Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Registers can not be annotated

See original GitHub issue

Describe the bug.

The registers can not be annotated. Please check the reproduction below.

Environment Information.

Date: 2021-08-17 23:35:27.657959 Running in virtual environment at /home/ruoyu/.virtualenvs/ml_decompiler Platform: linux-x86_64 Python version: 3.8.10 (default, Jun 2 2021, 10:49:15) [GCC 9.4.0] ######## angr ######### Python found it in /home/ruoyu/.virtualenvs/ml_decompiler/lib/python3.8/site-packages/angr Pip version angr 9.0.9166 Couldn’t find git info ######## ailment ######### Python found it in /home/ruoyu/.virtualenvs/ml_decompiler/lib/python3.8/site-packages/ailment Pip version ailment 9.0.9166 Couldn’t find git info ######## cle ######### Python found it in /home/ruoyu/.virtualenvs/ml_decompiler/lib/python3.8/site-packages/cle Pip version cle 9.0.9166 Couldn’t find git info ######## pyvex ######### Python found it in /home/ruoyu/.virtualenvs/ml_decompiler/lib/python3.8/site-packages/pyvex Pip version pyvex 9.0.9166 Couldn’t find git info ######## claripy ######### Python found it in /home/ruoyu/.virtualenvs/ml_decompiler/lib/python3.8/site-packages/claripy Pip version claripy 9.0.9166 Couldn’t find git info ######## archinfo ######### Python found it in /home/ruoyu/.virtualenvs/ml_decompiler/lib/python3.8/site-packages/archinfo Pip version archinfo 9.0.9166 Couldn’t find git info ######## z3 ######### Python found it in /home/ruoyu/.virtualenvs/ml_decompiler/lib/python3.8/site-packages/z3 Pip version z3-solver 4.8.10.0 Couldn’t find git info ######## unicorn ######### Python found it in /home/ruoyu/.virtualenvs/ml_decompiler/lib/python3.8/site-packages/unicorn Pip version unicorn 1.0.2rc4 Couldn’t find git info ######### Native Module Info ########## angr: <CDLL ‘/home/ruoyu/.virtualenvs/ml_decompiler/lib/python3.8/site-packages/angr/lib/angr_native.so’, handle 1b46380 at 0x7fe0442879a0> unicorn: <CDLL ‘/home/ruoyu/.virtualenvs/ml_decompiler/lib/python3.8/site-packages/unicorn/lib/libunicorn.so’, handle f472c0 at 0x7fe0ac6a8a30> pyvex: <cffi.api._make_ffi_library.<locals>.FFILibrary object at 0x7fe0ad42a190> z3: <CDLL ‘/home/ruoyu/.virtualenvs/ml_decompiler/lib/python3.8/site-packages/z3/lib/libz3.so’, handle 11a0c20 at 0x7fe0aa098e80>

To Reproduce.

import angr, monkeyhex
from claripy import Annotation

class TestingAnnotation(Annotation):
    def __init__(self, random):
        super(TestingAnnotation, self).__init__()

        self.random = random

    @property
    def eliminatable(self):
        return False

    @property
    def relocatable(self):
        return False

    def __hash__(self):
        return hash(('stack_location', self.random))

    def __eq__(self, other):
        if not isinstance(other, TestingAnnotation):
            return False

        return self.random == other.random

proj = angr.Project('/bin/true')
state = proj.factory.entry_state()
print(hex(id(state.regs.rdx)))
anno = state.regs.rdx.annotate(TestingAnnotation(1))
print(hex(id(anno)))
state.regs.rdx = anno
print(hex(id(state.regs.rdx)))
print(state.regs.rdx.annotations)

The output is following:

0x7ff032a5b450
0x7ff03057be10
0x7ff032a5b450
()

As you can see, after assigning annotated value to state.regs.rdx, its content does not change. I do not know it is a feature or a bug. If it is a feature, could you give some hints on how to annotate register value? Thanks in advance!

Additional context.

Issue Analytics

State:
Created 2 years ago
Comments:6 (6 by maintainers)

Top GitHub Comments

1reaction

ltfishcommented, Aug 18, 2021

https://github.com/angr/angr/pull/2869 solves this problem.

https://github.com/angr/angr/pull/2868 is a bug that I found when debugging this problem.

0reactions

wuruoyucommented, Aug 19, 2021

It seems that this issue is caused by claripy bv simplification at here: https://github.com/angr/claripy/blob/23a1841ba71dd23d060e4086f42c11441e9a0603/claripy/ast/base.py#L1127-L1141

def simplify(e):
    if isinstance(e, Base) and e.op in operations.leaf_operations:
        return e

    s = e._first_backend('simplify')
    if s is None:
        l.debug("Unable to simplify expression")
        return e
    else:
        # Copy some parameters (that should really go to the Annotation backend)
        s._uninitialized = e.uninitialized
        s._uc_alloc_depth = e._uc_alloc_depth
        s._simplified = Base.FULL_SIMPLIFY

        return s

It can be simply fixed by copying e.annotations to s, though I am not sure it is the “right” fix. I saw “Annotation backed” in the code snippet, maybe it is relevant to this issue? Thanks for your help anyway!