Giter VIP home page Giter VIP logo

Comments (7)

andreia-oca avatar andreia-oca commented on July 18, 2024

In order to reproduce the error easier, I have created a docker image that installs and compiles all the dependencies for P2IM and also runs it on the firmware "Console". You can access it in this forked repo.

To recreate the error, simply run:

cd /path/to/p2im/repo/docker
make test

If you find convenient, I can also create a pull request to make the Dockerfile widely available in the your original repository.

from p2im.

bofeng17 avatar bofeng17 commented on July 18, 2024

Hi Andreia, can you attach this file /root/p2im/fuzzing/console/01/0/stdout so that I can figure out what causes stage 1 to return?

from p2im.

andreia-oca avatar andreia-oca commented on July 18, 2024

The contents of /root/p2im/fuzzing/console/01/0/stdout are:

cmd to launch this script: /root/p2im//model_instantiation/me.py -c /root/p2im/fuzzing/console/01/fuzz.cfg --run-num 0 --print-to-file

args after processing: Namespace(afl_file=None, config='/root/p2im/fuzzing/console/01/fuzz.cfg', eval=False, gt=None, model_if=None, print_to_file=True, run_from_fs=False, run_num='0')

configurations after processing: Namespace(board='NUCLEO-F103RB', img='/root/p2im/fuzzing/console/01/Console', log_f='/root/p2im/fuzzing/console/01/me.log', mcu='STM32F103RB', objdump='/root/gcc-arm-none-eabi-10-2020-q4-major/bin/arm-none-eabi-objdump', peri_addr_range=512, qemu_bin='/root/p2im/qemu/precompiled_bin/qemu-system-gnuarmeclipse', qemu_log='unimp,guest_errors,int', retry_num=3)

depth 1, stage: SR_R_ID
cmd: /root/p2im/qemu/precompiled_bin/qemu-system-gnuarmeclipse -verbose -verbose -d unimp,guest_errors,int -nographic -board NUCLEO-F103RB -mcu STM32F103RB -image /root/p2im/fuzzing/console/01/Console -pm-stage 1 -trace trace-depth:1,stage:1.0 -reg-acc reg_acc-depth:1,stage:1.0 -model-output model-depth:1,stage:1.0.json
ret_val: 0xff
ret_val == 0xff, re-run it!
ret_val: 0xff
ret_val == 0xff, re-run it!
ret_val: 0xff
ret_val == 0xff, re-run it!

exit_callback is invoked

Execution time(seconds): 
0.03566741943359375

I tried to run /root/p2im/qemu/precompiled_bin/qemu-system-gnuarmeclipse -verbose -verbose -d unimp,guest_errors,int -nographic -board NUCLEO-F103RB -mcu STM32F103RB -image /root/p2im/fuzzing/console/01/Console -pm-stage 1 -trace trace-depth:1,stage:1.0 -reg-acc reg_acc-depth:1,stage:1.0 -model-output model-depth:1,stage:1.0.json as a standalone command and its output is:

GNU ARM Eclipse 64-bits QEMU v2.3.50 (qemu-system-gnuarmeclipse).

(process:59): GLib-WARNING **: /Host/Work/qemu/glib-2.51.0/glib/gmem.c:483: custom memory allocation vtable not supported
Board: 'NUCLEO-F103RB' (ST Nucleo Development Board for STM32 F1 series).
Device: 'STM32F103RB' (Cortex-M3 r0p1, MPU), Flash: 128 kB, RAM: 20 kB.
Image: '/root/p2im/fuzzing/console/01/Console'.
Command line: (none).
[0, 0]   1-th(total   1-th) 	unassigned mem_r *0x0
[0, 0]   2-th(total   2-th) 	unassigned mem_r *0x4
Load   1024 bytes at 0x00000000-0x000003FF.
Load     16 bytes at 0x00000400-0x0000040F.
Load  30800 bytes at 0x00000410-0x00007C5F.
Load    336 bytes at 0x00007C60-0x00007DAF.
Load      0 bytes at 0x1FFF0000-0x1FFEFFFF.
Cortex-M3 r0p1 core initialised.
QEMU 2.3.50 monitor - type 'help' for more information
(qemu) QEMU 2.3.50 monitor - type 'help' for more information
(qemu) Cortex-M3 r0p1 core reset.
[0, 0] illegal read at 0x99c

Also, I did not mention previously, I am testing commands in a docker and also inside a virtual machine using VMWare with Ubuntu 16.04.

from p2im.

bofeng17 avatar bofeng17 commented on July 18, 2024

The console firmware is based on MK64FN1M0VLL12 mcu. Can you try to set this mcu/board in fuzz.cfg https://github.com/RiS3-Lab/p2im/blob/master/fuzzing/templates/fuzz.cfg.template#L56-L57?

from p2im.

andreia-oca avatar andreia-oca commented on July 18, 2024

This was the problem. I used the mcu/board that you've indicated and now everything works fine. Thank you!

A small following question. How do I know on which mcu are the other real-world firmwares in this repo based?

from p2im.

bofeng17 avatar bofeng17 commented on July 18, 2024

I just added this missing information to readme https://github.com/RiS3-Lab/p2im#preparing-the-configuration-file

from p2im.

andreia-oca avatar andreia-oca commented on July 18, 2024

Perfect. Thanks a lot!

from p2im.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.