When using "iltrans" to form tracename.stp, it always tell the exception and halt. #1
Description
The cmd is:
LOOPDIR/pin/pin -t LOOPDIR/pintraces/obj-ia32/gentrace.so -taint_args -- /bin/ls /usr
LOOPDIR/utils/iltrans -trace 9169-out.bpt -trace-concrete -pp-ast 9169-out.con.il
LOOPDIR/utils/pre_process.pl 9169-out.con.il
- Symbolic execute the trace:
LOOPDIR/utils/iltrans -il tracename.con.0.il -il-formula example.stp
the 4th step is always print out the exception and halt:
A parsing exception occured while parsing '1' on line 1 (char 30).
Exception occured while parsing: 1, "Arguments", -1
@context "mem32[0xbfe2f7de]" = 0x2f, 1, u8, wr
@taint_intro 2, "Arguments", -1
@context "mem32[0xbfe2f7df]" = 0x75, 2, u8, wr
@taint_intro 3, "Arguments", -1
@context "mem32[0xbfe2f7e0]" = 0x73, 3, u8, wr
@taint_intro 4, "Arguments", -1
@context "mem32[0xbfe2f7e1]" = 0x72, 4, u8, wr
mem32_array:u32!u8 =
mem32_array:u32!u8 with [0xbfe2f7de:u32, e_little]:u8 = symb_1:u8
mem32_array:u32!u8 =
mem32_array:u32!u8 with [0xbfe2f7df:u32, e_little]:u8 = symb_2:u8
mem32_array:u32!u8 =
mem32_array:u32!u8 with [0xbfe2f7e0:u32, e_little]:u8 = symb_3:u8
mem32_array:u32!u8 =
mem32_array:u32!u8 with [0xbfe2f7e1:u32, e_little]:u8 = symb_4:u8
assert true & 0xbfe2f7e1:u32 == 0xbfe2f7e1:u32
assert true & 0xbfe2f7e0:u32 == 0xbfe2f7e0:u32
assert true & 0xbfe2f7df:u32 == 0xbfe2f7df:u32
assert true & 0xbfe2f7de:u32 == 0xbfe2f7de:u32
/All blocks must have two statements/
/All blocks must have two statements/
/All blocks must have two statements/
/All blocks must have two statements/
/All blocks must have two statements/
/All blocks must have two statements/
/All blocks must have two statements/
/All blocks must have two statements/
addr 0x9c8ea393 @asm "mov (%esi),%edx" @tid "0"
@context "R_EDX_32" = 0x43004146, 0, u32, wr
@context "R_ESI_32" = 0xbfe2f7dc, 0, u32, rd
@context "mem32[0xbfe2f7dc]" = 0x73, 0, u8, rd
@context "mem32[0xbfe2f7dd]" = 0x0, 0, u8, rd
@context "mem32[0xbfe2f7de]" = 0x2f, 1, u8, rd
@context "mem32[0xbfe2f7df]" = 0x75, 2, u8, rd
assert true & 0xbfe2f7dc:u32 == 0xbfe2f7dc:u32
mem32_array:u32!u8 =
mem32_array:u32!u8 with [0xbfe2f7dc:u32, e_little]:u8 = 0x73:u8
assert true & 0xbfe2f7dd:u32 == 0xbfe2f7dd:u32
mem32_array:u32!u8 =
mem32_array:u32!u8 with [0xbfe2f7dd:u32, e_little]:u8 = 0:u8
assert true & 0xbfe2f7de:u32 == 0xbfe2f7de:u32
assert true & 0xbfe2f7df:u32 == 0xbfe2f7df:u32
R_ESI_32:u32 = 0xbfe2f7dc:u32
R_EDX_32:u32 = 0x43004146:u32
label pc_0x9c8ea393
assert true & 0xbfe2f7df:u32 == R_ESI_32:u32 + 3:u32 &
0xbfe2f7de:u32 == R_ESI_32:u32 + 2:u32 &
0xbfe2f7dd:u32 == R_ESI_32:u32 + 1:u32 &
0xbfe2f7dc:u32 == R_ESI_32:u32 + 0:u32
R_EDX_32:u32 =
let T_loadnorm:u32!u8 := mem32_array:u32!u8 in
concat:[
concat:[
concat:[T_loadnorm:u32!u8[0xbfe2f7df:u32, e_little]:u8][
T_loadnorm:u32!u8[0xbfe2f7de:u32, e_little]:u8]][
T_loadnorm:u32!u8[0xbfe2f7dd:u32, e_little]:u8]][
T_loadnorm:u32!u8[0xbfe2f7dc:u32, e_little]:u8]
addr 0x9c8ea39a @asm "add %edx,%edi" @tid "0"
@context "R_EDI_32" = 0xfefefeff, 0, u32, rw
@context "R_EDX_32" = 0x752f0073, -1, u32, rd
@context "R_EFLAGS" = 0x282, 0, u32, wr
R_DF:bool = false
R_SF:bool = true
R_CF:bool = false
R_EFLAGS:u32 = 0x282:u32
R_EDI_32:u32 = 0xfefefeff:u32
R_AF:bool = false
R_PF:bool = false
R_ZF:bool = false
R_OF:bool = false
label pc_0x9c8ea39a
T_t1:u32 = R_EDI_32:u32
T_t2:u32 = R_EDX_32:u32
R_EDI_32:u32 = R_EDI_32:u32 + T_t2:u32
R_CF:bool = R_EDI_32:u32 < T_t1:u32
R_OF:bool = high:bool((T_t1:u32 ^ ~T_t2:u32) & (T_t1:u32 ^ R_EDI_32:u32))
R_AF:bool = 0x10:u32 == (0x10:u32 & (R_EDI_32:u32 ^ T_t1:u32 ^ T_t2:u32))
R_PF:bool =
~low:bool(let T_acc:u32 := R_EDI_32:u32 >> 4:u32 ^ R_EDI_32:u32 in
let T_acc:u32 := T_acc:u32 >> 2:u32 ^ T_acc:u32 in
T_acc:u32 >> 1:u32 ^ T_acc:u32)
R_SF:bool = high:bool(R_EDI_32:u32)
R_ZF:bool = 0:u32 == R_EDI_32:u32
addr 0x9c8ea39c @asm "jae 0x000000009c8ea47c" @tid "0"
@context "R_EIP" = 0x9c8ea39c, 0, u32, rw
@context "R_EFLAGS" = 0x217, -1, u32, rd
R_DF:bool = false
R_EIP:u32 = 0x9c8ea39c:u32
label pc_0x9c8ea39c
assert ~~R_CF:bool
/Removed: cjmp ~R_CF:bool, 0x9c8ea47c:u32, "nocjmp0"/
label nocjmp0
addr 0x9c8ea3a2 @asm "xor %edx,%edi" @tid "0"
@context "R_EDI_32" = 0x742dff72, -1, u32, rw
@context "R_EDX_32" = 0x752f0073, -1, u32, rd
@context "R_EFLAGS" = 0x217, -1, u32, wr
R_DF:bool = false
label pc_0x9c8ea3a2
R_EDI_32:u32 = R_EDI_32:u32 ^ R_EDX_32:u32
R_OF:bool = false
R_CF:bool = false
R_AF:bool = unknown "AF is undefined after xor":bool
R_PF:bool =
~low:bool(let T_acc_113:u32 := R_EDI_32:u32 >> 4:u32 ^ R_EDI_32:u32 in
let T_acc_113:u32 := T_acc_113:u32 >> 2:u32 ^ T_acc_113:u32 in
T_acc_113:u32 >> 1:u32 ^ T_acc_113:u32)
R_SF:bool = high:bool(R_EDI_32:u32)
R_ZF:bool = 0:u32 == R_EDI_32:u32
addr 0x9c8ea3a4 @asm "or $0xfefefeff,%edi" @tid "0"
@context "R_EDI_32" = 0x102ff01, -1, u32, rw
@context "R_EFLAGS" = 0x202, -1, u32, wr
R_DF:bool = false
label pc_0x9c8ea3a4
R_EDI_32:u32 = R_EDI_32:u32 | 0xfefefeff:u32
R_OF:bool = false
R_CF:bool = false
R_AF:bool = unknown "AF is undefined after or":bool
R_PF:bool =
~low:bool(let T_acc_114:u32 := R_EDI_32:u32 >> 4:u32 ^ R_EDI_32:u32 in
let T_acc_114:u32 := T_acc_114:u32 >> 2:u32 ^ T_acc_114:u32 in
T_acc_114:u32 >> 1:u32 ^ T_acc_114:u32)
R_SF:bool = high:bool(R_EDI_32:u32)
R_ZF:bool = 0:u32 == R_EDI_32:u32
addr 0x9c8ea3aa @asm "inc %edi" @tid "0"
@context "R_EDI_32" = 0xfffeffff, -1, u32, rw
@context "R_EFLAGS" = 0x286, -1, u32, wr
R_DF:bool = false
label pc_0x9c8ea3aa
T_t:u32 = R_EDI_32:u32
R_EDI_32:u32 = R_EDI_32:u32 + 1:u32
R_OF:bool = high:bool((T_t:u32 ^ -2:u32) & (T_t:u32 ^ R_EDI_32:u32))
R_AF:bool = 0x10:u32 == (0x10:u32 & (R_EDI_32:u32 ^ T_t:u32 ^ 1:u32))
R_PF:bool =
~low:bool(let T_acc_116:u32 := R_EDI_32:u32 >> 4:u32 ^ R_EDI_32:u32 in
let T_acc_116:u32 := T_acc_116:u32 >> 2:u32 ^ T_acc_116:u32 in
T_acc_116:u32 >> 1:u32 ^ T_acc_116:u32)
R_SF:bool = high:bool(R_EDI_32:u32)
R_ZF:bool = 0:u32 == R_EDI_32:u32
addr 0x9c8ea3ab @asm "jne 0x000000009c8ea47c" @tid "0"
@context "R_EIP" = 0x9c8ea3ab, 0, u32, rw
@context "R_EFLAGS" = 0x296, -1, u32, rd
R_DF:bool = false
R_EIP:u32 = 0x9c8ea3ab:u32
label pc_0x9c8ea3ab
assert ~(~R_ZF:bool)
halt true
Exception Parsing.Parse_error occurred while lifting
Fatal error: exception Parsing.Parse_error