angr / pyvex Goto Github PK

View Code? Open in Web Editor NEW

324.0 324.0 111.0 1.37 MB

Python bindings for Valgrind's VEX IR.

License: BSD 2-Clause "Simplified" License

C 14.99% Python 84.20% Makefile 0.44% Shell 0.37%

pyvex's Introduction

PyVEX

PyVEX is Python bindings for the VEX IR.

Project Links

Project repository: https://github.com/angr/pyvex

Documentation: https://api.angr.io/projects/pyvex/en/latest/

Installing PyVEX

PyVEX can be pip-installed:

pip install pyvex

Using PyVEX

import pyvex
import archinfo

# translate an AMD64 basic block (of nops) at 0x400400 into VEX
irsb = pyvex.lift(b"\x90\x90\x90\x90\x90", 0x400400, archinfo.ArchAMD64())

# pretty-print the basic block
irsb.pp()

# this is the IR Expression of the jump target of the unconditional exit at the end of the basic block
print(irsb.next)

# this is the type of the unconditional exit (i.e., a call, ret, syscall, etc)
print(irsb.jumpkind)

# you can also pretty-print it
irsb.next.pp()

# iterate through each statement and print all the statements
for stmt in irsb.statements:
    stmt.pp()

# pretty-print the IR expression representing the data, and the *type* of that IR expression written by every store statement
import pyvex
for stmt in irsb.statements:
    if isinstance(stmt, pyvex.IRStmt.Store):
        print("Data:", end="")
        stmt.data.pp()
        print("")

        print("Type:", end="")
        print(stmt.data.result_type)
        print("")

# pretty-print the condition and jump target of every conditional exit from the basic block
for stmt in irsb.statements:
    if isinstance(stmt, pyvex.IRStmt.Exit):
        print("Condition:", end="")
        stmt.guard.pp()
        print("")

        print("Target:", end="")
        stmt.dst.pp()
        print("")

# these are the types of every temp in the IRSB
print(irsb.tyenv.types)

# here is one way to get the type of temp 0
print(irsb.tyenv.types[0])

Keep in mind that this is a syntactic respresentation of a basic block. That is, it'll tell you what the block means, but you don't have any context to say, for example, what actual data is written by a store instruction.

VEX Intermediate Representation

To deal with widely diverse architectures, it is useful to carry out analyses on an intermediate representation. An IR abstracts away several architecture differences when dealing with different architectures, allowing a single analysis to be run on all of them:

Register names. The quantity and names of registers differ between architectures, but modern CPU designs hold to a common theme: each CPU contains several general purpose registers, a register to hold the stack pointer, a set of registers to store condition flags, and so forth. The IR provides a consistent, abstracted interface to registers on different platforms. Specifically, VEX models the registers as a separate memory space, with integer offsets (i.e., AMD64's rax is stored starting at address 16 in this memory space).
Memory access. Different architectures access memory in different ways. For example, ARM can access memory in both little-endian and big-endian modes. The IR must abstracts away these differences.
Memory segmentation. Some architectures, such as x86, support memory segmentation through the use of special segment registers. The IR understands such memory access mechanisms.
Instruction side-effects. Most instructions have side-effects. For example, most operations in Thumb mode on ARM update the condition flags, and stack push/pop instructions update the stack pointer. Tracking these side-effects in an ad hoc manner in the analysis would be crazy, so the IR makes these effects explicit.

There are lots of choices for an IR. We use VEX, since the uplifting of binary code into VEX is quite well supported. VEX is an architecture-agnostic, side-effects-free representation of a number of target machine languages. It abstracts machine code into a representation designed to make program analysis easier. This representation has five main classes of objects:

Expressions. IR Expressions represent a calculated or constant value. This includes memory loads, register reads, and results of arithmetic operations.
Operations. IR Operations describe a modification of IR Expressions. This includes integer arithmetic, floating-point arithmetic, bit operations, and so forth. An IR Operation applied to IR Expressions yields an IR Expression as a result.
Temporary variables. VEX uses temporary variables as internal registers: IR Expressions are stored in temporary variables between use. The content of a temporary variable can be retrieved using an IR Expression. These temporaries are numbered, starting at t0. These temporaries are strongly typed (i.e., "64-bit integer" or "32-bit float").
Statements. IR Statements model changes in the state of the target machine, such as the effect of memory stores and register writes. IR Statements use IR Expressions for values they may need. For example, a memory store IR Statement uses an IR Expression for the target address of the write, and another IR Expression for the content.
Blocks. An IR Block is a collection of IR Statements, representing an extended basic block (termed "IR Super Block" or "IRSB") in the target architecture. A block can have several exits. For conditional exits from the middle of a basic block, a special Exit IR Statement is used. An IR Expression is used to represent the target of the unconditional exit at the end of the block.

VEX IR is actually quite well documented in the libvex_ir.h file (https://github.com/angr/vex/blob/dev/pub/libvex_ir.h) in the VEX repository. For the lazy, we'll detail some parts of VEX that you'll likely interact with fairly frequently. To begin with, here are some IR Expressions:

IR Expression	Evaluated Value	VEX Output Example
Constant	A constant value.	0x4:I32
Read Temp	The value stored in a VEX temporary variable.	RdTmp(t10)
Get Register	The value stored in a register.	GET:I32(16)
Load Memory	The value stored at a memory address, with the address specified by another IR Expression.	LDle:I32 / LDbe:I64
Operation	A result of a specified IR Operation, applied to specified IR Expression arguments.	Add32
If-Then-Else	If a given IR Expression evaluates to 0, return one IR Expression. Otherwise, return another.	ITE
Helper Function	VEX uses C helper functions for certain operations, such as computing the conditional flags registers of certain architectures. These functions return IR Expressions.	function_name()

These expressions are then, in turn, used in IR Statements. Here are some common ones:

IR Statement	Meaning	VEX Output Example
Write Temp	Set a VEX temporary variable to the value of the given IR Expression.	WrTmp(t1) = (IR Expression)
Put Register	Update a register with the value of the given IR Expression.	PUT(16) = (IR Expression)
Store Memory	Update a location in memory, given as an IR Expression, with a value, also given as an IR Expression.	STle(0x1000) = (IR Expression)
Exit	A conditional exit from a basic block, with the jump target specified by an IR Expression. The condition is specified by an IR Expression.	if (condition) goto (Boring) 0x4000A00:I32

An example of an IR translation, on ARM, is produced below. In the example, the subtraction operation is translated into a single IR block comprising 5 IR Statements, each of which contains at least one IR Expression (although, in real life, an IR block would typically consist of more than one instruction). Register names are translated into numerical indices given to the GET Expression and PUT Statement. The astute reader will observe that the actual subtraction is modeled by the first 4 IR Statements of the block, and the incrementing of the program counter to point to the next instruction (which, in this case, is located at 0x59FC8) is modeled by the last statement.

The following ARM instruction:

subs R2, R2, #8

Becomes this VEX IR:

t0 = GET:I32(16)
t1 = 0x8:I32
t3 = Sub32(t0,t1)
PUT(16) = t3
PUT(68) = 0x59FC8:I32

Cool stuff!

Citing PyVEX

If you use PyVEX in an academic work, please cite the paper for which it was developed:

@article{shoshitaishvili2015firmalice,
  title={Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware},
  author={Shoshitaishvili, Yan and Wang, Ruoyu and Hauser, Christophe and Kruegel, Christopher and Vigna, Giovanni},
  booktitle={NDSS},
  year={2015}
}

pyvex's People

Contributors

Stargazers

Watchers

Forkers

rmallof ltfish cherry-wb cryptolab badnack crowell chubbymaggie mimirswell dpc-grindland zhuyue1314 avain maxi1192 hebnern amlweems pombredanne bannsec yu-chenchang shadown imanadib leesorang2 windhl xybsoft steven-hh-ding dovf drone29a ppepos samanehsamaneh idkwim f0rki dark-lbp 0xbc mattz0rt techlord-rce crazyhatfish tyb0807 yuedeji qwaz fmagin yhzx2013 mic92 lixuan2416 milesqli grant-h orf53975 carbonara-project artemshypotilov bennofs deforanetworks donndonn bob123456678 kingloko fiberx kudushares shensq04 mephi42 jeffli678 viaccess-orca donggeliu danse-macabre huntdog1541 hidde-jan zyw-200 saullocarvalho summershrimp zarchop zyc1314 valour01 binaryflesh shingarov datadancer twizmwazin saagarjha 5l1v3r1 blackcat-pentest shuixi2013 pwnslinger flyn-org degrigis guardianrg lsmatpackrat ambuj-dubey zhouxuan009 anfieldqi meltingscales ulugbekna yangjietadie rebelwings pascal-0x90 usc-isi-bass matthewpruett samkenxstream x213212 alvinkuruvilla bezbru he32 grzonka capuanob mayhemheroes minhaj-rahat alikates

pyvex's Issues

ArchPPC32 has incorrect PC register number

I'm attempting to obtain the Intermediate Representation for the PPC32 architecture (little endian), however when parsing the output, I'm getting an incorrect register number for what appears to be the PC register. The output is shown below. The register number 1168 is returned instead of the correct 1160.
I'm running python 2.7.10 on Ubuntu 15.10 and installed pyvex using the recommended "pip install pyvex".

>>> import archinfo,pyvex
>>> pyvex.IRSB('\x20\x00\x80\x4e', 0x80000, archinfo.ArchPPC32()).pp()
IRSB {
   t0:Ity_I32 t1:Ity_I32 t2:Ity_I32 t3:Ity_I32 t4:Ity_I32 t5:Ity_I32 t6:Ity_I32 t7:Ity_I32 t8:Ity_I32 t9:Ity_I1 t10:Ity_I32

   00 | IR-NoOp
   01 | IR-NoOp
   02 | IR-NoOp
   03 | IR-NoOp
   04 | IR-NoOp
   05 | IR-NoOp
   06 | IR-NoOp
   07 | IR-NoOp
   08 | IR-NoOp
   09 | IR-NoOp
   10 | IR-NoOp
   11 | IR-NoOp
   12 | IR-NoOp
   13 | IR-NoOp
   14 | IR-NoOp
   15 | ------ IMark(0x80000, 4, 0) ------
   16 | t4 = 0xffffffff
   17 | t1 = t4
   18 | t5 = 0x00000001
   19 | t2 = t5
   20 | t0 = And32(t2,t1)
   21 | t8 = GET:I32(lr)
   22 | t7 = And32(t8,0xfffffffc)
   23 | t3 = t7
   24 | t9 = CmpEQ32(t0,0x00000000)
   25 | if (t9) { PUT(1168) = 0x80004; Ijk_Boring }
   26 | PUT(1168) = t3
   27 | t10 = GET:I32(1168)
   NEXT: PUT(1168) = t10; Ijk_Ret
}
>>> archinfo.ArchPPC32().translate_register_name(1168)
'1168'
>>> archinfo.ArchPPC32().registers['pc']
(1160, 4)
>>> archinfo.ArchPPC32().registers['ip']
(1160, 4)

Support for s390

Hi!

I plan to use pyvex for a project of mine (http://github.com/joxeankoret/diaphora), basically, to have an intermediate language that can be used to diff programs for different CPUs. Do you have any plan in supporting s390?

This CPU, s390, is actually supported by both VEX and Capstone (SystemZ) so, I guess, that adding it should be as easy as adding a s390 architecture definition python file for the archinfo package.

Segmentation fault in PyVex

Segmentation fault(), the information I was able to gather (as far now) are below listed:
python: malloc.c:4108: _int_free: Assertion `p->bk_nextsize->fd_nextsize == p' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff68e0425 in raise () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0 0x00007ffff68e0425 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff68e3b8b in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007ffff692815d in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007ffff6929ef3 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#4 0x000000000054875d in ?? ()
#5 0x0000000000458d13 in ?? ()
#6 0x0000000000548ba7 in ?? ()
#7 0x000000000054878d in ?? ()
#8 0x0000000000458d13 in ?? ()
#9 0x0000000000548ba7 in ?? ()
#10 0x000000000054878d in ?? ()
#11 0x0000000000458d13 in ?? ()
#12 0x0000000000548ba7 in ?? ()
#13 0x000000000054878d in ?? ()
#14 0x0000000000458d13 in ?? ()
#15 0x0000000000548ba7 in ?? ()
#16 0x000000000054878d in ?? ()
#17 0x0000000000458d13 in ?? ()
#18 0x0000000000548ba7 in ?? ()
#19 0x000000000054878d in ?? ()
#20 0x0000000000458d13 in ?? ()
#21 0x0000000000548ba7 in ?? ()
#22 0x000000000054878d in ?? ()
#23 0x0000000000458d13 in ?? ()
#24 0x000000000054845c in ?? ()
#25 0x000000000054878d in ?? ()
#26 0x0000000000458d13 in ?? ()
#27 0x0000000000548212 in ?? ()
#28 0x000000000054b336 in ?? ()
#29 0x000000000054b39c in ?? ()
#30 0x0000000000555d65 in ?? ()
#31 0x00000000004bef09 in PyDict_SetItem ()
#32 0x00000000004fdecf in PySys_SetObject ()
#33 0x000000000048a64e in PyEval_EvalFrameEx ()
#34 0x0000000000486e02 in PyEval_EvalFrameEx ()
#35 0x000000000048d930 in PyEval_EvalCodeEx ()
#36 0x0000000000486bb8 in PyEval_EvalFrameEx ()
#37 0x0000000000486e02 in PyEval_EvalFrameEx ()
#38 0x000000000048d930 in PyEval_EvalCodeEx ()
#39 0x00000000004246a1 in PyRun_FileExFlags ()
#40 0x000000000042492e in PyRun_SimpleFileExFlags ()
#41 0x0000000000425cb6 in Py_Main ()
#42 0x00007ffff68cb76d in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#43 0x000000000041bb31 in _start ()

According a brief search in Internet it seems that there is a writing attempt outside the space of the program.

vex: priv/guest_arm_toIR.c:14699 (disInstr_ARM_WRK): Assertion `0 == (guest_R15_curr_instr_notENC & 3)' failed

I get a vex: priv/guest_arm_toIR.c:14699 (disInstr_ARM_WRK): Assertion '0 == (guest_R15_curr_instr_notENC & 3)' failed error when trying to translate:

0x62 MOVS            R0, R0 2
0x64 LSLS            R4, R7, #7 2
0x66 MOVS            R0, R0 2
0x68 LSLS            R4, R3, #8 2
0x6a MOVS            R0, R0 2
0x6c MOVS            R6, R0 2
0x6e MOVS            R0, R0 2
0x70 STRH            R0, [R0] 2

Any thoughts?

Can you give a sample example for extracting IR

Hi,

Which instruction I have to use to extract IR for a whole x86 binary? It will be better for me if you could give me a simple example.
Thank you.

Using pyvex for transformations/instrumentation

Hello, currently pyvex makes a call into C code to create an IRSB. That IRSB and its components (IRStmt, etc) are exposed as Python objects, but there doesn't seem to be a way to create an empty IRSB or construct IRStmt instances not backed by guest machine instructions.

I'd like to modify IRSBs, IRStmts, and IRExprs generated from code as well as programmatically generating instances without backing code. Is this functionality within the scope of pyvex? I'm happy to work on it and submit a patch, if so.

Testcases needed

We need actual real testcases.

error: [Errno 2] No such file or directory: 'pyvex_c'

Hi People,

I have this pyvex_c issue for a whole day. I tried 'pip install angr' in Mac OS X Yosemite and Ubuntu 15.10 after upgrading pip to the latest version. I ran in virtualevn as instructed by the installation guide. I still have this pyvex error as shown below. I've been struggling with this all day. I hope someone can answer this question.

Much appreciated,
Sean

...

...
cc -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fPIC -w -g -O2 -fstrict-aliasing -Ipub -Ipriv -o priv/guest_ppc_toIR.o
-c priv/guest_ppc_toIR.c
cc -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fPIC -w -g -O2 -fstrict-aliasing -Ipub -Ipriv -o priv/guest_s390_toIR.o
-c priv/guest_s390_toIR.c
cc -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fPIC -w -g -O2 -fstrict-aliasing -Ipub -Ipriv -o priv/guest_mips_toIR.o
-c priv/guest_mips_toIR.c
cc -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fPIC -w -g -O2 -fstrict-aliasing -Ipub -Ipriv -o priv/e4c_lite.o
-c priv/e4c_lite.c
rm -f libvex.a
ar crus libvex.a priv/ir_defs.o priv/ir_match.o priv/ir_opt.o priv/ir_inject.o priv/main_main.o priv/main_globals.o priv/main_util.o priv/s390_disasm.o priv/host_x86_defs.o priv/host_amd64_defs.o priv/host_arm_defs.o priv/host_arm64_defs.o priv/host_ppc_defs.o priv/host_s390_defs.o priv/host_mips_defs.o priv/host_x86_isel.o priv/host_amd64_isel.o priv/host_arm_isel.o priv/host_arm64_isel.o priv/host_ppc_isel.o priv/host_s390_isel.o priv/host_mips_isel.o priv/host_generic_maddf.o priv/host_generic_regs.o priv/host_generic_simd64.o priv/host_generic_simd128.o priv/host_generic_simd256.o priv/host_generic_reg_alloc2.o priv/guest_generic_x87.o priv/guest_generic_bb_to_IR.o priv/guest_x86_helpers.o priv/guest_amd64_helpers.o priv/guest_arm_helpers.o priv/guest_arm64_helpers.o priv/guest_ppc_helpers.o priv/guest_s390_helpers.o priv/guest_mips_helpers.o priv/guest_x86_toIR.o priv/guest_amd64_toIR.o priv/guest_arm_toIR.o priv/guest_arm64_toIR.o priv/guest_ppc_toIR.o priv/guest_s390_toIR.o priv/guest_mips_toIR.o priv/e4c_lite.o
ar: u' modifier ignored sinceD' is the default (see `U')
make[1]: Leaving directory '/tmp/pip-build-Ttv72W/pyvex/vex-dev'
Building pyvex-static
error: [Errno 2] No such file or directory: 'pyvex_c'

----------------------------------------

Command "/home/server/.virtualenvs/angr/bin/python2 -c "import setuptools, tokenize;file='/tmp/pip-build-Ttv72W/pyvex/setup.py';exec(compile(getattr(tokenize, 'open', open)(file).read().replace('\r\n', '\n'), file, 'exec'))" install --record /tmp/pip-DGkElC-record/install-record.txt --single-version-externally-managed --compile --install-headers /home/server/.virtualenvs/angr/include/site/python2.7/pyvex" failed with error code 1 in /tmp/pip-build-Ttv72W/pyvex

pyvex build fails - "No such file or directory: 'pyvex_c'"

I was installing angr via "pip install angr". During the process of building pyvex I encountered the following error:

Running setup.py install for pyvex
  Running command ~/.virtualenvs/angr/bin/python2.7 -c "import setuptools;__file__='~/.virtualenvs/angr/build/pyvex/setup.py';execfile(__file__)" install --single-version-externally-managed --record /tmp/pip-3igx0L-record/install-record.txt --install-headers ~/.virtualenvs/angr/include/site/python2.7
  running install
  running build
  Building libVEX
  EXTRA_CFLAGS="-fPIC -w" make -f Makefile-gcc
  make[1]: Entering directory `~/.virtualenvs/angr/build/pyvex/vex-dev'
  cc -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fPIC -w -g -O2 -fstrict-aliasing -Ipub -Ipriv -o priv/ir_defs.o \
                       -c priv/ir_defs.c

  . . . <snip> . . .

  cc -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fPIC -w -g -O2 -fstrict-aliasing -Ipub -Ipriv -o priv/e4c_lite.o \
                     -c priv/e4c_lite.c
  rm -f libvex.a
  ar crus libvex.a priv/ir_defs.o priv/ir_match.o priv/ir_opt.o priv/ir_inject.o priv/main_main.o priv/main_globals.o priv/main_util.o priv/s390_disasm.o priv/host_x86_defs.o priv/host_amd64_defs.o priv/host_arm_defs.o priv/host_arm64_defs.o priv/host_ppc_defs.o priv/host_s390_defs.o priv/host_mips_defs.o priv/host_x86_isel.o priv/host_amd64_isel.o priv/host_arm_isel.o priv/host_arm64_isel.o priv/host_ppc_isel.o priv/host_s390_isel.o priv/host_mips_isel.o priv/host_generic_maddf.o priv/host_generic_regs.o priv/host_generic_simd64.o priv/host_generic_simd128.o priv/host_generic_simd256.o priv/host_generic_reg_alloc2.o priv/guest_generic_x87.o priv/guest_generic_bb_to_IR.o priv/guest_x86_helpers.o priv/guest_amd64_helpers.o priv/guest_arm_helpers.o priv/guest_arm64_helpers.o priv/guest_ppc_helpers.o priv/guest_s390_helpers.o priv/guest_mips_helpers.o priv/guest_x86_toIR.o priv/guest_amd64_toIR.o priv/guest_arm_toIR.o priv/guest_arm64_toIR.o priv/guest_ppc_toIR.o priv/guest_s390_toIR.o priv/guest_mips_toIR.o priv/e4c_lite.o

  make[1]: Leaving directory `~/.virtualenvs/angr/build/pyvex/vex-dev'

  Building pyvex-static

  error: [Errno 2] No such file or directory: 'pyvex_c'

pyvex OSX build failed

pyvex's version is so confuse,i'm be crazy!

error: no member named 'arm64_allow_reordered_writeback' in 'VexControl'
vc.arm64_allow_reordered_writeback = 0;

Unable to Install pyvex

Hi,

I am unable to install pyvex on my machine(ubuntu 14.04), I am using pip for installation, and this machine is behind a proxy.

Following is the error message.

`naveen@CRD:~$ sudo pip install --proxy=http://xxxxx:xxxxx@xxxxx:80 pyvex
Downloading/unpacking pyvex
Downloading pyvex-4.6.1.27.tar.gz (5.4MB): 5.4MB downloaded
Running setup.py (path:/tmp/pip_build_root/pyvex/setup.py) egg_info for package pyvex
Traceback (most recent call last):
File "", line 17, in
File "/tmp/pip_build_root/pyvex/setup.py", line 20, in
v.write(urllib2.urlopen(VEX_URL).read())
File "/usr/lib/python2.7/urllib2.py", line 127, in urlopen
return _opener.open(url, data, timeout)
File "/usr/lib/python2.7/urllib2.py", line 404, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 422, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1222, in https_open
return self.do_open(httplib.HTTPSConnection, req)
File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [Errno 104] Connection reset by peer>
Complete output from command python setup.py egg_info:
Traceback (most recent call last):

File "", line 17, in

File "/tmp/pip_build_root/pyvex/setup.py", line 20, in

v.write(urllib2.urlopen(VEX_URL).read())

File "/usr/lib/python2.7/urllib2.py", line 127, in urlopen

return _opener.open(url, data, timeout)

File "/usr/lib/python2.7/urllib2.py", line 404, in open

response = self._open(req, data)

File "/usr/lib/python2.7/urllib2.py", line 422, in _open

'_open', req)

File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain

result = func(*args)

File "/usr/lib/python2.7/urllib2.py", line 1222, in https_open

return self.do_open(httplib.HTTPSConnection, req)

File "/usr/lib/python2.7/urllib2.py", line 1184, in do_open

raise URLError(err)

urllib2.URLError: <urlopen error [Errno 104] Connection reset by peer>

Cleaning up...
Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_root/pyvex
Storing debug log for failure in /home/naveen/.pip/pip.log
`

How to identify functions parameters?

Hi,
suppose I have a .c file with the following code:

#include<stdlib.h>

int main() {
        malloc(30);
}

The VEX IR for the first block would be

IRSB {
  t0|Ity_I64 t1|Ity_I64 t2|Ity_I64 t3|Ity_I64 t4|Ity_I64 t5|Ity_I64 t6|Ity_I64 t7|Ity_I64 t8|Ity_I64 t9|Ity_I64 t10|Ity_I64 t11|Ity_I64 t12|Ity_I64 t13|Ity_I64
  00 | ------ IMark(0x4004e0, 1, 0) ------
  01 | t0 = GET|I64(bp)
  02 | t8 = GET|I64(rsp)
  03 | t7 = Sub64(t8,0x0000000000000008)
  04 | PUT(rsp) = t7
  05 | STle(t7) = t0
  06 | ------ IMark(0x4004e1, 3, 0) ------
  07 | PUT(bp) = t7
  08 | ------ IMark(0x4004e4, 4, 0) ------
  09 | t2 = Sub64(t7,0x0000000000000010)
  10 | PUT(cc_op) = 0x0000000000000008
  11 | PUT(cc_dep1) = t7
  12 | PUT(cc_dep2) = 0x0000000000000010
  13 | ------ IMark(0x4004e8, 10, 0) ------
  14 | PUT(rdi) = 0x000000000000001e
  15 | PUT(pc) = 0x00000000004004f2
  16 | ------ IMark(0x4004f2, 5, 0) ------
  17 | t10 = Sub64(t2,0x0000000000000008)
  18 | PUT(rsp) = t10
  19 | STle(t10) = 0x00000000004004f7
  20 | t12 = Sub64(t10,0x0000000000000080)
  21 | ====== AbiHint(0xt12, 128, 0x00000000004003c0) ======
  NEXT| PUT(rip) = 0x00000000004003c0; Ijk_Call

Obv rdi is the register containing the parameter but how can i identify it in real time?

Thanks

Incorrect MIPS 32 Intermediate Representation

I'm attempting to obtain the Intermediate Representation for the MIPS32 architecture (little endian), but it appears that I'm getting incorrect results. For instance, for the instruction "jr $ra" doesn't set the pc register to $ra. The output is shown below. It appears to be missing a "PUT(pc) = t0" statement.

I'm running python 2.7.10 on Ubuntu 15.10 and installed pyvex using the recommended "pip install pyvex".

>>> import pyvex, archinfo
>>> pyvex.IRSB('\x08\x00\xE0\x03', 0x40000, archinfo.ArchMIPS32()).pp()
IRSB {
   t0:Ity_I32 t1:Ity_I32

   00 | IR-NoOp
   01 | IR-NoOp
   02 | IR-NoOp
   03 | IR-NoOp
   04 | IR-NoOp
   05 | IR-NoOp
   06 | IR-NoOp
   07 | IR-NoOp
   08 | IR-NoOp
   09 | IR-NoOp
   10 | IR-NoOp
   11 | IR-NoOp
   12 | IR-NoOp
   13 | IR-NoOp
   14 | IR-NoOp
   15 | ------ IMark(0x40000, 4, 0) ------
   16 | t0 = GET:I32(ra)
   17 | PUT(pc) = 0x00040004
   18 | t1 = GET:I32(pc)
   NEXT: PUT(pc) = t1; Ijk_Boring
}

Unknown error generating cffi file

Hi!

I'm trying to build PyVex in Ubuntu 14.04 (32bits) and I'm getting the following error:

$ python setup.py build
Proper 'develop' support unavailable.
/usr/lib/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'install_requires'
  warnings.warn(msg)
running build
Building libVEX
EXTRA_CFLAGS="-fPIC -w" make -f Makefile-gcc
make[1]: Entering directory `/path/to/pyvex/vex-dev'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/path/to/pyvex/vex-dev'
Building pyvex-static
make: `pyvex_static.so' is up to date.
Creating CFFI defs file
No handlers could be found for logger "cffier"
Traceback (most recent call last):
  File "make_ffi.py", line 77, in <module>
    doit(sys.argv[1])
  File "make_ffi.py", line 67, in doit
    new_good = find_good_scan(good, remaining[1:])
  File "make_ffi.py", line 51, in find_good_scan
    return find_good_scan(known_good, questionable[:fail-2-len(known_good)])
  File "make_ffi.py", line 49, in find_good_scan
    raise Exception("Unknown error")
Exception: Unknown error
error: Unable to generate cffi file.

Am I doing something wrong? Thanks!

ArchPPC32 has incorrect Counter register number

Similar to issue #27, the Counter register is represented by the a number rather than register name. See below for the IR instructions decoding a "mtctr r0" instruction in big endian PowerPC. Unlike issue #27 though, this is less problematic as the counter register is architecture specific anyway.

>>> pyvex.IRSB('\x7c\x09\x03\xa6', 0x40000, archinfo.arch_from_id('PPC32')).pp()
IRSB {
   t0:Ity_I32 t1:Ity_I32

   00 | IR-NoOp
   01 | IR-NoOp
   02 | IR-NoOp
   03 | IR-NoOp
   04 | IR-NoOp
   05 | IR-NoOp
   06 | IR-NoOp
   07 | IR-NoOp
   08 | IR-NoOp
   09 | IR-NoOp
   10 | IR-NoOp
   11 | IR-NoOp
   12 | IR-NoOp
   13 | IR-NoOp
   14 | IR-NoOp
   15 | ------ IMark(0x40000, 4, 0) ------
   16 | t0 = GET:I32(r0)
   17 | PUT(1176) = t0
   18 | PUT(pc) = 0x00040004
   19 | t1 = GET:I32(pc)
   NEXT: PUT(pc) = t1; Ijk_Boring
}

Pyvex errors on 32 bit linux

I was testing angr in a 32 bit kali vm and noticed that no functions were being found by any CFG. During troubleshooting with @ltfish he found that it was a problem with pyvex on my 32 bit version of linux.

(angr) root@kali:~# cat testpyvex.py 
import pyvex
import archinfo
pyvex.IRSB("\xc3", 0, archinfo.arch_from_id('X86')).pp()
(angr) root@kali:~# python testpyvex.py 
Traceback (most recent call last):
  File "testpyvex.py", line 3, in <module>
    pyvex.IRSB("\xc3", 0, archinfo.arch_from_id('X86')).pp()
  File "/root/.virtualenvs/angr/local/lib/python2.7/site-packages/pyvex/block.py", line 60, in __init__
    lift(self, data, num_bytes, num_inst, bytes_offset, traceflags)
  File "/root/.virtualenvs/angr/local/lib/python2.7/site-packages/pyvex/lift/__init__.py", line 88, in lift
    raise PyVEXError('\n\n'.join(errors))
pyvex.errors.PyVEXError: vex: priv/main_main.c:619 (LibVEX_Translate): Assertion `0 == sizeof(VexGuestX86State) % LibVEX_GUEST_STATE_ALIGN' failed

Unable to import angr after successful installation in MAC

I installed angr framework with pip install angr

And when I tried importing angr, it gives me below error. Is there anything I'm missing?

import angr
Traceback (most recent call last):
File "", line 1, in
File "/Library/Python/2.7/site-packages/angr/init.py", line 7, in
from .project import *
File "/Library/Python/2.7/site-packages/angr/project.py", line 11, in
import simuvex
File "/Library/Python/2.7/site-packages/simuvex/init.py", line 9, in
from .s_state import SimState
File "/Library/Python/2.7/site-packages/simuvex/s_state.py", line 11, in
import claripy
File "/Library/Python/2.7/site-packages/claripy/init.py", line 17, in
from . import backends as _backends_module
File "/Library/Python/2.7/site-packages/claripy/backends/init.py", line 1, in
from .backend_z3 import BackendZ3
File "/Library/Python/2.7/site-packages/claripy/backends/backend_z3.py", line 45, in
raise ClaripyZ3Error("Unable to find %s", z3_library_file)
claripy.errors.ClaripyZ3Error: ('Unable to find %s', 'libz3.dylib')

install fails on arch linux because "cl" command exists, but is something different

I'm having trouble getting the latest pyvex to work on arch linux. I'm using a virtualenv. Install works fine with pip. When I try to import pyvex, I get the following error:

$ python -c 'import pyvex'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "~/.virtualenvs/pyvex/lib/python2.7/site-packages/pyvex/__init__.py", line 31, in <module>
    pvc = _find_c_lib()
  File "~/.virtualenvs/pyvex/lib/python2.7/site-packages/pyvex/__init__.py", line 23, in _find_c_lib
    ffi.cdef(_ffi_str)
  File "~/.virtualenvs/pyvex/lib/python2.7/site-packages/cffi/api.py", line 105, in cdef
    self._cdef(csource, override=override, packed=packed)
  File "~/.virtualenvs/pyvex/lib/python2.7/site-packages/cffi/api.py", line 119, in _cdef
    self._parser.parse(csource, override=override, **options)
  File "~/.virtualenvs/pyvex/lib/python2.7/site-packages/cffi/cparser.py", line 299, in parse
    self._internal_parse(csource)
  File "~/.virtualenvs/pyvex/lib/python2.7/site-packages/cffi/cparser.py", line 304, in _internal_parse
    ast, macros, csource = self._parse(csource)
  File "~/.virtualenvs/pyvex/lib/python2.7/site-packages/cffi/cparser.py", line 262, in _parse
    self.convert_pycparser_error(e, csource)
  File "~/.virtualenvs/pyvex/lib/python2.7/site-packages/cffi/cparser.py", line 291, in convert_pycparser_error
    raise api.CDefError(msg)
cffi.api.CDefError: cannot parse "extern VexControl vex_control;"
:3:19: before: vex_control

Apparently the file _ffi_str variable contains only the string "extern VexControl vex_control;".

After some digging I came to the conclusion that the issues is in make_ffi.py#L58. The first tried command is cl. This is a binary that does something completely different (apparently part of the cliquer package) on my system.
This fails silently as there is no check for Popen.returncode. Maybe using subprocess.check_output would be better suited here, since it throws an exception on non-zero exit status?

After switching cmd1 and cmd2, it properly generates the file (with pip install -e .). But I guess this might break other systems...

Fails to install for Mac OS X [stdio.h missing]

I'm trying to install angr on my my Mac, but when pyrex is to be installed, it fails. More specifically, paved-static fails, and gives the error message:

Building pyvex-static
gcc -O2 -shared -fPIC -I.././vex-master/pub --std=c99 -o libpyvex.dylib pyvex.c logging.c .././vex-master/libvex.a -Wl,-install_name,libpyvex.dylib
gcc: warning: couldn’t understand kern.osversion ‘16.0.0
pyvex.c:20:19: fatal error: stdio.h: No such file or directory
#include <stdio.h>
^
compilation terminated.
logging.c:3:19: fatal error: stdio.h: No such file or directory
#include <stdio.h>
^
compilation terminated.
make: *** [libpyvex.dylib] Error 1
error: Unable to build pyvex-static.

Failed building wheel for pyvex
Running setup.py clean for pyvex
Failed to build pyvex
Installing collected packages: pyvex
Running setup.py install for pyvex ... error
Complete output from command /Users/***/anaconda/envs/sechac/bin/python -u -c "import setuptools, tokenize;file='/private/var/folders/ch/wbqzf6z51gx086gw118yv0qr0000gn/T/pip-build-bNmIkU/pyvex/setup.py';exec(compile(getattr(tokenize, 'open', open)(file).read().replace('\r\n', '\n'), file, 'exec'))" install --record /var/folders/ch/wbqzf6z51gx086gw118yv0qr0000gn/T/pip-hWEblB-record/install-record.txt --single-version-externally-managed --compile:
running install
running build
Building libVEX
EXTRA_CFLAGS="-fPIC -w " make -f Makefile-gcc
make[1]: Nothing to be done for `all'.
Building pyvex-static
gcc -O2 -shared -fPIC -I.././vex-master/pub --std=c99 -o libpyvex.dylib pyvex.c logging.c .././vex-master/libvex.a -Wl,-install_name,libpyvex.dylib
gcc: warning: couldn’t understand kern.osversion ‘16.0.0
pyvex.c:20:19: fatal error: stdio.h: No such file or directory
#include <stdio.h>
^
compilation terminated.
logging.c:3:19: fatal error: stdio.h: No such file or directory
#include <stdio.h>
^
compilation terminated.
make: ** [libpyvex.dylib] Error 1
error: Unable to build pyvex-static.

----------------------------------------

Command "/Users/user/anaconda/envs/sechac/bin/python -u -c "import setuptools, tokenize;file='/private/var/folders/ch/wbqzf6z51gx086gw118yv0qr0000gn/T/pip-build-bNmIkU/pyvex/setup.py';exec(compile(getattr(tokenize, 'open', open)(file).read().replace('\r\n', '\n'), file, 'exec'))" install --record /var/folders/ch/wbqzf6z51gx086gw118yv0qr0000gn/T/pip-hWEblB-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /private/var/folders/ch/wbqzf6z51gx086gw118yv0qr0000gn/T/pip-build-bNmIkU/pyvex/

is the system "angr" can run in windows?

when i install in windows 7 x86

i use pip install all the packages,when i
import angr

there will be a errno, C:\python27\lib\pyvex_static.so is a errno image,when i use setup.py install pyvex ,there always a errno

so i don't known what i can do to solve the problem

when i install in ubuntu 14.04 x64

xx@xx-virtual-machine:~/project$ python helloword.py
Warning: FastBinaryTree not available, using Python version BinaryTree.
Warning: FastAVLTree not available, using Python version AVLTree.
Warning: FastRBTree not available, using Python version RBTree.
Traceback (most recent call last):
File "helloword.py", line 2, in
proj= angr.Project("hellowordx64")
File "/usr/local/lib/python2.7/dist-packages/angr/project.py", line 152, in init
self._simos.configure_project()
File "/usr/local/lib/python2.7/dist-packages/angr/simos.py", line 125, in configure_project
super(SimLinux, self).configure_project()
File "/usr/local/lib/python2.7/dist-packages/angr/simos.py", line 42, in configure_project
self.proj.loader.perform_irelative_relocs(irelative_resolver)
File "/usr/local/lib/python2.7/dist-packages/cle-4.5.11.23-py2.7.egg/cle/loader.py", line 704, in perform_irelative_relocs
val = resolver_func(resolver)
File "/usr/local/lib/python2.7/dist-packages/angr/simos.py", line 31, in irelative_resolver
val = resolver()
File "/usr/local/lib/python2.7/dist-packages/angr/surveyors/caller.py", line 41, in call_get_return_val
return self.get_call_results(_args)[0]
File "/usr/local/lib/python2.7/dist-packages/angr/surveyors/caller.py", line 74, in get_call_results
caller_end_unpruned = caller.step(until=lambda pg: len(pg.active) == 0, step_func=step_func if self._concrete_only else None).unstash(from_stash='deadended')
File "/usr/local/lib/python2.7/dist-packages/angr/path_group.py", line 536, in step
pg = pg._one_step(stash=stash, selector_func=selector_func, successor_func=successor_func, check_func=check_func, *_kwargs)
File "/usr/local/lib/python2.7/dist-packages/angr/path_group.py", line 342, in _one_step
r = self._one_path_step(a, successor_func=successor_func, check_func=check_func, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/angr/path_group.py", line 287, in _one_path_step
successors = a.step(**kwargs)
File "/usr/local/lib/python2.7/dist-packages/angr/path.py", line 221, in step
self._make_sim_run()
File "/usr/local/lib/python2.7/dist-packages/angr/path.py", line 246, in _make_sim_run
self._run = self._project.factory.sim_run(self.state, *_self._run_args)
File "/usr/local/lib/python2.7/dist-packages/angr/factory.py", line 117, in sim_run
r = self.sim_block(state, addr=addr, *_block_opts)
File "/usr/local/lib/python2.7/dist-packages/angr/factory.py", line 59, in sim_block
**block_opts)
File "/usr/local/lib/python2.7/dist-packages/angr/lifter.py", line 116, in lift
traceflags=traceflags)
File "/usr/local/lib/python2.7/dist-packages/pyvex-4.5.11.23-py2.7.egg/pyvex/init.py", line 136, in init
c_irsb = pvc.vex_block_bytes(vex_arch, arch.vex_archinfo, c_bytes + bytes_offset, mem_addr, num_bytes, 1)
KeyError: 'x86_cr0'

pyvex build fails - "No such file or directory: 'pyvex_c'"

Hi,
i'm using pip 1.7.2 and python 2.7 on ubuntu LTS x86_64.
Running the following commands, i get the error in the subject

mkvirtualenv angr
pip install angr

More info about the error:

Successfully built capstone pyelftools
Failed to build pyvex
Installing collected packages: plumbum, rpyc, idalink, pyelftools, capstone, archinfo, pefile, pycparser, cffi, cle, decorator, networkx, angr-z3, ana, claripy, mulpyplexer, futures, cooldict, dpkt-fix, bintrees, pyvex, simuvex, progressbar, angr
  Running setup.py install for pyvex
    Complete output from command /home/sid/.virtualenvs/angr/bin/python -c "import setuptools, tokenize;__file__='/tmp/pip-build-rPg6is/pyvex/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-Np5NGR-record/install-record.txt --single-version-externally-managed --compile --install-headers /home/sid/.virtualenvs/angr/include/site/python2.7/pyvex:
    running install
    running build
    Building libVEX
    EXTRA_CFLAGS="-fPIC -w" make -f Makefile-gcc
    make[1]: ingresso nella directory "/tmp/pip-build-rPg6is/pyvex/vex-dev"
    make[1]: Nessuna operazione da eseguire per "all".
    make[1]: uscita dalla directory "/tmp/pip-build-rPg6is/pyvex/vex-dev"
    Building pyvex-static
    error: [Errno 2] No such file or directory: 'pyvex_c'

thanks

How hard is it to compile a own version of valgrind vex and integrate it into pyvex?

Hello,

I was wondering how hard it is to use my own version of valgrind vex to use with pyvex? I have seen that you are using the vex version of angr/vex which has a lot of patches. Is it possible even possible to use my own valgrind version? What changes are necessary?

Kind regards
b4sic

Build of libVEX fails on Mac OS X with default Clang

The fix for #53 added the -malign-double compiler flag. Unfortunately this flag is not supported in the version of Clang (Apple LLVM version 8.0.0 (clang-800.0.42.1)) that ships with Mac OS X Sierra (10.12.3).

Current workarounds are either installing a newer version of Clang that supports the flag or to create a vex directory (copy vex-master in pyvex/) and removing the -malign-double flag from Makefile-gcc.

How to count function parameters?

Hi,
is there a way for counting a function parameters before this function is called?

Thanks

x86 Translation question 2

This:
lea rdi, [rsp+908h+var_878]

gets translated into this:

   16 | t26 = GET:I64(rsp)
   17 | t25 = Add64(t26,0x0000000000000090)
   18 | t0 = t25
   19 | PUT(rdi) = t0

which is all wrong. I guess it has something to do with the fact that I'm translating it directly (not as part of a procedure), but from what I've seen in angr, assembly is translated directly without the prefix of the procedure, and everything seems fine.

Any thoughts?

Thanks again!! :)

Apply thumb indent when lifting code of ARM

Hi,

I have tried to apply Thumb indent when lifting code of ARM, but failed.

I searched across the source code of pyvex, but failed to find a .py file which contains the word "THUMB"
I found that the class IRSB has a parameter "arch", so i tried to bind a "thumb" option to this parameter. My code looks like the following:
#-------start---------
import pyvex, archinfo

arch = archinfo.ArchARM()
arch.capstone_thumb()

pyvex.IRSB(code, address, arch, num_bytes = self.code_length, bytes_offset = offset)
#-----END-------
Unfortunately, i got an error message:
------------start---------------------
Traceback (most recent call last):
File "classifier_tests.py", line 399, in test_arm_jcc
arch.capstone_thumb()
TypeError: 'Cs' object is not callable
------------end---------------------

I don't know how to work around this problem. Could you give me some suggestions?

Thanks.

pyvex doesn't deep-copy some IRSBs properly in ARM, causing segfaults when VEX cleans the IRSBs up later

ARM's NOP gets a weird and long translation

>>> import pyvex
>>> import archinfo
>>> arch = archinfo.ArchARM()
>>> i = pyvex.IRSB(arch.nop_instruction, 0, arch)
>>> i.pp()
IRSB {
   t0:Ity_I32 t1:Ity_I32 t2:Ity_I32 t3:Ity_I32 t4:Ity_I32 t5:Ity_I32 t6:Ity_I32 t7:Ity_I32 t8:Ity_I32 t9:Ity_I32 t10:Ity_I32 t11:Ity_I32 t12:Ity_I32 t13:Ity_I1 t14:Ity_I32

   00 | ------ IMark(0x0, 4, 0) ------
   01 | t6 = GET:I32(cc_op)
   02 | t5 = Or32(t6,0x00000000)
   03 | t7 = GET:I32(cc_dep1)
   04 | t8 = GET:I32(cc_dep2)
   05 | t9 = GET:I32(cc_ndep)
   06 | t10 = armg_calculate_condition(t5,t7,t8,t9):Ity_I32
   07 | t0 = t10
   08 | t1 = GET:I32(r0)
   09 | t3 = GET:I32(r0)
   10 | t2 = t3
   11 | t4 = And32(t1,t2)
   12 | t12 = GET:I32(r0)
   13 | t13 = CmpNE32(t0,0x00000000)
   14 | t11 = ITE(t13,t4,t12)
   15 | PUT(r0) = t11
   16 | PUT(ip) = 0x00000004
   17 | t14 = GET:I32(ip)
   NEXT: PUT(pc) = t14; Ijk_Boring
}
>>>

Why?

endianness for ARM and MIPS should be configurable at runtime

Segmentation fault in PyVex

Here it is the backtrace:
#0 wrap_IRExpr (i=0x0) at pyvex/pyvex_irexpr.c:64
#1 0x00007ffff4a90155 in pyIRStmtCAS_get_expdHi (self=, closure=)

at pyvex/pyvex_irstmt.c:363

#2 0x00000000004bd718 in ?? ()
#3 0x00000000004c6d6a in _PyObject_GenericGetAttrWithDict ()
#4 0x00000000004662fe in PyEval_EvalFrameEx ()
#5 0x0000000000466a42 in PyEval_EvalFrameEx ()
#6 0x000000000057bd02 in PyEval_EvalCodeEx ()
#7 0x000000000057dcd0 in ?? ()
#8 0x00000000004bf2a6 in PyObject_Call ()
#9 0x00000000004a4b8a in ?? ()
#10 0x00000000004bf2a6 in PyObject_Call ()
#11 0x00000000004bf5a6 in PyEval_CallObjectWithKeywords ()
#12 0x00000000004ef31b in PyInstance_New ()
#13 0x00000000004bf2a6 in PyObject_Call ()
#14 0x00000000004668da in PyEval_EvalFrameEx ()
#15 0x0000000000466a42 in PyEval_EvalFrameEx ()
#16 0x000000000057bd02 in PyEval_EvalCodeEx ()
#17 0x000000000057de02 in ?? ()
#18 0x00000000004bf2a6 in PyObject_Call ()
#19 0x00000000004a4b8a in ?? ()
#20 0x00000000004bf2a6 in PyObject_Call ()
#21 0x00000000004bf5a6 in PyEval_CallObjectWithKeywords ()
#22 0x00000000004ef31b in PyInstance_New ()
#23 0x00000000004bf2a6 in PyObject_Call ()
#24 0x00000000004668da in PyEval_EvalFrameEx ()
#25 0x0000000000466a42 in PyEval_EvalFrameEx ()
#26 0x0000000000466a42 in PyEval_EvalFrameEx ()
#27 0x000000000057bd02 in PyEval_EvalCodeEx ()
#28 0x00000000004667f8 in PyEval_EvalFrameEx ()
#29 0x000000000057bd02 in PyEval_EvalCodeEx ()
#30 0x000000000057de02 in ?? ()
#31 0x00000000004bf2a6 in PyObject_Call ()
#32 0x0000000000467e60 in PyEval_EvalFrameEx ()
#33 0x000000000057bd02 in PyEval_EvalCodeEx ()
#34 0x00000000004667f8 in PyEval_EvalFrameEx ()
#35 0x0000000000466a42 in PyEval_EvalFrameEx ()
#36 0x0000000000466a42 in PyEval_EvalFrameEx ()
#37 0x0000000000466a42 in PyEval_EvalFrameEx ()
#38 0x0000000000466a42 in PyEval_EvalFrameEx ()
#39 0x0000000000466a42 in PyEval_EvalFrameEx ()
#40 0x0000000000466a42 in PyEval_EvalFrameEx ()
#41 0x0000000000466a42 in PyEval_EvalFrameEx ()
#42 0x000000000057bd02 in PyEval_EvalCodeEx ()
#43 0x000000000057c77d in PyRun_FileExFlags ()
#44 0x000000000057e4a1 in PyRun_SimpleFileExFlags ()
#45 0x0000000000512cfd in Py_Main ()
#46 0x00007ffff68cb76d in __libc_start_main (main=0x41ba20

, argc=2, ubp_av=0x7fffffffe418,

init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe408)
at libc-start.c:226

#47 0x000000000041ba51 in _start ()

The fault is due to a null value:
// wrap functionality
60 PyObject *wrap_IRExpr(IRExpr *i)
61 {
62 PyTypeObject *t = NULL;
63
64 switch (i->tag)
65 {

(gdb) p i
$1 = (IRExpr *) 0x0

If you need my binary, contact me.

Can't install pyvex on OSX

ld: unknown option: -soname
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [libpyvex.dylib] Error 1
error: Unable to build pyvex-static.

Failed building wheel for pyvex

It looks like "-soname" should replace with "-install_name" on OSX?

cffi starting to complain

We should figure out how to avoid this warning before it starts breaking stuff:

/usr/local/lib/python2.7/dist-packages/pyvex/block.py:Underwarning:implicit cast from 'char*' to a diffferent pointer type: will be forbidden in the future

IRSB VEX does not capture calls

Hi, big fan here!

Trying to use the IRSB class directly to translate bytes (extracted from IDA) to VEX.

When i try to translate the following:

        "push    rbp",
        "mov     rbp, rsp",
        "sub     rsp, 10h",
        "mov     [rbp+var_4], edi",
        "mov     edi, offset aHereWeGo; \"Here we go!\"",
        "call    _puts",
        "mov     eax, [rbp+var_4]",
        "imul    eax, 64h",
        "mov     esi, offset aYo ; \"Yo\"",
        "mov     edi, eax",
        "call    callee",
        "nop",
        "leave",
        "retn"

using pyvex.IRSB(bytes, 0x0000000000400623, cle.archinfo.arch.ArchAMD64()), i get the following VEX:

IR-NoOp
IR-NoOp
IR-NoOp
IR-NoOp
IR-NoOp
IR-NoOp
IR-NoOp
IR-NoOp
IR-NoOp
IR-NoOp
IR-NoOp
IR-NoOp
IR-NoOp
IR-NoOp
IR-NoOp
------ IMark(0x400622, 1, 0) ------
t0 = GET:I64(rbp)
t9 = GET:I64(rsp)
t8 = Sub64(t9,0x0000000000000008)
t1 = t8
PUT(rsp) = t1
STle(t1) = t0
PUT(rip) = 0x0000000000400623
------ IMark(0x400623, 3, 0) ------
t10 = GET:I64(rsp)
PUT(rbp) = t10
PUT(rip) = 0x0000000000400626
------ IMark(0x400626, 4, 0) ------
t4 = GET:I64(rsp)
t3 = 0x0000000000000010
t2 = Sub64(t4,t3)
PUT(cc_op) = 0x0000000000000008
PUT(cc_dep1) = t4
PUT(cc_dep2) = t3
PUT(rsp) = t2
PUT(rip) = 0x000000000040062a
------ IMark(0x40062a, 3, 0) ------
t12 = GET:I64(rbp)
t11 = Add64(t12,0xfffffffffffffffc)
t5 = t11
t14 = GET:I64(rdi)
t13 = 64to32(t14)
STle(t5) = t13
PUT(rip) = 0x000000000040062d
------ IMark(0x40062d, 5, 0) ------
t15 = 32Uto64(0x00400734)
PUT(rdi) = t15
PUT(rip) = 0x0000000000400632
------ IMark(0x400632, 5, 0) ------
t17 = GET:I64(rsp)
t16 = Sub64(t17,0x0000000000000008)
t6 = t16
PUT(rsp) = t6
STle(t6) = 0x0000000000400637
t7 = 0x0000000000400470
t18 = Sub64(t6,0x0000000000000080)
====== AbiHint(0xt18, 128, t7) ======
PUT(rip) = 0x0000000000400470
t19 = GET:I64(rip)

Which i guess is consistent, up to the point of calls.

Any idea where them calls at? Thanks!

Can't build on Mac

I initially tried installing angr via pip, but was getting an error about not being able to find pyvex_static.dylib. It seems that the pip package includes the linux pyvex_static.so instead of the mac dylib. So I tried building pyvex myself, but I am getting:

Installing collected packages: pyvex
  Running setup.py develop for pyvex
    Complete output from command /usr/local/opt/python/bin/python2.7 -c "import setuptools, tokenize; __file__='/Users/hebner/git/pyvex/setup.py'; exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" develop --no-deps:
    running develop
    Building libVEX
    EXTRA_CFLAGS="-fPIC -w" make -f Makefile-gcc
    make[1]: Nothing to be done for `all'.
    Building pyvex-static
    make: `pyvex_static.dylib' is up to date.
    Creating CFFI defs file
    No handlers could be found for logger "cffier"
    ./vex-dev/pub
    Traceback (most recent call last):
      File "make_ffi.py", line 81, in <module>
        doit(sys.argv[1])
      File "make_ffi.py", line 71, in doit
        new_good = find_good_scan(good, remaining[1:])
      File "make_ffi.py", line 53, in find_good_scan
        return find_good_scan(known_good, questionable[:fail-2-len(known_good)])
      File "make_ffi.py", line 46, in find_good_scan
        raise Exception("Unknown error")
    Exception: Unknown error
    error: Unable to generate cffi file.

The specific exception that is generated is: <class 'cffi.api.CDefError'> setjmp arg 1: unknown type 'jmp_buf' (if you meant to use the old C syntax of giving untyped arguments, it is not supported)

I'm not really sure what make_ffi.py is doing, so wasn't sure how to fix this error.

error: unknown type name 'IRLoadGOp'

Hi,

I'm trying to build pyvex in Ubuntu 12.04 x86_64 with the setup recommend in README.md. However, when I try to build it I get the following errors:

$ LANG=C sh build.sh 
running build
running build_ext
building 'pyvex' extension
creating build
creating build/temp.linux-x86_64-2.7
creating build/temp.linux-x86_64-2.7/pyvex
gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -DPYVEX_STATIC=1 -I/home/joxean/devel/valgrind/valgrind-3.8.1/install/include/valgrind -I/usr/include/python2.7 -c pyvex/pyvex.c -o build/temp.linux-x86_64-2.7/pyvex/pyvex.o --std=c99
In file included from pyvex/pyvex.c:7:0:
pyvex/pyvex_enums.h:18:1: error: unknown type name 'IRLoadGOp'
pyvex/pyvex_enums.h:18:1: error: unknown type name 'IRLoadGOp'
pyvex/pyvex_enums.h:18:1: error: unknown type name 'IRLoadGOp'
pyvex/pyvex_enums.h:18:1: error: unknown type name 'IRLoadGOp'
error: command 'gcc' failed with exit status 1
cp: cannot stat `build/lib.linux-x86_64-2.7/pyvex.so': No such file or directory
cp: cannot stat `pyvex.so': No such file or directory

Am I doing something wrong?

Doesn't build on Ubuntu 14.04

Ubuntu 14.04 ships with glibc 2.19. Valgrind 3.9.0 doesn't build with this version.

ArchARM translation issue

When i translate:

SUB             R3, R11, #-var_18 4
MOV             R0, R3 4
LDR             R1, [R11,#var_14] 4

like so:

>>> import pyvex
>>> import archinfo
>>> arch = archinfo.ArchARM()
>>> i = pyvex.IRSB('\xe2K0\x18\xe1\xa0\x00\x03\xe5\x1b\x10\x14',0,arch)
>>> i.pp()

i get:

IRSB {
   t0:Ity_I32 t1:Ity_I32 t2:Ity_I32 t3:Ity_I32 t4:Ity_I32 t5:Ity_I32 t6:Ity_I32 t7:Ity_I32 t8:Ity_I32 t9:Ity_I1 t10:Ity_I1 t11:Ity_I32 t12:Ity_I32 t13:Ity_I32 t14:Ity_I32 t15:Ity_I32 t16:Ity_I32 t17:Ity_I32 t18:Ity_I32 t19:Ity_I32 t20:Ity_I32 t21:Ity_I32 t22:Ity_I32 t23:Ity_I32 t24:Ity_I32 t25:Ity_I32 t26:Ity_I32 t27:Ity_I32 t28:Ity_I32

   00 | ------ IMark(0x0, 4, 0) ------
   01 | t4 = GET:I32(cc_op)
   02 | t3 = Or32(t4,0x00000010)
   03 | t5 = GET:I32(cc_dep1)
   04 | t6 = GET:I32(cc_dep2)
   05 | t7 = GET:I32(cc_ndep)
   06 | t8 = armg_calculate_condition(t3,t5,t6,t7):Ity_I32
   07 | t0 = t8
   08 | t10 = 32to1(t0)
   09 | t9 = Not1(t10)
   10 | if (t9) { PUT(pc) = 0x4; Ijk_Boring }
   11 | t1 = GET:I32(r0)
   12 | t2 = t1
   13 | t11 = Sub32(t1,0x00000020)
   14 | PUT(r0) = t11
   15 | t13 = Sub32(t2,0x00000000)
   16 | t12 = LDle:I32(t13)
   17 | PUT(lr) = t12
   18 | t15 = Sub32(t2,0x00000004)
   19 | t14 = LDle:I32(t15)
   20 | PUT(r11) = t14
   21 | t17 = Sub32(t2,0x00000008)
   22 | t16 = LDle:I32(t17)
   23 | PUT(r9) = t16
   24 | t19 = Sub32(t2,0x0000000c)
   25 | t18 = LDle:I32(t19)
   26 | PUT(r8) = t18
   27 | t21 = Sub32(t2,0x00000010)
   28 | t20 = LDle:I32(t21)
   29 | PUT(r7) = t20
   30 | t23 = Sub32(t2,0x00000014)
   31 | t22 = LDle:I32(t23)
   32 | PUT(r6) = t22
   33 | t25 = Sub32(t2,0x00000018)
   34 | t24 = LDle:I32(t25)
   35 | PUT(r5) = t24
   36 | t27 = Sub32(t2,0x0000001c)
   37 | t26 = LDle:I32(t27)
   38 | PUT(r1) = t26
   39 | PUT(ip) = 0x00000004
   40 | t28 = GET:I32(ip)
   NEXT: PUT(pc) = t28; Ijk_Boring
}

Which seems completely unrelated, and misses the fact that there are 3 instructions. The asm and bytes were extracted with IDA.

Can I build an IRSB from a combination of instructions and IR?

So, I am running instructions, and between instructions I want to set some registers & memory locations to fix values - these are known before generation of the IRSB.

I know I can use the breakpoints to do what I want, but I was hoping to do it without breakpoints - mainly because I don't want to keep track of where in the execution I am - but also because I hope to gain speed.

I could probably add extra instructions, but this would require me to also modify the instruction pointer after each added instruction - probably creating more problems. Also, it would make me bound to a specific instruction set.

So, my hope is to, given a list of normal instructions in binary format, and some points where I want to change register data, build a list of normal instructions and single registry/memory modifying IR instructions that can be used to build one IRSB.

Is this possible and how?

Missing docstrings (pyvex)

There are lots of missing module, class, and function docstrings in the angr module. Here is the list. We desperately need help with this from the community, if someone wants to contribute!

Here is the list:

************* Module pyvex.block
- block.py:1 - 
************* Module pyvex.errors
- errors.py:1 - 
- errors.py:1 - PyVEXError
************* Module pyvex.stmt
- stmt.py:1 - 
- stmt.py:14 - IRStmt.pp
- stmt.py:18 - IRStmt.expressions
- stmt.py:27 - IRStmt.constants
- stmt.py:31 - IRStmt._translate
- stmt.py:139 - Store.endness
- stmt.py:163 - CAS.endness
- stmt.py:185 - LLSC.endness
- stmt.py:195 - MBE
- stmt.py:204 - Dirty
- stmt.py:229 - Dirty.child_expressions
- stmt.py:249 - Exit.jumpkind
- stmt.py:257 - Exit.child_expressions
- stmt.py:284 - LoadG.endness
- stmt.py:305 - StoreG.endness
************* Module pyvex.vex_ffi
- vex_ffi.py:1 - 
************* Module pyvex.const
- const.py:1 - 
- const.py:4 - IRConst
- const.py:11 - IRConst.pp
- const.py:15 - IRConst.size
- const.py:19 - IRConst._translate
- const.py:30 - U1
- const.py:40 - U8
- const.py:50 - U16
- const.py:60 - U32
- const.py:70 - U64
- const.py:80 - F32
- const.py:90 - F32i
- const.py:100 - F64
- const.py:110 - F64i
- const.py:120 - V128
- const.py:130 - V256
************* Module pyvex.expr
- expr.py:1 - 
- expr.py:19 - IRExpr.pp
- expr.py:48 - IRExpr._translate
- expr.py:71 - VECRET
- expr.py:78 - BBPTR
- expr.py:98 - GetI.description
- expr.py:102 - GetI.index
- expr.py:129 - Get.type
- expr.py:232 - Load.endness
- expr.py:236 - Load.type
- expr.py:285 - CCall.ret_type
- expr.py:289 - CCall.callee
************* Module pyvex.enums
- enums.py:1 - 
- enums.py:74 - _get_op_type
- enums.py:84 - typeOfIROp
- enums.py:88 - vex_endness_from_string
- enums.py:91 - default_vex_archinfo
************* Module pyvex
- __init__.py:11 - _find_c_lib

x86 Translation question 1

Hi again.

Quick question regarding the translation of some x86 command:

This:
'xor esi, esi'
gets translated into:

   22 | t27 = 32Uto64(0x00000000)
   23 | PUT(rsi) = t27
   24 | t29 = GET:I64(rsi)
   25 | t28 = 64to32(t29)
   26 | t3 = t28
   27 | t31 = GET:I64(rsi)
   28 | t30 = 64to32(t31)
   29 | t2 = t30
   30 | t1 = Xor32(t3,t2)
   31 | PUT(cc_op) = 0x0000000000000013
   32 | t32 = 32Uto64(t1)
   33 | PUT(cc_dep1) = t32
   34 | PUT(cc_dep2) = 0x0000000000000000
   35 | t33 = 32Uto64(t1)
   36 | PUT(rsi) = t33
   37 | PUT(rip) = 0x00000000004098ca

Which is fine except for the first 2 commands that set 0 into rsi (i guess that is what happens, but it's modeled in the rest of the block and kinda makes the actual Xoring wrong)

Any insights as to why this happens?

How to install pyvex on arm

Hi,
when I try to install pyvex on an a ARM architecture I have the following error:

cc1 error: ..... Bad address
now working compiler found....

Do you have an idea on how to fix it?

Thanks

How to install pyvex in Windows?

Hi, I want to use pyvex in Windows. However after I install pyvex by executing "pip install pyvex", and I find that the "pyvex_static.so" cannot be loaded on windows platform because it is an ELF file while windows requires a PE file. So How to compile the module in windows? Thanks

Build issues on Windows using VS2015

Hi all,

I've been having a problem building pyvex on Windows 10 with Visual Studio 2015 (no Cygwin or MinGW). The issue is related to how make_ffi.py is invoking preprocessing tools (for more context on how I disovered it, see angr/angr-dev#16).

If I run python setup.py develop in the pyvex source tree from a VS2015 developer prompt, I get the following exception and stack trace:

Creating CFFI defs file
No handlers could be found for logger "cffier"
Exception('Couldn\'t process pyvex headers.Please set CPP environmental variable to local path of "cpp".Note that "cpp" and "g++" are different.',)
Traceback (most recent call last):
  File "setup.py", line 143, in <module>
    'pyvex': ['lib/*', 'include/*']
  File "c:\python27\Lib\distutils\core.py", line 151, in setup
    dist.run_commands()
  File "c:\python27\Lib\distutils\dist.py", line 953, in run_commands
    self.run_command(cmd)
  File "c:\python27\Lib\distutils\dist.py", line 972, in run_command
    cmd_obj.run()
  File "setup.py", line 112, in run
    self.execute(_build_ffi, (), msg="Creating CFFI defs file")
  File "c:\python27\Lib\distutils\cmd.py", line 349, in execute
    util.execute(func, args, msg, dry_run=self.dry_run)
  File "c:\python27\Lib\distutils\util.py", line 309, in execute
    func(*args)
  File "setup.py", line 90, in _build_ffi
    make_ffi.doit(os.path.join(VEX_PATH,'pub'))
  File "c:\src\pyvex\make_ffi.py", line 88, in doit
    "Note that \"cpp\" and \"g++\" are different."
Exception: Couldn't process pyvex headers.Please set CPP environmental variable to local path of "cpp".Note that "cpp" and "g++" are different.

Currently, make_ffi.py tries a whole bunch of preprocessors in a loop (starting at line 66), the first of which is VS's cl with the relevant arguments appended. This should (and in fact does) work fine in terms of generating the correct output... however, the current heuristic for detecting failure (at line 75) assumes that stderr will be None if no problems were encountered. This assumption doesn't hold for cl, as it prints a version string to stderr (whereas the rest of the output goes to stdout).

An obvious fix for cl (and hence for VS2015 support) would be to remove the or stderr clause from the if statement at line 75, but I don't know if this would then break appropriate error detection for other tools like cpp, clang et al. If I get time later, I'll try and test the results with some of those other tools, but not sure when I'll get around to that.

Any advice/comments/suggestions appreciated! If someone has authoritative guidance on what patch would be most appropriate for all the possible preprocessing tools, I'm happy to submit the relevant PR.

cheers,
Ben

pip install angr appears to be broken on OSX

Installing using the recommended method appears to fail, even when using GCC:

It looks like despite asking for GCC, some of the install scripts are reverting to clang. Do you have any recommendation here?

(from within the recommended virtual environment)

sudo env cc=/usr/local/bin/gcc-6 pip install angr
The directory '/Users/me/Library/Caches/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
The directory '/Users/me/Library/Caches/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
Collecting angr
Downloading angr-6.7.3.26.tar.gz (276kB)
100% |████████████████████████████████| 276kB 1.8MB/s
Collecting capstone (from angr)
Downloading capstone-3.0.4.tar.gz (3.2MB)
100% |████████████████████████████████| 3.2MB 301kB/s
Collecting networkx (from angr)
Downloading networkx-1.11-py2.py3-none-any.whl (1.3MB)
100% |████████████████████████████████| 1.3MB 700kB/s
Collecting futures (from angr)
Downloading futures-3.0.5-py2-none-any.whl
Collecting progressbar (from angr)
Downloading progressbar-2.3.tar.gz
Collecting mulpyplexer (from angr)
Downloading mulpyplexer-0.07.tar.gz
Collecting cooldict (from angr)
Downloading cooldict-1.02.tar.gz
Collecting ana (from angr)
Downloading ana-0.03.zip
Requirement already satisfied: archinfo>=6.7.3.26 in /Users/me/.virtualenvs/angr/lib/python2.7/site-packages (from angr)
Collecting pyvex>=6.7.3.26 (from angr)
Downloading pyvex-6.7.3.26.tar.gz (53kB)
100% |████████████████████████████████| 61kB 5.4MB/s
Collecting claripy>=6.7.3.26 (from angr)
Downloading claripy-6.7.3.26.tar.gz (96kB)
100% |████████████████████████████████| 102kB 2.9MB/s
Collecting simuvex>=6.7.3.26 (from angr)
Downloading simuvex-6.7.3.26.tar.gz (195kB)
100% |████████████████████████████████| 204kB 3.4MB/s
Complete output from command python setup.py egg_info:
cc -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g -o auxprogs/genoffsets auxprogs/genoffsets.c
auxprogs/genoffsets > pub/libvex_guest_offsets.h
cc -c -o priv/ir_defs.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/ir_defs.c
priv/ir_defs.c:3959:12: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
if (tmp < 0 || tmp >= bb->tyenv->types_used)
~~~ ^ ~
priv/ir_defs.c:4664:34: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
if (stmt->Ist.WrTmp.tmp < 0 || stmt->Ist.WrTmp.tmp >= n_temps)
~~~~~~~~~~~~~~~~~~~ ^ ~
priv/ir_defs.c:4674:22: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
if (lg->dst < 0 || lg->dst >= n_temps)
~~~~~~~ ^ ~
priv/ir_defs.c:4686:24: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
if (d->tmp < 0 || d->tmp >= n_temps)
~~~~~~ ^ ~
priv/ir_defs.c:4699:28: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
if (cas->oldHi < 0 || cas->oldHi >= n_temps)
~~~~~~~~~~ ^ ~
priv/ir_defs.c:4707:25: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
if (cas->oldLo < 0 || cas->oldLo >= n_temps)
~~~~~~~~~~ ^ ~
priv/ir_defs.c:4717:36: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
if (stmt->Ist.LLSC.result < 0 || stmt->Ist.LLSC.result >= n_temps)
~~~~~~~~~~~~~~~~~~~~~ ^ ~
7 warnings generated.
cc -c -o priv/ir_match.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/ir_match.c
cc -c -o priv/ir_opt.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/ir_opt.c
priv/ir_opt.c:5930:14: warning: explicitly assigning value of variable of type 'Int' (aka 'int') to itself [-Wself-assign]
for (m = m; m < A_NENV; m++) {
~ ^ ~
1 warning generated.
cc -c -o priv/ir_inject.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/ir_inject.c
cc -c -o priv/main_globals.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/main_globals.c
cc -c -o priv/main_util.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/main_util.c
cc -c -o priv/s390_disasm.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/s390_disasm.c
cc -c -o priv/host_x86_defs.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_x86_defs.c
cc -c -o priv/host_amd64_defs.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_amd64_defs.c
cc -c -o priv/host_arm_defs.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_arm_defs.c
priv/host_arm_defs.c:3078:14: warning: cast from 'UChar *' (aka 'unsigned char *') to 'UInt ' (aka 'unsigned int ') increases required alignment from 1 to 4 [-Wcast-align]
UInt p = (UInt)buf;
^~~~~~~~~~
1 warning generated.
cc -c -o priv/host_arm64_defs.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_arm64_defs.c
priv/host_arm64_defs.c:3270:14: warning: cast from 'UChar *' (aka 'unsigned char *') to 'UInt ' (aka 'unsigned int ') increases required alignment from 1 to 4 [-Wcast-align]
UInt p = (UInt)buf;
^~~~~~~~~~
priv/host_arm64_defs.c:5172:23: warning: comparison of unsigned expression >= 0 is always true [-Wtautological-compare]
if (sh >= 0 && sh <= 63) {
~~ ^ ~
priv/host_arm64_defs.c:5178:23: warning: comparison of unsigned expression >= 0 is always true [-Wtautological-compare]
if (sh >= 0 && sh <= 31) {
~~ ^ ~
priv/host_arm64_defs.c:5184:23: warning: comparison of unsigned expression >= 0 is always true [-Wtautological-compare]
if (sh >= 0 && sh <= 15) {
~~ ^ ~
priv/host_arm64_defs.c:5190:23: warning: comparison of unsigned expression >= 0 is always true [-Wtautological-compare]
if (sh >= 0 && sh <= 7) {
~~ ^ ~
5 warnings generated.
cc -c -o priv/host_ppc_defs.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_ppc_defs.c
cc -c -o priv/host_s390_defs.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_s390_defs.c
priv/host_s390_defs.c:9468:16: warning: cast from 'const UChar *' (aka 'const unsigned char *') to 'const UInt *' (aka 'const unsigned int ') increases required alignment from 1 to 4 [-Wcast-align]
vassert((const UInt *)&code[2] == (value >> 32));
^~~~~~~~~~~~~~~~~~~~~~
priv/main_util.h:77:19: note: expanded from macro 'vassert'
((void) (LIKELY(expr) ? 0 :
^~~~
priv/main_util.h:48:45: note: expanded from macro 'LIKELY'
#define LIKELY(x) __builtin_expect(!!(x), 1)
^
priv/host_s390_defs.c:9472:16: warning: cast from 'const UChar *' (aka 'const unsigned char *') to 'const UInt *' (aka 'const unsigned int ') increases required alignment from 1 to 4 [-Wcast-align]
vassert((const UInt *)&code[8] == (value & 0xFFFFFFFF));
^~~~~~~~~~~~~~~~~~~~~~
priv/main_util.h:77:19: note: expanded from macro 'vassert'
((void) (LIKELY(expr) ? 0 :
^~~~
priv/main_util.h:48:45: note: expanded from macro 'LIKELY'
#define LIKELY(x) __builtin_expect(!!(x), 1)
^
priv/host_s390_defs.c:9514:8: warning: cast from 'UChar *' (aka 'unsigned char *') to 'UInt *' (aka 'unsigned int *') increases required alignment from 1 to 4 [-Wcast-align]
*(UInt *)&code[2] = imm64 >> 32;
^~~~~~~~~~~~~~~~
priv/host_s390_defs.c:9516:8: warning: cast from 'UChar *' (aka 'unsigned char *') to 'UInt *' (aka 'unsigned int *') increases required alignment from 1 to 4 [-Wcast-align]
*(UInt *)&code[8] = imm64 & 0xFFFFFFFF;
^~~~~~~~~~~~~~~~
priv/host_s390_defs.c:10167:21: warning: cast from 'UChar *' (aka 'unsigned char *') to 'Int *' (aka 'int ') increases required alignment from 1 to 4 [-Wcast-align]
Int num_hw = (Int )&p[2];
^~~~~~~~~~~~
5 warnings generated.
cc -c -o priv/host_mips_defs.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_mips_defs.c
priv/host_mips_defs.c:2656:28: warning: comparison of unsigned expression >= 0 is always true [-Wtautological-compare]
if (n >= 0 && n < 32) {
~ ^ ~
priv/host_mips_defs.c:2683:28: warning: comparison of unsigned expression >= 0 is always true [-Wtautological-compare]
if (n >= 0 && n < 32) {
~ ^ ~
priv/host_mips_defs.c:2710:28: warning: comparison of unsigned expression >= 0 is always true [-Wtautological-compare]
if (n >= 0 && n < 32) {
~ ^ ~
3 warnings generated.
cc -c -o priv/host_x86_isel.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_x86_isel.c
cc -c -o priv/host_amd64_isel.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_amd64_isel.c
cc -c -o priv/host_arm_isel.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_arm_isel.c
priv/host_arm_isel.c:894:45: warning: comparison of unsigned expression >= 0 is always true [-Wtautological-compare]
&& am->ARMam1.RRS.shift >= 0
~~~~~~~~~~~~~~~~~~~~ ^ ~
priv/host_arm_isel.c:1543:20: warning: comparison of unsigned expression >= 0 is always true [-Wtautological-compare]
if (index >= 0 && index <= 1) {
~~~~~ ^ ~
2 warnings generated.
cc -c -o priv/host_arm64_isel.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_arm64_isel.c
cc -c -o priv/host_ppc_isel.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_ppc_isel.c
priv/host_ppc_isel.c:2301:23: warning: cast from 'ULong ()(ULong)' (aka 'unsigned long long ()(unsigned long long)') to 'HWord ' (aka 'unsigned long ') increases required alignment from 4 to 8 [-Wcast-align]
fdescr = (HWord)h_calc_BCDtoDPB;
^~~~~~~~~~~~~~~~~~~~~~~
priv/host_ppc_isel.c:2338:22: warning: cast from 'ULong ()(ULong)' (aka 'unsigned long long ()(unsigned long long)') to 'HWord *' (aka 'unsigned long ') increases required alignment from 4 to 8 [-Wcast-align]
fdescr = (HWord)h_calc_DPBtoBCD;
^~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.
cc -c -o priv/host_s390_isel.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_s390_isel.c
cc -c -o priv/host_mips_isel.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_mips_isel.c
cc -c -o priv/host_generic_maddf.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_generic_maddf.c
cc -c -o priv/host_generic_regs.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_generic_regs.c
cc -c -o priv/host_generic_simd64.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_generic_simd64.c
cc -c -o priv/host_generic_simd128.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_generic_simd128.c
cc -c -o priv/host_generic_simd256.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_generic_simd256.c
cc -c -o priv/host_generic_reg_alloc2.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/host_generic_reg_alloc2.c
priv/host_generic_reg_alloc2.c:317:8: warning: cast from 'UChar *' (aka 'unsigned char *') to 'UInt *' (aka 'unsigned int ') increases required alignment from 1 to 4 [-Wcast-align]
((UInt)d)[0] = c4;
^~~~~~~~
priv/host_generic_reg_alloc2.c:318:8: warning: cast from 'UChar *' (aka 'unsigned char *') to 'UInt *' (aka 'unsigned int ') increases required alignment from 1 to 4 [-Wcast-align]
((UInt)d)[1] = c4;
^~~~~~~~
priv/host_generic_reg_alloc2.c:319:8: warning: cast from 'UChar *' (aka 'unsigned char *') to 'UInt *' (aka 'unsigned int ') increases required alignment from 1 to 4 [-Wcast-align]
((UInt)d)[2] = c4;
^~~~~~~~
priv/host_generic_reg_alloc2.c:320:8: warning: cast from 'UChar *' (aka 'unsigned char *') to 'UInt ' (aka 'unsigned int ') increases required alignment from 1 to 4 [-Wcast-align]
((UInt)d)[3] = c4;
^~~~~~~~
priv/host_generic_reg_alloc2.c:325:8: warning: cast from 'UChar ' (aka 'unsigned char ') to 'UInt ' (aka 'unsigned int ') increases required alignment from 1 to 4 [-Wcast-align]
((UInt)d)[0] = c4;
^~~~~~~~
5 warnings generated.
cc -c -o priv/guest_generic_x87.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/guest_generic_x87.c
cc -c -o priv/guest_generic_bb_to_IR.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/guest_generic_bb_to_IR.c
priv/guest_generic_bb_to_IR.c:711:28: warning: cast from 'HWord ()(HWord, HWord)' (aka 'unsigned long ()(unsigned long, unsigned long)') to 'HWord ' (aka 'unsigned long ') increases required alignment from 4 to 8 [-Wcast-align]
HWord descr = (HWord)fn_generic;
^~~~~~~~~~~~~~~~~~
priv/guest_generic_bb_to_IR.c:714:24: warning: cast from 'HWord ()(HWord)' (aka 'unsigned long ()(unsigned long)') to 'HWord *' (aka 'unsigned long ') increases required alignment from 4 to 8 [-Wcast-align]
descr = (HWord)fn_spec;
^~~~~~~~~~~~~~~
2 warnings generated.
cc -c -o priv/guest_x86_helpers.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/guest_x86_helpers.c
priv/guest_x86_helpers.c:1609:25: warning: cast from 'UChar *' (aka 'unsigned char ') to 'Fpu_State ' increases required alignment from 1 to 2 [-Wcast-align]
Fpu_State x87 = (Fpu_State)x87_state;
^~~~~~~~~~~~~~~~~~~~~
priv/guest_x86_helpers.c:1669:25: warning: cast from 'UChar *' (aka 'unsigned char ') to 'Fpu_State ' increases required alignment from 1 to 2 [-Wcast-align]
Fpu_State x87 = (Fpu_State)x87_state;
^~~~~~~~~~~~~~~~~~~~~
priv/guest_x86_helpers.c:1758:14: warning: cast from 'UChar *' (aka 'unsigned char *') to 'UShort ' (aka 'unsigned short ') increases required alignment from 1 to 2 [-Wcast-align]
srcS = (UShort)(&tmp.reg[10stno]);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
priv/guest_x86_helpers.c:1848:22: warning: cast from 'UChar *' (aka 'unsigned char ') to 'UShort ' (aka 'unsigned short ') increases required alignment from 1 to 2 [-Wcast-align]
UShort dstS = (UShort)(&tmp.reg[10stno]);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
4 warnings generated.
cc -c -o priv/guest_amd64_helpers.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/guest_amd64_helpers.c
priv/guest_amd64_helpers.c:1862:25: warning: cast from 'UChar *' (aka 'unsigned char ') to 'Fpu_State ' increases required alignment from 1 to 2 [-Wcast-align]
Fpu_State x87 = (Fpu_State)x87_state;
^~~~~~~~~~~~~~~~~~~~~
priv/guest_amd64_helpers.c:1922:25: warning: cast from 'UChar *' (aka 'unsigned char ') to 'Fpu_State ' increases required alignment from 1 to 2 [-Wcast-align]
Fpu_State x87 = (Fpu_State)x87_state;
^~~~~~~~~~~~~~~~~~~~~
priv/guest_amd64_helpers.c:2024:14: warning: cast from 'UChar *' (aka 'unsigned char *') to 'UShort ' (aka 'unsigned short ') increases required alignment from 1 to 2 [-Wcast-align]
srcS = (UShort)(&tmp.reg[10stno]);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
priv/guest_amd64_helpers.c:2130:22: warning: cast from 'UChar *' (aka 'unsigned char ') to 'UShort ' (aka 'unsigned short ') increases required alignment from 1 to 2 [-Wcast-align]
UShort dstS = (UShort)(&tmp.reg[10stno]);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
priv/guest_amd64_helpers.c:3824:17: warning: cast from 'UChar ' (aka 'unsigned char ') to 'V128 ' increases required alignment from 1 to 8 [-Wcast-align]
V128 argL = (V128)( ((UChar)gst) + gstOffL );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
priv/guest_amd64_helpers.c:3825:17: warning: cast from 'UChar ' (aka 'unsigned char ') to 'V128 ' increases required alignment from 1 to 8 [-Wcast-align]
V128 argR = (V128)( ((UChar)gst) + gstOffR );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
priv/guest_amd64_helpers.c:4158:17: warning: cast from 'UChar ' (aka 'unsigned char ') to 'V128 ' increases required alignment from 1 to 8 [-Wcast-align]
V128 argD = (V128)( ((UChar)gst) + gstOffD );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
priv/guest_amd64_helpers.c:4159:17: warning: cast from 'UChar ' (aka 'unsigned char ') to 'V128 ' increases required alignment from 1 to 8 [-Wcast-align]
V128 argL = (V128)( ((UChar)gst) + gstOffL );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
priv/guest_amd64_helpers.c:4160:17: warning: cast from 'UChar ' (aka 'unsigned char ') to 'V128 ' increases required alignment from 1 to 8 [-Wcast-align]
V128 argR = (V128)( ((UChar)gst) + gstOffR );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
priv/guest_amd64_helpers.c:4221:17: warning: cast from 'UChar ' (aka 'unsigned char ') to 'V128 ' increases required alignment from 1 to 8 [-Wcast-align]
V128 argL = (V128)( ((UChar)gst) + gstOffL );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
priv/guest_amd64_helpers.c:4222:17: warning: cast from 'UChar ' (aka 'unsigned char ') to 'V128 ' increases required alignment from 1 to 8 [-Wcast-align]
V128 argR = (V128)( ((UChar)gst) + gstOffR );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
11 warnings generated.
cc -c -o priv/guest_arm_helpers.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/guest_arm_helpers.c
cc -c -o priv/guest_arm64_helpers.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/guest_arm64_helpers.c
cc -c -o priv/guest_ppc_helpers.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/guest_ppc_helpers.c
priv/guest_ppc_helpers.c:144:15: warning: cast from 'UChar *' (aka 'unsigned char ') to 'U128 ' (aka 'UInt ()[4]') increases required alignment from 1 to 4 [-Wcast-align]
pU128_src = (U128)&ref[sh];
^~~~~~~~~~~~~~~
priv/guest_ppc_helpers.c:145:15: warning: cast from 'UChar ' (aka 'unsigned char ') to 'U128 ' (aka 'UInt ()[4]') increases required alignment from 1 to 4 [-Wcast-align]
pU128_dst = (U128)( ((UChar)gst) + vD_off );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
priv/guest_ppc_helpers.c:181:15: warning: cast from 'UChar *' (aka 'unsigned char ') to 'U128 ' (aka 'UInt ()[4]') increases required alignment from 1 to 4 [-Wcast-align]
pU128_src = (U128)&ref[sh];
^~~~~~~~~~~~~~~
priv/guest_ppc_helpers.c:182:15: warning: cast from 'UChar ' (aka 'unsigned char ') to 'U128 ' (aka 'UInt ()[4]') increases required alignment from 1 to 4 [-Wcast-align]
pU128_dst = (U128)( ((UChar)gst) + vD_off );
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4 warnings generated.
cc -c -o priv/guest_s390_helpers.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/guest_s390_helpers.c
priv/guest_s390_helpers.c:510:16: warning: comparison of unsigned expression >= 0 is always true [-Wtautological-compare]
if ((srcval >= 0x0000 && srcval <= 0xd7ff) ||
~~~~~~ ^ ~~~~~~
priv/guest_s390_helpers.c:552:16: warning: comparison of unsigned expression >= 0 is always true [-Wtautological-compare]
if ((srcval >= 0x0000 && srcval <= 0xd7ff) ||
~~~~~~ ^ ~~~~~~
2 warnings generated.
cc -c -o priv/guest_mips_helpers.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/guest_mips_helpers.c
cc -c -o priv/guest_x86_toIR.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/guest_x86_toIR.c
cc -c -o priv/guest_amd64_toIR.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/guest_amd64_toIR.c
cc -c -o priv/guest_arm_toIR.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/guest_arm_toIR.c
priv/guest_arm_toIR.c:19216:30: warning: cast from 'const UChar *' (aka 'const unsigned char ') to 'const UShort ' (aka 'const unsigned short ') increases required alignment from 1 to 2 [-Wcast-align]
const UShort hwp = (const UShort) guest_instr;
^~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
cc -c -o priv/guest_arm64_toIR.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/guest_arm64_toIR.c
priv/guest_arm64_toIR.c:14008:20: warning: comparison of constant 8 with expression of type 'IRRoundingMode' is always true [-Wtautological-constant-out-of-range-compare]
vassert(irrm != 8);
~~~~ ^ ~
priv/main_util.h:77:19: note: expanded from macro 'vassert'
((void) (LIKELY(expr) ? 0 :
^~~~
priv/main_util.h:48:45: note: expanded from macro 'LIKELY'
#define LIKELY(x) __builtin_expect(!!(x), 1)
^
1 warning generated.
cc -c -o priv/guest_ppc_toIR.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/guest_ppc_toIR.c
cc -c -o priv/guest_s390_toIR.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/guest_s390_toIR.c
cc -c -o priv/guest_mips_toIR.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/guest_mips_toIR.c
cc -c -o priv/multiarch_main_main.o -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/multiarch_main_main.c
rm -f libvex.a
ar -crs libvex.a priv/ir_defs.o priv/ir_match.o priv/ir_opt.o priv/ir_inject.o priv/main_globals.o priv/main_util.o priv/s390_disasm.o priv/host_x86_defs.o priv/host_amd64_defs.o priv/host_arm_defs.o priv/host_arm64_defs.o priv/host_ppc_defs.o priv/host_s390_defs.o priv/host_mips_defs.o priv/host_x86_isel.o priv/host_amd64_isel.o priv/host_arm_isel.o priv/host_arm64_isel.o priv/host_ppc_isel.o priv/host_s390_isel.o priv/host_mips_isel.o priv/host_generic_maddf.o priv/host_generic_regs.o priv/host_generic_simd64.o priv/host_generic_simd128.o priv/host_generic_simd256.o priv/host_generic_reg_alloc2.o priv/guest_generic_x87.o priv/guest_generic_bb_to_IR.o priv/guest_x86_helpers.o priv/guest_amd64_helpers.o priv/guest_arm_helpers.o priv/guest_arm64_helpers.o priv/guest_ppc_helpers.o priv/guest_s390_helpers.o priv/guest_mips_helpers.o priv/guest_x86_toIR.o priv/guest_amd64_toIR.o priv/guest_arm_toIR.o priv/guest_arm64_toIR.o priv/guest_ppc_toIR.o priv/guest_s390_toIR.o priv/guest_mips_toIR.o priv/multiarch_main_main.o
cc -o libvex.so -shared -Ipub -Ipriv -Wall -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-qual -Wcast-align -Wmissing-declarations -Wwrite-strings -Wformat -Wformat-security -std=gnu99 -fstrict-aliasing -fPIC -g priv/ir_defs.o priv/ir_match.o priv/ir_opt.o priv/ir_inject.o priv/main_globals.o priv/main_util.o priv/s390_disasm.o priv/host_x86_defs.o priv/host_amd64_defs.o priv/host_arm_defs.o priv/host_arm64_defs.o priv/host_ppc_defs.o priv/host_s390_defs.o priv/host_mips_defs.o priv/host_x86_isel.o priv/host_amd64_isel.o priv/host_arm_isel.o priv/host_arm64_isel.o priv/host_ppc_isel.o priv/host_s390_isel.o priv/host_mips_isel.o priv/host_generic_maddf.o priv/host_generic_regs.o priv/host_generic_simd64.o priv/host_generic_simd128.o priv/host_generic_simd256.o priv/host_generic_reg_alloc2.o priv/guest_generic_x87.o priv/guest_generic_bb_to_IR.o priv/guest_x86_helpers.o priv/guest_amd64_helpers.o priv/guest_arm_helpers.o priv/guest_arm64_helpers.o priv/guest_ppc_helpers.o priv/guest_s390_helpers.o priv/guest_mips_helpers.o priv/guest_x86_toIR.o priv/guest_amd64_toIR.o priv/guest_arm_toIR.o priv/guest_arm64_toIR.o priv/guest_ppc_toIR.o priv/guest_s390_toIR.o priv/guest_mips_toIR.o priv/multiarch_main_main.o
gcc -c -g -O2 -shared -fPIC --std=c99 -I ../vex-master/pub pyvex.c
gcc -c -g -O2 -shared -fPIC --std=c99 -I ../vex-master/pub logging.c
clang: clang: warningwarning: argument unused during compilation: '-shared'
: argument unused during compilation: '-shared'
gcc -g -O2 -shared -fPIC --std=c99 -I ../vex-master/pub -o libpyvex.dylib pyvex.o logging.o ../vex-master/libvex.a -Wl,-install_name,libpyvex.dylib
ar rcs libpyvex.a pyvex.o logging.o
TypeError('insert() takes exactly 2 arguments (1 given)',)
Traceback (most recent call last):
File "", line 1, in
File "/private/tmp/pip-build-gv13u5/simuvex/setup.py", line 117, in
'simuvex': ['lib/']
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/core.py", line 111, in setup
_setup_distribution = dist = klass(attrs)
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/dist.py", line 318, in init
self.fetch_build_eggs(attrs['setup_requires'])
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/dist.py", line 373, in fetch_build_eggs
replace_conflicting=True,
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/pkg_resources/init.py", line 851, in resolve
dist = best[req.key] = env.best_match(req, ws, installer)
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/pkg_resources/init.py", line 1123, in best_match
return self.obtain(req, installer)
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/pkg_resources/init.py", line 1135, in obtain
return installer(requirement)
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/dist.py", line 441, in fetch_build_egg
return cmd.easy_install(req)
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 674, in easy_install
return self.install_item(spec, dist.location, tmpdir, deps)
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 700, in install_item
dists = self.install_eggs(spec, download, tmpdir)
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 881, in install_eggs
return self.build_and_install(setup_script, setup_base)
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 1120, in build_and_install
self.run_setup(setup_script, setup_base, args)
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 1106, in run_setup
run_setup(setup_script, args)
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/sandbox.py", line 258, in run_setup
raise
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/contextlib.py", line 35, in exit
self.gen.throw(type, value, traceback)
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/sandbox.py", line 198, in setup_context
yield
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/contextlib.py", line 35, in exit
self.gen.throw(type, value, traceback)
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/sandbox.py", line 169, in save_modules
saved_exc.resume()
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/sandbox.py", line 144, in resume
six.reraise(type, exc, self._tb)
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/sandbox.py", line 157, in save_modules
yield saved
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/sandbox.py", line 198, in setup_context
yield
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/sandbox.py", line 255, in run_setup
DirectorySandbox(setup_dir).run(runner)
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/sandbox.py", line 285, in run
return func()
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/sandbox.py", line 253, in runner
_execfile(setup_script, ns)
File "/Users/me/.virtualenvs/angr/lib/python2.7/site-packages/setuptools/sandbox.py", line 47, in _execfile
exec(code, globals, locals)
File "/tmp/easy_install-enXT3K/pyvex-6.7.3.26/setup.py", line 147, in
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/core.py", line 151, in setup
    dist.run_commands()
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/dist.py", line 953, in run_commands
    self.run_command(cmd)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/dist.py", line 972, in run_command
    cmd_obj.run()
  File "/tmp/easy_install-enXT3K/pyvex-6.7.3.26/setup.py", line 122, in run

  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/cmd.py", line 326, in run_command
    self.distribution.run_command(command)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/dist.py", line 972, in run_command
    cmd_obj.run()
  File "/tmp/easy_install-enXT3K/pyvex-6.7.3.26/setup.py", line 104, in run
    'enum34',
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/cmd.py", line 349, in execute
    util.execute(func, args, msg, dry_run=self.dry_run)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/util.py", line 309, in execute
    func(*args)
  File "/tmp/easy_install-enXT3K/pyvex-6.7.3.26/setup.py", line 94, in _build_ffi

  File "/tmp/easy_install-enXT3K/pyvex-6.7.3.26/make_ffi.py", line 63, in doit
TypeError: insert() takes exactly 2 arguments (1 given)

----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /private/tmp/pip-build-gv13u5/simuvex/

pip install windows error

tar is not present in windows. GnuTar (gnuwin32.sourceforge.net/packages/gtar.htm
) fails to extract the master.tar.gz

Class representing phi node or phi function

I think VEX IR is in SSA form. So there should be phi nodes. Which class in pyvex represents phi node or phi function?

Pyvex depends on cffi

the pip package cffi is a dependency for pyvex. It's not installed by default on all Python distributions, so it should be added.

Register Names

I see that pyvex attempts to name registers, e.g., on x86, an offset of 8 into VexGuestX86State means it will be called eax. However, this might lead to some confusion because an instruction like mov al, 3 is represented as PUT(eax) = 0x03 in pyvex, which might be misinterpreted.
I think it would be better if the size of the source was taken into account and, depending on this and the offset, the register is named more accurately, i.e., in this case PUT(al) = 0x03. I also noticed that bytes 8-15 do not get a name at all (ah, bh, ch, dh) and are represented as, e.g., PUT(9) = 0x03.

Cheers!

Possible bug in VEX creation

Hi all,
i was working on the following C code:

#include<stdlib.h>
#include<string.h>

int mymemcpy(char *destination, char *source, int l) {
	memcpy(destination, source, l);
	return l;
}

int other(int a, int b, int c, int d, int e, int f, int g, int x, int h) {
	return h;
}

int aaa(int v) {
	return 1;
}

int main() {
	int a = 5;
	char *b =(char*)malloc(100);
	char *c =(char*)malloc(a);

	//a = mymemcpy(b,c, 8); 

	memcpy(b,c,a);
	memcpy(b,c,a);
	other(1,2,3,4,5,6,a,8,a);
	//aaa(1);
}

and I found that maybe there is a bug in pyvex. In fact, if I print the asm code for the third block I have:

0x4005f0:	mov	edi, 1
0x4005f5:	mov	esi, 2
0x4005fa:	mov	edx, 3
0x4005ff:	mov	ecx, 4
0x400604:	mov	r8d, 5
0x40060a:	mov	r9d, 6
0x400610:	mov	r10d, 8
0x400616:	mov	qword ptr [rbp - 0x30], rax
0x40061a:	mov	rax, qword ptr [rbp - 0x28]
0x40061e:	mov	r11, qword ptr [rbp - 0x30]
0x400622:	movsxd	rbx, dword ptr [rbp - 0x1c]
0x400626:	mov	dword ptr [rbp - 0x34], edi
0x400629:	mov	rdi, rax
0x40062c:	mov	dword ptr [rbp - 0x38], esi
0x40062f:	mov	rsi, r11
0x400632:	mov	dword ptr [rbp - 0x3c], edx
0x400635:	mov	rdx, rbx
0x400638:	mov	dword ptr [rbp - 0x40], r10d
0x40063c:	mov	dword ptr [rbp - 0x44], r8d
0x400640:	mov	dword ptr [rbp - 0x48], r9d
0x400644:	mov	dword ptr [rbp - 0x4c], ecx
0x400647:	call	0x400410

The problem is that if I print the vex for the above block I have the following output ( I pasted only a small part of the output )

00 | ------ IMark(0x4005f0, 5, 0) ------
   01 | ------ IMark(0x4005f5, 5, 0) ------
   02 | ------ IMark(0x4005fa, 5, 0) ------
   03 | ------ IMark(0x4005ff, 5, 0) ------
   04 | PUT(rcx) = 0x0000000000000004
   05 | ------ IMark(0x400604, 6, 0) ------
   06 | PUT(r8) = 0x0000000000000005
   07 | ------ IMark(0x40060a, 6, 0) ------
   08 | PUT(r9) = 0x0000000000000006
   09 | ------ IMark(0x400610, 6, 0) ------
   10 | PUT(r10) = 0x0000000000000008
   11 | PUT(pc) = 0x0000000000400616
   12 | ------ IMark(0x400616, 4, 0) ------
   13 | t21 = GET:I64(bp)
   14 | t20 = Add64(t21,0xffffffffffffffd0)
   15 | t22 = GET:I64(rax)
   16 | STle(t20) = t22
   17 | PUT(pc) = 0x000000000040061a

I think the first few mov instructions are missing.

Can you try to reproduce this scenario please? Please remember to do not change the C code because if you do it you probably can't reproduce the issue. More important, please compile it using clang for a 64 bit machine.

Thanks

addresses are stored in 32-bit ints

As reported by Robert and Behran, addresses are stored in 32-bit ints, and 64-bit addresses are thus truncated.

angr / pyvex Goto Github PK

pyvex's Introduction

PyVEX

Project Links

Installing PyVEX

Using PyVEX

VEX Intermediate Representation

Citing PyVEX

pyvex's People

Contributors

Stargazers

Watchers

Forkers

pyvex's Issues

when i install in windows 7 x86

when i install in ubuntu 14.04 x64

Recommend Projects

Recommend Topics

Recommend Org