Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Best approach for using transformed VEX code for analysis

See original GitHub issue

I’d like to use some of angr’s analyses on transformed VEX code. Some of the analyses I’m interested in are DFG and DDG generation which both require a CFG. It seems a reasonable approach to using transformed VEX code would be to first generate a CFG and then replace the node’s IRSB instances with transformed IRSB instances. This modified CFG would then be used as input for analysis.

One snag, the current DFG implementation actually calls angr.lifter.Lifter#lift for each node rather than using the node’s attached IRSB. That’s an easy fix.

Any general thoughts on how to best use angr analyses with transformed VEX code? Or comments about whether it’s a terrible, out-of-scope idea? 😉

Thanks!

Issue Analytics

State:
Created 7 years ago
Comments:12 (9 by maintainers)

Top GitHub Comments

1reaction

zarduscommented, Dec 14, 2016

As a meta-comment: we’re planning on moving all development to github (as opposed to developing on our internal gitlab and synchronizing things out periodically), so these sort of development bottlenecks will hopefully be more rare in the future.

In the meantime, we’ll have to suffer a bit longer 😃

0reactions

frapik99commented, Dec 14, 2016

@axt excellent example, i’ll read your code and trying to understand.

Looking at ddg.py I can see that when the action type is tmp it extracts the information… It seems that onlt the write operation has a destination and not the read. Am i wrong? Please have a lot at ddg:696, I cannot see how it extract the destination of the read.

Also when I encounter: t10 = Sub64(t11,0x0000000000000008) the type is tmp and not operation. Any idea why? To clarify, I’m extracting the actions from a path not from the cfg nodes.

I noticed that if I use the actions for found.state the type operation is not availbale. Instead if I get the final_nodes for every single node in the CFG I can use final_state.log.action and obtain operation.

Is there a way to extract all the states from the found path and check if using log I can access to what I need?

Anyway I’ll wait for the next version of the DDG.

Thanks

Top Results From Across the Web

Using VEXcode EXP C++ Example Projects and Templates

Example projects and Templates are a great resource if you are just getting started with VEXcode EXP and want to explore different robot......

VEXcode for experts - VEX Forum

The easiest way to revert this if you just upgraded is to use “undo” (CTRL-Z) and that commenting will be reverted, however, that...

Standards Alignment Guide

and that teaching practices focus on the learning objectives. ... Introduction to Programming with VEXcode IQ Blocks uses robots, and covers robotics.

VEXcode Text - VEX Robotics

Jumpstart your learning by starting with an existing project, covering every aspect of coding, controlling robots, and learning to use sensors. ... VEX...

Marsgate/Greenhat2: Greenhat is library for VEXcode ... - GitHub

Greenhat is library for VEXcode to help Vex Robotics teams create competitively viable autonomous programs with little to no prior coding experience.