Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

unicorn callable arg types

See original GitHub issue

Describe the bug. When passing different types of args to a callable, the call can fail with “Got STOP_NOSTART but a positive number of steps. This indicates a serious unicorn bug.” The calls work fine without adding unicorn to the base state.

Environment Information. Platform: linux-x86_64 Python version: 3.8.10 (default, Mar 15 2022, 12:22:08) Pip version angr 9.1.12332 Pip version ailment 9.1.12332 Pip version cle 9.1.12332 Pip version pyvex 9.1.12332 Pip version claripy 9.1.12332 Pip version archinfo 9.1.12332 Pip version z3-solver 4.8.10.0 Pip version unicorn 1.0.3

To Reproduce. https://github.com/cromulencellc/hackasat-qualifier-2020/blob/master/rfmagic/public/firmware.bin

p = angr.Project('firmware.bin', main_opts={'backend':'blob','arch':'mipsel','base_addr':0xbfc00000,'entry_point':0xbfc00400})

state = p.factory.blank_state(add_options=angr.sim_options.unicorn)

init = b'\x01'*0x80
msg = b'hello'

state.memory.store(0x1000, init)
state.memory.store(0x2000, msg)

func = p.factory.callable(0xbfc00a30, base_state=state)


print( func(0x1000, 0x2000,    5) ) # works
print( func(init,   0x2000,    5) ) # works
print( func(init,   msg,       5) ) # works
print( func(0x1000, msg,       5) ) # doesn't

Issue Analytics

  • State:open
  • Created a year ago
  • Comments:6 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
f4c31e55commented, Apr 10, 2022

I was previously using 1.0.2rc4. I updated to check if it would fix this issue.

Apologies, yes. That exception throws before result_path_group is populated in the callable. The actual errored state is in caller in callable.py:80. You can move the self.result_path_group = caller.copy() above the raise in order to access the state.

0reactions
github-actions[bot]commented, Jun 11, 2022

This issue has been marked as stale because it has no recent activity. Please comment or add the pinned tag to prevent this issue from being closed.

Read more comments on GitHub >

github_iconTop Results From Across the Web

PEP 677 – Callable Type Syntax
This PEP introduces a concise and friendly syntax for callable types, supporting the same functionality as typing.Callable but with an arrow ...
Read more >
Running Gunicorn — Gunicorn 20.1.0 documentation
The variable name refers to a WSGI callable that should be found in the ... -k WORKERCLASS, --worker-class=WORKERCLASS - The type of worker...
Read more >
A tour of the Dart language
Both int and double are subtypes of num . The num type includes basic operators such as +, -, /, and *, and...
Read more >
The Comprehensive Guide to mypy - Tushar's Blog
We implemented FakeFuncs in the duck types section above, and we used isinstance(FakeFuncs, Callable) to verify that the object indeed, was ...
Read more >
How to convert the type of function's arguments in Python at ...
Callable is used to denote something that can be called. Most often, it is used to denote a function. Callable[[int, int], str] means...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

The future of Analysis

Next page

Why solutions generated by angr can not be reproduced?