search

lks9 / src-tracer

Other
0 stars 0 forks source link

Replay Exploration Technique here #2

Open lks9 opened 1 year ago

lks9 commented 1 year ago

The replay exploration technique is implemented in lks9/angr. The idea is to move everything in this repo, because it is not likely that this could merge in the angr repo.

Requires:

5

lks9 commented 1 year ago

Hi @ducorduck, can you check out the new_directory_structure branch? There is much difference in the naming and in the directory structure but everything is self-contained in the README.md.

You can already start implementing this issue based on the new_directory_structure branch now. Ask me if you have questions.

Thanks!

ducorduck commented 1 year ago

Great! Would you merge it to main?

lks9 commented 1 year ago

done

ducorduck commented 1 year ago

in order for our the exploration technique to work, the ExplorationTechnique class in angr has to import our exploration technique. This changes will likely not be merged into upstream angr therefore if user want to use our exploration technique they would have to modify angr too. Is it a problem?

lks9 commented 1 year ago

in order for our the exploration technique to work, the ExplorationTechnique class in angr has to import our exploration technique

Have you checked that this is really necessary? As far as I understand it, you need it there because you call it this way in the script:

    replayer = angr.exploration_techniques.replayer.Replayer(trace_str, functions)
    simgr.use_technique(replayer)

I thought you could simply move the exploration technique into a new folder and use it like this:

    replayer = src_tracer.replayer.Replayer(trace_str, functions)
    simgr.use_technique(replayer)

This changes will likely not be merged into upstream angr therefore if user want to use our exploration technique they would have to modify angr too. Is it a problem?

It makes maintanance harder, because angr frequently gets new versions and we would a need fork in sync with the current version of angr. Every change we made in angr so far got either merged or into a separate repo.

ducorduck commented 1 year ago

in order for our the exploration technique to work, the ExplorationTechnique class in angr has to import our exploration technique

Have you checked that this is really necessary? As far as I understand it, you need it there because you call it this way in the script:

    replayer = angr.exploration_techniques.replayer.Replayer(trace_str, functions)
    simgr.use_technique(replayer)

I thought you could simply move the exploration technique into a new folder and use it like this:

    replayer = src_tracer.replayer.Replayer(trace_str, functions)
    simgr.use_technique(replayer)

you're right i thought the import is needed for something else but it also works like what you've written.

ducorduck commented 1 year ago

@lks9 could you checkout the replay_exploration_technique branch? i've migrated the technique here and refactor some of the method in a util class.

lks9 commented 1 year ago

I finally found out how we can do something about look ahead into future elements of an iterator: Use peekable from more-itertools. So instead of next(iter) just can also use iter.peek() to get the next element.