keystone
keystone copied to clipboard
Published
20 hours ago •
keystone-engine
keystone-engine
Usage of .thumb_func crashes Keystone's Python binding on macOS
Keystone 0.9.1 (commit 23b54ce)
macOS 10.14.6
When I try to assemble this:
.align 1
.thumb
.thumb_func
factorial:
add r0, r0, #1
...using this Python code:
import keystone as ks
code = '''
.align 1
.thumb
.thumb_func
factorial:
add r0, r0, #1
'''
print('Keystone', ks.__version__)
assembler = ks.Ks(ks.KS_ARCH_ARM, ks.KS_MODE_THUMB)
encoding, count = assembler.asm(code)
...Python crashes saying Illegal instruction:
$ python3 keystone_bug2.py
Keystone 0.9.1
Illegal instruction: 4
$
The crash log looks like this:
Process: Python [3202]
Path: /Library/Frameworks/Python.framework/Versions/3.7/Resources/Python.app/Contents/MacOS/Python
Identifier: Python
Version: 3.7.1 (3.7.1)
Code Type: X86-64 (Native)
Parent Process: bash [2933]
Responsible: Electron [783]
User ID: 501
Date/Time: 2020-06-08
OS Version: Mac OS X 10.14.6 (18G4032)
Report Version: 12
Anonymous UUID: 328A8AA9-3118-54F5-98C1-76C79A44A098
Time Awake Since Boot: 2600 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_INSTRUCTION (SIGILL)
Exception Codes: 0x0000000000000001, 0x0000000000000000
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libkeystone.dylib 0x0000000100974104 llvm_ks::MCELFStreamer::EmitThumbFunc(llvm_ks::MCSymbol*) + 4
1 libkeystone.dylib 0x0000000100a2cdcf (anonymous namespace)::ARMAsmParser::onLabelParsed(llvm_ks::MCSymbol*) + 47
2 libkeystone.dylib 0x000000010098635e (anonymous namespace)::AsmParser::parseStatement((anonymous namespace)::ParseStatementInfo&, llvm_ks::MCAsmParserSemaCallback*, unsigned long long&) + 6638
3 libkeystone.dylib 0x0000000100980ede (anonymous namespace)::AsmParser::Run(bool, unsigned long long, bool) + 510
4 libkeystone.dylib 0x0000000100b0d199 ks_asm + 1289
5 _ctypes.cpython-37m-darwin.so 0x00000001007ba1d7 ffi_call_unix64 + 79
6 _ctypes.cpython-37m-darwin.so 0x00000001007baa38 ffi_call + 872
7 _ctypes.cpython-37m-darwin.so 0x00000001007b59fb _ctypes_callproc + 891
8 _ctypes.cpython-37m-darwin.so 0x00000001007afaf0 PyCFuncPtr_call + 1040
9 org.python.python 0x00000001001748b1 _PyObject_FastCallKeywords + 433
10 org.python.python 0x00000001002342f4 call_function + 420
11 org.python.python 0x0000000100231406 _PyEval_EvalFrameDefault + 25190
12 org.python.python 0x0000000100234f56 _PyEval_EvalCodeWithName + 2422
13 org.python.python 0x0000000100174a61 _PyFunction_FastCallKeywords + 257
14 org.python.python 0x0000000100234432 call_function + 738
15 org.python.python 0x00000001002313ec _PyEval_EvalFrameDefault + 25164
16 org.python.python 0x0000000100234f56 _PyEval_EvalCodeWithName + 2422
17 org.python.python 0x000000010022b0c4 PyEval_EvalCode + 100
18 org.python.python 0x0000000100268591 PyRun_FileExFlags + 209
19 org.python.python 0x0000000100267e0a PyRun_SimpleFileExFlags + 890
20 org.python.python 0x000000010028619b pymain_main + 6827
21 org.python.python 0x00000001002866ea _Py_UnixMain + 58
22 libdyld.dylib 0x00007fff7a0ab3d5 start + 1
Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x00007fb4cb418430 rbx: 0x00007fb4cb48c8e0 rcx: 0x0000000100cc5970 rdx: 0x0000000000000001
rdi: 0x00007fb4cb418430 rsi: 0x00007fb4cb897b38 rbp: 0x00007ffeefab3500 rsp: 0x00007ffeefab3500
r8: 0x00007fb4cb400000 r9: 0x000000000000030d r10: 0x0000000000000001 r11: 0x0000000100481a00
r12: 0x0000000000000009 r13: 0x00007fb4cb48c050 r14: 0x00007fb4cb897b38 r15: 0x00007fb4cb48c030
rip: 0x0000000100974104 rfl: 0x0000000000010202 cr2: 0x0000000100a2cda0
Logical CPU: 0
Error Code: 0x00000000
Trap Number: 6
Binary Images:
0x10014a000 - 0x10014afff +org.python.python (3.7.1 - 3.7.1) <4B030EC4-815E-34B7-90E7-D0720C31E072> /Library/Frameworks/Python.framework/Versions/3.7/Resources/Python.app/Contents/MacOS/Python
0x100153000 - 0x10032bfff +org.python.python (3.7.1, [c] 2001-2018 Python Software Foundation. - 3.7.1) <977C0919-F108-3AC9-8796-F42032694A62> /Library/Frameworks/Python.framework/Versions/3.7/Python
0x100728000 - 0x100729fff +_heapq.cpython-37m-darwin.so (0) <E8B35F18-1B5A-3C9E-B1F4-0BE0432459A2> /Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/lib-dynload/_heapq.cpython-37m-darwin.so
0x1007ad000 - 0x1007bdff7 +_ctypes.cpython-37m-darwin.so (0) <78FCD5A2-0B47-331E-A406-2876C1289C15> /Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/lib-dynload/_ctypes.cpython-37m-darwin.so
0x1007ce000 - 0x1007d2fff +_struct.cpython-37m-darwin.so (0) <2379780F-4AB4-394B-B5AB-55A517D6627E> /Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/lib-dynload/_struct.cpython-37m-darwin.so
0x100828000 - 0x100829ff7 +_posixsubprocess.cpython-37m-darwin.so (0) <11920A4C-3AD4-3C87-95E5-418D30950610> /Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/lib-dynload/_posixsubprocess.cpython-37m-darwin.so
0x10086d000 - 0x10086ffff +select.cpython-37m-darwin.so (0) <869F8AE3-73B4-35C4-82CA-3D954FD00F78> /Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/lib-dynload/select.cpython-37m-darwin.so
0x100875000 - 0x100879fff +math.cpython-37m-darwin.so (0) <E18B0A65-B44F-3F1D-96A8-C29A7F794019> /Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/lib-dynload/math.cpython-37m-darwin.so
0x10095d000 - 0x10095dff7 +_opcode.cpython-37m-darwin.so (0) <11A650B3-FF7B-3DF1-81E2-A906553221C9> /Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/lib-dynload/_opcode.cpython-37m-darwin.so
0x100960000 - 0x100cc4ff3 +libkeystone.dylib (0) <53B46410-95A2-39B7-A172-59F1D9DD5381> /Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/keystone/libkeystone.dylib
0x10e93e000 - 0x10e9a870f dyld (655.1.1) <C192CA31-D059-3770-9882-D864FEFA0C96> /usr/lib/dyld
