ASTgen : arm32 : jc3lite cfg

[brk]

CodeHawk generates an incorrect AST for the target function in the attached binary (run codehawk.sh).

(This is a loop-free version of JPL Challenge 3)

The generated AST is

void target(int A, int B, struct x * p){

   rtn_0x10764 = open(gv_0x10894, gv_0x10890, p);  // 51
   if (temp6){
      rtn_0x107c8 = __errno_location();  // 90
      rtn_0x107d4 = strerror(rtn_0x107c8[0]);  // 120
      rtn_0x107f8 = __fprintf_chk();  // 185
      exit(1);  // 197
      rtn_0x1080c = __errno_location();  // 304
      rtn_0x10818 = strerror(rtn_0x1080c[0]);  // 333
      rtn_0x1083c = __fprintf_chk();  // 391
      exit(1);  // 402
   } else {
      rtn_0x1078c = mmap(0, 4096, 3, 1, rtn_0x10764, rtn_0x10764);  // 262
      if (temp5){
         rtn_0x1080c = __errno_location();  // 304
         rtn_0x10818 = strerror(rtn_0x1080c[0]);  // 333
         rtn_0x1083c = __fprintf_chk();  // 391
         exit(1);  // 402
      } else {
         rtn_0x1078c[1024] = gv_0x10898; //  0x1079c, STR
         rtn_0x107a4 = munmap(rtn_0x1078c, 4096);  // 441
         if (temp4){
            rtn_0x107b4 = 0x104a4((rtn_0x10764 - 0), R1, R2, R3);  // 612
            return;
         }
      }
   }
   rtn_0x10850 = __errno_location();  // 483
   rtn_0x1085c = strerror(rtn_0x10850[0]);  // 512
   rtn_0x10880 = __fprintf_chk();  // 570
   exit(1);  // 581
}

A few things that seem incorrect:

• The repetition of nodes 310, 339, 337, and 408
• Missing arguments to __fprintf_chk -- would it be worth having CodeHawk recognize this as an alias of fprintf?
• The last argument to mmap shouldn't be the return value from open.
• The call to 0x104a4 wasn't recognized as a call to close

The original source was

void target(int A, int B) {
        int fd;
    void *map_base, *virt_addr; 
    unsigned long read_result, writeval;
    off_t targeto;
    targeto = start_physicaladdress;

    if (targeto <= (off_t) B){

        if((fd = open("/dev/mem", O_RDWR | O_SYNC)) < 0) FATAL

        map_base = mmap(0, MAP_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED, fd, targeto & ~MAP_MASK);
        if(((intptr_t) map_base) < 0) FATAL;

        virt_addr = map_base + (targeto & MAP_MASK);

        writeval = targeto;
        *((unsigned long *) virt_addr) = writeval;
        read_result = *((unsigned long *) virt_addr);

        if(read_result != writeval){
            printf("Error: read physical addres 0x%lX; write physical address 0x%lX \n", read_result, writeval);
        }
        if((intptr_t)munmap(map_base, MAP_SIZE) < 0) FATAL
        close(fd);
    }
}

[brk]

Oops, forgot to attach: arm32-jc3lite.zip