Double links

Question

Double links

Closed this issue 8 years ago · 11 comments

I create a small binary: a.zip for testing some queries.

And in bjosh:

> getCallsTo('c_memcpy')
v[#9:390]
v[#9:391]
> getCallsTo('c_memcpy').map
{repr=call sym.c_memcpy, childNum=12, code=e820000000, comment=, nodeType=Instr, addr=4195679, key=Instr_4195679, esil=rip,8,rsp,-=,rsp,=[],4195716,rip,=}
{repr=call sym.c_memcpy, childNum=, code=, comment=, nodeType=Instr, addr=4195679, key=Instr_4195679, esil=}

And in r2:

> axt sym.c_memcpy
call 0x40055f call sym.c_memcpy in sym.main

Answer 1 · 2016-07-06T14:36:25.000Z

Same problem on standard binaries. For example, /bin/cat:

...
v[#9:9417]
v[#9:9418]
v[#9:9520]
v[#9:10588]
v[#9:10589]
v[#9:11037]
v[#9:11038]
...

Answer 2 · 2016-07-15T11:12:27.000Z

Hi there, can you try again? Hope it is fixed by the latest commits.

Thanks for reporting this issue
Alwin

Answer 3 · 2016-07-15T11:32:47.000Z

Now getCallsTo drops an error: [OCommandExecutionException] Cannot evaluate lucene condition without index configuration.
But g.V query works and still not as intented:

[390] {repr=call sym.c_memcpy, childNum=12, code=e820000000, comment=, nodeType=Instr, addr=4195679, key=Instr_4195679, esil=rip,8,rsp,-=,rsp,=[],4195716,rip,=}
[391] {repr=call sym.c_memcpy, childNum=, code=, comment=, nodeType=Instr, addr=4195679, key=Instr_4195679, esil=}

Answer 4 · 2016-07-15T11:36:23.000Z

@a0x77n when you add or remove fields, the name of the index changes. You need to adapt this name in bjoern-lang to fix this, imho.

Answer 5 · 2016-07-15T12:01:28.000Z

@a0x77n the created index is named ["addr","childNum","code","comment","esil","key","nodeType","repr"], meaning it still contains childNum. In contrast, the index in lookup.groovy does no contain "childNum". Can you adapt this and test it?

Answer 6 · 2016-07-15T12:08:40.000Z

@l4l should work now.

Answer 7 · 2016-07-15T12:33:16.000Z

Nice, thanks!

Answer 8 · 2016-07-15T13:36:19.000Z

Sorry I forgot to mention that the data fields changed a bit (there is no 'childNum' field anymore). That means, you have to re-import your data (and we must revert the latest commit).

As it is now, the index name will fail for new imports.

Answer 9 · 2016-07-15T13:38:10.000Z

On re-import, the index name still contained "childNum", so I reintroduced "childNum" into the index. Please test this on a fresh installation. Are you sure "childNum" is not in there anymore?

Answer 10 · 2016-07-15T13:41:40.000Z

Ok, my bad. Apparently, using joern-delete-project to remove the project didn't work earlier. We could use a bjoern-delete-project. Can you revert the commit then?

Answer 11 · 2016-07-15T13:49:20.000Z

Done. I did not know that there is a joern-delete-project command. Is the octopus-project delete command not working for joern?