patch: bounds

[0xf00sec]

Wrap disassembly in try/except to handle invalid instruction bytes

[SweetVishnya]

@0xf00sec, could you, please, measure the performance (gadgets search time) before and after the patch?

[0xf00sec]

@0xf00sec, could you, please, measure the performance (gadgets search time) before and after the patch?

Sure the patch apparently reduces the number of futile disassembly attempts and the exceptions handled at runtime. I only tested a few binaries in the test-suite-binaries/ dir. Each row shows the average of 3 independent runs of the full tool invocation for the given binary and filter(xchg|add|sub|cmov.*). These changes reduce wasted work and are therefore expected to lower the wall-clock time for gadget search.

Binary	Filter	Gadgets	Function Calls Before	Function Calls After	Reduction	Time Before (s)	Time After (s)	Res
Linux_lib32.so	None	59,929	7,300,574	7,261,171	-0.54%	8.74	8.89	-1.7%
Linux_lib32.so	With filter	38,293	6,638,591	6,599,188	-0.59%	8.15	7.90	+3.1%
Linux_lib64.so	None	53,759	6,019,535	5,974,340	-0.75%	7.26	7.19	+1.0%
Linux_lib64.so	With filter	35,697	5,505,239	5,460,044	-0.82%	7.15	6.74	+5.7%
UNIVERSAL-x86-x64	None	366	131,887	131,337	-0.42%	0.25	0.23	+8.0%
UNIVERSAL-x86-x64	With filter	206	127,747	127,197	-0.43%	0.25	0.24	+4.0%
elf-Linux-x64	None	43,972	4,978,060	4,931,473	-0.94%	6.92	6.20	+10.4%
elf-Linux-x64	With filter	28,867	4,592,921	4,546,334	-1.01%	6.11	5.86	+4.1%
elf-Linux-x86	None	42,508	5,030,688	4,997,285	-0.66%	6.15	6.09	+1.0%
elf-Linux-x86	With filter	27,645	4,635,011	4,601,608	-0.72%	5.91	5.82	+1.5%
elf-Linux-x86-NDH	None	33,642	3,720,619	3,695,430	-0.68%	5.58	4.48	+19.7%
elf-Linux-x86-NDH	With filter	21,676	3,411,269	3,386,080	-0.74%	5.24	4.17	+20.4%
macho-x64-ls	None	1,289	207,053	205,988	-0.51%	0.33	0.32	+3.0%
macho-x64-ls	With filter	758	194,244	193,179	-0.55%	0.32	0.31	+3.1%
macho-x86-ls	None	1,272	214,047	213,404	-0.30%	0.34	0.33	+2.9%
macho-x86-ls	With filter	691	198,678	198,035	-0.32%	0.33	0.33	0.0%

I used -m cProfile -s time wrote a script to automate it across runs and output JSON for the table. I aimed to keep it as simple as possible, Overall, the change provides consistent 3 - 20% time improvements across test binaries with small regressions something like ≤2% fall within run-to-run variance. so I recommend merging.

[SweetVishnya]

Nice! Just give me a few days to look into the code more precisely.

[0xf00sec]

Thanks, I missed that. It should be fine now.

[SweetVishnya]

Thank you for the patch!