Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Python crashes during CFG generation
See original GitHub issueI’ve got a current git checkout on my Ubuntu box. First, is there a recommended pypy3 version that has PySide2? Mine (python 3.5.2, PyPy 5.8.0-beta0) can’t find a version.
Anyway, even with CPython, angr-management crashes when I load a binary. I get a segfault after setting CFG options (no changes, left at default) for any binary:
(angrdev) steve@xubuntudev:~/code/angr-dev/angr-management$ ./start.py ~/code/a.out
WARNING | 2019-02-07 08:29:33,256 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
WARNING | 2019-02-07 08:30:56,596 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
WARNING | 2019-02-07 08:30:56,842 | angr.analyses.calling_convention | Please run variable recovery on <Function _init (0x4006a0)> before analyzing its calling conventions.
WARNING | 2019-02-07 08:30:56,843 | angr.analyses.calling_convention | Cannot determine calling convention.
WARNING | 2019-02-07 08:30:56,843 | angr.analyses.calling_convention | Please run variable recovery on <Function sub_4006c0 (0x4006c0)> before analyzing its calling conventions.
WARNING | 2019-02-07 08:30:56,843 | angr.analyses.calling_convention | Cannot determine calling convention.
Segmentation fault (core dumped)
While tinkering, I commented out app.exec() in __main__.py and I get this:
(angrdev) steve@xubuntudev:~/code/angr-dev/angr-management$ ./start.py ~/code/a.out
WARNING | 2019-02-07 07:37:42,871 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
WARNING | 2019-02-07 07:37:44,258 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
Exception in thread angr Management Worker Thread:
Traceback (most recent call last):
File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner
self.run()
File "/usr/lib/python3.6/threading.py", line 864, in run
self._target(*self._args, **self._kwargs)
File "/home/steve/code/angr-dev/angr-management/angrmanagement/data/instance.py", line 178, in _worker
result = job.run(self)
File "/home/steve/code/angr-dev/angr-management/angrmanagement/data/jobs/cfg_generation.py", line 41, in run
**self.cfg_args
File "/home/steve/code/angr-dev/angr/angr/analyses/analysis.py", line 109, in __call__
oself.__init__(*args, **kwargs)
File "/home/steve/code/angr-dev/angr/angr/analyses/cfg/cfg.py", line 55, in __init__
CFGFast.__init__(self, **kwargs)
File "/home/steve/code/angr-dev/angr/angr/analyses/cfg/cfg_fast.py", line 1040, in __init__
self._analyze()
File "/home/steve/code/angr-dev/angr/angr/analyses/forward_analysis.py", line 552, in _analyze
self._analysis_core_baremetal()
File "/home/steve/code/angr-dev/angr/angr/analyses/forward_analysis.py", line 677, in _analysis_core_baremetal
self._process_job_and_get_successors(job_info)
File "/home/steve/code/angr-dev/angr/angr/analyses/forward_analysis.py", line 695, in _process_job_and_get_successors
successors = self._get_successors(job)
File "/home/steve/code/angr-dev/angr/angr/analyses/cfg/cfg_fast.py", line 1430, in _get_successors
jobs = self._scan_block(job)
File "/home/steve/code/angr-dev/angr/angr/analyses/cfg/cfg_fast.py", line 1684, in _scan_block
entries = self._scan_irsb(cfg_job, current_func_addr)
File "/home/steve/code/angr-dev/angr/angr/analyses/cfg/cfg_fast.py", line 1871, in _scan_irsb
stmt_idx
File "/home/steve/code/angr-dev/angr/angr/analyses/cfg/cfg_fast.py", line 1968, in _create_jobs
resolved_as_plt = self._resolve_plt(addr, irsb, ij)
File "/home/steve/code/angr-dev/angr/angr/analyses/cfg/cfg_fast.py", line 2636, in _resolve_plt
simsucc = self.project.engines.default_engine.process(self._initial_state, irsb, force_addr=addr)
File "/home/steve/code/angr-dev/angr/angr/engines/vex/engine.py", line 142, in process
opt_level=opt_level)
File "/home/steve/code/angr-dev/angr/angr/engines/engine.py", line 35, in process
new_state = state.copy()
File "/home/steve/code/angr-dev/angr/angr/sim_state.py", line 449, in copy
mode=self.mode, os_name=self.os_name)
File "/home/steve/code/angr-dev/angr/angr/sim_state.py", line 89, in __init__
p.init_state()
File "/home/steve/code/angr-dev/angr/angr/state_plugins/history.py", line 63, in init_state
self.successor_ip = self.state._ip
File "/home/steve/code/angr-dev/angr/angr/sim_state.py", line 216, in _ip
return self.regs._ip
File "/home/steve/code/angr-dev/angr/angr/state_plugins/view.py", line 30, in __getattr__
return state.registers.load(k, inspect=inspect, disable_actions=disable_actions)
File "/home/steve/code/angr-dev/angr/angr/storage/memory.py", line 796, in load
r = r.reversed
File "/home/steve/code/angr-dev/claripy/claripy/operations.py", line 67, in _op
return return_type(name, fixed_args, **kwargs)
File "/home/steve/code/angr-dev/claripy/claripy/ast/base.py", line 152, in __new__
r = operations._handle_annotations(eb._abstract(eb.call(op, args)), args)
File "/home/steve/code/angr-dev/claripy/claripy/backends/backend_concrete.py", line 94, in _abstract
return BVV(e.value, e.size())
File "/home/steve/code/angr-dev/claripy/claripy/ast/bv.py", line 251, in BVV
try: return _bvv_cache[(value, size)]
NameError: name '_bvv_cache' is not defined
I can’t figure this out… the way the imports are written in claripy just confuses me so I’m not sure how this global var is undefined (or getting deleted?).
EDIT: I should point out that this happens for any and every binary.
Issue Analytics
- State:
- Created 5 years ago
- Comments:23 (23 by maintainers)
Top Results From Across the Web
GAN - Python crashes without error message and with strange ...
Update: I tried running python -u -m trace -t program.py in order to trace where python crashes, but it runs on infinite loop....
Read more >Python code crashing with no error - Raspberry Pi Forums
Hello all. I have coded a simple program which is running on a wall-mounted 7" touch screen and controls my heater system.
Read more >Issue with python https server script
When one has a crash with a traceback, it is often helpful to see what was the line of one's own code which...
Read more >1.11.0: Incorrect generation of config files? - spacy
When trying to train on my dataset with python -m prodigy train -n dataset -m en_core_web_lg I get the following error:
Read more >Python crashes when I run tf.random.normal([1000, 1000]) in ...
When I run the following code in python: import tensorflow as tf import os ... 0)Thread tf_numa_-1_Eigen creation via pthread_create()
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Solution:
Looks to me that PySide2 5.12.1 has an incorrect Python object reference counting somewhere. I will pin PySide2 version in angr management for now.
Awesome, thanks for reporting this issue!