Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

non-deterministic decomplication of binaries/tests/x86_64/veritesting_skm #4761

Open
demoray opened this issue Aug 21, 2024 · 1 comment
Open

non-deterministic decomplication of binaries/tests/x86_64/veritesting_skm #4761

demoray opened this issue Aug 21, 2024 · 1 comment
Assignees
@ltfish
Labels
bug Something is broken

Comments

@demoray
Copy link
Contributor

demoray commented Aug 21, 2024
edited
Loading

The decompilation of binaries/tests/x86_64/veritesting_skm from the binaries repo is non-deterministic.

--- ../binaries/tests/x86_64/veritesting_skm func 4202928 baseline
+++ ../binaries/tests/x86_64/veritesting_skm func 4202928 attempt 2

@@ -8,7 +8,7 @@


 extern void* stdout;

-long long right_expr(unsigned long long a0[2])
+long long right_expr(unsigned long long *a0[2])
 {
     unsigned int v0;  // [bp-0x24]
     unsigned int v1;  // [bp-0x20]

--- ../binaries/tests/x86_64/veritesting_skm func 4203152 baseline
+++ ../binaries/tests/x86_64/veritesting_skm func 4203152 attempt 2

@@ -1,6 +1,6 @@

 extern void* stdout;

-long long factor(struct struct_0 **a0)
+long long factor(unsigned long long *a0[2])
 {
     unsigned int v0;  // [bp-0x28]
     unsigned int v1;  // [bp-0x24]

--- ../binaries/tests/x86_64/veritesting_skm func 4203392 baseline
+++ ../binaries/tests/x86_64/veritesting_skm func 4203392 attempt 2

@@ -8,7 +8,7 @@


 extern void* stdout;

-long long right_term(unsigned long long a0[2])
+long long right_term(struct struct_0 **a0)
 {
     unsigned int v0;  // [bp-0x24]
     unsigned int v1;  // [bp-0x20]

This was found using the script below via the command:

python deterministic.py ../binaries/tests/x86_64/veritesting_skm

#!/usr/bin/env python

import difflib
import logging
import sys
import os
from sortedcontainers import SortedDict

import angr
from angr.analyses.decompiler.decompilation_options import (
    PARAM_TO_OPTION,
    DecompilationOption,
)

logging.basicConfig(level=logging.CRITICAL, force=True)


def analyze_binary(binary_path):
    decompilation = SortedDict()

    try:
        project = angr.Project(binary_path, auto_load_libs=False)
        cfg = project.analyses.CFGFast(normalize=True)

        for function in cfg.functions.values():
            function.normalize()

            try:
                decomp = project.analyses.Decompiler(
                    func=function, cfg=cfg, options=[(PARAM_TO_OPTION["show_casts"], False)]
                )
                if decomp.codegen:
                    decompilation[function.addr] = decomp.codegen.text
            except Exception as e:
                print(e)

    except Exception as e:
        pass

    return decompilation


def check_file(file):
    result = None
    for i in range(3):
        print(f"{file} attempt {i}")
        latest = analyze_binary(file)
        if result is None:
            result = latest
        elif result != latest:
            for k in result:
                if k not in latest:
                    continue

                if result[k] == latest[k]:
                    continue

                for diff in difflib.unified_diff(
                    result[k].split("\n"),
                    latest[k].split("\n"),
                    fromfile=f"{file} func {k} baseline",
                    tofile=f"{file} func {k} attempt {i}",
                    n=3,
                ):
                    print(diff)
            return


def main():
    for file in sys.argv[1:]:
        if not os.path.isfile(file):
            continue
        check_file(file)


if __name__ == "__main__":
    main()
@ltfish ltfish self-assigned this Aug 28, 2024
@ltfish ltfish added the bug Something is broken label Aug 28, 2024
@ltfish
Copy link
Member

ltfish commented Aug 28, 2024

This is a problem with the type inference component (typehoon).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ltfish ltfish

Labels
bug Something is broken
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@demoray @ltfish