This repository was archived by the owner on Aug 23, 2022. It is now read-only.
This repository was archived by the owner on Aug 23, 2022. It is now read-only.
Can you walk through the example on docs/McSemaWalkthrough.md and check if it still works? #782
Open
Description
I built mcsema with LLVM 11 according to readme file, I can successfully disassemble the xz and get the cfg file. With the cfg fie, it reconstructs bc file by mcsema-lift. But after that, if I recompile the bc into a binary file by remill-clang or clang, the binary can't be executed, I will get a segfault. Even with lli, I can't interpret xz.bc as an executable program, it also gives a segfault.
My steps:
cp `which xz` .
mcsema-disass \
--disassembler $IDA_PATH/idat64 \
--arch amd64 \
--os linux \
--entrypoint main \
--pie-mode \
--rebase 535822336 \
--binary xz \
--output xz.cfg \
--log_file xz.log
mcsema-lift-11.0 \
--arch amd64 \
--os linux \
--cfg xz.cfg \
--output xz.bc \
--explicit_args \
--merge_segments \
--name_lifted_sections
remill-clang-11 -o xz.lifted xz.bc -lpthread -lm -ldl -llzma
And it fails at:
$ lli-11 xz.bc
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace.
Stack dump:
0. Program arguments: lli-11 xz.bc
1. Running pass 'Function Pass Manager' on module 'xz.bc'.
2. Running pass 'X86 DAG->DAG Instruction Selection' on function '@sub_1ff03000__init_proc'
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm3sys15PrintStackTraceERNS_11raw_ostreamE+0x1f)[0x7fb437fe2f4f]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm3sys17RunSignalHandlersEv+0x50)[0x7fb437fe12c0]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(+0xa9a425)[0x7fb437fe3425]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x153c0)[0x7fb43753b3c0]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm12SelectionDAG16getGlobalAddressEPKNS_11GlobalValueERKNS_5SDLocENS_3EVTElbj+0x55)[0x7fb43860f445]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZNK4llvm14TargetLowering23LowerToTLSEmulatedModelEPKNS_19GlobalAddressSDNodeERNS_12SelectionDAGE+0xfb)[0x7fb43868f5cb]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(+0x2aff3d4)[0x7fb43a0483d4]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(+0x2b22613)[0x7fb43a06b613]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(+0xfd8c35)[0x7fb438521c35]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm12SelectionDAG8LegalizeEv+0x1f4)[0x7fb438521394]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm16SelectionDAGISel17CodeGenAndEmitDAGEv+0x455)[0x7fb43864c3e5]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm16SelectionDAGISel20SelectAllBasicBlocksERKNS_8FunctionE+0x17b2)[0x7fb43864b842]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm16SelectionDAGISel20runOnMachineFunctionERNS_15MachineFunctionE+0x7d1)[0x7fb438649541]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(+0x2ac25c5)[0x7fb43a00b5c5]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm19MachineFunctionPass13runOnFunctionERNS_8FunctionE+0x10e)[0x7fb4382b74ae]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm13FPPassManager13runOnFunctionERNS_8FunctionE+0x3b9)[0x7fb4380f2e39]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm13FPPassManager11runOnModuleERNS_6ModuleE+0x33)[0x7fb4380f84a3]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm6legacy15PassManagerImpl3runERNS_6ModuleE+0x3e0)[0x7fb4380f3480]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm5MCJIT10emitObjectEPNS_6ModuleE+0x120)[0x7fb4393f18e0]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm5MCJIT21generateCodeForModuleEPNS_6ModuleE+0x86)[0x7fb4393f1b76]
/lib/x86_64-linux-gnu/libLLVM-11.so.1(_ZN4llvm5MCJIT14finalizeObjectEv+0x13e)[0x7fb4393f25ae]
lli-11(main+0x222a)[0x41371a]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0x7fb43700f0b3]
lli-11(_start+0x2a)[0x410e1a]
Segmentation fault (core dumped)
and
$./xz.lifted
Segmentation fault (core dumped)
I also notice that it is not required to check if recompiled binaries work in CI/CD. I guess the walkthrough example may be out-of-date. Furthermore, I hope some latest examples can be updated and integrated into the CI/CD workflow.
Metadata
Metadata
Assignees
Labels
No labels