Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

_make_stashes_dict causes execution to always fail

See original GitHub issue

When stepping through my basic program the program always failed in initializer methods. When debugging this, I found out that there was at some point the stash put to the errored list with the following error:

‘errored’ is an illegal stash name - already in use as attribute

I therefore stepped manually through angrs code and found the issue in the _make_stashes_dict() of the manager.py . There is the following code snippet:

for key in kwargs:
            if key not in self.stashes and hasattr(self, key):
                raise SimulationManagerError("'%s' is an illegal stash name - already in use as attribute" % key)

At some point the hook function at _one_state_step in manager.py will return a dict containing the key errored with an empty list as value. This dict is then passed as an argument to _make_stashes_dict. So this exception will be triggered, as the SimManager has the attribute errored.

Basic Program:

#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <winsock2.h>
#include <ws2tcpip.h>
#include <stdlib.h>
#include <stdio.h>


// Need to link with Ws2_32.lib, Mswsock.lib, and Advapi32.lib
#pragma comment (lib, "Ws2_32.lib")
#pragma comment (lib, "Mswsock.lib")
#pragma comment (lib, "AdvApi32.lib")


#define DEFAULT_BUFLEN 512
#define DEFAULT_PORT "27015"

int __cdecl main(int argc, char **argv)
{
	WSADATA wsaData;
	SOCKET ConnectSocket = INVALID_SOCKET;
	struct addrinfo *result = NULL,
		*ptr = NULL,
		hints;
	char *sendbuf = "this is a test";
	char recvbuf[DEFAULT_BUFLEN];
	int iResult;
	int recvbuflen = DEFAULT_BUFLEN;

	// Validate the parameters
	if (argc != 2) {
		printf("usage: %s server-name\n", argv[0]);
		return 1;
	}

	// Initialize Winsock
	iResult = WSAStartup(MAKEWORD(2, 2), &wsaData);
	if (iResult != 0) {
		printf("WSAStartup failed with error: %d\n", iResult);
		return 1;
	}

	ZeroMemory(&hints, sizeof(hints));
	hints.ai_family = AF_UNSPEC;
	hints.ai_socktype = SOCK_STREAM;
	hints.ai_protocol = IPPROTO_TCP;

	// Resolve the server address and port
	iResult = getaddrinfo(argv[1], DEFAULT_PORT, &hints, &result);
	if (iResult != 0) {
		printf("getaddrinfo failed with error: %d\n", iResult);
		WSACleanup();
		return 1;
	}

	// Attempt to connect to an address until one succeeds
	for (ptr = result; ptr != NULL;ptr = ptr->ai_next) {

		// Create a SOCKET for connecting to server
		ConnectSocket = socket(ptr->ai_family, ptr->ai_socktype,
			ptr->ai_protocol);
		if (ConnectSocket == INVALID_SOCKET) {
			printf("socket failed with error: %ld\n", WSAGetLastError());
			WSACleanup();
			return 1;
		}

		// Connect to server.
		iResult = connect(ConnectSocket, ptr->ai_addr, (int)ptr->ai_addrlen);
		if (iResult == SOCKET_ERROR) {
			closesocket(ConnectSocket);
			ConnectSocket = INVALID_SOCKET;
			continue;
		}
		break;
	}

	freeaddrinfo(result);

	if (ConnectSocket == INVALID_SOCKET) {
		printf("Unable to connect to server!\n");
		WSACleanup();
		return 1;
	}

	// Send an initial buffer
	iResult = send(ConnectSocket, sendbuf, (int)strlen(sendbuf), 0);
	if (iResult == SOCKET_ERROR) {
		printf("send failed with error: %d\n", WSAGetLastError());
		closesocket(ConnectSocket);
		WSACleanup();
		return 1;
	}

	printf("Bytes Sent: %ld\n", iResult);

	// shutdown the connection since no more data will be sent
	iResult = shutdown(ConnectSocket, SD_SEND);
	if (iResult == SOCKET_ERROR) {
		printf("shutdown failed with error: %d\n", WSAGetLastError());
		closesocket(ConnectSocket);
		WSACleanup();
		return 1;
	}

	FD_SET writeSet;
	FD_SET readSet;

	FD_SET(ConnectSocket, &readSet);
	FD_SET(ConnectSocket, &writeSet);
	// nfds is ignored
	if (select(1, &readSet, &writeSet, NULL, NULL) > 0) {
		iResult = recv(ConnectSocket, recvbuf, recvbuflen, 0);
	}
	// Receive until the peer closes the connection
	do {

			iResult = recv(ConnectSocket, recvbuf, recvbuflen, 0);
			if (iResult > 0)
				printf("Bytes received: %d\n", iResult);
			else if (iResult == 0)
				printf("Connection closed\n");
			else
				printf("recv failed with error: %d\n", WSAGetLastError());
			iResult = recv(ConnectSocket, recvbuf, recvbuflen, 0);

	} while (iResult > 0);
	

	// cleanup
	closesocket(ConnectSocket);
	WSACleanup();

	return 0;
}

Since I do not really know the usecase of the for loop causing the error I tend to simply remove it, but that is probably not the best solution. Because when uncommenting it I get an error, that the dictionaries size changed during iteration:

angr_tst.py", line 19, in step_until_branch
    simgr.step()
  File "/usr/local/lib/python2.7/dist-packages/angr/manager.py", line 608, in step
    pg = pg._one_step(stash=stash, selector_func=selector_func, successor_func=successor_func, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/angr/manager.py", line 382, in _one_step
    result_stashes = self._one_state_step(a, successor_func=successor_func, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/angr/manager.py", line 248, in _one_state_step
    out = hook(a, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/angr/exploration_techniques/veritesting.py", line 21, in step_state
    vt = self.project.analyses.Veritesting(state, **self.options)
  File "/usr/local/lib/python2.7/dist-packages/angr/analyses/analysis.py", line 96, in make_analysis
    oself.__init__(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/angr/analyses/veritesting.py", line 205, in __init__
    self._cfg, self._loop_graph = self._make_cfg()
  File "/usr/local/lib/python2.7/dist-packages/angr/analyses/veritesting.py", line 563, in _make_cfg
    cfg.force_unroll_loops(self._loop_unrolling_limit)
  File "/usr/local/lib/python2.7/dist-packages/angr/analyses/cfg/cfg_accurate.py", line 527, in force_unroll_loops
    for ds in dst_successors:
RuntimeError: dictionary changed size during iteration

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Comments:12 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
Lukas-Dreselcommented, Jan 12, 2018

interesting, this is a different error now. I’ll try to reproduce and get back to you!

0reactions
github-actions[bot]commented, Aug 26, 2022

This issue has been closed due to inactivity.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Top 10 causes of RPA failures and how to avoid them
Here, experts provided the top 10 reasons why RPA implementations fail and offered tips on how to avoid them.
Read more >
robot framework stop teardown execution in failure
The scenarios is when "Insert name in filter" fails, I want it to stop running, but it executes the "Delete user" keyword.
Read more >
Task and Motion Planning with Failing Executions - Kavraki Lab
We propose a framework to address a task and motion planning setting where actions can fail during execution.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

CFGAccurate.remove_cycles() function never removes any cycles

Next page

how to use angr to solve ctf problem while the target elf has PIE?