maat icon indicating copy to clipboard operation
maat copied to clipboard
verified publisher icon trailofbits

Update sleigh to 10.2.3

Open ekilmer opened this issue 3 years ago • 5 comments

Contains some other small fixes/refactor.

  • [x] Confirm whether the failing test is a new bug or was always a bug
    • There is a new bug in this PR
  • [ ] Find cause of bug from this PR

ekilmer avatar Nov 16 '22 04:11 ekilmer

Hmmmm. Seems we need to change some compiler flags somewhere https://github.com/trailofbits/maat/actions/runs/3476336902/jobs/5811473141#step:5:21433

I think it's using the pre-built sleigh libraries, so I can try looking into this on lifting-bits/sleigh

[ 97%] Linking CXX shared module maat.cpython-38-x86_64-linux-gnu.so
/usr/bin/ld: /usr/local/lib/libsla.a(xml.cc.o): relocation R_X86_64_PC32 against symbol `_ZN11TreeHandler19ignorableWhitespaceEPKcii' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: bad value
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[2]: *** [CMakeFiles/maat_python.dir/build.make:1189: maat.cpython-38-x86_64-linux-gnu.so] Error 1

ekilmer avatar Nov 16 '22 04:11 ekilmer

Fixed the sleigh PIC library (and also updated to 10.2.2).

Now a test is failing https://github.com/trailofbits/maat/actions/runs/3482037438/jobs/5823881087#step:10:24

[+] Testing arch X86 support...      
Fail: ArchX86: failed to disassembly and/or execute PUNPCKHDQ

ekilmer avatar Nov 16 '22 18:11 ekilmer

Digging more into this... Since there were multiple assertions with the same message, I added something to differentiate them (I can commit this if you want), and the specific test that is failing is here.

https://github.com/trailofbits/maat/blob/e3e6e1b1be5ff1a2d9dc9f0f80921c4388462e11/tests/unit-tests/test_archX86.cpp#L6384-L6391

I still need to debug to determine the actual value that is causing the failure, though.

I can also run and pass all tests on master branch, so it's something weird with the upgrade between Sleigh 10.1.2 to 10.2.2. I'll do some testing

ekilmer avatar Dec 22 '22 14:12 ekilmer

Another update: The bug seems to be an internal sleigh issue because replacing the new x86.sla file with the old working one still fails the test.

ekilmer avatar Apr 02 '23 19:04 ekilmer

I confirmed that the PUNPCKHDQ bug appears between 10.1.5 and 10.2. There were quite a few big changes between these versions.

Bisecting might be made a little easier by using sleigh-cmake HEAD release type between 10.1.5 and 10.2 at the bot update commits https://github.com/lifting-bits/sleigh/compare/v10.1.5...v10.2

ekilmer avatar Apr 02 '23 20:04 ekilmer