symqemu icon indicating copy to clipboard operation
symqemu copied to clipboard
verified publisher icon eurecom-s3

Support system mode

Open Kalvin2077 opened this issue 2 years ago • 5 comments

Dear maintainers, the tool is awesome.

I've been analyzing ARM firmware recently. If I want to enable symbolic execution in ARM full-system mode, what modifications and support do we need for symqemu?

Kalvin2077 avatar Nov 01 '23 08:11 Kalvin2077

Hi, thank you for the feedback. We are working on this. Hopefully publishing this in a few weeks or months.

aurelf avatar Nov 02 '23 00:11 aurelf

Okay. I'm looking forward to it!

In addition, I‘ve read the relevant paper on symqemu, and I guess that in principle it supports

  • the transfer of symbolic data between general registers and memory
  • the free switching of symbolic execution and concrete execution

If this is true, can you give me a rough guide as to which specific part of the code to explore for more details?

Kalvin2077 avatar Nov 02 '23 13:11 Kalvin2077

Hi, that's an unrelated question, but for the register to memory check calls to gen_helper_sym_store_host_i32 for example in tcg-op.c Not sure I understand the second question, SymQemu executes in concolic mode so both concrete and symbolic (when needed) along one path.

aurelf avatar Nov 08 '23 20:11 aurelf

It would be great if symqemu could support arm. I am looking forward to this feature coming online. When can I expect to see this new feature? ​

jiliguluss avatar Jan 02 '24 05:01 jiliguluss

ARM 32/64 should be already working for arm user linux target. Full system will come at some point too but not immediately (we have something internally but will need more work for merging here).

aurelf avatar Jan 11 '24 13:01 aurelf