Skip to content
This repository has been archived by the owner on Aug 23, 2022. It is now read-only.

Can you walk through the example on docs/McSemaWalkthrough.md and check if it still works? #782

Open
li-xin-yi opened this issue Feb 19, 2022 · 0 comments
Open

Can you walk through the example on docs/McSemaWalkthrough.md and check if it still works? #782

li-xin-yi opened this issue Feb 19, 2022 · 0 comments

Comments

@li-xin-yi
Copy link

I built mcsema with LLVM 11 according to readme file, I can successfully disassemble the xz and get the cfg file. With the cfg fie, it reconstructs bc file by mcsema-lift. But after that, if I recompile the bc into a binary file by remill-clang or clang, the binary can't be executed, I will get a segfault. Even with lli, I can't interpret xz.bc as an executable program, it also gives a segfault.

My steps:

cp `which xz` .
mcsema-disass \
    --disassembler $IDA_PATH/idat64 \
    --arch amd64 \
    --os linux \
    --entrypoint main \
    --pie-mode \
    --rebase 535822336 \
    --binary xz \
    --output xz.cfg \
    --log_file xz.log
mcsema-lift-11.0 \
    --arch amd64 \
    --os linux \
    --cfg xz.cfg \
    --output xz.bc \
    --explicit_args \
    --merge_segments \
    --name_lifted_sections
remill-clang-11 -o xz.lifted xz.bc -lpthread -lm -ldl -llzma

And it fails at:

$ lli-11 xz.bc
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace.
Stack dump:
0.      Program arguments: lli-11 xz.bc 
1.      Running pass 'Function Pass Manager' on module 'xz.bc'.
2.      Running pass 'X86 DAG->DAG Instruction Selection' on function '@sub_1ff03000__init_proc'
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm3sys15PrintStackTraceERNS_11raw_ostreamE+0x1f)[0x7fb437fe2f4f]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm3sys17RunSignalHandlersEv+0x50)[0x7fb437fe12c0]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(+0xa9a425)[0x7fb437fe3425]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x153c0)[0x7fb43753b3c0]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm12SelectionDAG16getGlobalAddressEPKNS_11GlobalValueERKNS_5SDLocENS_3EVTElbj+0x55)[0x7fb43860f445]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZNK4llvm14TargetLowering23LowerToTLSEmulatedModelEPKNS_19GlobalAddressSDNodeERNS_12SelectionDAGE+0xfb)[0x7fb43868f5cb]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(+0x2aff3d4)[0x7fb43a0483d4]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(+0x2b22613)[0x7fb43a06b613]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(+0xfd8c35)[0x7fb438521c35]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm12SelectionDAG8LegalizeEv+0x1f4)[0x7fb438521394]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm16SelectionDAGISel17CodeGenAndEmitDAGEv+0x455)[0x7fb43864c3e5]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm16SelectionDAGISel20SelectAllBasicBlocksERKNS_8FunctionE+0x17b2)[0x7fb43864b842]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm16SelectionDAGISel20runOnMachineFunctionERNS_15MachineFunctionE+0x7d1)[0x7fb438649541]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(+0x2ac25c5)[0x7fb43a00b5c5]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm19MachineFunctionPass13runOnFunctionERNS_8FunctionE+0x10e)[0x7fb4382b74ae]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm13FPPassManager13runOnFunctionERNS_8FunctionE+0x3b9)[0x7fb4380f2e39]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm13FPPassManager11runOnModuleERNS_6ModuleE+0x33)[0x7fb4380f84a3]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm6legacy15PassManagerImpl3runERNS_6ModuleE+0x3e0)[0x7fb4380f3480]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm5MCJIT10emitObjectEPNS_6ModuleE+0x120)[0x7fb4393f18e0]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm5MCJIT21generateCodeForModuleEPNS_6ModuleE+0x86)[0x7fb4393f1b76]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm5MCJIT14finalizeObjectEv+0x13e)[0x7fb4393f25ae]
lli-11(main+0x222a)[0x41371a]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0x7fb43700f0b3]
lli-11(_start+0x2a)[0x410e1a]
Segmentation fault (core dumped)

and

$./xz.lifted 
Segmentation fault (core dumped)

I also notice that it is not required to check if recompiled binaries work in CI/CD. I guess the walkthrough example may be out-of-date. Furthermore, I hope some latest examples can be updated and integrated into the CI/CD workflow.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@li-xin-yi