instructions, 320696 basic blocks, 32392 data blocks and 35228 functions.
<warnings excluded for brevity ...>
OOAN[ERROR]: Unable to find fallthru edge for call at 0x008A65B2
OOAN[ERROR]: Unable to find fallthru edge for call at 0x008A65B6
OOAN[ERROR]: Unable to find fallthru edge for call at 0x008A65BA
OOAN[ERROR]: Unable to find fallthru edge for call at 0x008A65BE
OOAN[ERROR]: Unable to find fallthru edge for call at 0x008A65C2
OOAN[ERROR]: Unable to find fallthru edge for call at 0x008A65C6
<warnings excluded for brevity ...>
ERROR 1: Lexical error! : <>
MATCHER parse error: line 1: syntax error at SgAsmBinaryAdd
MATCHER parse error: line 1: syntax error at SgAsmBinaryAdd
MATCHER parse error: line 1: syntax error at SgAsmBinaryAdd
Segmentation fault

I also tried with --no-semantics --partitioner=rose since I saw those in another issue but it did not help.

root@be08938f3ea8:/# ooanalyzer -j=/FUEL/FUEL.exe.json --maximum-memory 300000 --threads 4 --no-semantics --partitioner=rose /FUEL/FUEL.exe
OPTI[INFO ]: Analyzing executable: /FUEL/FUEL.exe
OPTI[INFO ]: OOAnalyzer version 1.0.
OPTI[INFO ]: Pharos function partitioning took 288.942 seconds.
OPTI[INFO ]: Partitioned 3336805 bytes, 991106 instructions, 198154 basic blocks, 281 data blocks and 9769 functions.
<warnings excluded for brevity ...>
ERROR 1: Lexical error! : <>
ERROR 1: Lexical error! : <>
ooanalyzer: /root/pharos/scripts/rose/src/util/Sawyer/Message.C:1277: size_t Sawyer::Message::Stream::decrementRefCount(): Assertion `nrefs_ > 0' failed.
Aborted

The binary is rather large at 7MB (here it is executable.zip). I used an older version of ooanalyzer a year or two ago on the same binary and got some usable results so I wanted to see how it had improved since then. I did need ~300GB of memory (mostly swap) and it took ~10hrs to run last time which is where I'm getting the comically large --maximum-memory value from. If you need more information from me, I'm happy to help.

sei-eschwartz commented 2 months ago

This sounds an awful lot like #267, which we have not resolved yet. Can you try without --threads 4?

widberg commented 2 months ago

I must've missed that issue when I was looking, removing --threads 4 does solve this for me. Sorry for the duplicate issue.

sei-eschwartz commented 2 months ago

No worries -- I'm glad to hear it resolved the issue.