Open brk opened 2 years ago
CodeHawk generates an incorrect AST for the target function in the attached binary (run codehawk.sh).
target
codehawk.sh
(This is a loop-free version of JPL Challenge 3)
The generated AST is
void target(int A, int B, struct x * p){ rtn_0x10764 = open(gv_0x10894, gv_0x10890, p); // 51 if (temp6){ rtn_0x107c8 = __errno_location(); // 90 rtn_0x107d4 = strerror(rtn_0x107c8[0]); // 120 rtn_0x107f8 = __fprintf_chk(); // 185 exit(1); // 197 rtn_0x1080c = __errno_location(); // 304 rtn_0x10818 = strerror(rtn_0x1080c[0]); // 333 rtn_0x1083c = __fprintf_chk(); // 391 exit(1); // 402 } else { rtn_0x1078c = mmap(0, 4096, 3, 1, rtn_0x10764, rtn_0x10764); // 262 if (temp5){ rtn_0x1080c = __errno_location(); // 304 rtn_0x10818 = strerror(rtn_0x1080c[0]); // 333 rtn_0x1083c = __fprintf_chk(); // 391 exit(1); // 402 } else { rtn_0x1078c[1024] = gv_0x10898; // 0x1079c, STR rtn_0x107a4 = munmap(rtn_0x1078c, 4096); // 441 if (temp4){ rtn_0x107b4 = 0x104a4((rtn_0x10764 - 0), R1, R2, R3); // 612 return; } } } rtn_0x10850 = __errno_location(); // 483 rtn_0x1085c = strerror(rtn_0x10850[0]); // 512 rtn_0x10880 = __fprintf_chk(); // 570 exit(1); // 581 }
A few things that seem incorrect:
__fprintf_chk
fprintf
mmap
open
0x104a4
close
The original source was
void target(int A, int B) { int fd; void *map_base, *virt_addr; unsigned long read_result, writeval; off_t targeto; targeto = start_physicaladdress; if (targeto <= (off_t) B){ if((fd = open("/dev/mem", O_RDWR | O_SYNC)) < 0) FATAL map_base = mmap(0, MAP_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED, fd, targeto & ~MAP_MASK); if(((intptr_t) map_base) < 0) FATAL; virt_addr = map_base + (targeto & MAP_MASK); writeval = targeto; *((unsigned long *) virt_addr) = writeval; read_result = *((unsigned long *) virt_addr); if(read_result != writeval){ printf("Error: read physical addres 0x%lX; write physical address 0x%lX \n", read_result, writeval); } if((intptr_t)munmap(map_base, MAP_SIZE) < 0) FATAL close(fd); } }
Oops, forgot to attach: arm32-jc3lite.zip
CodeHawk generates an incorrect AST for the
target
function in the attached binary (runcodehawk.sh
).(This is a loop-free version of JPL Challenge 3)
The generated AST is
A few things that seem incorrect:
__fprintf_chk
-- would it be worth having CodeHawk recognize this as an alias offprintf
?mmap
shouldn't be the return value fromopen
.0x104a4
wasn't recognized as a call toclose
The original source was