Support system mode

[Kalvin2077]

Dear maintainers, the tool is awesome.

I've been analyzing ARM firmware recently. If I want to enable symbolic execution in ARM full-system mode, what modifications and support do we need for symqemu?

[aurelf]

Hi, thank you for the feedback. We are working on this. Hopefully publishing this in a few weeks or months.

[Kalvin2077]

Okay. I'm looking forward to it!

In addition, I‘ve read the relevant paper on symqemu, and I guess that in principle it supports

• the transfer of symbolic data between general registers and memory
• the free switching of symbolic execution and concrete execution

If this is true, can you give me a rough guide as to which specific part of the code to explore for more details?

[aurelf]

Hi,
that's an unrelated question, but for the register to memory check calls to gen_helper_sym_store_host_i32 for example in tcg-op.c
Not sure I understand the second question, SymQemu executes in concolic mode so both concrete and symbolic (when needed) along one path.

[jiliguluss]

It would be great if symqemu could support arm. I am looking forward to this feature coming online. When can I expect to see this new feature?
​

[aurelf]

ARM 32/64 should be already working for arm user linux target.
Full system will come at some point too but not immediately (we have something internally but will need more work for merging here).