Error in ast conversion

Question

Error in ast conversion

Closed this issue 4 years ago · 4 comments

Not sure how to fix it off the cuff - but the problem is there doesn't seem to be any stop to stripping away the parts of the AST until it's a NoneType. The first 4 lines are from adding print(ast) at backends/init.py:159.

<Bool move_3_43_8 <= 57>
<BV8 move_3_43_8>
move_3_43_8
None
Traceback (most recent call last):
  File "/home/user/angr_pypy/site-packages/claripy/backends/__init__.py", line 340, in is_false
    return self._false_cache[e.cache_key]
  File "/opt/pypy3/lib-python/3/weakref.py", line 423, in __getitem__
    return self.data[ref(key)]
KeyError: <weakref at 0x0000563cc8956b40; to 'ASTCacheKey'>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "./cgc_board.py", line 433, in <module>
    etn = et = run_path(e_test, test_path_read_kw)
  File "./cgc_board.py", line 75, in run_path
    succ = state.step()
  File "/home/user/angr_pypy/site-packages/angr/sim_state.py", line 587, in step
    return self.project.factory.successors(self, **kwargs)
  File "/home/user/angr_pypy/site-packages/angr/factory.py", line 60, in successors
    return self.default_engine.process(*args, **kwargs)
  File "/home/user/angr_pypy/site-packages/angr/engines/vex/light/slicing.py", line 19, in process
    return super().process(*args, **kwargs)
  File "/home/user/angr_pypy/site-packages/angr/engines/engine.py", line 149, in process
    self.process_successors(self.successors, **kwargs)
  File "/home/user/angr_pypy/site-packages/angr/engines/failure.py", line 21, in process_successors
    return super().process_successors(successors, **kwargs)
  File "/home/user/angr_pypy/site-packages/angr/engines/syscall.py", line 18, in process_successors
    return super().process_successors(successors, **kwargs)
  File "/home/user/angr_pypy/site-packages/angr/engines/hook.py", line 54, in process_successors
    return super().process_successors(successors, procedure=procedure, **kwargs)
  File "/home/user/angr_pypy/site-packages/angr/engines/unicorn.py", line 169, in process_successors
    return super().process_successors(successors, **kwargs)
  File "/home/user/angr_pypy/site-packages/angr/engines/soot/engine.py", line 64, in process_successors
    return super().process_successors(successors, **kwargs)
  File "/home/user/angr_pypy/site-packages/angr/engines/vex/heavy/heavy.py", line 136, in process_successors
    self.handle_vex_block(irsb)
  File "/home/user/angr_pypy/site-packages/angr/engines/vex/heavy/super_fastpath.py", line 19, in handle_vex_block
    super().handle_vex_block(irsb)
  File "/home/user/angr_pypy/site-packages/angr/engines/vex/light/slicing.py", line 26, in handle_vex_block
    super().handle_vex_block(irsb)
  File "/home/user/angr_pypy/site-packages/angr/engines/vex/heavy/actions.py", line 30, in handle_vex_block
    super().handle_vex_block(irsb)
  File "/home/user/angr_pypy/site-packages/angr/engines/vex/heavy/inspect.py", line 45, in handle_vex_block
    super().handle_vex_block(irsb)
  File "/home/user/angr_pypy/site-packages/angr/engines/vex/light/light.py", line 446, in handle_vex_block
    self._handle_vex_stmt(stmt)
  File "/home/user/angr_pypy/site-packages/angr/engines/vex/light/slicing.py", line 30, in _handle_vex_stmt
    super()._handle_vex_stmt(stmt)
  File "/home/user/angr_pypy/site-packages/angr/engines/vex/heavy/inspect.py", line 40, in _handle_vex_stmt
    super()._handle_vex_stmt(stmt)
  File "/home/user/angr_pypy/site-packages/angr/engines/vex/light/resilience.py", line 36, in inner
    return getattr(super(VEXResilienceMixin, self), func)(*iargs, **ikwargs)
  File "/home/user/angr_pypy/site-packages/angr/engines/vex/heavy/heavy.py", line 202, in _handle_vex_stmt
    super()._handle_vex_stmt(stmt)
  File "/home/user/angr_pypy/site-packages/angr/engines/vex/light/light.py", line 51, in _handle_vex_stmt
    handler(stmt)
  File "/home/user/angr_pypy/site-packages/angr/engines/vex/light/light.py", line 209, in _handle_vex_stmt_Exit
    stmt.jk
  File "/home/user/angr_pypy/site-packages/angr/engines/vex/heavy/actions.py", line 188, in _perform_vex_stmt_Exit
    super()._perform_vex_stmt_Exit(guard, target, jumpkind)
  File "/home/user/angr_pypy/site-packages/angr/engines/vex/heavy/heavy.py", line 236, in _perform_vex_stmt_Exit
    elif o.LAZY_SOLVES not in self.state.options and not self.state.solver.satisfiable(extra_constraints=(guard,)):
  File "/home/user/angr_pypy/site-packages/angr/state_plugins/sim_action_object.py", line 57, in ast_stripper
    return f(*new_args, **new_kwargs)
  File "/home/user/angr_pypy/site-packages/angr/state_plugins/solver.py", line 89, in wrapped_f
    return f(*args, **kwargs)
  File "/home/user/angr_pypy/site-packages/angr/state_plugins/solver.py", line 642, in satisfiable
    return self._solver.satisfiable(extra_constraints=self._adjust_constraint_list(extra_constraints), exact=exact)
  File "/home/user/angr_pypy/site-packages/claripy/frontend_mixins/constraint_filter_mixin.py", line 34, in satisfiable
    return super(ConstraintFilterMixin, self).satisfiable(extra_constraints=ec, **kwargs)
  File "/home/user/angr_pypy/site-packages/claripy/frontends/light_frontend.py", line 85, in satisfiable
    reversed(self.constraints + list(extra_constraints))
  File "/home/user/angr_pypy/site-packages/claripy/frontends/light_frontend.py", line 84, in <genexpr>
    self._solver_backend.is_false(c) for c in
  File "/home/user/angr_pypy/site-packages/claripy/backends/backend_concrete.py", line 218, in is_false
    return super().is_false(e, extra_constraints=extra_constraints, solver=solver, model_callback=model_callback)
  File "/home/user/angr_pypy/site-packages/claripy/backends/__init__.py", line 342, in is_false
    f = self._is_false(self.convert(e), extra_constraints=extra_constraints, solver=solver, model_callback=model_callback)
  File "/home/user/angr_pypy/site-packages/claripy/backends/backend_concrete.py", line 103, in convert
    return super().convert(expr)
  File "/home/user/angr_pypy/site-packages/claripy/backends/__init__.py", line 162, in convert
    converted = self._convert(ast)
  File "/home/user/angr_pypy/site-packages/claripy/backends/backend_concrete.py", line 134, in _convert
    raise BackendError("can't handle AST of type %s" % type(a))
claripy.errors.BackendError: can't handle AST of type <class 'NoneType'>

Answer 1 · 2021-01-14T20:02:06.000Z

I can only get it work under CONSERVATIVE_{READ,WRITE}_STRATEGY but I bet that's more to do with my target and being able to reach the problem.

Answer 2 · 2021-01-15T02:42:26.000Z

Can you give something to reproduce this? I can't seem to figure out what could be wrong just from staring at the traceback and the code.

Answer 3 · 2021-01-15T13:48:18.000Z

I'll see what I can do. ABSTRACT_MEMORY seems to avoid it, but I'm not sure if that's the right answer....

…

On Thu, Jan 14, 2021 at 9:42 PM Audrey Dutcher ***@***.***> wrote: Can you give something to reproduce this? I can't seem to figure out what could be wrong just from staring at the traceback and the code. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#197 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACRPRYRF2NWPVB4WLSI4GRDSZ6TSBANCNFSM4WC7IZAQ> .

Answer 4 · 2021-01-20T03:05:01.000Z

I found the specific problem which is underlying the crash you posted and pushed a fix, but the general problem with your script is that you're using options= instead of add_options= in your state constructor.