search

trailofbits / binrec-tob

BinRec: Dynamic Binary Lifting and Recompilation
Other
121 stars 16 forks source link

Regression: `eq`, `args` fails during `lift-trace` #26

Open michaelbrownuc opened 2 years ago

michaelbrownuc commented 2 years ago

@ameily and I have both seen this issue with two binaries so far, args and eq. The details of the failure output are:

pipenv run python -m binrec.lift -vv "argsproj"
Loading .env environment variables…
10:41:32 DEBUG binrec.lift: extracting symbols from binary: s2e-out
10:41:32 DEBUG binrec.audit: subprocess.Popen: ('make', ['make', '-f', '/home/michaeldbrown/binrec-prerelease/scripts/s2eout_makefile', 'symbols'], '/home/michaeldbrown/binrec-prerelease/s2e/projects/argsproj/s2e-out', None)
make: 'symbols' is up to date.
10:41:32 DEBUG binrec.lift: cleaning captured bitcode: s2e-out
10:41:32 DEBUG binrec.lift: applying fixups to captured bitcode: s2e-out
10:41:32 DEBUG binrec.audit: subprocess.Popen: ('llvm-link-12', ['llvm-link-12', '-o', 'linked.bc', 'cleaned.bc', '/home/michaeldbrown/binrec-prerelease/runlib/custom-helpers.bc'], '/home/michaeldbrown/binrec-prerelease/s2e/projects/argsproj/s2e-out', None)
10:41:32 DEBUG binrec.lift: performing initially lifting of captured LLVM bitcode: s2e-out
[INFO] pruned 0 trivially dead references from successor lists
[INFO] pruned 0 trivially dead references from successor lists
[INFO] pruned 0 trivially dead references from successor lists
[INFO] pruned 0 trivially dead references from successor lists
[INFO] pruned 0 trivially dead references from successor lists
Traceback (most recent call last):
  File "/home/michaeldbrown/binrec-prerelease/binrec/lift.py", line 203, in _lift_bitcode
    binrec_lift.lift(
RuntimeError: block BB_8049160 stores PC 2148087152 but does not have BB_80093570 in its successor list. Did you remember to disable multithreading in qemu (-smp 1)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.9/runpy.py", line 197, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/usr/lib/python3.9/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/home/michaeldbrown/binrec-prerelease/binrec/lift.py", line 411, in <module>
    main()
  File "/home/michaeldbrown/binrec-prerelease/binrec/lift.py", line 406, in main
    lift_trace(args.project_name)
  File "/home/michaeldbrown/binrec-prerelease/binrec/lift.py", line 360, in lift_trace
    _lift_bitcode(merged_trace_dir)
  File "/home/michaeldbrown/binrec-prerelease/binrec/lift.py", line 210, in _lift_bitcode
    raise BinRecError(
binrec.errors.BinRecError: failed to perform initial lifting of LLVM bitcode: s2e-out: block BB_8049160 stores PC 2148087152 but does not have BB_80093570 in its successor list. Did you remember to disable multithreading in qemu (-smp 1)
error: Recipe `lift-trace` failed on line 251 with exit code 1
michaelbrownuc commented 2 years ago

@ameily - Can this be closed? I think your recent PRs may resolve issues here, unless this is related to the transient failures we still see on some tests that otherwise pass. Can you confirm, Thanks!

ameily commented 2 years ago

I am still seeing this intermittently on multiple samples, seemingly at random. So this, along with trailofbits/binrec-tob#33, are still present.

ameily commented 2 years ago

If I encountered this again I'll check to see if this is actually a side-effect of inconsistent trace info (#170)