always killed - Githubissues

ucsb-seclab / karonte

Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware

BSD 2-Clause "Simplified" License

391 stars 60 forks source link

always killed #14

Open harden614 opened 3 years ago

harden614 commented 3 years ago

when i run karonte.py and doing Building xxxxx CFG (this may take some time),then killed

sud0why commented 3 years ago

The same problem. Always killed is because memory is not enough. I use a 512GB memory to run dlink-880 firmware, alse be killed. I think problem at tool/bdg/binary_dependency_graph.py, class BinaryDependencyGraph, def _update_projects, self._cfgs[b] = self._projects[b].analyses.CFG(collect_data_references=True, extra_cross_references=True)

extra_cross_references=True option allow angr collect "cross-references" from the entire program, It consume more memory.

But I check origin paper and code branch IEEE-SP-20, this experiment is on a 32GB memory machine. I'm very confused.

When I disable cross_references option and only enable data_references option, I can't get the same result with result in dataset on dlink-880

harden614 commented 3 years ago

yeah i confused either.qaqNov 1, 20219:21 AM，susu @.***> 写道：The same problem. Always killed is because memory is not enough. I use a 512GB memory to run dlink-880 firmware, alse be killed. I think problem at tool/bdg/binary_dependency_graph.py, class BinaryDependencyGraph, def _update_projects, self._cfgs[b] = self._projects[b].analyses.CFG(collect_data_references=True, extra_cross_references=True)extra_cross_references=True option allow angr collect "cross-references" from the entire program, It consume more memory.But I check origin paper and code branch IEEE-SP-20, this experiment is on a 32GB memory machine. I'm very confused.When I disable cross_references option and only enable data_references option, I can't get the same result with result in dataset on dlink-880—You are receiving this because you authored the thread.Reply to this email directly, view it on GitHub, or unsubscribe.Triage notifications on the go with GitHub Mobile for iOS or Android.

ltfish commented 3 years ago

A quick note on debugging tips: It's usually one of the SimProcedures trying to create lists (or other data structures) based on incorrect or negative indices (e.g., creating a list with BVV(-1, 32) elements). You can run the script with ipython --pdb, then kill it when the memory usage goes up uncontrollably to see where it's creating large lists or other containers.

I believe Karonte is still using a super old base of angr, which means we won't be able to backport our fixes in new versions of angr, unfortunately.

harden614 commented 2 years ago

but ur firmware dataset can not analysised all,lots of have errorsNov 10, 20212:06 AM，Fish @.***> 写道：A quick note on debugging tips: It's usually one of the SimProcedures trying to create lists (or other data structures) based on incorrect or negative indices (e.g., creating a list with BVV(-1, 32) elements). You can run the script with ipython --pdb, then kill it when the memory usage goes up uncontrollably to see where it's creating large lists or other containers.I believe Karonte is still using a super old base of angr, which means we won't be able to backport our fixes in new versions of angr, unfortunately.—You are receiving this because you authored the thread.Reply to this email directly, view it on GitHub, or unsubscribe.Triage notifications on the go with GitHub Mobile for iOS or Android.