summary refs log tree commit diff stats
path: root/results/classifier/zero-shot-user-mode/output/instruction/952
diff options
context:
space:
mode:
authorChristian Krinitsin <mail@krinitsin.com>2025-07-07 17:23:11 +0000
committerChristian Krinitsin <mail@krinitsin.com>2025-07-07 17:23:11 +0000
commitc50b0c4da17b6e83640e4ed2380fffb5f507c846 (patch)
treeb4f203fce1380e2ea3578a784bb8ee060fe42cbd /results/classifier/zero-shot-user-mode/output/instruction/952
parent61361f925d4914a6608a0076e64cc2399311ed5f (diff)
downloademulator-bug-study-c50b0c4da17b6e83640e4ed2380fffb5f507c846.tar.gz
emulator-bug-study-c50b0c4da17b6e83640e4ed2380fffb5f507c846.zip
add zero-shot results
Diffstat (limited to 'results/classifier/zero-shot-user-mode/output/instruction/952')
-rw-r--r--results/classifier/zero-shot-user-mode/output/instruction/952103


1 files changed, 103 insertions, 0 deletions
diff --git a/results/classifier/zero-shot-user-mode/output/instruction/952 b/results/classifier/zero-shot-user-mode/output/instruction/952
new file mode 100644
index 00000000..8cf31e13
--- /dev/null
+++ b/results/classifier/zero-shot-user-mode/output/instruction/952
@@ -0,0 +1,103 @@
+instruction: 0.430
+runtime: 0.334
+syscall: 0.236
+
+
+
+qemu: uncaught target signal 5 (Trace/breakpoint trap)
+Description of problem:
+I'm getting core dumped when running the attached a.out_err binary in qemu, but when using Gdb to remote-debug the program, it exited normally. will appreciate if you can help look into this qemu issue.
+
+And I found that QEMU's 32-bit arm linux-user mode doesn't correctly turn guest BKPT insns into SIGTRAP signal.
+
+0xa602 <_start>         movs    r0, #22   
+                                                                                                                           0xa604 <_start+2>       addw    r1, pc, #186    ; 0xba                                                                                                                                           
+0xa608 <_start+6>       bkpt    0x00ab       
+
+$readelf -h hello
+
+ELF Header:
+  Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00  
+  Class:                             ELF32  
+  Data:                              2's complement, little endian  
+  Version:                           1 (current)    
+  OS/ABI:                            UNIX - System V  
+  ABI Version:                       0  
+  Type:                              EXEC (Executable file)  
+  Machine:                           ARM  
+  Version:                           0x1  
+  Entry point address:               0xa603  
+  Start of program headers:          52 (bytes into file)  
+  Start of section headers:          144128 (bytes into file)  
+  Flags:                             0x5000200, Version5 EABI, soft-float ABI  
+  Size of this header:               52 (bytes)  
+  Size of program headers:           32 (bytes)  
+  Number of program headers:         5  
+  Size of section headers:           40 (bytes)  
+  Number of section headers:         16  
+  Section header string table index: 14  
+
+And I have check that the bug(https://bugs.launchpad.net/qemu/+bug/1873898) is fixed.
+
+But it's coredump.
+
+I found that bkpt instruction is not recognized, the bkpt is in 0x0000a608.
+
+host:
+```
+$qemu-arm -g 12345 hello  
+```
+service:
+```
+$gdb-multiarch hello  
+(gdb) target remote localhost:12345  
+Remote debugging using localhost:12345  
+0x0000a602 in _start ()  
+(gdb) ni  
+0x0000a604 in _start ()
+(gdb)  
+0x0000a608 in _start ()
+(gdb)  
+0x0000a608 in _start ()
+```
+Another way to check:
+```
+$gdb qemu-arm
+(gdb) run hello
+(gdb) bt
+#0  0x00007ffff79474ba in __GI___sigsuspend (set=set@entry=0x7fffffffd9d8) at ../sysdeps/unix/sysv/linux/sigsuspend.c:26
+#1  0x000055555573bfff in dump_core_and_abort (target_sig=target_sig@entry=5) at ../linux-user/signal.c:772
+#2  0x000055555573c3c8 in handle_pending_signal (cpu_env=cpu_env@entry=0x555555da5940, sig=sig@entry=5, k=k@entry=0x555555e60e00) at ../linux-user/signal.c:1099
+#3  0x000055555573de8c in process_pending_signals (cpu_env=cpu_env@entry=0x555555da5940) at ../linux-user/signal.c:1175
+#4  0x0000555555622070 in cpu_loop (env=0x555555da5940) at ../linux-user/arm/cpu_loop.c:472
+#5  0x0000555555603cf4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../linux-user/main.c:883
+(gdb) up
+#1  0x000055555573bfff in dump_core_and_abort (target_sig=target_sig@entry=5) at ../linux-user/signal.c:772
+772         sigsuspend(&act.sa_mask);
+(gdb)
+#2  0x000055555573c3c8 in handle_pending_signal (cpu_env=cpu_env@entry=0x555555da5940, sig=sig@entry=5, k=k@entry=0x555555e60e00) at ../linux-user/signal.c:1099
+1099            dump_core_and_abort(sig);
+(gdb)
+#3  0x000055555573de8c in process_pending_signals (cpu_env=cpu_env@entry=0x555555da5940) at ../linux-user/signal.c:1175
+1175                handle_pending_signal(cpu_env, sig, &ts->sync_signal);
+(gdb)
+#4  0x0000555555622070 in cpu_loop (env=0x555555da5940) at ../linux-user/arm/cpu_loop.c:472
+472             process_pending_signals(env);
+(gdb) l
+467             default:
+468             error:
+469                 EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
+470                 abort();
+471             }
+472             process_pending_signals(env);
+473         }
+474     }
+475
+476     void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs)
+(gdb) p cpu_exec(cs)
+$2 = 7
+```
+Here process_pending_signals(env) gives SIGTRAP??
+
+Here is my binary:
+[hello](/uploads/7225e1f1c5a61ace40f90d5d2401a758/hello)