angr.exploration_techniques.Tracer() got an unexpected keyword argument 'copy_states'

[kburova]

When I run shellphuzz I get the following:

WARNING | 2018-11-28 13:11:27,135 | local_callback | starting drilling of buggy, id:000000,orig:seed-0 Traceback (most recent call last): File "/home/kburova/.virtualenvs/devis/lib/python3.5/site-packages/driller/local_callback.py", line 122, in <module> for new_input in d.drill_generator(): File "/home/kburova/.virtualenvs/devis/lib/python3.5/site-packages/driller/driller_main.py", line 101, in drill_generator for i in self._drill_input(): File "/home/kburova/.virtualenvs/devis/lib/python3.5/site-packages/driller/driller_main.py", line 128, in _drill_input t = angr.exploration_techniques.Tracer(trace=r.trace, crash_addr=r.crash_addr, copy_states=True) TypeError: __init__() got an unexpected keyword argument 'copy_states' (b'', None)

I assume the version of tracer.py is wrong under angr/exploration_techniques/. I installed angr using command pip install angr. When I use python setup.py install within angr repo folder, I get correct tracer.py, but then lib/angr_native.so is missing.
Any suggestions on how to fix all this, and what needs to be installed/reinstalled? Thanks

[rhelmot]

If you’re using the version of driller from Github, it needs to synchronize with the version of angr from Github. Install angr as per the instructions in the angr/angr-dev repository.

…

On Wed, Nov 28, 2018 at 1:27 PM Ksenia Burova ***@***.***> wrote: When I run shellphuzz I get the following: WARNING | 2018-11-28 13:11:27,135 | local_callback | starting drilling of buggy, id:000000,orig:seed-0 Traceback (most recent call last): File "/home/kburova/.virtualenvs/devis/lib/python3.5/site-packages/driller/local_callback.py", line 122, in <module> for new_input in d.drill_generator(): File "/home/kburova/.virtualenvs/devis/lib/python3.5/site-packages/driller/driller_main.py", line 101, in drill_generator for i in self._drill_input(): File "/home/kburova/.virtualenvs/devis/lib/python3.5/site-packages/driller/driller_main.py", line 128, in _drill_input t = angr.exploration_techniques.Tracer(trace=r.trace, crash_addr=r.crash_addr, copy_states=True) TypeError: __init__() got an unexpected keyword argument 'copy_states' (b'', None) I assume the version of tracer.py is wrong under angr/exploration_techniques/. I installed angr using command pip install angr. When I use python setup.py install within angr repo folder, I get correct tracer.py, but then lib/angr_native.so is missing. Any suggestions on how to fix all this, and what needs to be installed/reinstalled? Thanks — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#67>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACYg9fuueS0P5ekiX0m2TCXmXxdfKaQIks5uzv_AgaJpZM4Y4eFA> .

[kburova]

I did as you said and now I get :

WARNING | 2018-11-28 14:22:58,340 | local_callback | starting drilling of buggy, id:000000,orig:seed-0
WARNING | 2018-11-28 14:23:01,483 | angr.state_plugins.symbolic_memory | Register r13 has an unspecified value; Generating an unconstrained value of 8 bytes.
WARNING | 2018-11-28 14:23:01,486 | angr.state_plugins.symbolic_memory | Register r12 has an unspecified value; Generating an unconstrained value of 8 bytes.
WARNING | 2018-11-28 14:23:01,489 | angr.state_plugins.symbolic_memory | Register rbx has an unspecified value; Generating an unconstrained value of 8 bytes.
WARNING | 2018-11-28 14:23:01,597 | angr.state_plugins.symbolic_memory | Register cc_ndep has an unspecified value; Generating an unconstrained value of 8 bytes.
WARNING | 2018-11-28 14:23:01,797 | angr.state_plugins.symbolic_memory | Register r14 has an unspecified value; Generating an unconstrained value of 8 bytes.
WARNING | 2018-11-28 14:23:02,032 | angr.state_plugins.symbolic_memory | Register r15 has an unspecified value; Generating an unconstrained value of 8 bytes.
Traceback (most recent call last):
File "/home/kburova/.virtualenvs/devis/lib/python3.5/site-packages/driller/local_callback.py", line 122, in
for new_input in d.drill_generator():
File "/home/kburova/.virtualenvs/devis/lib/python3.5/site-packages/driller/driller_main.py", line 101, in drill_generator
for i in self._drill_input():
File "/home/kburova/.virtualenvs/devis/lib/python3.5/site-packages/driller/driller_main.py", line 141, in _drill_input
simgr.step()
File "/home/kburova/Installs/angr-dev/angr/angr/misc/hookset.py", line 75, in call
result = current_hook(self.func.self, *args, **kwargs)
File "/home/kburova/Installs/angr-dev/angr/angr/exploration_techniques/driller_core.py", line 39, in step
simgr.step(stash=stash, **kwargs)
File "/home/kburova/Installs/angr-dev/angr/angr/misc/hookset.py", line 75, in call
result = current_hook(self.func.self, *args, **kwargs)
File "/home/kburova/Installs/angr-dev/angr/angr/exploration_techniques/tracer.py", line 115, in step
return simgr.step(stash=stash, **kwargs)
File "/home/kburova/Installs/angr-dev/angr/angr/misc/hookset.py", line 80, in call
return self.func(*args, **kwargs)
File "/home/kburova/Installs/angr-dev/angr/angr/sim_manager.py", line 344, in step
successors = self.step_state(state, successor_func=successor_func, **run_args)
File "/home/kburova/Installs/angr-dev/angr/angr/misc/hookset.py", line 75, in call
result = current_hook(self.func.self, *args, **kwargs)
File "/home/kburova/Installs/angr-dev/angr/angr/exploration_techniques/tracer.py", line 135, in step_state
raise Exception("All states disappeared!")
Exception: All states disappeared!
(b'', None)

What is the best way to install tracer? May be I did that wrong...

[rhelmot]

This seems like youve installed everything correctly. You probably ran up against some sort of limitation or error in our environment model. You’ll have to debug at this point why angr is not following the trace correctly.

…

On Wed, Nov 28, 2018 at 2:36 PM Ksenia Burova ***@***.***> wrote: I did as you said and now I get : WARNING | 2018-11-28 14:22:58,340 | local_callback | starting drilling of buggy, id:000000,orig:seed-0 WARNING | 2018-11-28 14:23:01,483 | angr.state_plugins.symbolic_memory | Register r13 has an unspecified value; Generating an unconstrained value of 8 bytes. WARNING | 2018-11-28 14:23:01,486 | angr.state_plugins.symbolic_memory | Register r12 has an unspecified value; Generating an unconstrained value of 8 bytes. WARNING | 2018-11-28 14:23:01,489 | angr.state_plugins.symbolic_memory | Register rbx has an unspecified value; Generating an unconstrained value of 8 bytes. WARNING | 2018-11-28 14:23:01,597 | angr.state_plugins.symbolic_memory | Register cc_ndep has an unspecified value; Generating an unconstrained value of 8 bytes. WARNING | 2018-11-28 14:23:01,797 | angr.state_plugins.symbolic_memory | Register r14 has an unspecified value; Generating an unconstrained value of 8 bytes. WARNING | 2018-11-28 14:23:02,032 | angr.state_plugins.symbolic_memory | Register r15 has an unspecified value; Generating an unconstrained value of 8 bytes. Traceback (most recent call last): File "/home/kburova/.virtualenvs/devis/lib/python3.5/site-packages/driller/local_callback.py", line 122, in for new_input in d.drill_generator(): File "/home/kburova/.virtualenvs/devis/lib/python3.5/site-packages/driller/driller_main.py", line 101, in drill_generator for i in self._drill_input(): File "/home/kburova/.virtualenvs/devis/lib/python3.5/site-packages/driller/driller_main.py", line 141, in _drill_input simgr.step() File "/home/kburova/Installs/angr-dev/angr/angr/misc/hookset.py", line 75, in *call* result = current_hook(self.func.*self*, *args, **kwargs) File "/home/kburova/Installs/angr-dev/angr/angr/exploration_techniques/driller_core.py", line 39, in step simgr.step(stash=stash, **kwargs) File "/home/kburova/Installs/angr-dev/angr/angr/misc/hookset.py", line 75, in *call* result = current_hook(self.func.*self*, *args, **kwargs) File "/home/kburova/Installs/angr-dev/angr/angr/exploration_techniques/tracer.py", line 115, in step return simgr.step(stash=stash, **kwargs) File "/home/kburova/Installs/angr-dev/angr/angr/misc/hookset.py", line 80, in *call* return self.func(*args, **kwargs) File "/home/kburova/Installs/angr-dev/angr/angr/sim_manager.py", line 344, in step successors = self.step_state(state, successor_func=successor_func, **run_args) File "/home/kburova/Installs/angr-dev/angr/angr/misc/hookset.py", line 75, in *call* result = current_hook(self.func.*self*, *args, **kwargs) File "/home/kburova/Installs/angr-dev/angr/angr/exploration_techniques/tracer.py", line 135, in step_state raise Exception("All states disappeared!") Exception: All states disappeared! (b'', None) What is the best way to install tracer? May be I did that wrong... — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#67 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACYg9febT4ShJN3E9Rt8PuAbObheqFpqks5uzxAGgaJpZM4Y4eFA> .

[JP1125]

I also encountered the same exception All states disappeared!. I checked various variables around this code, e.g., step_step() and _update_state_tracking(), and found that state.history.jumpkind indicates Ijk_Exit.
It is not seem to be a critical error/exception. So, I added the following if branch to drop the exception.

https://github.com/angr/angr/blob/master/angr/exploration_techniques/tracer.py#L210-L212

elif self._compare_addr(self._trace[idx + 1], state.addr):
    if state.history.jumpkind.startswith('Ijk_Exit'):
        # termination!
        state.globals['trace_idx'] = len(self._trace) - 1
    else:
        # normal case
        state.globals['trace_idx'] = idx + 1

BTW, this is an issue of angr not driller...

[rhelmot]

Wow, that was easier than I thought. I integrated the above patch slightly differently in angr/angr@31d5bb0. This should be resolved now.