diff options
| author | Ajax <commial@gmail.com> | 2018-08-01 17:49:25 +0200 |
|---|---|---|
| committer | Ajax <commial@gmail.com> | 2018-08-01 17:49:25 +0200 |
| commit | 6b52674875dfd8d74216905484511b4657852880 (patch) | |
| tree | 42fa73eddef3046f10cfe6878a4214908db353a0 | |
| parent | 7acc9f00489f0f9444b8fa2e5068317c0de90f38 (diff) | |
| download | miasm-6b52674875dfd8d74216905484511b4657852880.tar.gz miasm-6b52674875dfd8d74216905484511b4657852880.zip | |
DSE: fix a bug happening in rare case
When the symb_concrete execution is needed, EmulationSymbExec is used. In the previous version, it was writing in Memory. If the current instruction is reading and writing at the same place, the jitter instance may have a different behavior than the symb concrete one
| -rw-r--r-- | miasm2/analysis/dse.py | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/miasm2/analysis/dse.py b/miasm2/analysis/dse.py index 0c01610f..fb332154 100644 --- a/miasm2/analysis/dse.py +++ b/miasm2/analysis/dse.py @@ -178,6 +178,8 @@ class DSEEngine(object): self.jitter.cpu, self.jitter.vm, self.ir_arch, {} ) + ### Avoid side effects on jitter while using 'symb_concrete' + self.symb_concrete.func_write = None ## Update registers value self.symb.symbols[self.ir_arch.IRDst] = ExprInt( @@ -345,7 +347,9 @@ class DSEEngine(object): # -> Use a fully concrete execution to get back path # Update the concrete execution - self._update_state_from_concrete_symb(self.symb_concrete) + self._update_state_from_concrete_symb( + self.symb_concrete, cpu=True, mem=True + ) while True: next_addr_concrete = self.symb_concrete.run_block_at( @@ -431,8 +435,7 @@ class DSEEngine(object): if mem: # Values will be retrieved from the concrete execution if they are # not present - for symbol in symbexec.symbols.symbols_mem.copy(): - del symbexec.symbols[symbol] + symbexec.symbols.symbols_mem.base_to_memarray.clear() if cpu: regs = self.ir_arch.arch.regs.attrib_to_regs[self.ir_arch.attrib] for reg in regs: |