[SymtabCodeSource.C:393] processing 25 symtab regions in dyninst_group_test.dyn_gcc_32_pic_none 804c9e4 .init 804ca10 .plt 804ccd0 .text 80549c4 .fini 8048154 .interp 8048168 .note.ABI-tag [skipped] 8048188 .note.gnu.build-id [skipped] 80481ac .gnu.hash [skipped] 8048cd4 .dynsym [skipped] 804a7d4 .dynstr [skipped] 804c4b2 .gnu.version [skipped] 804c814 .gnu.version_r [skipped] 804c874 .rel.dyn [skipped] 804c88c .rel.plt [skipped] 80549d8 .rodata 8058218 .eh_frame_hdr 805886c .eh_frame 805bef8 .init_array [skipped] 805befc .fini_array [skipped] 805bf00 .jcr 805bf04 .dynamic [skipped] 805bff4 .got 805c000 .got.plt 805c0c0 .data 805c7a0 .bss [skipped] [SymtabCodeSource.C:445] processing 208 symtab hints <804cd10,deregister_tm_clones,[804ccd0,80549c4)> <804cd40,register_tm_clones,[804ccd0,80549c4)> <804cd80,__do_global_dtors_aux,[804ccd0,80549c4)> <804cda0,frame_dummy,[804ccd0,80549c4)> <804dbc8,func1_2,[804ccd0,80549c4)> <804e000,func4_2,[804ccd0,80549c4)> <804eabf,fail7Print,[804ccd0,80549c4)> <804eb0d,fail7aPrint,[804ccd0,80549c4)> <804f33d,func2,[804ccd0,80549c4)> <804fbe3,func17_3,[804ccd0,80549c4)> <804fc07,func17_4,[804ccd0,80549c4)> <805073d,eq_doubles,[804ccd0,80549c4)> <8050d12,verifyScalarValue23,[804ccd0,80549c4)> <805116d,verifyValue24,[804ccd0,80549c4)> <80511c7,verifyScalarValue24,[804ccd0,80549c4)> <805121a,verifyValue,[804ccd0,80549c4)> <80512b2,call24_2,[804ccd0,80549c4)> <805135c,test1_25_mutatee,[804ccd0,80549c4)> <80517fe,verifyScalarValue26,[804ccd0,80549c4)> <8051851,call26_2,[804ccd0,80549c4)> <8051a9e,verifyScalarValue28,[804ccd0,80549c4)> <8051d86,func30_2,[804ccd0,80549c4)> <804fa51,test1_16_func3,[804ccd0,80549c4)> <8054895,stopEventSource,[804ccd0,80549c4)> <804f8a4,test1_16_func1,[804ccd0,80549c4)> <80539f5,flushOutputLog,[804ccd0,80549c4)> <804fd14,test1_17_call2,[804ccd0,80549c4)> <804f179,test1_10_func1,[804ccd0,80549c4)> <8052b85,funCall38_1,[804ccd0,80549c4)> <8052ba4,funCall38_2,[804ccd0,80549c4)> <8052bc3,funCall38_3,[804ccd0,80549c4)> <8052be2,funCall38_4,[804ccd0,80549c4)> <8052c01,funCall38_5,[804ccd0,80549c4)> <8052c20,funCall38_6,[804ccd0,80549c4)> <8052c3f,funCall38_7,[804ccd0,80549c4)> <8054473,test_passed,[804ccd0,80549c4)> <8053d8b,warningSetTestName,[804ccd0,80549c4)> <804f713,test1_13_call1,[804ccd0,80549c4)> <805086f,test1_22_mutatee,[804ccd0,80549c4)> <8054879,getEventCounter,[804ccd0,80549c4)> <804cd00,__x86.get_pc_thunk.bx,[804ccd0,80549c4)> <804db85,__x86.get_pc_thunk.cx,[804ccd0,80549c4)> <80549c0,__libc_csu_fini,[804ccd0,80549c4)> <805413a,printResultHumanLog,[804ccd0,80549c4)> <8051582,test1_25_call1,[804ccd0,80549c4)> <80528d5,test1_37_call1,[804ccd0,80549c4)> <804f138,test1_10_mutatee,[804ccd0,80549c4)> <805440c,test_fails,[804ccd0,80549c4)> <8053f58,dbRedirectStream,[804ccd0,80549c4)> <8050455,test1_20_call1,[804ccd0,80549c4)> <804f2c4,test1_11_mutatee,[804ccd0,80549c4)> <804e5cc,test1_7_mutatee,[804ccd0,80549c4)> <8050d65,test1_23_call2,[804ccd0,80549c4)> <80540ef,setHumanLog,[804ccd0,80549c4)> <8052741,test1_36_call1,[804ccd0,80549c4)> <80531d8,test_write_param_mutatee,[804ccd0,80549c4)> <8052db3,test2_11_mutatee,[804ccd0,80549c4)> <804e59a,test1_6_func2,[804ccd0,80549c4)> <804e60d,test1_7_func1,[804ccd0,80549c4)> <804dc04,test1_1_func1_1,[804ccd0,80549c4)> <80538d8,stdLogResult,[804ccd0,80549c4)> <804eb90,test1_8_func1,[804ccd0,80549c4)> <8052cad,test1_39_func1,[804ccd0,80549c4)> <8054051,cleanupFortranOutput,[804ccd0,80549c4)> <804ff50,test1_20_mutatee,[804ccd0,80549c4)> <8050a88,test1_22_call2,[804ccd0,80549c4)> <804f357,test1_11_call1,[804ccd0,80549c4)> <80543a5,test_passes,[804ccd0,80549c4)> <804dd3c,test1_2_func2_1,[804ccd0,80549c4)> <804f3a0,test1_11_call3,[804ccd0,80549c4)> <804ee68,test1_9_call1,[804ccd0,80549c4)> <804e1eb,test1_5_func2,[804ccd0,80549c4)> <8053771,stdOutputVLog,[804ccd0,80549c4)> <8053e53,dbOutputLog,[804ccd0,80549c4)> <8052e6c,test2_13_mutatee,[804ccd0,80549c4)> <80540bf,setUseAttach,[804ccd0,80549c4)> <805216c,test1_33_mutatee,[804ccd0,80549c4)> <804faf0,test1_17_func1,[804ccd0,80549c4)> <804cdd0,setRunTest,[804ccd0,80549c4)> <804df16,test1_3_call3_1,[804ccd0,80549c4)> <8051f53,test1_31_func4,[804ccd0,80549c4)> <8051f1f,test1_31_func2,[804ccd0,80549c4)> <804f50c,test1_13_func2,[804ccd0,80549c4)> <8050436,func20_3,[804ccd0,80549c4)> <8051db8,test1_31_mutatee,[804ccd0,80549c4)> <804dd6e,test1_2_call2_1,[804ccd0,80549c4)> <8050e98,test1_24_mutatee,[804ccd0,80549c4)> <80549c4,_fini,[80549c4,80549d8)> <805373a,stdOutputLog,[804ccd0,80549c4)> <8053fb7,setupFortranOutput,[804ccd0,80549c4)> <8054782,startEventSource,[804ccd0,80549c4)> <8053218,warningLogResult,[804ccd0,80549c4)> <804e55f,test1_6_mutatee,[804ccd0,80549c4)> <80528b2,test1_37_inc1,[804ccd0,80549c4)> <804dcd3,test1_1_mutatee,[804ccd0,80549c4)> <80540a4,setExecutableName,[804ccd0,80549c4)> <8052a1a,test1_37_inc3,[804ccd0,80549c4)> <80521cb,test1_33_func2,[804ccd0,80549c4)> <80544f0,verifyScalarValue,[804ccd0,80549c4)> <80530bc,test_write_param_call3,[804ccd0,80549c4)> <804f265,test1_10_call2,[804ccd0,80549c4)> <804e032,test1_4_func1,[804ccd0,80549c4)> <804de7b,test1_2_mutatee,[804ccd0,80549c4)> <8052eac,test_write_param_call1,[804ccd0,80549c4)> <80520f8,test1_32_func2,[804ccd0,80549c4)> <805212c,test1_32_func4,[804ccd0,80549c4)> <804f30c,test1_11_func1,[804ccd0,80549c4)> <8052df8,test2_12_func1,[804ccd0,80549c4)> <804edfc,test1_9_mutatee,[804ccd0,80549c4)> <8051908,test1_28_mutatee,[804ccd0,80549c4)> <8052d08,test2_7_mutatee,[804ccd0,80549c4)> <804e1b0,test1_5_mutatee,[804ccd0,80549c4)> <804f4a4,test1_13_mutatee,[804ccd0,80549c4)> <80529a8,test1_37_call2,[804ccd0,80549c4)> <804d020,handleAttach,[804ccd0,80549c4)> <8053dcf,closeDatabaseOutputDriver,[804ccd0,80549c4)> <8052c60,test1_39_mutatee,[804ccd0,80549c4)> <8053d03,warningVLog,[804ccd0,80549c4)> <8051b42,test1_30_mutatee,[804ccd0,80549c4)> <8052d84,test2_11_func1,[804ccd0,80549c4)> <804ce8d,checkIfAttached,[804ccd0,80549c4)> <80539bd,logerror,[804ccd0,80549c4)> <8054687,precisionSleep,[804ccd0,80549c4)> <8050d91,test1_23_call1,[804ccd0,80549c4)> <804ef65,test1_9_func1,[804ccd0,80549c4)> <8054378,stop_process_,[804ccd0,80549c4)> <804cea5,updateResumeLog,[804ccd0,80549c4)> <8053a5d,initDatabaseOutputDriver,[804ccd0,80549c4)> <805456a,log_testrun,[804ccd0,80549c4)> <8051b1c,test1_30_call1,[804ccd0,80549c4)> <804eb5b,test1_7_func2,[804ccd0,80549c4)> <8054950,__libc_csu_init,[804ccd0,80549c4)> <8051856,test1_26_call1,[804ccd0,80549c4)> <8053261,initOutputDriver,[804ccd0,80549c4)> <8050a7b,test1_22_call1,[804ccd0,80549c4)> <804fee7,test1_18_mutatee,[804ccd0,80549c4)> <8053e8a,dbOutputVLog,[804ccd0,80549c4)> <8053d47,warningLog,[804ccd0,80549c4)> <8052778,test1_37_mutatee,[804ccd0,80549c4)> <8052cdc,test2_5_mutatee,[804ccd0,80549c4)> <804f37b,test1_11_call2,[804ccd0,80549c4)> <8053320,redirectStream,[804ccd0,80549c4)> <804e114,test1_5_func1,[804ccd0,80549c4)> <804f3c5,test1_11_call4,[804ccd0,80549c4)> <804ccd0,_start,[804ccd0,80549c4)> <804fbd9,test1_17_func2,[804ccd0,80549c4)> <80518a4,test1_27_mutatee,[804ccd0,80549c4)> <804cf36,updateResumeLogCompleted,[804ccd0,80549c4)> <804dee4,test1_3_func3_1,[804ccd0,80549c4)> <80507a4,test1_21_mutatee,[804ccd0,80549c4)> <8052b0d,test1_38_call1,[804ccd0,80549c4)> <804fc11,test1_17_call1,[804ccd0,80549c4)> <804df96,test1_3_mutatee,[804ccd0,80549c4)> <805238d,test1_34_func2,[804ccd0,80549c4)> <80512b7,test1_24_call1,[804ccd0,80549c4)> <8054754,handler,[804ccd0,80549c4)> <8051f39,test1_31_func3,[804ccd0,80549c4)> <8050abb,snip_ref_shlib_var_mutatee,[804ccd0,80549c4)> <804d14a,main,[804ccd0,80549c4)> <804f516,test1_13_func3,[804ccd0,80549c4)> <804e220,test1_6_func1,[804ccd0,80549c4)> <804f530,test1_13_func1,[804ccd0,80549c4)> <8050aa2,test1_22_call7,[804ccd0,80549c4)> <8052354,test1_34_mutatee,[804ccd0,80549c4)> <80507e0,loadDynamicLibrary,[804ccd0,80549c4)> <8052e27,test2_12_mutatee,[804ccd0,80549c4)> <805325c,nullSetTestName,[804ccd0,80549c4)> <8051f90,test1_32_mutatee,[804ccd0,80549c4)> <8050a95,test1_22_call3,[804ccd0,80549c4)> <804db8c,test1_1_call1_1,[804ccd0,80549c4)> <8050c4b,snip_change_shlib_var_mutatee,[804ccd0,80549c4)> <8053f5d,dbLogResult,[804ccd0,80549c4)> <8050c40,scsv1,[804ccd0,80549c4)> <8052d48,test2_9_mutatee,[804ccd0,80549c4)> <805082b,getFuncFromDLL,[804ccd0,80549c4)> <804fa83,test1_16_func4,[804ccd0,80549c4)> <804ed75,test1_8_mutatee,[804ccd0,80549c4)> <804fa1f,test1_16_func2,[804ccd0,80549c4)> <8050cbc,test1_23_mutatee,[804ccd0,80549c4)> <8052985,test1_37_inc2,[804ccd0,80549c4)> <80530d0,test_write_param_func,[804ccd0,80549c4)> <804e0d8,test1_4_mutatee,[804ccd0,80549c4)> <80545f5,log_testresult,[804ccd0,80549c4)> <804f294,test1_10_call3,[804ccd0,80549c4)> <80521fb,test1_33_func3,[804ccd0,80549c4)> <8052706,test1_36_mutatee,[804ccd0,80549c4)> <8053a29,flushErrorLog,[804ccd0,80549c4)> <804f237,test1_10_call1,[804ccd0,80549c4)> <8052fb4,test_write_param_call2,[804ccd0,80549c4)> <80530c6,test_write_param_call4,[804ccd0,80549c4)> <8052474,test1_36_func1,[804ccd0,80549c4)> <804fe21,test1_17_mutatee,[804ccd0,80549c4)> <8053b25,dbSetTestName,[804ccd0,80549c4)> <8050ab0,srsv1,[804ccd0,80549c4)> <8050111,test1_20_func2,[804ccd0,80549c4)> <8053cbf,warningRedirectStream,[804ccd0,80549c4)> <8053905,stdSetTestName,[804ccd0,80549c4)> <8052112,test1_32_func3,[804ccd0,80549c4)> <8053985,logstatus,[804ccd0,80549c4)> <804cfd0,setLabel,[804ccd0,80549c4)> <80515b4,test1_26_mutatee,[804ccd0,80549c4)> <804c9e4,_init,[804c9e4,804ca07)> <804f848,test1_13_call2,[804ccd0,80549c4)> <804fe5c,test1_18_func1,[804ccd0,80549c4)> <8052ac0,test1_38_mutatee,[804ccd0,80549c4)> <8051af1,test1_28_call1,[804ccd0,80549c4)> <804fab5,test1_16_mutatee,[804ccd0,80549c4)> <8052a3d,test1_37_call3,[804ccd0,80549c4)> Cached PLT entry dup2 (804ca20) Cached PLT entry setitimer (804ca30) Cached PLT entry strcmp (804ca40) Cached PLT entry printf (804ca50) Cached PLT entry fflush (804ca60) Cached PLT entry dup (804ca70) Cached PLT entry free (804ca80) Cached PLT entry strdup (804ca90) Cached PLT entry fclose (804caa0) Cached PLT entry gettimeofday (804cab0) Cached PLT entry perror (804cac0) Cached PLT entry fwrite (804cad0) Cached PLT entry fread (804cae0) Cached PLT entry getpid (804caf0) Cached PLT entry realloc (804cb00) Cached PLT entry malloc (804cb10) Cached PLT entry puts (804cb20) Cached PLT entry strerror (804cb30) Cached PLT entry __gmon_start__ (804cb40) Cached PLT entry exit (804cb50) Cached PLT entry kill (804cb60) Cached PLT entry strlen (804cb70) Cached PLT entry __libc_start_main (804cb80) Cached PLT entry fprintf (804cb90) Cached PLT entry write (804cba0) Cached PLT entry dlsym (804cbb0) Cached PLT entry fopen (804cbc0) Cached PLT entry memset (804cbd0) Cached PLT entry snprintf (804cbe0) Cached PLT entry __errno_location (804cbf0) Cached PLT entry strncpy (804cc00) Cached PLT entry fileno (804cc10) Cached PLT entry strtok (804cc20) Cached PLT entry vfprintf (804cc30) Cached PLT entry strrchr (804cc40) Cached PLT entry sprintf (804cc50) Cached PLT entry atoi (804cc60) Cached PLT entry dlopen (804cc70) Cached PLT entry nanosleep (804cc80) Cached PLT entry sigaction (804cc90) Cached PLT entry abort (804cca0) Cached PLT entry close (804ccb0) Cached PLT entry __assert_fail (804ccc0) [CodeObject.C] adding hint 804c9e4 [CodeObject.C] adding hint 804ccd0 [CodeObject.C] adding hint 804cd00 [CodeObject.C] adding hint 804cd10 [CodeObject.C] adding hint 804cd40 [CodeObject.C] adding hint 804cd80 [CodeObject.C] adding hint 804cda0 [CodeObject.C] adding hint 804cdd0 [CodeObject.C] adding hint 804ce8d [CodeObject.C] adding hint 804cea5 [CodeObject.C] adding hint 804cf36 [CodeObject.C] adding hint 804cfd0 [CodeObject.C] adding hint 804d020 [CodeObject.C] adding hint 804d14a [CodeObject.C] adding hint 804db85 [CodeObject.C] adding hint 804db8c [CodeObject.C] adding hint 804dbc8 [CodeObject.C] adding hint 804dc04 [CodeObject.C] adding hint 804dcd3 [CodeObject.C] adding hint 804dd3c [CodeObject.C] adding hint 804dd6e [CodeObject.C] adding hint 804de7b [CodeObject.C] adding hint 804dee4 [CodeObject.C] adding hint 804df16 [CodeObject.C] adding hint 804df96 [CodeObject.C] adding hint 804e000 [CodeObject.C] adding hint 804e032 [CodeObject.C] adding hint 804e0d8 [CodeObject.C] adding hint 804e114 [CodeObject.C] adding hint 804e1b0 [CodeObject.C] adding hint 804e1eb [CodeObject.C] adding hint 804e220 [CodeObject.C] adding hint 804e55f [CodeObject.C] adding hint 804e59a [CodeObject.C] adding hint 804e5cc [CodeObject.C] adding hint 804e60d [CodeObject.C] adding hint 804eabf [CodeObject.C] adding hint 804eb0d [CodeObject.C] adding hint 804eb5b [CodeObject.C] adding hint 804eb90 [CodeObject.C] adding hint 804ed75 [CodeObject.C] adding hint 804edfc [CodeObject.C] adding hint 804ee68 [CodeObject.C] adding hint 804ef65 [CodeObject.C] adding hint 804f138 [CodeObject.C] adding hint 804f179 [CodeObject.C] adding hint 804f237 [CodeObject.C] adding hint 804f265 [CodeObject.C] adding hint 804f294 [CodeObject.C] adding hint 804f2c4 [CodeObject.C] adding hint 804f30c [CodeObject.C] adding hint 804f33d [CodeObject.C] adding hint 804f357 [CodeObject.C] adding hint 804f37b [CodeObject.C] adding hint 804f3a0 [CodeObject.C] adding hint 804f3c5 [CodeObject.C] adding hint 804f4a4 [CodeObject.C] adding hint 804f50c [CodeObject.C] adding hint 804f516 [CodeObject.C] adding hint 804f530 [CodeObject.C] adding hint 804f713 [CodeObject.C] adding hint 804f848 [CodeObject.C] adding hint 804f8a4 [CodeObject.C] adding hint 804fa1f [CodeObject.C] adding hint 804fa51 [CodeObject.C] adding hint 804fa83 [CodeObject.C] adding hint 804fab5 [CodeObject.C] adding hint 804faf0 [CodeObject.C] adding hint 804fbd9 [CodeObject.C] adding hint 804fbe3 [CodeObject.C] adding hint 804fc07 [CodeObject.C] adding hint 804fc11 [CodeObject.C] adding hint 804fd14 [CodeObject.C] adding hint 804fe21 [CodeObject.C] adding hint 804fe5c [CodeObject.C] adding hint 804fee7 [CodeObject.C] adding hint 804ff50 [CodeObject.C] adding hint 8050111 [CodeObject.C] adding hint 8050436 [CodeObject.C] adding hint 8050455 [CodeObject.C] adding hint 805073d [CodeObject.C] adding hint 80507a4 [CodeObject.C] adding hint 80507e0 [CodeObject.C] adding hint 805082b [CodeObject.C] adding hint 805086f [CodeObject.C] adding hint 8050a7b [CodeObject.C] adding hint 8050a88 [CodeObject.C] adding hint 8050a95 [CodeObject.C] adding hint 8050aa2 [CodeObject.C] adding hint 8050ab0 [CodeObject.C] adding hint 8050abb [CodeObject.C] adding hint 8050c40 [CodeObject.C] adding hint 8050c4b [CodeObject.C] adding hint 8050cbc [CodeObject.C] adding hint 8050d12 [CodeObject.C] adding hint 8050d65 [CodeObject.C] adding hint 8050d91 [CodeObject.C] adding hint 8050e98 [CodeObject.C] adding hint 805116d [CodeObject.C] adding hint 80511c7 [CodeObject.C] adding hint 805121a [CodeObject.C] adding hint 80512b2 [CodeObject.C] adding hint 80512b7 [CodeObject.C] adding hint 805135c [CodeObject.C] adding hint 8051582 [CodeObject.C] adding hint 80515b4 [CodeObject.C] adding hint 80517fe [CodeObject.C] adding hint 8051851 [CodeObject.C] adding hint 8051856 [CodeObject.C] adding hint 80518a4 [CodeObject.C] adding hint 8051908 [CodeObject.C] adding hint 8051a9e [CodeObject.C] adding hint 8051af1 [CodeObject.C] adding hint 8051b1c [CodeObject.C] adding hint 8051b42 [CodeObject.C] adding hint 8051d86 [CodeObject.C] adding hint 8051db8 [CodeObject.C] adding hint 8051f1f [CodeObject.C] adding hint 8051f39 [CodeObject.C] adding hint 8051f53 [CodeObject.C] adding hint 8051f90 [CodeObject.C] adding hint 80520f8 [CodeObject.C] adding hint 8052112 [CodeObject.C] adding hint 805212c [CodeObject.C] adding hint 805216c [CodeObject.C] adding hint 80521cb [CodeObject.C] adding hint 80521fb [CodeObject.C] adding hint 8052354 [CodeObject.C] adding hint 805238d [CodeObject.C] adding hint 8052474 [CodeObject.C] adding hint 8052706 [CodeObject.C] adding hint 8052741 [CodeObject.C] adding hint 8052778 [CodeObject.C] adding hint 80528b2 [CodeObject.C] adding hint 80528d5 [CodeObject.C] adding hint 8052985 [CodeObject.C] adding hint 80529a8 [CodeObject.C] adding hint 8052a1a [CodeObject.C] adding hint 8052a3d [CodeObject.C] adding hint 8052ac0 [CodeObject.C] adding hint 8052b0d [CodeObject.C] adding hint 8052b85 [CodeObject.C] adding hint 8052ba4 [CodeObject.C] adding hint 8052bc3 [CodeObject.C] adding hint 8052be2 [CodeObject.C] adding hint 8052c01 [CodeObject.C] adding hint 8052c20 [CodeObject.C] adding hint 8052c3f [CodeObject.C] adding hint 8052c60 [CodeObject.C] adding hint 8052cad [CodeObject.C] adding hint 8052cdc [CodeObject.C] adding hint 8052d08 [CodeObject.C] adding hint 8052d48 [CodeObject.C] adding hint 8052d84 [CodeObject.C] adding hint 8052db3 [CodeObject.C] adding hint 8052df8 [CodeObject.C] adding hint 8052e27 [CodeObject.C] adding hint 8052e6c [CodeObject.C] adding hint 8052eac [CodeObject.C] adding hint 8052fb4 [CodeObject.C] adding hint 80530bc [CodeObject.C] adding hint 80530c6 [CodeObject.C] adding hint 80530d0 [CodeObject.C] adding hint 80531d8 [CodeObject.C] adding hint 8053218 [CodeObject.C] adding hint 805325c [CodeObject.C] adding hint 8053261 [CodeObject.C] adding hint 8053320 [CodeObject.C] adding hint 805373a [CodeObject.C] adding hint 8053771 [CodeObject.C] adding hint 80538d8 [CodeObject.C] adding hint 8053905 [CodeObject.C] adding hint 8053985 [CodeObject.C] adding hint 80539bd [CodeObject.C] adding hint 80539f5 [CodeObject.C] adding hint 8053a29 [CodeObject.C] adding hint 8053a5d [CodeObject.C] adding hint 8053b25 [CodeObject.C] adding hint 8053cbf [CodeObject.C] adding hint 8053d03 [CodeObject.C] adding hint 8053d47 [CodeObject.C] adding hint 8053d8b [CodeObject.C] adding hint 8053dcf [CodeObject.C] adding hint 8053e53 [CodeObject.C] adding hint 8053e8a [CodeObject.C] adding hint 8053f58 [CodeObject.C] adding hint 8053f5d [CodeObject.C] adding hint 8053fb7 [CodeObject.C] adding hint 8054051 [CodeObject.C] adding hint 80540a4 [CodeObject.C] adding hint 80540bf [CodeObject.C] adding hint 80540ef [CodeObject.C] adding hint 805413a [CodeObject.C] adding hint 8054378 [CodeObject.C] adding hint 80543a5 [CodeObject.C] adding hint 805440c [CodeObject.C] adding hint 8054473 [CodeObject.C] adding hint 80544f0 [CodeObject.C] adding hint 805456a [CodeObject.C] adding hint 80545f5 [CodeObject.C] adding hint 8054687 [CodeObject.C] adding hint 8054754 [CodeObject.C] adding hint 8054782 [CodeObject.C] adding hint 8054879 [CodeObject.C] adding hint 8054895 [CodeObject.C] adding hint 8054950 [CodeObject.C] adding hint 80549c0 [CodeObject.C] adding hint 80549c4 [Parser.C:224] entered parse_at(804cd10) [Parser.C:180] entered parse_at([804ccd0,80549c4),804cd10) [Parser.C:1485] recording block [804cd10,804cd10) [Parser.C] ==== starting to parse frame 804cd10 ==== [Parser.C] parsing block 804cd10 [Parser.C:1274] curAddr 0x804cd10: mov EAX, 805c797 [Parser.C:1280] leaf 1 funcname deregister_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd15: sub EAX, 805c794 [Parser.C:1280] leaf 1 funcname deregister_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd1a: cmp EAX, 6 [Parser.C:1280] leaf 1 funcname deregister_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd1d: jnbe 1 + EIP + 2 [Parser.C:1280] leaf 1 funcname deregister_tm_clones hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cd10,804cd1f) Getting edges IA_IAPI.C[847]: binding PC EIP in jnbe 1 + EIP + 2 to 0x804cd1d...SUCCESS (CFT=0x804cd20) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804cd1d->804cd20 resolveable_edge: 1, tailcall: 0, target: 804cd20 [ParserDetails.C:588] pushing 804cd20 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804cd1d->804cd1f resolveable_edge: 1, tailcall: 0, target: 804cd1f [ParserDetails.C:588] pushing 804cd1f onto worklist [Parser.C:1485] recording block [804cd20,804cd20) [Parser.C] parsing block 804cd20 [Parser.C:1274] curAddr 0x804cd20: mov EAX, 0 [Parser.C:1280] leaf 1 funcname deregister_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd25: test EAX, EAX [Parser.C:1280] leaf 1 funcname deregister_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd27: jz fffffffffffffff6 + EIP + 2 [Parser.C:1280] leaf 1 funcname deregister_tm_clones hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cd20,804cd29) Getting edges IA_IAPI.C[847]: binding PC EIP in jz fffffffffffffff6 + EIP + 2 to 0x804cd27...SUCCESS (CFT=0x804cd1f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804cd27->804cd1f resolveable_edge: 1, tailcall: 0, target: 804cd1f [ParserDetails.C:588] pushing 804cd1f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804cd27->804cd29 resolveable_edge: 1, tailcall: 0, target: 804cd29 [ParserDetails.C:588] pushing 804cd29 onto worklist [Parser.C:1485] recording block [804cd1f,804cd1f) [Parser.C] parsing block 804cd1f [Parser.C:1274] curAddr 0x804cd1f: ret near [ESP] [Parser.C:1280] leaf 1 funcname deregister_tm_clones hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cd1f,804cd20) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804cd1f Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804cd1f...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] block 804cd1f exists [Parser.C] skipping locally parsed target at 804cd1f [Parser.C:1485] recording block [804cd29,804cd29) [Parser.C] parsing block 804cd29 [Parser.C:1274] curAddr 0x804cd29: push EBP, ESP [Parser.C:1280] leaf 1 funcname deregister_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd2a: mov EBP, ESP [Parser.C:1280] leaf 1 funcname deregister_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd2c: sub ESP, 18 [Parser.C:1280] leaf 1 funcname deregister_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd2f: mov [ESP], 805c794 [Parser.C:1280] leaf 1 funcname deregister_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd36: call EAX [Parser.C:1280] leaf 1 funcname deregister_tm_clones hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x804cd36...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804cd29,804cd38) Getting edges Returned 2 edges ... Call 0x804cd36 is indirect ... Call 0x804cd36 is indirect ... Call 0x804cd36 is indirect 2 edges: ParserDetails.C[64]: adding call edge 804cd36->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804cd36->804cd38 resolveable_edge: 1, tailcall: 0, target: 804cd38 [ParserDetails.C:588] pushing 804cd38 onto worklist [Parser.C:1485] recording block [804cd38,804cd38) [Parser.C] parsing block 804cd38 [Parser.C:1274] curAddr 0x804cd38: leave [Parser.C:1280] leaf 1 funcname deregister_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd39: ret near [ESP] [Parser.C:1280] leaf 1 funcname deregister_tm_clones hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cd38,804cd3a) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804cd39 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804cd39...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 804cd10 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] deregister_tm_clones return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804cd40) [Parser.C:180] entered parse_at([804ccd0,80549c4),804cd40) [Parser.C:1485] recording block [804cd40,804cd40) [Parser.C] ==== starting to parse frame 804cd40 ==== [Parser.C] parsing block 804cd40 [Parser.C:1274] curAddr 0x804cd40: mov EAX, 805c794 [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd45: sub EAX, 805c794 [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd4a: sar EAX, 2 [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd4d: mov EDX, EAX [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd4f: shr EDX, 1f [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd52: add EAX, EDX [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd54: sar EAX, 1 [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd56: jnz 1 + EIP + 2 [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cd40,804cd58) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1 + EIP + 2 to 0x804cd56...SUCCESS (CFT=0x804cd59) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804cd56->804cd59 resolveable_edge: 1, tailcall: 0, target: 804cd59 [ParserDetails.C:588] pushing 804cd59 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804cd56->804cd58 resolveable_edge: 1, tailcall: 0, target: 804cd58 [ParserDetails.C:588] pushing 804cd58 onto worklist [Parser.C:1485] recording block [804cd59,804cd59) [Parser.C] parsing block 804cd59 [Parser.C:1274] curAddr 0x804cd59: mov EDX, 0 [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd5e: test EDX, EDX [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd60: jz fffffffffffffff6 + EIP + 2 [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cd59,804cd62) Getting edges IA_IAPI.C[847]: binding PC EIP in jz fffffffffffffff6 + EIP + 2 to 0x804cd60...SUCCESS (CFT=0x804cd58) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804cd60->804cd58 resolveable_edge: 1, tailcall: 0, target: 804cd58 [ParserDetails.C:588] pushing 804cd58 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804cd60->804cd62 resolveable_edge: 1, tailcall: 0, target: 804cd62 [ParserDetails.C:588] pushing 804cd62 onto worklist [Parser.C:1485] recording block [804cd58,804cd58) [Parser.C] parsing block 804cd58 [Parser.C:1274] curAddr 0x804cd58: ret near [ESP] [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cd58,804cd59) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804cd58 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804cd58...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] block 804cd58 exists [Parser.C] skipping locally parsed target at 804cd58 [Parser.C:1485] recording block [804cd62,804cd62) [Parser.C] parsing block 804cd62 [Parser.C:1274] curAddr 0x804cd62: push EBP, ESP [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd63: mov EBP, ESP [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd65: sub ESP, 18 [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd68: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd6c: mov [ESP], 805c794 [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd73: call EDX [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called IA_IAPI.C[847]: binding PC EIP in call EDX to 0x804cd73...FAIL (CFT=0x0), callTarget exp: EDX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804cd62,804cd75) Getting edges Returned 2 edges ... Call 0x804cd73 is indirect ... Call 0x804cd73 is indirect ... Call 0x804cd73 is indirect 2 edges: ParserDetails.C[64]: adding call edge 804cd73->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804cd73->804cd75 resolveable_edge: 1, tailcall: 0, target: 804cd75 [ParserDetails.C:588] pushing 804cd75 onto worklist [Parser.C:1485] recording block [804cd75,804cd75) [Parser.C] parsing block 804cd75 [Parser.C:1274] curAddr 0x804cd75: leave [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called [Parser.C:1274] curAddr 0x804cd76: ret near [ESP] [Parser.C:1280] leaf 1 funcname register_tm_clones hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cd75,804cd77) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804cd76 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804cd76...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 804cd40 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] register_tm_clones return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804cd80) [Parser.C:180] entered parse_at([804ccd0,80549c4),804cd80) [Parser.C:1485] recording block [804cd80,804cd80) [Parser.C] ==== starting to parse frame 804cd80 ==== [Parser.C] parsing block 804cd80 [Parser.C:1274] curAddr 0x804cd80: cmp [805c7a0], 0 [Parser.C:1280] leaf 1 funcname __do_global_dtors_aux hasCFT called [Parser.C:1274] curAddr 0x804cd87: jnz 13 + EIP + 2 [Parser.C:1280] leaf 1 funcname __do_global_dtors_aux hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cd80,804cd89) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 13 + EIP + 2 to 0x804cd87...SUCCESS (CFT=0x804cd9c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804cd87->804cd9c resolveable_edge: 1, tailcall: 0, target: 804cd9c [ParserDetails.C:588] pushing 804cd9c onto worklist ParserDetails.C[80]: adding conditional not taken edge 804cd87->804cd89 resolveable_edge: 1, tailcall: 0, target: 804cd89 [ParserDetails.C:588] pushing 804cd89 onto worklist [Parser.C:1485] recording block [804cd9c,804cd9c) [Parser.C] parsing block 804cd9c [Parser.C:1274] curAddr 0x804cd9c: REP ret near [ESP] [Parser.C:1280] leaf 1 funcname __do_global_dtors_aux hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cd9c,804cd9e) Getting edges IA_IAPI.C[694]: return candidate REP ret near [ESP] at 0x804cd9c Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in REP ret near [ESP] to 0x804cd9c...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804cd89,804cd89) [Parser.C] parsing block 804cd89 [Parser.C:1274] curAddr 0x804cd89: push EBP, ESP [Parser.C:1280] leaf 1 funcname __do_global_dtors_aux hasCFT called [Parser.C:1274] curAddr 0x804cd8a: mov EBP, ESP [Parser.C:1280] leaf 1 funcname __do_global_dtors_aux hasCFT called [Parser.C:1274] curAddr 0x804cd8c: sub ESP, 8 [Parser.C:1280] leaf 1 funcname __do_global_dtors_aux hasCFT called [Parser.C:1274] curAddr 0x804cd8f: call ffffff7c + EIP + 5 [Parser.C:1280] leaf 1 funcname __do_global_dtors_aux hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffff7c + EIP + 5 to 0x804cd8f...SUCCESS (CFT=0x804cd10) [Parser.C:1485] recording block [804cd89,804cd94) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804cd8f->804cd10 resolveable_edge: 1, tailcall: 0, target: 804cd10 [ParserDetails.C:588] pushing 804cd10 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804cd8f->804cd94 resolveable_edge: 1, tailcall: 0, target: 804cd94 [ParserDetails.C:588] pushing 804cd94 onto worklist [Parser.C] binding call 804cd8f->804cd10 [Parser.C] block 804cd10 exists Checking non-returning for deregister_tm_clones [Parser.C:1485] recording block [804cd94,804cd94) [Parser.C] parsing block 804cd94 [Parser.C:1274] curAddr 0x804cd94: mov [805c7a0], 1 [Parser.C:1280] leaf 1 funcname __do_global_dtors_aux hasCFT called [Parser.C:1274] curAddr 0x804cd9b: leave [Parser.C:1280] leaf 1 funcname __do_global_dtors_aux hasCFT called [Parser.C] straight-line parse into block at 804cd9c [Parser.C:1485] recording block [804cd94,804cd9c) [Parser.C] block 804cd9c exists [Parser.C] frame 804cd80 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] __do_global_dtors_aux return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804cda0) [Parser.C:180] entered parse_at([804ccd0,80549c4),804cda0) [Parser.C:1485] recording block [804cda0,804cda0) [Parser.C] ==== starting to parse frame 804cda0 ==== [Parser.C] parsing block 804cda0 [Parser.C:1274] curAddr 0x804cda0: mov EAX, [805bf00] [Parser.C:1280] leaf 1 funcname frame_dummy hasCFT called [Parser.C:1274] curAddr 0x804cda5: test EAX, EAX [Parser.C:1280] leaf 1 funcname frame_dummy hasCFT called [Parser.C:1274] curAddr 0x804cda7: jz 1f + EIP + 2 [Parser.C:1280] leaf 1 funcname frame_dummy hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cda0,804cda9) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1f + EIP + 2 to 0x804cda7...SUCCESS (CFT=0x804cdc8) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804cda7->804cdc8 resolveable_edge: 1, tailcall: 0, target: 804cdc8 [ParserDetails.C:588] pushing 804cdc8 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804cda7->804cda9 resolveable_edge: 1, tailcall: 0, target: 804cda9 [ParserDetails.C:588] pushing 804cda9 onto worklist [Parser.C:1485] recording block [804cdc8,804cdc8) [Parser.C] parsing block 804cdc8 [Parser.C:1274] curAddr 0x804cdc8: jmp ffffff73 + EIP + 5 [Parser.C:1280] leaf 1 funcname frame_dummy hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp ffffff73 + EIP + 5 to 0x804cdc8...SUCCESS (CFT=0x804cd40) [Parser.C:1485] recording block [804cdc8,804cdcd) Getting edges Checking for Tail Call [Parser.C] finalizing frame_dummy (804cda0) Considering target block [0x804cdc8,0x804cdcd) from edge 0x1cd75a0 Adding target block [804cdc8,804cdcd) to worklist according to edge from 804cda7, type 1 Considering target block [0xffffffffffffffff,0xffffffffffffffff) from edge 0x1cd6500 Sink edge, skipping No targets, exits func Adding block 0x804cdc8 as exit 804cda0 extent [804cda0,804cda9) 804cda0 extent [804cdc8,804cdcd) jump to 0x804cd40, TAIL CALL IA_IAPI.C[641]: tail call to 804cd40 Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 1 Setting edge 0x1cd7410 (0x804cdc8/0xffffffffffffffff) to interproc (tail call) ParserDetails.C[88]: adding direct edge 804cdc8->804cd40 resolveable_edge: 1, tailcall: 1, target: 804cd40 [ParserDetails.C:588] pushing 804cd40 onto worklist [Parser.C] binding call 804cdc8->804cd40 [Parser.C] block 804cd40 exists [Parser.C:1485] recording block [804cda9,804cda9) [Parser.C] parsing block 804cda9 [Parser.C:1274] curAddr 0x804cda9: mov EAX, 0 [Parser.C:1280] leaf 1 funcname frame_dummy hasCFT called [Parser.C:1274] curAddr 0x804cdae: test EAX, EAX [Parser.C:1280] leaf 1 funcname frame_dummy hasCFT called [Parser.C:1274] curAddr 0x804cdb0: jz 16 + EIP + 2 [Parser.C:1280] leaf 1 funcname frame_dummy hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cda9,804cdb2) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 16 + EIP + 2 to 0x804cdb0...SUCCESS (CFT=0x804cdc8) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804cdc8 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804cdb0->804cdc8 resolveable_edge: 1, tailcall: 0, target: 804cdc8 [ParserDetails.C:588] pushing 804cdc8 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804cdb0->804cdb2 resolveable_edge: 1, tailcall: 0, target: 804cdb2 [ParserDetails.C:588] pushing 804cdb2 onto worklist [Parser.C] block 804cdc8 exists [Parser.C] skipping locally parsed target at 804cdc8 [Parser.C:1485] recording block [804cdb2,804cdb2) [Parser.C] parsing block 804cdb2 [Parser.C:1274] curAddr 0x804cdb2: push EBP, ESP [Parser.C:1280] leaf 1 funcname frame_dummy hasCFT called [Parser.C:1274] curAddr 0x804cdb3: mov EBP, ESP [Parser.C:1280] leaf 1 funcname frame_dummy hasCFT called [Parser.C:1274] curAddr 0x804cdb5: sub ESP, 18 [Parser.C:1280] leaf 1 funcname frame_dummy hasCFT called [Parser.C:1274] curAddr 0x804cdb8: mov [ESP], 805bf00 [Parser.C:1280] leaf 1 funcname frame_dummy hasCFT called [Parser.C:1274] curAddr 0x804cdbf: call EAX [Parser.C:1280] leaf 1 funcname frame_dummy hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x804cdbf...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804cdb2,804cdc1) Getting edges Returned 2 edges ... Call 0x804cdbf is indirect ... Call 0x804cdbf is indirect ... Call 0x804cdbf is indirect 2 edges: ParserDetails.C[64]: adding call edge 804cdbf->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804cdbf->804cdc1 resolveable_edge: 1, tailcall: 0, target: 804cdc1 [ParserDetails.C:588] pushing 804cdc1 onto worklist [Parser.C:1485] recording block [804cdc1,804cdc1) [Parser.C] parsing block 804cdc1 [Parser.C:1274] curAddr 0x804cdc1: leave [Parser.C:1280] leaf 1 funcname frame_dummy hasCFT called [Parser.C:1274] curAddr 0x804cdc2: jmp ffffff79 + EIP + 5 [Parser.C:1280] leaf 1 funcname frame_dummy hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp ffffff79 + EIP + 5 to 0x804cdc2...SUCCESS (CFT=0x804cd40) [Parser.C:1485] recording block [804cdc1,804cdc7) Getting edges Checking for Tail Call [Parser.C] finalizing frame_dummy (804cda0) Considering target block [0x804cdc8,0x804cdcd) from edge 0x1cd75a0 Adding target block [804cdc8,804cdcd) to worklist according to edge from 804cda7, type 1 Considering target block [0x804cda9,0x804cdb2) from edge 0x1cd6500 Adding target block [804cda9,804cdb2) to worklist according to edge from 804cda7, type 2 Considering target block [0x804cdc8,0x804cdcd) from edge 0x1cdcc00 Considering target block [0x804cdb2,0x804cdc1) from edge 0x1cdd710 Adding target block [804cdb2,804cdc1) to worklist according to edge from 804cdb0, type 2 Considering target block [0xffffffffffffffff,0xffffffffffffffff) from edge 0x1cdda60 Call typed Considering target block [0x804cdc1,0x804cdc7) from edge 0x1cddb00 Adding target block [804cdc1,804cdc7) to worklist according to edge from 804cdbf, type 7 No targets, exits func Adding block 0x804cdc1 as exit Considering target block [0x804cd40,0x804cd58) from edge 0x1cd7410 Interprocedural exits func Adding block 0x804cdc8 as exit 804cda0 extent [804cda0,804cdc7) 804cda0 extent [804cdc8,804cdcd) jump to 0x804cd40, TAIL CALL IA_IAPI.C[641]: tail call to 804cd40 Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 1 Setting edge 0x1cdc9b0 (0x804cdc1/0xffffffffffffffff) to interproc (tail call) ParserDetails.C[88]: adding direct edge 804cdc2->804cd40 resolveable_edge: 1, tailcall: 1, target: 804cd40 [ParserDetails.C:588] pushing 804cd40 onto worklist [Parser.C] binding call 804cdc2->804cd40 [Parser.C] block 804cd40 exists [Parser.C] frame 804cda0 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] frame_dummy return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804dbc8) [Parser.C:180] entered parse_at([804ccd0,80549c4),804dbc8) [Parser.C:1485] recording block [804dbc8,804dbc8) [Parser.C] ==== starting to parse frame 804dbc8 ==== [Parser.C] parsing block 804dbc8 [Parser.C:1274] curAddr 0x804dbc8: push EBP, ESP [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called [Parser.C:1274] curAddr 0x804dbc9: mov EBP, ESP [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called [Parser.C:1274] curAddr 0x804dbcb: push EBX, ESP [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called [Parser.C:1274] curAddr 0x804dbcc: sub ESP, 14 [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called [Parser.C:1274] curAddr 0x804dbcf: call fffff12c + EIP + 5 [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff12c + EIP + 5 to 0x804dbcf...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804dbd4: add EBX, e42c [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called [Parser.C:1274] curAddr 0x804dbda: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called [Parser.C:1274] curAddr 0x804dbe0: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called [Parser.C:1274] curAddr 0x804dbe2: test EAX, EAX [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called [Parser.C:1274] curAddr 0x804dbe4: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dbc8,804dbe6) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x804dbe4...SUCCESS (CFT=0x804dbfe) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804dbe4->804dbfe resolveable_edge: 1, tailcall: 0, target: 804dbfe [ParserDetails.C:588] pushing 804dbfe onto worklist ParserDetails.C[80]: adding conditional not taken edge 804dbe4->804dbe6 resolveable_edge: 1, tailcall: 0, target: 804dbe6 [ParserDetails.C:588] pushing 804dbe6 onto worklist [Parser.C:1485] recording block [804dbfe,804dbfe) [Parser.C] parsing block 804dbfe [Parser.C:1274] curAddr 0x804dbfe: add ESP, 14 [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called [Parser.C:1274] curAddr 0x804dc01: pop EBX, ESP [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called [Parser.C:1274] curAddr 0x804dc02: pop EBP, ESP [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called [Parser.C:1274] curAddr 0x804dc03: ret near [ESP] [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dbfe,804dc04) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804dc03 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804dc03...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804dbe6,804dbe6) [Parser.C] parsing block 804dbe6 [Parser.C:1274] curAddr 0x804dbe6: lea EAX, EBX + ffff1bc8 [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called [Parser.C:1274] curAddr 0x804dbec: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called [Parser.C:1274] curAddr 0x804dbf0: lea EAX, EBX + ffff8edc [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called [Parser.C:1274] curAddr 0x804dbf6: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called [Parser.C:1274] curAddr 0x804dbf9: call ffffee52 + EIP + 5 [Parser.C:1280] leaf 1 funcname func1_2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffee52 + EIP + 5 to 0x804dbf9...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [804dbe6,804dbfe) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dbf9->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dbf9->804dbfe resolveable_edge: 1, tailcall: 0, target: 804dbfe [ParserDetails.C:588] pushing 804dbfe onto worklist [Parser.C] binding call 804dbf9->804ca50 [ParseData.C] new function for target 804ca50 [Parser.C:1485] recording block [804ca50,804ca50) [suspend frame 804dbc8] [Parser.C] frame 804dbc8 blocked at 804dbf9 call target 804ca50 [Parser.C] block 804ca50 exists [Parser.C] ==== starting to parse frame 804ca50 ==== [Parser.C] parsing block 804ca50 [Parser.C:1274] curAddr 0x804ca50: jmp [805c018] [Parser.C:1280] leaf 1 funcname targ804ca50 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c018] to 0x804ca50...FAIL (CFT=0x0), callTarget exp: [805c018] ... indirect jump at 0x804ca50, delay parsing it [Parser.C:1485] recording block [804ca50,804ca56) ... continue parse indirect jump at 804ca50 [Parser.C:1485] recording block [804ca50,804ca56) Getting edges ... indirect jump at 0x804ca50 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c018] at 0x804ca50 Apply indirect control flow analysis at 804ca50 Looking for thunk Looking for thunk in block [804ca50,804ca56).......WARNING: after advance at 0x804ca56, curInsn() NULL Expanding instruction @ 804ca50: jmp [805c018] Original expand: (<134594584:32>,) Adding assignment (@804ca50<[x86::eip]>[_805c018]) in instruction jmp [805c018] at 804ca50, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804ca50, insn: jmp [805c018] Old fact for 804ca50: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804ca50 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804ca50<[x86::eip]>[_805c018]) Instruction: jmp [805c018] AST: (<134594584:64>,) Generate bound fact for Interval 0[134594584,134594584] 0[805c018,805c018], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594584:64>,) Apply relations2 to (<134594584:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594584,134594584] 0[805c018,805c018], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594584:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804ca50 The fact from 804ca50 before applying transfer function Do not track predicate Var: , Interval 0[134594584,134594584] 0[805c018,805c018], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594584:64>,) No known value at the top of the stack Fact from 804ca50 after applying transfer function Do not track predicate Var: , Interval 0[134594584,134594584] 0[805c018,805c018], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594584:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594584,134594584] 0[805c018,805c018], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594584:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594584,134594584] 0[805c018,805c018], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c018 not read only, returning false Not jump table format! [Parser.C] finalizing targ804ca50 (804ca50) No targets, exits func Adding block 0x804ca50 as exit 804ca50 extent [804ca50,804ca56) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c018] at 0x804ca50 in function targ804ca50 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804ca50->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for printf [Parser.C] frame 804ca50 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] printf return status 2, no waiters [Parser.C] ==== resuming parse of frame 804dbc8 ==== Checking non-returning for printf [Parser.C] block 804dbfe exists [Parser.C] skipping locally parsed target at 804dbfe [Parser.C] frame 804dbc8 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] func1_2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804e000) [Parser.C:180] entered parse_at([804ccd0,80549c4),804e000) [Parser.C:1485] recording block [804e000,804e000) [Parser.C] ==== starting to parse frame 804e000 ==== [Parser.C] parsing block 804e000 [Parser.C:1274] curAddr 0x804e000: push EBP, ESP [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called [Parser.C:1274] curAddr 0x804e001: mov EBP, ESP [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called [Parser.C:1274] curAddr 0x804e003: push EBX, ESP [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called [Parser.C:1274] curAddr 0x804e004: sub ESP, 14 [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called [Parser.C:1274] curAddr 0x804e007: call ffffecf4 + EIP + 5 [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffecf4 + EIP + 5 to 0x804e007...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804e00c: add EBX, dff4 [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called [Parser.C:1274] curAddr 0x804e012: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called [Parser.C:1274] curAddr 0x804e018: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called [Parser.C:1274] curAddr 0x804e01a: test EAX, EAX [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called [Parser.C:1274] curAddr 0x804e01c: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e000,804e01e) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804e01c...SUCCESS (CFT=0x804e02c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e01c->804e02c resolveable_edge: 1, tailcall: 0, target: 804e02c [ParserDetails.C:588] pushing 804e02c onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e01c->804e01e resolveable_edge: 1, tailcall: 0, target: 804e01e [ParserDetails.C:588] pushing 804e01e onto worklist [Parser.C:1485] recording block [804e02c,804e02c) [Parser.C] parsing block 804e02c [Parser.C:1274] curAddr 0x804e02c: add ESP, 14 [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called [Parser.C:1274] curAddr 0x804e02f: pop EBX, ESP [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called [Parser.C:1274] curAddr 0x804e030: pop EBP, ESP [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called [Parser.C:1274] curAddr 0x804e031: ret near [ESP] [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e02c,804e032) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804e031 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804e031...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804e01e,804e01e) [Parser.C] parsing block 804e01e [Parser.C:1274] curAddr 0x804e01e: lea EAX, EBX + ffff922c [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called [Parser.C:1274] curAddr 0x804e024: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called [Parser.C:1274] curAddr 0x804e027: call ffffeaf4 + EIP + 5 [Parser.C:1280] leaf 1 funcname func4_2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffeaf4 + EIP + 5 to 0x804e027...SUCCESS (CFT=0x804cb20) [Parser.C:1485] recording block [804e01e,804e02c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e027->804cb20 resolveable_edge: 1, tailcall: 0, target: 804cb20 [ParserDetails.C:588] pushing 804cb20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e027->804e02c resolveable_edge: 1, tailcall: 0, target: 804e02c [ParserDetails.C:588] pushing 804e02c onto worklist [Parser.C] binding call 804e027->804cb20 [ParseData.C] new function for target 804cb20 [Parser.C:1485] recording block [804cb20,804cb20) [suspend frame 804e000] [Parser.C] frame 804e000 blocked at 804e027 call target 804cb20 [Parser.C] block 804cb20 exists [Parser.C] ==== starting to parse frame 804cb20 ==== [Parser.C] parsing block 804cb20 [Parser.C:1274] curAddr 0x804cb20: jmp [805c04c] [Parser.C:1280] leaf 1 funcname targ804cb20 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c04c] to 0x804cb20...FAIL (CFT=0x0), callTarget exp: [805c04c] ... indirect jump at 0x804cb20, delay parsing it [Parser.C:1485] recording block [804cb20,804cb26) ... continue parse indirect jump at 804cb20 [Parser.C:1485] recording block [804cb20,804cb26) Getting edges ... indirect jump at 0x804cb20 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c04c] at 0x804cb20 Apply indirect control flow analysis at 804cb20 Looking for thunk Looking for thunk in block [804cb20,804cb26).......WARNING: after advance at 0x804cb26, curInsn() NULL Expanding instruction @ 804cb20: jmp [805c04c] Original expand: (<134594636:32>,) Adding assignment (@804cb20<[x86::eip]>[_805c04c]) in instruction jmp [805c04c] at 804cb20, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cb20, insn: jmp [805c04c] Old fact for 804cb20: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cb20 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cb20<[x86::eip]>[_805c04c]) Instruction: jmp [805c04c] AST: (<134594636:64>,) Generate bound fact for Interval 0[134594636,134594636] 0[805c04c,805c04c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594636:64>,) Apply relations2 to (<134594636:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594636,134594636] 0[805c04c,805c04c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594636:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cb20 The fact from 804cb20 before applying transfer function Do not track predicate Var: , Interval 0[134594636,134594636] 0[805c04c,805c04c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594636:64>,) No known value at the top of the stack Fact from 804cb20 after applying transfer function Do not track predicate Var: , Interval 0[134594636,134594636] 0[805c04c,805c04c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594636:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594636,134594636] 0[805c04c,805c04c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594636:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594636,134594636] 0[805c04c,805c04c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c04c not read only, returning false Not jump table format! [Parser.C] finalizing targ804cb20 (804cb20) No targets, exits func Adding block 0x804cb20 as exit 804cb20 extent [804cb20,804cb26) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c04c] at 0x804cb20 in function targ804cb20 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cb20->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for puts [Parser.C] frame 804cb20 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] puts return status 2, no waiters [Parser.C] ==== resuming parse of frame 804e000 ==== Checking non-returning for puts [Parser.C] block 804e02c exists [Parser.C] skipping locally parsed target at 804e02c [Parser.C] frame 804e000 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] func4_2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804eabf) [Parser.C:180] entered parse_at([804ccd0,80549c4),804eabf) [Parser.C:1485] recording block [804eabf,804eabf) [Parser.C] ==== starting to parse frame 804eabf ==== [Parser.C] parsing block 804eabf [Parser.C:1274] curAddr 0x804eabf: push EBP, ESP [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804eac0: mov EBP, ESP [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804eac2: push EBX, ESP [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804eac3: sub ESP, 14 [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804eac6: call ffffe235 + EIP + 5 [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe235 + EIP + 5 to 0x804eac6...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804eacb: add EBX, d535 [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804ead1: cmp [EBP + 8], 48 [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804ead5: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called branch or return, ret true [Parser.C:1485] recording block [804eabf,804ead7) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804ead5...SUCCESS (CFT=0x804eaec) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ead5->804eaec resolveable_edge: 1, tailcall: 0, target: 804eaec [ParserDetails.C:588] pushing 804eaec onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ead5->804ead7 resolveable_edge: 1, tailcall: 0, target: 804ead7 [ParserDetails.C:588] pushing 804ead7 onto worklist [Parser.C:1485] recording block [804eaec,804eaec) [Parser.C] parsing block 804eaec [Parser.C:1274] curAddr 0x804eaec: cmp [EBP + c], 47 [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804eaf0: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called branch or return, ret true [Parser.C:1485] recording block [804eaec,804eaf2) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804eaf0...SUCCESS (CFT=0x804eb07) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804eaf0->804eb07 resolveable_edge: 1, tailcall: 0, target: 804eb07 [ParserDetails.C:588] pushing 804eb07 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804eaf0->804eaf2 resolveable_edge: 1, tailcall: 0, target: 804eaf2 [ParserDetails.C:588] pushing 804eaf2 onto worklist [Parser.C:1485] recording block [804eb07,804eb07) [Parser.C] parsing block 804eb07 [Parser.C:1274] curAddr 0x804eb07: add ESP, 14 [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804eb0a: pop EBX, ESP [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804eb0b: pop EBP, ESP [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804eb0c: ret near [ESP] [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called branch or return, ret true [Parser.C:1485] recording block [804eb07,804eb0d) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804eb0c Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804eb0c...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804ead7,804ead7) [Parser.C] parsing block 804ead7 [Parser.C:1274] curAddr 0x804ead7: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804eada: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804eade: lea EAX, EBX + ffff96d0 [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804eae4: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804eae7: call 4ed1 + EIP + 5 [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4ed1 + EIP + 5 to 0x804eae7...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ead7,804eaec) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804eae7->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804eae7->804eaec resolveable_edge: 1, tailcall: 0, target: 804eaec [ParserDetails.C:588] pushing 804eaec onto worklist [Parser.C] binding call 804eae7->80539bd [Parser.C:1485] recording block [80539bd,80539bd) [suspend frame 804eabf] [Parser.C] frame 804eabf blocked at 804eae7 call target 80539bd [Parser.C] block 80539bd exists [Parser.C] ==== starting to parse frame 80539bd ==== [Parser.C] parsing block 80539bd [Parser.C:1274] curAddr 0x80539bd: push EBP, ESP [Parser.C:1280] leaf 1 funcname logerror hasCFT called [Parser.C:1274] curAddr 0x80539be: mov EBP, ESP [Parser.C:1280] leaf 1 funcname logerror hasCFT called [Parser.C:1274] curAddr 0x80539c0: push EBX, ESP [Parser.C:1280] leaf 1 funcname logerror hasCFT called [Parser.C:1274] curAddr 0x80539c1: sub ESP, 24 [Parser.C:1280] leaf 1 funcname logerror hasCFT called [Parser.C:1274] curAddr 0x80539c4: call ffff9337 + EIP + 5 [Parser.C:1280] leaf 1 funcname logerror hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9337 + EIP + 5 to 0x80539c4...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x80539c9: add EBX, 8637 [Parser.C:1280] leaf 1 funcname logerror hasCFT called [Parser.C:1274] curAddr 0x80539cf: lea EAX, EBP + c [Parser.C:1280] leaf 1 funcname logerror hasCFT called [Parser.C:1274] curAddr 0x80539d2: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname logerror hasCFT called [Parser.C:1274] curAddr 0x80539d5: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname logerror hasCFT called [Parser.C:1274] curAddr 0x80539d8: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname logerror hasCFT called [Parser.C:1274] curAddr 0x80539dc: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname logerror hasCFT called [Parser.C:1274] curAddr 0x80539df: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname logerror hasCFT called [Parser.C:1274] curAddr 0x80539e3: mov [ESP], 3 [Parser.C:1280] leaf 1 funcname logerror hasCFT called [Parser.C:1274] curAddr 0x80539ea: call fffffd82 + EIP + 5 [Parser.C:1280] leaf 1 funcname logerror hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffd82 + EIP + 5 to 0x80539ea...SUCCESS (CFT=0x8053771) [Parser.C:1485] recording block [80539bd,80539ef) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80539ea->8053771 resolveable_edge: 1, tailcall: 0, target: 8053771 [ParserDetails.C:588] pushing 8053771 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80539ea->80539ef resolveable_edge: 1, tailcall: 0, target: 80539ef [ParserDetails.C:588] pushing 80539ef onto worklist [Parser.C] binding call 80539ea->8053771 [Parser.C:1485] recording block [8053771,8053771) [suspend frame 80539bd] [Parser.C] frame 80539bd blocked at 80539ea call target 8053771 [Parser.C] block 8053771 exists [Parser.C] ==== starting to parse frame 8053771 ==== [Parser.C] parsing block 8053771 [Parser.C:1274] curAddr 0x8053771: push EBP, ESP [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053772: mov EBP, ESP [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053774: push EBX, ESP [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053775: sub ESP, 34 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053778: call ffff9583 + EIP + 5 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9583 + EIP + 5 to 0x8053778...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x805377d: add EBX, 8883 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053783: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x805378a: cmp [EBP + 8], 4 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x805378e: jnbe 51 + EIP + 2 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053771,8053790) Getting edges IA_IAPI.C[847]: binding PC EIP in jnbe 51 + EIP + 2 to 0x805378e...SUCCESS (CFT=0x80537e1) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805378e->80537e1 resolveable_edge: 1, tailcall: 0, target: 80537e1 [ParserDetails.C:588] pushing 80537e1 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805378e->8053790 resolveable_edge: 1, tailcall: 0, target: 8053790 [ParserDetails.C:588] pushing 8053790 onto worklist [Parser.C:1485] recording block [80537e1,80537e1) [Parser.C] parsing block 80537e1 [Parser.C:1274] curAddr 0x80537e1: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80537e5: jz e7 + EIP + 6 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [80537e1,80537eb) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e7 + EIP + 6 to 0x80537e5...SUCCESS (CFT=0x80538d2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80537e5->80538d2 resolveable_edge: 1, tailcall: 0, target: 80538d2 [ParserDetails.C:588] pushing 80538d2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80537e5->80537eb resolveable_edge: 1, tailcall: 0, target: 80537eb [ParserDetails.C:588] pushing 80537eb onto worklist [Parser.C:1485] recording block [80538d2,80538d2) [Parser.C] parsing block 80538d2 [Parser.C:1274] curAddr 0x80538d2: add ESP, 34 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80538d5: pop EBX, ESP [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80538d6: pop EBP, ESP [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80538d7: ret near [ESP] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [80538d2,80538d8) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80538d7 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80538d7...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8053790,8053790) [Parser.C] parsing block 8053790 [Parser.C:1274] curAddr 0x8053790: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053793: shl/sal EAX, 2 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053796: mov EAX, [EAX + EBX * 1 + ffffbff0] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x805379d: add EAX, EBX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x805379f: jmp EAX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp EAX to 0x805379f...FAIL (CFT=0x0), callTarget exp: EAX ... indirect jump at 0x805379f, delay parsing it [Parser.C:1485] recording block [8053790,80537a1) [Parser.C:1485] recording block [80537eb,80537eb) [Parser.C] parsing block 80537eb [Parser.C:1274] curAddr 0x80537eb: mov [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80537f2: lea EAX, EBX + ffffbed8 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80537f8: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80537fc: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80537ff: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053802: call ffff9239 + EIP + 5 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9239 + EIP + 5 to 0x8053802...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [80537eb,8053807) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053802->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053802->8053807 resolveable_edge: 1, tailcall: 0, target: 8053807 [ParserDetails.C:588] pushing 8053807 onto worklist [Parser.C] binding call 8053802->804ca40 [ParseData.C] new function for target 804ca40 [Parser.C:1485] recording block [804ca40,804ca40) [suspend frame 8053771] [Parser.C] frame 8053771 blocked at 8053802 call target 804ca40 [Parser.C] block 804ca40 exists [Parser.C] ==== starting to parse frame 804ca40 ==== [Parser.C] parsing block 804ca40 [Parser.C:1274] curAddr 0x804ca40: jmp [805c014] [Parser.C:1280] leaf 1 funcname targ804ca40 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c014] to 0x804ca40...FAIL (CFT=0x0), callTarget exp: [805c014] ... indirect jump at 0x804ca40, delay parsing it [Parser.C:1485] recording block [804ca40,804ca46) ... continue parse indirect jump at 804ca40 [Parser.C:1485] recording block [804ca40,804ca46) Getting edges ... indirect jump at 0x804ca40 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c014] at 0x804ca40 Apply indirect control flow analysis at 804ca40 Looking for thunk Looking for thunk in block [804ca40,804ca46).......WARNING: after advance at 0x804ca46, curInsn() NULL Expanding instruction @ 804ca40: jmp [805c014] Original expand: (<134594580:32>,) Adding assignment (@804ca40<[x86::eip]>[_805c014]) in instruction jmp [805c014] at 804ca40, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804ca40, insn: jmp [805c014] Old fact for 804ca40: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804ca40 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804ca40<[x86::eip]>[_805c014]) Instruction: jmp [805c014] AST: (<134594580:64>,) Generate bound fact for Interval 0[134594580,134594580] 0[805c014,805c014], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594580:64>,) Apply relations2 to (<134594580:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594580,134594580] 0[805c014,805c014], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594580:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804ca40 The fact from 804ca40 before applying transfer function Do not track predicate Var: , Interval 0[134594580,134594580] 0[805c014,805c014], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594580:64>,) No known value at the top of the stack Fact from 804ca40 after applying transfer function Do not track predicate Var: , Interval 0[134594580,134594580] 0[805c014,805c014], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594580:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594580,134594580] 0[805c014,805c014], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594580:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594580,134594580] 0[805c014,805c014], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c014 not read only, returning false Not jump table format! [Parser.C] finalizing targ804ca40 (804ca40) No targets, exits func Adding block 0x804ca40 as exit 804ca40 extent [804ca40,804ca46) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c014] at 0x804ca40 in function targ804ca40 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804ca40->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for strcmp [Parser.C] frame 804ca40 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] strcmp return status 2, no waiters [Parser.C] ==== resuming parse of frame 8053771 ==== Checking non-returning for strcmp [Parser.C:1485] recording block [8053807,8053807) [Parser.C] parsing block 8053807 [Parser.C:1274] curAddr 0x8053807: test EAX, EAX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053809: jnz 32 + EIP + 2 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053807,805380b) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 32 + EIP + 2 to 0x8053809...SUCCESS (CFT=0x805383d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053809->805383d resolveable_edge: 1, tailcall: 0, target: 805383d [ParserDetails.C:588] pushing 805383d onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053809->805380b resolveable_edge: 1, tailcall: 0, target: 805380b [ParserDetails.C:588] pushing 805380b onto worklist [Parser.C:1485] recording block [805383d,805383d) [Parser.C] parsing block 805383d [Parser.C:1274] curAddr 0x805383d: lea EAX, EBX + ffffbfbc [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053843: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053847: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x805384a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x805384d: call ffff936e + EIP + 5 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff936e + EIP + 5 to 0x805384d...SUCCESS (CFT=0x804cbc0) [Parser.C:1485] recording block [805383d,8053852) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805384d->804cbc0 resolveable_edge: 1, tailcall: 0, target: 804cbc0 [ParserDetails.C:588] pushing 804cbc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805384d->8053852 resolveable_edge: 1, tailcall: 0, target: 8053852 [ParserDetails.C:588] pushing 8053852 onto worklist [Parser.C] binding call 805384d->804cbc0 [ParseData.C] new function for target 804cbc0 [Parser.C:1485] recording block [804cbc0,804cbc0) [suspend frame 8053771] [Parser.C] frame 8053771 blocked at 805384d call target 804cbc0 [Parser.C] block 804cbc0 exists [Parser.C] ==== starting to parse frame 804cbc0 ==== [Parser.C] parsing block 804cbc0 [Parser.C:1274] curAddr 0x804cbc0: jmp [805c074] [Parser.C:1280] leaf 1 funcname targ804cbc0 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c074] to 0x804cbc0...FAIL (CFT=0x0), callTarget exp: [805c074] ... indirect jump at 0x804cbc0, delay parsing it [Parser.C:1485] recording block [804cbc0,804cbc6) ... continue parse indirect jump at 804cbc0 [Parser.C:1485] recording block [804cbc0,804cbc6) Getting edges ... indirect jump at 0x804cbc0 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c074] at 0x804cbc0 Apply indirect control flow analysis at 804cbc0 Looking for thunk Looking for thunk in block [804cbc0,804cbc6).......WARNING: after advance at 0x804cbc6, curInsn() NULL Expanding instruction @ 804cbc0: jmp [805c074] Original expand: (<134594676:32>,) Adding assignment (@804cbc0<[x86::eip]>[_805c074]) in instruction jmp [805c074] at 804cbc0, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cbc0, insn: jmp [805c074] Old fact for 804cbc0: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cbc0 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cbc0<[x86::eip]>[_805c074]) Instruction: jmp [805c074] AST: (<134594676:64>,) Generate bound fact for Interval 0[134594676,134594676] 0[805c074,805c074], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594676:64>,) Apply relations2 to (<134594676:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594676,134594676] 0[805c074,805c074], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594676:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cbc0 The fact from 804cbc0 before applying transfer function Do not track predicate Var: , Interval 0[134594676,134594676] 0[805c074,805c074], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594676:64>,) No known value at the top of the stack Fact from 804cbc0 after applying transfer function Do not track predicate Var: , Interval 0[134594676,134594676] 0[805c074,805c074], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594676:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594676,134594676] 0[805c074,805c074], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594676:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594676,134594676] 0[805c074,805c074], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c074 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cbc0 (804cbc0) No targets, exits func Adding block 0x804cbc0 as exit 804cbc0 extent [804cbc0,804cbc6) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c074] at 0x804cbc0 in function targ804cbc0 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cbc0->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for fopen [Parser.C] frame 804cbc0 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] fopen return status 2, no waiters [Parser.C] ==== resuming parse of frame 8053771 ==== Checking non-returning for fopen [Parser.C:1485] recording block [8053852,8053852) [Parser.C] parsing block 8053852 [Parser.C:1274] curAddr 0x8053852: mov [EBP + fffffffffffffff0], EAX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053855: cmp [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053859: jnz 33 + EIP + 2 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053852,805385b) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 33 + EIP + 2 to 0x8053859...SUCCESS (CFT=0x805388e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053859->805388e resolveable_edge: 1, tailcall: 0, target: 805388e [ParserDetails.C:588] pushing 805388e onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053859->805385b resolveable_edge: 1, tailcall: 0, target: 805385b [ParserDetails.C:588] pushing 805385b onto worklist [Parser.C:1485] recording block [805388e,805388e) [Parser.C] parsing block 805388e [Parser.C:1274] curAddr 0x805388e: cmp [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053892: jz 3e + EIP + 2 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [805388e,8053894) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 3e + EIP + 2 to 0x8053892...SUCCESS (CFT=0x80538d2) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x80538d2 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 8053892->80538d2 resolveable_edge: 1, tailcall: 0, target: 80538d2 [ParserDetails.C:588] pushing 80538d2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053892->8053894 resolveable_edge: 1, tailcall: 0, target: 8053894 [ParserDetails.C:588] pushing 8053894 onto worklist [Parser.C] block 80538d2 exists [Parser.C] skipping locally parsed target at 80538d2 [Parser.C:1485] recording block [805380b,805380b) [Parser.C] parsing block 805380b [Parser.C:1274] curAddr 0x805380b: cmp [EBP + 8], 4 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x805380f: jnbe 7d + EIP + 2 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [805380b,8053811) Getting edges IA_IAPI.C[847]: binding PC EIP in jnbe 7d + EIP + 2 to 0x805380f...SUCCESS (CFT=0x805388e) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x805388e is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 805380f->805388e resolveable_edge: 1, tailcall: 0, target: 805388e [ParserDetails.C:588] pushing 805388e onto worklist ParserDetails.C[80]: adding conditional not taken edge 805380f->8053811 resolveable_edge: 1, tailcall: 0, target: 8053811 [ParserDetails.C:588] pushing 8053811 onto worklist [Parser.C] block 805388e exists [Parser.C] skipping locally parsed target at 805388e [Parser.C:1485] recording block [8053811,8053811) [Parser.C] parsing block 8053811 [Parser.C:1274] curAddr 0x8053811: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053814: shl/sal EAX, 2 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053817: mov EAX, [EAX + EBX * 1 + ffffc004] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x805381e: add EAX, EBX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053820: jmp EAX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp EAX to 0x8053820...FAIL (CFT=0x0), callTarget exp: EAX ... indirect jump at 0x8053820, delay parsing it [Parser.C:1485] recording block [8053811,8053822) [Parser.C:1485] recording block [805385b,805385b) [Parser.C] parsing block 805385b [Parser.C:1274] curAddr 0x805385b: mov EAX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053861: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053863: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053866: mov [ESP + 10], EDX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x805386a: mov [ESP + c], fc [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053872: lea EDX, EBX + ffffbedc [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053878: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x805387c: lea EDX, EBX + ffffbfc0 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053882: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053886: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053889: call ffff9302 + EIP + 5 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9302 + EIP + 5 to 0x8053889...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [805385b,805388e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053889->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053889->805388e resolveable_edge: 1, tailcall: 0, target: 805388e [ParserDetails.C:588] pushing 805388e onto worklist [Parser.C] binding call 8053889->804cb90 [ParseData.C] new function for target 804cb90 [Parser.C:1485] recording block [804cb90,804cb90) [suspend frame 8053771] [Parser.C] frame 8053771 blocked at 8053889 call target 804cb90 [Parser.C] block 804cb90 exists [Parser.C] ==== starting to parse frame 804cb90 ==== [Parser.C] parsing block 804cb90 [Parser.C:1274] curAddr 0x804cb90: jmp [805c068] [Parser.C:1280] leaf 1 funcname targ804cb90 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c068] to 0x804cb90...FAIL (CFT=0x0), callTarget exp: [805c068] ... indirect jump at 0x804cb90, delay parsing it [Parser.C:1485] recording block [804cb90,804cb96) ... continue parse indirect jump at 804cb90 [Parser.C:1485] recording block [804cb90,804cb96) Getting edges ... indirect jump at 0x804cb90 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c068] at 0x804cb90 Apply indirect control flow analysis at 804cb90 Looking for thunk Looking for thunk in block [804cb90,804cb96).......WARNING: after advance at 0x804cb96, curInsn() NULL Expanding instruction @ 804cb90: jmp [805c068] Original expand: (<134594664:32>,) Adding assignment (@804cb90<[x86::eip]>[_805c068]) in instruction jmp [805c068] at 804cb90, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cb90, insn: jmp [805c068] Old fact for 804cb90: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cb90 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cb90<[x86::eip]>[_805c068]) Instruction: jmp [805c068] AST: (<134594664:64>,) Generate bound fact for Interval 0[134594664,134594664] 0[805c068,805c068], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594664:64>,) Apply relations2 to (<134594664:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594664,134594664] 0[805c068,805c068], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594664:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cb90 The fact from 804cb90 before applying transfer function Do not track predicate Var: , Interval 0[134594664,134594664] 0[805c068,805c068], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594664:64>,) No known value at the top of the stack Fact from 804cb90 after applying transfer function Do not track predicate Var: , Interval 0[134594664,134594664] 0[805c068,805c068], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594664:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594664,134594664] 0[805c068,805c068], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594664:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594664,134594664] 0[805c068,805c068], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c068 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cb90 (804cb90) No targets, exits func Adding block 0x804cb90 as exit 804cb90 extent [804cb90,804cb96) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c068] at 0x804cb90 in function targ804cb90 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cb90->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for fprintf [Parser.C] frame 804cb90 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] fprintf return status 2, no waiters [Parser.C] ==== resuming parse of frame 8053771 ==== Checking non-returning for fprintf [Parser.C] block 805388e exists [Parser.C] skipping locally parsed target at 805388e [Parser.C:1485] recording block [8053894,8053894) [Parser.C] parsing block 8053894 [Parser.C:1274] curAddr 0x8053894: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053897: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x805389b: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x805389e: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80538a2: mov EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80538a5: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80538a8: call ffff9383 + EIP + 5 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9383 + EIP + 5 to 0x80538a8...SUCCESS (CFT=0x804cc30) [Parser.C:1485] recording block [8053894,80538ad) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80538a8->804cc30 resolveable_edge: 1, tailcall: 0, target: 804cc30 [ParserDetails.C:588] pushing 804cc30 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80538a8->80538ad resolveable_edge: 1, tailcall: 0, target: 80538ad [ParserDetails.C:588] pushing 80538ad onto worklist [Parser.C] binding call 80538a8->804cc30 [ParseData.C] new function for target 804cc30 [Parser.C:1485] recording block [804cc30,804cc30) [suspend frame 8053771] [Parser.C] frame 8053771 blocked at 80538a8 call target 804cc30 [Parser.C] block 804cc30 exists [Parser.C] ==== starting to parse frame 804cc30 ==== [Parser.C] parsing block 804cc30 [Parser.C:1274] curAddr 0x804cc30: jmp [805c090] [Parser.C:1280] leaf 1 funcname targ804cc30 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c090] to 0x804cc30...FAIL (CFT=0x0), callTarget exp: [805c090] ... indirect jump at 0x804cc30, delay parsing it [Parser.C:1485] recording block [804cc30,804cc36) ... continue parse indirect jump at 804cc30 [Parser.C:1485] recording block [804cc30,804cc36) Getting edges ... indirect jump at 0x804cc30 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c090] at 0x804cc30 Apply indirect control flow analysis at 804cc30 Looking for thunk Looking for thunk in block [804cc30,804cc36).......WARNING: after advance at 0x804cc36, curInsn() NULL Expanding instruction @ 804cc30: jmp [805c090] Original expand: (<134594704:32>,) Adding assignment (@804cc30<[x86::eip]>[_805c090]) in instruction jmp [805c090] at 804cc30, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cc30, insn: jmp [805c090] Old fact for 804cc30: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cc30 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cc30<[x86::eip]>[_805c090]) Instruction: jmp [805c090] AST: (<134594704:64>,) Generate bound fact for Interval 0[134594704,134594704] 0[805c090,805c090], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594704:64>,) Apply relations2 to (<134594704:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594704,134594704] 0[805c090,805c090], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594704:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cc30 The fact from 804cc30 before applying transfer function Do not track predicate Var: , Interval 0[134594704,134594704] 0[805c090,805c090], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594704:64>,) No known value at the top of the stack Fact from 804cc30 after applying transfer function Do not track predicate Var: , Interval 0[134594704,134594704] 0[805c090,805c090], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594704:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594704,134594704] 0[805c090,805c090], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594704:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594704,134594704] 0[805c090,805c090], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c090 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cc30 (804cc30) No targets, exits func Adding block 0x804cc30 as exit 804cc30 extent [804cc30,804cc36) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c090] at 0x804cc30 in function targ804cc30 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cc30->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for vfprintf [Parser.C] frame 804cc30 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] vfprintf return status 2, no waiters [Parser.C] ==== resuming parse of frame 8053771 ==== Checking non-returning for vfprintf [Parser.C:1485] recording block [80538ad,80538ad) [Parser.C] parsing block 80538ad [Parser.C:1274] curAddr 0x80538ad: mov EAX, [EBX + fffffffc] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80538b3: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80538b5: cmp [EBP + fffffffffffffff0], EAX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80538b8: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [80538ad,80538ba) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x80538b8...SUCCESS (CFT=0x80538d2) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x80538d2 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 80538b8->80538d2 resolveable_edge: 1, tailcall: 0, target: 80538d2 [ParserDetails.C:588] pushing 80538d2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80538b8->80538ba resolveable_edge: 1, tailcall: 0, target: 80538ba [ParserDetails.C:588] pushing 80538ba onto worklist [Parser.C] block 80538d2 exists [Parser.C] skipping locally parsed target at 80538d2 [Parser.C:1485] recording block [80538ba,80538ba) [Parser.C] parsing block 80538ba [Parser.C:1274] curAddr 0x80538ba: mov EAX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80538c0: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80538c2: cmp [EBP + fffffffffffffff0], EAX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80538c5: jz b + EIP + 2 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [80538ba,80538c7) Getting edges IA_IAPI.C[847]: binding PC EIP in jz b + EIP + 2 to 0x80538c5...SUCCESS (CFT=0x80538d2) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x80538d2 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 80538c5->80538d2 resolveable_edge: 1, tailcall: 0, target: 80538d2 [ParserDetails.C:588] pushing 80538d2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80538c5->80538c7 resolveable_edge: 1, tailcall: 0, target: 80538c7 [ParserDetails.C:588] pushing 80538c7 onto worklist [Parser.C] block 80538d2 exists [Parser.C] skipping locally parsed target at 80538d2 [Parser.C:1485] recording block [80538c7,80538c7) [Parser.C] parsing block 80538c7 [Parser.C:1274] curAddr 0x80538c7: mov EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80538ca: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called [Parser.C:1274] curAddr 0x80538cd: call ffff91ce + EIP + 5 [Parser.C:1280] leaf 1 funcname stdOutputVLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff91ce + EIP + 5 to 0x80538cd...SUCCESS (CFT=0x804caa0) [Parser.C:1485] recording block [80538c7,80538d2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80538cd->804caa0 resolveable_edge: 1, tailcall: 0, target: 804caa0 [ParserDetails.C:588] pushing 804caa0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80538cd->80538d2 resolveable_edge: 1, tailcall: 0, target: 80538d2 [ParserDetails.C:588] pushing 80538d2 onto worklist [Parser.C] binding call 80538cd->804caa0 [ParseData.C] new function for target 804caa0 [Parser.C:1485] recording block [804caa0,804caa0) [suspend frame 8053771] [Parser.C] frame 8053771 blocked at 80538cd call target 804caa0 [Parser.C] block 804caa0 exists [Parser.C] ==== starting to parse frame 804caa0 ==== [Parser.C] parsing block 804caa0 [Parser.C:1274] curAddr 0x804caa0: jmp [805c02c] [Parser.C:1280] leaf 1 funcname targ804caa0 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c02c] to 0x804caa0...FAIL (CFT=0x0), callTarget exp: [805c02c] ... indirect jump at 0x804caa0, delay parsing it [Parser.C:1485] recording block [804caa0,804caa6) ... continue parse indirect jump at 804caa0 [Parser.C:1485] recording block [804caa0,804caa6) Getting edges ... indirect jump at 0x804caa0 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c02c] at 0x804caa0 Apply indirect control flow analysis at 804caa0 Looking for thunk Looking for thunk in block [804caa0,804caa6).......WARNING: after advance at 0x804caa6, curInsn() NULL Expanding instruction @ 804caa0: jmp [805c02c] Original expand: (<134594604:32>,) Adding assignment (@804caa0<[x86::eip]>[_805c02c]) in instruction jmp [805c02c] at 804caa0, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804caa0, insn: jmp [805c02c] Old fact for 804caa0: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804caa0 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804caa0<[x86::eip]>[_805c02c]) Instruction: jmp [805c02c] AST: (<134594604:64>,) Generate bound fact for Interval 0[134594604,134594604] 0[805c02c,805c02c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594604:64>,) Apply relations2 to (<134594604:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594604,134594604] 0[805c02c,805c02c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594604:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804caa0 The fact from 804caa0 before applying transfer function Do not track predicate Var: , Interval 0[134594604,134594604] 0[805c02c,805c02c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594604:64>,) No known value at the top of the stack Fact from 804caa0 after applying transfer function Do not track predicate Var: , Interval 0[134594604,134594604] 0[805c02c,805c02c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594604:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594604,134594604] 0[805c02c,805c02c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594604:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594604,134594604] 0[805c02c,805c02c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c02c not read only, returning false Not jump table format! [Parser.C] finalizing targ804caa0 (804caa0) No targets, exits func Adding block 0x804caa0 as exit 804caa0 extent [804caa0,804caa6) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c02c] at 0x804caa0 in function targ804caa0 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804caa0->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for fclose [Parser.C] frame 804caa0 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] fclose return status 2, no waiters [Parser.C] ==== resuming parse of frame 8053771 ==== Checking non-returning for fclose [Parser.C] block 80538d2 exists [Parser.C] skipping locally parsed target at 80538d2 ... continue parse indirect jump at 8053820 [Parser.C:1485] recording block [8053811,8053822) Getting edges ... indirect jump at 0x8053820 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp EAX at 0x8053820 Apply indirect control flow analysis at 8053820 Looking for thunk Looking for thunk in block [8053771,8053790).IA_IAPI.C[847]: binding PC EIP in call ffff9583 + EIP + 5 to 0x8053778...SUCCESS (CFT=0x804cd00) find thunk at 8053778, storing value 805c000 to x86::ebx ......WARNING: after advance at 0x8053790, curInsn() NULL Looking for thunk in block [80537e1,80537eb).......WARNING: after advance at 0x80537eb, curInsn() NULL Looking for thunk in block [80537eb,8053807).IA_IAPI.C[847]: binding PC EIP in call ffff9239 + EIP + 5 to 0x8053802...SUCCESS (CFT=0x804ca40) ......WARNING: after advance at 0x8053807, curInsn() NULL Looking for thunk in block [805380b,8053811).......WARNING: after advance at 0x8053811, curInsn() NULL Looking for thunk in block [8053807,805380b).......WARNING: after advance at 0x805380b, curInsn() NULL Looking for thunk in block [8053811,8053822).......WARNING: after advance at 0x8053822, curInsn() NULL Expanding instruction @ 8053820: jmp EAX Original expand: Adding assignment (@8053820<[x86::eip]>[x86::eax]) in instruction jmp EAX at 8053820, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 8053820, insn: jmp EAX Old fact for 8053820: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Check srcAddr at 0, trgAddr at 8053820, thunk at 8053778 find thunk at 8053778 between the source and the target. Add factInterval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Fact from 0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack New fact at 8053820 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@8053820<[x86::eip]>[x86::eax]) Instruction: jmp EAX AST: Kill bound fact for and are equal inserting relation and , type 0 Apply relations to Apply relations2 to Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 8053820 The fact from 8053820 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack Check srcAddr at 8053820, trgAddr at 0, thunk at 8053778 Fact from 8053820 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack Facts change! Checking final bound fact for x86::eip jump target expression Expanding instruction @ 805381e: add EAX, EBX Original expand: (((,<33:32>,),((,<33:32>,),<0:1>,),),<0:33>,<32:33>,) Adding assignment (@805381e<[x86::eax]>[x86::ebx]>[x86::eax]) in instruction add EAX, EBX at 805381e, total 2 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 805381e, insn: add EAX, EBX Old fact for 805381e: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Check srcAddr at 0, trgAddr at 805381e, thunk at 8053778 find thunk at 8053778 between the source and the target. Add factInterval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Fact from 0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack New fact at 805381e Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 51 Expand assignment : (@805381e<[x86::eax]>[x86::ebx]>[x86::eax]) Instruction: add EAX, EBX AST: (,,) Kill bound fact for Apply relations to (,,) Apply relations2 to (,,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 8053820, insn: jmp EAX Old fact for 8053820: do not exist Meet incoming edge from 805381e The fact from 805381e before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack Check srcAddr at 805381e, trgAddr at 8053820, thunk at 8053778 Fact from 805381e after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack New fact at 8053820 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@8053820<[x86::eip]>[x86::eax]) Instruction: jmp EAX AST: Kill bound fact for and are equal inserting relation and , type 0 Apply relations to (,,) Apply relations2 to (,,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack Starting analysis inside SCC 3 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 8053820 The fact from 8053820 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack Check srcAddr at 8053820, trgAddr at 0, thunk at 8053778 Fact from 8053820 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip jump target expression (,,) Expanding instruction @ 8053817: mov EAX, [EAX + EBX * 1 + ffffc004] Original expand: (((,((,<1:8>,),<0:40>,<32:40>,),),<4294950916:32>,),) Adding assignment (@8053817<[x86::eax]>[x86::ebx]>[x86::eax]>H[]) in instruction mov EAX, [EAX + EBX * 1 + ffffc004] at 8053817, total 3 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 8053817, insn: mov EAX, [EAX + EBX * 1 + ffffc004] Old fact for 8053817: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Check srcAddr at 0, trgAddr at 8053817, thunk at 8053778 find thunk at 8053778 between the source and the target. Add factInterval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Fact from 0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack New fact at 8053817 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 264 Expand assignment : (@8053817<[x86::eax]>[x86::ebx]>[x86::eax]>H[]) Instruction: mov EAX, [EAX + EBX * 1 + ffffc004] AST: (((,,),<4294950916:32>,),) Kill bound fact for Apply relations to (((,,),<4294950916:32>,),) Apply relations2 to (((,,),<4294950916:32>,),) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294950916:32>,),) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 805381e, insn: add EAX, EBX Old fact for 805381e: do not exist Meet incoming edge from 8053817 The fact from 8053817 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294950916:32>,),) No known value at the top of the stack Check srcAddr at 8053817, trgAddr at 805381e, thunk at 8053778 Fact from 8053817 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294950916:32>,),) No known value at the top of the stack New fact at 805381e Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294950916:32>,),) No known value at the top of the stack Facts change! The predecessor node is normal node entry id 51 Expand assignment : (@805381e<[x86::eax]>[x86::ebx]>[x86::eax]) Instruction: add EAX, EBX AST: (,,) Kill bound fact for Apply relations to ((((,,),<4294950916:32>,),),,) Apply relations2 to ((((,,),<4294950916:32>,),),,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294950916:32>,),),,) No known value at the top of the stack Starting analysis inside SCC 3 Calculate Meet for 8053820, insn: jmp EAX Old fact for 8053820: do not exist Meet incoming edge from 805381e The fact from 805381e before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294950916:32>,),),,) No known value at the top of the stack Check srcAddr at 805381e, trgAddr at 8053820, thunk at 8053778 Fact from 805381e after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294950916:32>,),),,) No known value at the top of the stack New fact at 8053820 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294950916:32>,),),,) No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@8053820<[x86::eip]>[x86::eax]) Instruction: jmp EAX AST: Kill bound fact for and are equal inserting relation and , type 0 Apply relations to ((((,,),<4294950916:32>,),),,) Apply relations2 to ((((,,),<4294950916:32>,),),,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294950916:32>,),),,) = ((((,,),<4294950916:32>,),),,) No known value at the top of the stack Starting analysis inside SCC 4 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 8053820 The fact from 8053820 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294950916:32>,),),,) = ((((,,),<4294950916:32>,),),,) No known value at the top of the stack Check srcAddr at 8053820, trgAddr at 0, thunk at 8053778 Fact from 8053820 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294950916:32>,),),,) = ((((,,),<4294950916:32>,),),,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294950916:32>,),),,) = ((((,,),<4294950916:32>,),),,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip jump target expression ((((,,),<4294950916:32>,),),,) tableBase 0xffffc004 invalid, not jump table format tableBase 0xffffc004 not read only, not jump table format Not jump table format! Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp EAX at 0x8053820 in function stdOutputVLog UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 8053820->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff ... continue parse indirect jump at 805379f [Parser.C:1485] recording block [8053790,80537a1) Getting edges ... indirect jump at 0x805379f Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp EAX at 0x805379f Apply indirect control flow analysis at 805379f Looking for thunk Looking for thunk in block [8053771,8053790).IA_IAPI.C[847]: binding PC EIP in call ffff9583 + EIP + 5 to 0x8053778...SUCCESS (CFT=0x804cd00) find thunk at 8053778, storing value 805c000 to x86::ebx ......WARNING: after advance at 0x8053790, curInsn() NULL Looking for thunk in block [8053790,80537a1).......WARNING: after advance at 0x80537a1, curInsn() NULL Expanding instruction @ 805379f: jmp EAX Original expand: Adding assignment (@805379f<[x86::eip]>[x86::eax]) in instruction jmp EAX at 805379f, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 805379f, insn: jmp EAX Old fact for 805379f: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Check srcAddr at 0, trgAddr at 805379f, thunk at 8053778 find thunk at 8053778 between the source and the target. Add factInterval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Fact from 0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack New fact at 805379f Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@805379f<[x86::eip]>[x86::eax]) Instruction: jmp EAX AST: Kill bound fact for and are equal inserting relation and , type 0 Apply relations to Apply relations2 to Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 805379f The fact from 805379f before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack Check srcAddr at 805379f, trgAddr at 0, thunk at 8053778 Fact from 805379f after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack Facts change! Checking final bound fact for x86::eip jump target expression Expanding instruction @ 805379d: add EAX, EBX Original expand: (((,<33:32>,),((,<33:32>,),<0:1>,),),<0:33>,<32:33>,) Adding assignment (@805379d<[x86::eax]>[x86::ebx]>[x86::eax]) in instruction add EAX, EBX at 805379d, total 2 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 805379d, insn: add EAX, EBX Old fact for 805379d: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Check srcAddr at 0, trgAddr at 805379d, thunk at 8053778 find thunk at 8053778 between the source and the target. Add factInterval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Fact from 0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack New fact at 805379d Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 51 Expand assignment : (@805379d<[x86::eax]>[x86::ebx]>[x86::eax]) Instruction: add EAX, EBX AST: (,,) Kill bound fact for Apply relations to (,,) Apply relations2 to (,,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 805379f, insn: jmp EAX Old fact for 805379f: do not exist Meet incoming edge from 805379d The fact from 805379d before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack Check srcAddr at 805379d, trgAddr at 805379f, thunk at 8053778 Fact from 805379d after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack New fact at 805379f Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@805379f<[x86::eip]>[x86::eax]) Instruction: jmp EAX AST: Kill bound fact for and are equal inserting relation and , type 0 Apply relations to (,,) Apply relations2 to (,,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack Starting analysis inside SCC 3 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 805379f The fact from 805379f before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack Check srcAddr at 805379f, trgAddr at 0, thunk at 8053778 Fact from 805379f after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip jump target expression (,,) Expanding instruction @ 8053796: mov EAX, [EAX + EBX * 1 + ffffbff0] Original expand: (((,((,<1:8>,),<0:40>,<32:40>,),),<4294950896:32>,),) Adding assignment (@8053796<[x86::eax]>[x86::eax]>[x86::ebx]>H[]) in instruction mov EAX, [EAX + EBX * 1 + ffffbff0] at 8053796, total 3 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 8053796, insn: mov EAX, [EAX + EBX * 1 + ffffbff0] Old fact for 8053796: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Check srcAddr at 0, trgAddr at 8053796, thunk at 8053778 find thunk at 8053778 between the source and the target. Add factInterval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Fact from 0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack New fact at 8053796 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 264 Expand assignment : (@8053796<[x86::eax]>[x86::eax]>[x86::ebx]>H[]) Instruction: mov EAX, [EAX + EBX * 1 + ffffbff0] AST: (((,,),<4294950896:32>,),) Kill bound fact for Apply relations to (((,,),<4294950896:32>,),) Apply relations2 to (((,,),<4294950896:32>,),) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294950896:32>,),) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 805379d, insn: add EAX, EBX Old fact for 805379d: do not exist Meet incoming edge from 8053796 The fact from 8053796 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294950896:32>,),) No known value at the top of the stack Check srcAddr at 8053796, trgAddr at 805379d, thunk at 8053778 Fact from 8053796 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294950896:32>,),) No known value at the top of the stack New fact at 805379d Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294950896:32>,),) No known value at the top of the stack Facts change! The predecessor node is normal node entry id 51 Expand assignment : (@805379d<[x86::eax]>[x86::ebx]>[x86::eax]) Instruction: add EAX, EBX AST: (,,) Kill bound fact for Apply relations to ((((,,),<4294950896:32>,),),,) Apply relations2 to ((((,,),<4294950896:32>,),),,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294950896:32>,),),,) No known value at the top of the stack Starting analysis inside SCC 3 Calculate Meet for 805379f, insn: jmp EAX Old fact for 805379f: do not exist Meet incoming edge from 805379d The fact from 805379d before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294950896:32>,),),,) No known value at the top of the stack Check srcAddr at 805379d, trgAddr at 805379f, thunk at 8053778 Fact from 805379d after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294950896:32>,),),,) No known value at the top of the stack New fact at 805379f Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294950896:32>,),),,) No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@805379f<[x86::eip]>[x86::eax]) Instruction: jmp EAX AST: Kill bound fact for and are equal inserting relation and , type 0 Apply relations to ((((,,),<4294950896:32>,),),,) Apply relations2 to ((((,,),<4294950896:32>,),),,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294950896:32>,),),,) = ((((,,),<4294950896:32>,),),,) No known value at the top of the stack Starting analysis inside SCC 4 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 805379f The fact from 805379f before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294950896:32>,),),,) = ((((,,),<4294950896:32>,),),,) No known value at the top of the stack Check srcAddr at 805379f, trgAddr at 0, thunk at 8053778 Fact from 805379f after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294950896:32>,),),,) = ((((,,),<4294950896:32>,),),,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294950896:32>,),),,) = ((((,,),<4294950896:32>,),),,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip jump target expression ((((,,),<4294950896:32>,),),,) tableBase 0xffffbff0 invalid, not jump table format tableBase 0xffffbff0 not read only, not jump table format Not jump table format! Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp EAX at 0x805379f in function stdOutputVLog UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 805379f->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff [Parser.C] frame 8053771 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] stdOutputVLog return status 3, no waiters [Parser.C] ==== resuming parse of frame 80539bd ==== Checking non-returning for stdOutputVLog Checking non-returning for stdOutputVLog [Parser.C:1485] recording block [80539ef,80539ef) [Parser.C] parsing block 80539ef [Parser.C:1274] curAddr 0x80539ef: add ESP, 24 [Parser.C:1280] leaf 1 funcname logerror hasCFT called [Parser.C:1274] curAddr 0x80539f2: pop EBX, ESP [Parser.C:1280] leaf 1 funcname logerror hasCFT called [Parser.C:1274] curAddr 0x80539f3: pop EBP, ESP [Parser.C:1280] leaf 1 funcname logerror hasCFT called [Parser.C:1274] curAddr 0x80539f4: ret near [ESP] [Parser.C:1280] leaf 1 funcname logerror hasCFT called branch or return, ret true [Parser.C:1485] recording block [80539ef,80539f5) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80539f4 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80539f4...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 80539bd complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] logerror return status 3, no waiters [Parser.C] ==== resuming parse of frame 804eabf ==== Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804eaec exists [Parser.C] skipping locally parsed target at 804eaec [Parser.C:1485] recording block [804eaf2,804eaf2) [Parser.C] parsing block 804eaf2 [Parser.C:1274] curAddr 0x804eaf2: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804eaf5: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804eaf9: lea EAX, EBX + ffff970c [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804eaff: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called [Parser.C:1274] curAddr 0x804eb02: call 4eb6 + EIP + 5 [Parser.C:1280] leaf 1 funcname fail7Print hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4eb6 + EIP + 5 to 0x804eb02...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804eaf2,804eb07) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804eb02->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804eb02->804eb07 resolveable_edge: 1, tailcall: 0, target: 804eb07 [ParserDetails.C:588] pushing 804eb07 onto worklist [Parser.C] binding call 804eb02->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804eb07 exists [Parser.C] skipping locally parsed target at 804eb07 [Parser.C] frame 804eabf complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] fail7Print return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804eb0d) [Parser.C:180] entered parse_at([804ccd0,80549c4),804eb0d) [Parser.C:1485] recording block [804eb0d,804eb0d) [Parser.C] ==== starting to parse frame 804eb0d ==== [Parser.C] parsing block 804eb0d [Parser.C:1274] curAddr 0x804eb0d: push EBP, ESP [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb0e: mov EBP, ESP [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb10: push EBX, ESP [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb11: sub ESP, 14 [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb14: call ffffe1e7 + EIP + 5 [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe1e7 + EIP + 5 to 0x804eb14...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804eb19: add EBX, d4e7 [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb1f: cmp [EBP + 8], 4a [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb23: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called branch or return, ret true [Parser.C:1485] recording block [804eb0d,804eb25) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804eb23...SUCCESS (CFT=0x804eb3a) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804eb23->804eb3a resolveable_edge: 1, tailcall: 0, target: 804eb3a [ParserDetails.C:588] pushing 804eb3a onto worklist ParserDetails.C[80]: adding conditional not taken edge 804eb23->804eb25 resolveable_edge: 1, tailcall: 0, target: 804eb25 [ParserDetails.C:588] pushing 804eb25 onto worklist [Parser.C:1485] recording block [804eb3a,804eb3a) [Parser.C] parsing block 804eb3a [Parser.C:1274] curAddr 0x804eb3a: cmp [EBP + c], 49 [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb3e: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called branch or return, ret true [Parser.C:1485] recording block [804eb3a,804eb40) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804eb3e...SUCCESS (CFT=0x804eb55) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804eb3e->804eb55 resolveable_edge: 1, tailcall: 0, target: 804eb55 [ParserDetails.C:588] pushing 804eb55 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804eb3e->804eb40 resolveable_edge: 1, tailcall: 0, target: 804eb40 [ParserDetails.C:588] pushing 804eb40 onto worklist [Parser.C:1485] recording block [804eb55,804eb55) [Parser.C] parsing block 804eb55 [Parser.C:1274] curAddr 0x804eb55: add ESP, 14 [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb58: pop EBX, ESP [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb59: pop EBP, ESP [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb5a: ret near [ESP] [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called branch or return, ret true [Parser.C:1485] recording block [804eb55,804eb5b) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804eb5a Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804eb5a...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804eb25,804eb25) [Parser.C] parsing block 804eb25 [Parser.C:1274] curAddr 0x804eb25: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb28: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb2c: lea EAX, EBX + ffff9748 [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb32: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb35: call 4e83 + EIP + 5 [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4e83 + EIP + 5 to 0x804eb35...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804eb25,804eb3a) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804eb35->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804eb35->804eb3a resolveable_edge: 1, tailcall: 0, target: 804eb3a [ParserDetails.C:588] pushing 804eb3a onto worklist [Parser.C] binding call 804eb35->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804eb3a exists [Parser.C] skipping locally parsed target at 804eb3a [Parser.C:1485] recording block [804eb40,804eb40) [Parser.C] parsing block 804eb40 [Parser.C:1274] curAddr 0x804eb40: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb43: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb47: lea EAX, EBX + ffff9780 [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb4d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called [Parser.C:1274] curAddr 0x804eb50: call 4e68 + EIP + 5 [Parser.C:1280] leaf 1 funcname fail7aPrint hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4e68 + EIP + 5 to 0x804eb50...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804eb40,804eb55) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804eb50->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804eb50->804eb55 resolveable_edge: 1, tailcall: 0, target: 804eb55 [ParserDetails.C:588] pushing 804eb55 onto worklist [Parser.C] binding call 804eb50->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804eb55 exists [Parser.C] skipping locally parsed target at 804eb55 [Parser.C] frame 804eb0d complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] fail7aPrint return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804f33d) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f33d) [Parser.C:1485] recording block [804f33d,804f33d) [Parser.C] ==== starting to parse frame 804f33d ==== [Parser.C] parsing block 804f33d [Parser.C:1274] curAddr 0x804f33d: push EBP, ESP [Parser.C:1280] leaf 1 funcname func2 hasCFT called [Parser.C:1274] curAddr 0x804f33e: mov EBP, ESP [Parser.C:1280] leaf 1 funcname func2 hasCFT called [Parser.C:1274] curAddr 0x804f340: call ffffe840 + EIP + 5 [Parser.C:1280] leaf 1 funcname func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe840 + EIP + 5 to 0x804f340...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x804f345: add ECX, ccbb [Parser.C:1280] leaf 1 funcname func2 hasCFT called [Parser.C:1274] curAddr 0x804f34b: mov [ECX + 82c], 2 [Parser.C:1280] leaf 1 funcname func2 hasCFT called [Parser.C:1274] curAddr 0x804f355: pop EBP, ESP [Parser.C:1280] leaf 1 funcname func2 hasCFT called [Parser.C:1274] curAddr 0x804f356: ret near [ESP] [Parser.C:1280] leaf 1 funcname func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f33d,804f357) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f356 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f356...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 804f33d complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] func2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804fbe3) [Parser.C:180] entered parse_at([804ccd0,80549c4),804fbe3) [Parser.C:1485] recording block [804fbe3,804fbe3) [Parser.C] ==== starting to parse frame 804fbe3 ==== [Parser.C] parsing block 804fbe3 [Parser.C:1274] curAddr 0x804fbe3: push EBP, ESP [Parser.C:1280] leaf 1 funcname func17_3 hasCFT called [Parser.C:1274] curAddr 0x804fbe4: mov EBP, ESP [Parser.C:1280] leaf 1 funcname func17_3 hasCFT called [Parser.C:1274] curAddr 0x804fbe6: push EBX, ESP [Parser.C:1280] leaf 1 funcname func17_3 hasCFT called [Parser.C:1274] curAddr 0x804fbe7: sub ESP, 4 [Parser.C:1280] leaf 1 funcname func17_3 hasCFT called [Parser.C:1274] curAddr 0x804fbea: call ffffd111 + EIP + 5 [Parser.C:1280] leaf 1 funcname func17_3 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd111 + EIP + 5 to 0x804fbea...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804fbef: add EBX, c411 [Parser.C:1280] leaf 1 funcname func17_3 hasCFT called [Parser.C:1274] curAddr 0x804fbf5: call d + EIP + 5 [Parser.C:1280] leaf 1 funcname func17_3 hasCFT called IA_IAPI.C[847]: binding PC EIP in call d + EIP + 5 to 0x804fbf5...SUCCESS (CFT=0x804fc07) [Parser.C:1485] recording block [804fbe3,804fbfa) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fbf5->804fc07 resolveable_edge: 1, tailcall: 0, target: 804fc07 [ParserDetails.C:588] pushing 804fc07 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fbf5->804fbfa resolveable_edge: 1, tailcall: 0, target: 804fbfa [ParserDetails.C:588] pushing 804fbfa onto worklist [Parser.C] binding call 804fbf5->804fc07 [Parser.C:1485] recording block [804fc07,804fc07) [suspend frame 804fbe3] [Parser.C] frame 804fbe3 blocked at 804fbf5 call target 804fc07 [Parser.C] block 804fc07 exists [Parser.C] ==== starting to parse frame 804fc07 ==== [Parser.C] parsing block 804fc07 [Parser.C:1274] curAddr 0x804fc07: push EBP, ESP [Parser.C:1280] leaf 1 funcname func17_4 hasCFT called [Parser.C:1274] curAddr 0x804fc08: mov EBP, ESP [Parser.C:1280] leaf 1 funcname func17_4 hasCFT called [Parser.C:1274] curAddr 0x804fc0a: mov EAX, 19f168 [Parser.C:1280] leaf 1 funcname func17_4 hasCFT called [Parser.C:1274] curAddr 0x804fc0f: pop EBP, ESP [Parser.C:1280] leaf 1 funcname func17_4 hasCFT called [Parser.C:1274] curAddr 0x804fc10: ret near [ESP] [Parser.C:1280] leaf 1 funcname func17_4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fc07,804fc11) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804fc10 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804fc10...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 804fc07 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] func17_4 return status 3, no waiters [Parser.C] ==== resuming parse of frame 804fbe3 ==== Checking non-returning for func17_4 [Parser.C:1485] recording block [804fbfa,804fbfa) [Parser.C] parsing block 804fbfa [Parser.C:1274] curAddr 0x804fbfa: mov [EBX + 880], EAX [Parser.C:1280] leaf 1 funcname func17_3 hasCFT called [Parser.C:1274] curAddr 0x804fc00: nop [Parser.C:1280] leaf 1 funcname func17_3 hasCFT called [Parser.C:1274] curAddr 0x804fc01: add ESP, 4 [Parser.C:1280] leaf 1 funcname func17_3 hasCFT called [Parser.C:1274] curAddr 0x804fc04: pop EBX, ESP [Parser.C:1280] leaf 1 funcname func17_3 hasCFT called [Parser.C:1274] curAddr 0x804fc05: pop EBP, ESP [Parser.C:1280] leaf 1 funcname func17_3 hasCFT called [Parser.C:1274] curAddr 0x804fc06: ret near [ESP] [Parser.C:1280] leaf 1 funcname func17_3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fbfa,804fc07) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804fc06 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804fc06...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 804fbe3 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] func17_3 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804fc07) [Parser.C:180] entered parse_at([804ccd0,80549c4),804fc07) function at 804fc07 already parsed, status 3 [Parser.C:224] entered parse_at(805073d) [Parser.C:180] entered parse_at([804ccd0,80549c4),805073d) [Parser.C:1485] recording block [805073d,805073d) [Parser.C] ==== starting to parse frame 805073d ==== [Parser.C] parsing block 805073d [Parser.C:1274] curAddr 0x805073d: push EBP, ESP [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x805073e: mov EBP, ESP [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x8050740: sub ESP, 20 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x8050743: call ffffd43d + EIP + 5 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd43d + EIP + 5 to 0x8050743...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8050748: add ECX, b8b8 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x805074e: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x8050751: mov [EBP + ffffffffffffffe8], EAX [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x8050754: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x8050757: mov [EBP + ffffffffffffffec], EAX [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x805075a: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x805075d: mov [EBP + ffffffffffffffe0], EAX [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x8050760: mov EAX, [EBP + 14] [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x8050763: mov [EBP + ffffffffffffffe4], EAX [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x8050766: fld ST0, [EBP + ffffffffffffffe8] [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x8050769: fsub ST0, [EBP + ffffffffffffffe0] [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x805076c: fstp [EBP + fffffffffffffff8], ST0 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x805076f: fld1 ST0 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x8050771: fld ST0, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x8050774: fxch ST0, ST1 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x8050776: fucomip ST0, ST1 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x8050778: fstp ST0, ST0 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x805077a: jbe 8 + EIP + 2 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called branch or return, ret true [Parser.C:1485] recording block [805073d,805077c) Getting edges IA_IAPI.C[847]: binding PC EIP in jbe 8 + EIP + 2 to 0x805077a...SUCCESS (CFT=0x8050784) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805077a->8050784 resolveable_edge: 1, tailcall: 0, target: 8050784 [ParserDetails.C:588] pushing 8050784 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805077a->805077c resolveable_edge: 1, tailcall: 0, target: 805077c [ParserDetails.C:588] pushing 805077c onto worklist [Parser.C:1485] recording block [8050784,8050784) [Parser.C] parsing block 8050784 [Parser.C:1274] curAddr 0x8050784: fld ST0, [ECX + ffffa870] [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x805078a: fld ST0, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x805078d: fxch ST0, ST1 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x805078f: fucomip ST0, ST1 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x8050791: fstp ST0, ST0 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x8050793: jbe 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050784,8050795) Getting edges IA_IAPI.C[847]: binding PC EIP in jbe 7 + EIP + 2 to 0x8050793...SUCCESS (CFT=0x805079c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050793->805079c resolveable_edge: 1, tailcall: 0, target: 805079c [ParserDetails.C:588] pushing 805079c onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050793->8050795 resolveable_edge: 1, tailcall: 0, target: 8050795 [ParserDetails.C:588] pushing 8050795 onto worklist [Parser.C:1485] recording block [805079c,805079c) [Parser.C] parsing block 805079c [Parser.C:1274] curAddr 0x805079c: mov EAX, 0 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x80507a1: leave [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x80507a2: ret near [ESP] [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called branch or return, ret true [Parser.C:1485] recording block [805079c,80507a3) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80507a2 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80507a2...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [805077c,805077c) [Parser.C] parsing block 805077c [Parser.C:1274] curAddr 0x805077c: fld ST0, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x805077f: fchs ST0 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x8050781: fstp [EBP + fffffffffffffff8], ST0 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C] straight-line parse into block at 8050784 [Parser.C:1485] recording block [805077c,8050784) [Parser.C] block 8050784 exists [Parser.C:1485] recording block [8050795,8050795) [Parser.C] parsing block 8050795 [Parser.C:1274] curAddr 0x8050795: mov EAX, 1 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called [Parser.C:1274] curAddr 0x805079a: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname eq_doubles hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x805079a...SUCCESS (CFT=0x80507a1) [Parser.C:1485] recording block [8050795,805079c) Getting edges Checking for Tail Call jump to 0x80507a1 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 805079a->80507a1 resolveable_edge: 1, tailcall: 0, target: 80507a1 [ParserDetails.C:588] pushing 80507a1 onto worklist [Parser.C] address 80507a1 splits [805079c,80507a3) (0x1ced780) [Parser.C:1485] recording block [80507a1,80507a3) [Parser.C] skipping locally parsed target at 80507a1 [Parser.C] frame 805073d complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] eq_doubles return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8050d12) [Parser.C:180] entered parse_at([804ccd0,80549c4),8050d12) [Parser.C:1485] recording block [8050d12,8050d12) [Parser.C] ==== starting to parse frame 8050d12 ==== [Parser.C] parsing block 8050d12 [Parser.C:1274] curAddr 0x8050d12: push EBP, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d13: mov EBP, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d15: push EBX, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d16: sub ESP, 24 [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d19: call ffffbfe2 + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffbfe2 + EIP + 5 to 0x8050d19...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8050d1e: add EBX, b2e2 [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d24: lea EAX, EBX + ffffac33 [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d2a: mov [ESP + 10], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d2e: lea EAX, EBX + ffffac04 [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d34: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d38: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d3b: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d3f: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d42: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d46: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d49: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d4c: call 379f + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 379f + EIP + 5 to 0x8050d4c...SUCCESS (CFT=0x80544f0) [Parser.C:1485] recording block [8050d12,8050d51) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050d4c->80544f0 resolveable_edge: 1, tailcall: 0, target: 80544f0 [ParserDetails.C:588] pushing 80544f0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050d4c->8050d51 resolveable_edge: 1, tailcall: 0, target: 8050d51 [ParserDetails.C:588] pushing 8050d51 onto worklist [Parser.C] binding call 8050d4c->80544f0 [Parser.C:1485] recording block [80544f0,80544f0) [suspend frame 8050d12] [Parser.C] frame 8050d12 blocked at 8050d4c call target 80544f0 [Parser.C] block 80544f0 exists [Parser.C] ==== starting to parse frame 80544f0 ==== [Parser.C] parsing block 80544f0 [Parser.C:1274] curAddr 0x80544f0: push EBP, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x80544f1: mov EBP, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x80544f3: push EBX, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x80544f4: sub ESP, 14 [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x80544f7: call ffff8804 + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8804 + EIP + 5 to 0x80544f7...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x80544fc: add EBX, 7b04 [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054502: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054505: cmp EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054508: jz 55 + EIP + 2 [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called branch or return, ret true [Parser.C:1485] recording block [80544f0,805450a) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 55 + EIP + 2 to 0x8054508...SUCCESS (CFT=0x805455f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054508->805455f resolveable_edge: 1, tailcall: 0, target: 805455f [ParserDetails.C:588] pushing 805455f onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054508->805450a resolveable_edge: 1, tailcall: 0, target: 805450a [ParserDetails.C:588] pushing 805450a onto worklist [Parser.C:1485] recording block [805455f,805455f) [Parser.C] parsing block 805455f [Parser.C:1274] curAddr 0x805455f: mov EAX, 1 [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054564: add ESP, 14 [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054567: pop EBX, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054568: pop EBP, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054569: ret near [ESP] [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called branch or return, ret true [Parser.C:1485] recording block [805455f,805456a) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8054569 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8054569...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [805450a,805450a) [Parser.C] parsing block 805450a [Parser.C:1274] curAddr 0x805450a: mov EAX, [EBP + 14] [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x805450d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054510: call ffffff5e + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffff5e + EIP + 5 to 0x8054510...SUCCESS (CFT=0x8054473) [Parser.C:1485] recording block [805450a,8054515) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8054510->8054473 resolveable_edge: 1, tailcall: 0, target: 8054473 [ParserDetails.C:588] pushing 8054473 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8054510->8054515 resolveable_edge: 1, tailcall: 0, target: 8054515 [ParserDetails.C:588] pushing 8054515 onto worklist [Parser.C] binding call 8054510->8054473 [Parser.C:1485] recording block [8054473,8054473) [suspend frame 80544f0] [Parser.C] frame 80544f0 blocked at 8054510 call target 8054473 [Parser.C] block 8054473 exists [Parser.C] ==== starting to parse frame 8054473 ==== [Parser.C] parsing block 8054473 [Parser.C:1274] curAddr 0x8054473: push EBP, ESP [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x8054474: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x8054476: push EBX, ESP [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x8054477: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x805447a: call ffff8881 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_passed hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8881 + EIP + 5 to 0x805447a...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x805447f: add EBX, 7b81 [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x8054485: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x805448c: jmp 38 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_passed hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 38 + EIP + 2 to 0x805448c...SUCCESS (CFT=0x80544c6) [Parser.C:1485] recording block [8054473,805448e) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 805448c->80544c6 resolveable_edge: 1, tailcall: 0, target: 80544c6 [ParserDetails.C:588] pushing 80544c6 onto worklist [Parser.C:1485] recording block [80544c6,80544c6) [Parser.C] parsing block 80544c6 [Parser.C:1274] curAddr 0x80544c6: lea EAX, EBX + cc [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544cc: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544ce: cmp [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544d1: jl ffffffffffffffbb + EIP + 2 [Parser.C:1280] leaf 1 funcname test_passed hasCFT called branch or return, ret true [Parser.C:1485] recording block [80544c6,80544d3) Getting edges IA_IAPI.C[847]: binding PC EIP in jl ffffffffffffffbb + EIP + 2 to 0x80544d1...SUCCESS (CFT=0x805448e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80544d1->805448e resolveable_edge: 1, tailcall: 0, target: 805448e [ParserDetails.C:588] pushing 805448e onto worklist ParserDetails.C[80]: adding conditional not taken edge 80544d1->80544d3 resolveable_edge: 1, tailcall: 0, target: 80544d3 [ParserDetails.C:588] pushing 80544d3 onto worklist [Parser.C:1485] recording block [805448e,805448e) [Parser.C] parsing block 805448e [Parser.C:1274] curAddr 0x805448e: lea EAX, EBX + e0 [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x8054494: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x8054497: shl/sal EDX, 4 [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x805449a: add EAX, EDX [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x805449c: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x805449e: mov EDX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544a1: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544a5: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544a8: call ffff8593 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_passed hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8593 + EIP + 5 to 0x80544a8...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [805448e,80544ad) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80544a8->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80544a8->80544ad resolveable_edge: 1, tailcall: 0, target: 80544ad [ParserDetails.C:588] pushing 80544ad onto worklist [Parser.C] binding call 80544a8->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [80544ad,80544ad) [Parser.C] parsing block 80544ad [Parser.C:1274] curAddr 0x80544ad: test EAX, EAX [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544af: jnz 11 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_passed hasCFT called branch or return, ret true [Parser.C:1485] recording block [80544ad,80544b1) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 11 + EIP + 2 to 0x80544af...SUCCESS (CFT=0x80544c2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80544af->80544c2 resolveable_edge: 1, tailcall: 0, target: 80544c2 [ParserDetails.C:588] pushing 80544c2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80544af->80544b1 resolveable_edge: 1, tailcall: 0, target: 80544b1 [ParserDetails.C:588] pushing 80544b1 onto worklist [Parser.C:1485] recording block [80544c2,80544c2) [Parser.C] parsing block 80544c2 [Parser.C:1274] curAddr 0x80544c2: add [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C] straight-line parse into block at 80544c6 [Parser.C:1485] recording block [80544c2,80544c6) [Parser.C] block 80544c6 exists [Parser.C:1485] recording block [80544b1,80544b1) [Parser.C] parsing block 80544b1 [Parser.C:1274] curAddr 0x80544b1: lea EAX, EBX + ae0 [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544b7: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544ba: mov EAX, [EAX + EDX * 4] [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544bd: mov [EBP + fffffffffffffff0], EAX [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544c0: jmp 11 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_passed hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 11 + EIP + 2 to 0x80544c0...SUCCESS (CFT=0x80544d3) [Parser.C:1485] recording block [80544b1,80544c2) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 80544c0->80544d3 resolveable_edge: 1, tailcall: 0, target: 80544d3 [ParserDetails.C:588] pushing 80544d3 onto worklist [Parser.C:1485] recording block [80544d3,80544d3) [Parser.C] parsing block 80544d3 [Parser.C:1274] curAddr 0x80544d3: lea EAX, EBX + cc [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544d9: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544db: cmp [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544de: jl 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_passed hasCFT called branch or return, ret true [Parser.C:1485] recording block [80544d3,80544e0) Getting edges IA_IAPI.C[847]: binding PC EIP in jl 7 + EIP + 2 to 0x80544de...SUCCESS (CFT=0x80544e7) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80544de->80544e7 resolveable_edge: 1, tailcall: 0, target: 80544e7 [ParserDetails.C:588] pushing 80544e7 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80544de->80544e0 resolveable_edge: 1, tailcall: 0, target: 80544e0 [ParserDetails.C:588] pushing 80544e0 onto worklist [Parser.C:1485] recording block [80544e7,80544e7) [Parser.C] parsing block 80544e7 [Parser.C:1274] curAddr 0x80544e7: mov EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544ea: add ESP, 24 [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544ed: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544ee: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C:1274] curAddr 0x80544ef: ret near [ESP] [Parser.C:1280] leaf 1 funcname test_passed hasCFT called branch or return, ret true [Parser.C:1485] recording block [80544e7,80544f0) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80544ef Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80544ef...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [80544e0,80544e0) [Parser.C] parsing block 80544e0 [Parser.C:1274] curAddr 0x80544e0: mov [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname test_passed hasCFT called [Parser.C] straight-line parse into block at 80544e7 [Parser.C:1485] recording block [80544e0,80544e7) [Parser.C] block 80544e7 exists [Parser.C] block 80544d3 exists [Parser.C] skipping locally parsed target at 80544d3 [Parser.C] frame 8054473 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test_passed return status 3, no waiters [Parser.C] ==== resuming parse of frame 80544f0 ==== Checking non-returning for test_passed [Parser.C:1485] recording block [8054515,8054515) [Parser.C] parsing block 8054515 [Parser.C:1274] curAddr 0x8054515: test EAX, EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054517: jz 1c + EIP + 2 [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054515,8054519) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1c + EIP + 2 to 0x8054517...SUCCESS (CFT=0x8054535) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054517->8054535 resolveable_edge: 1, tailcall: 0, target: 8054535 [ParserDetails.C:588] pushing 8054535 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054517->8054519 resolveable_edge: 1, tailcall: 0, target: 8054519 [ParserDetails.C:588] pushing 8054519 onto worklist [Parser.C:1485] recording block [8054535,8054535) [Parser.C] parsing block 8054535 [Parser.C:1274] curAddr 0x8054535: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054538: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x805453c: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x805453f: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054543: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054546: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x805454a: lea EAX, EBX + ffffc1c9 [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054550: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054553: call fffff465 + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff465 + EIP + 5 to 0x8054553...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8054535,8054558) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8054553->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8054553->8054558 resolveable_edge: 1, tailcall: 0, target: 8054558 [ParserDetails.C:588] pushing 8054558 onto worklist [Parser.C] binding call 8054553->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8054558,8054558) [Parser.C] parsing block 8054558 [Parser.C:1274] curAddr 0x8054558: mov EAX, 0 [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x805455d: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x805455d...SUCCESS (CFT=0x8054564) [Parser.C:1485] recording block [8054558,805455f) Getting edges Checking for Tail Call jump to 0x8054564 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 805455d->8054564 resolveable_edge: 1, tailcall: 0, target: 8054564 [ParserDetails.C:588] pushing 8054564 onto worklist [Parser.C:1485] recording block [8054519,8054519) [Parser.C] parsing block 8054519 [Parser.C:1274] curAddr 0x8054519: mov EAX, [EBP + 18] [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x805451c: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054520: mov EAX, [EBP + 14] [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054523: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054527: lea EAX, EBX + ffffc1b0 [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x805452d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called [Parser.C:1274] curAddr 0x8054530: call fffff488 + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyScalarValue hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff488 + EIP + 5 to 0x8054530...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8054519,8054535) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8054530->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8054530->8054535 resolveable_edge: 1, tailcall: 0, target: 8054535 [ParserDetails.C:588] pushing 8054535 onto worklist [Parser.C] binding call 8054530->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 8054535 exists [Parser.C] skipping locally parsed target at 8054535 [Parser.C] address 8054564 splits [805455f,805456a) (0x1ceba00) [Parser.C:1485] recording block [8054564,805456a) [Parser.C] skipping locally parsed target at 8054564 [Parser.C] frame 80544f0 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] verifyScalarValue return status 3, no waiters [Parser.C] ==== resuming parse of frame 8050d12 ==== Checking non-returning for verifyScalarValue Checking non-returning for verifyScalarValue [Parser.C:1485] recording block [8050d51,8050d51) [Parser.C] parsing block 8050d51 [Parser.C:1274] curAddr 0x8050d51: test EAX, EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d53: jnz a + EIP + 2 [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050d51,8050d55) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz a + EIP + 2 to 0x8050d53...SUCCESS (CFT=0x8050d5f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050d53->8050d5f resolveable_edge: 1, tailcall: 0, target: 8050d5f [ParserDetails.C:588] pushing 8050d5f onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050d53->8050d55 resolveable_edge: 1, tailcall: 0, target: 8050d55 [ParserDetails.C:588] pushing 8050d55 onto worklist [Parser.C:1485] recording block [8050d5f,8050d5f) [Parser.C] parsing block 8050d5f [Parser.C:1274] curAddr 0x8050d5f: add ESP, 24 [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d62: pop EBX, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d63: pop EBP, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C:1274] curAddr 0x8050d64: ret near [ESP] [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050d5f,8050d65) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8050d64 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8050d64...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8050d55,8050d55) [Parser.C] parsing block 8050d55 [Parser.C:1274] curAddr 0x8050d55: mov [EBX + 8e4], 1 [Parser.C:1280] leaf 1 funcname verifyScalarValue23 hasCFT called [Parser.C] straight-line parse into block at 8050d5f [Parser.C:1485] recording block [8050d55,8050d5f) [Parser.C] block 8050d5f exists [Parser.C] frame 8050d12 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] verifyScalarValue23 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(805116d) [Parser.C:180] entered parse_at([804ccd0,80549c4),805116d) [Parser.C:1485] recording block [805116d,805116d) [Parser.C] ==== starting to parse frame 805116d ==== [Parser.C] parsing block 805116d [Parser.C:1274] curAddr 0x805116d: push EBP, ESP [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x805116e: mov EBP, ESP [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x8051170: push EBX, ESP [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x8051171: sub ESP, 24 [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x8051174: call ffffbb87 + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffbb87 + EIP + 5 to 0x8051174...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8051179: add EBX, ae87 [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x805117f: lea EAX, EBX + ffffadcf [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x8051185: mov [ESP + 14], EAX [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x8051189: lea EAX, EBX + ffffacec [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x805118f: mov [ESP + 10], EAX [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x8051193: mov EAX, [EBP + 14] [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x8051196: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x805119a: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x805119d: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x80511a1: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x80511a4: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x80511a8: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x80511ab: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x80511ae: call 67 + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 67 + EIP + 5 to 0x80511ae...SUCCESS (CFT=0x805121a) [Parser.C:1485] recording block [805116d,80511b3) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80511ae->805121a resolveable_edge: 1, tailcall: 0, target: 805121a [ParserDetails.C:588] pushing 805121a onto worklist ParserDetails.C[68]: adding function fallthrough edge 80511ae->80511b3 resolveable_edge: 1, tailcall: 0, target: 80511b3 [ParserDetails.C:588] pushing 80511b3 onto worklist [Parser.C] binding call 80511ae->805121a [Parser.C:1485] recording block [805121a,805121a) [suspend frame 805116d] [Parser.C] frame 805116d blocked at 80511ae call target 805121a [Parser.C] block 805121a exists [Parser.C] ==== starting to parse frame 805121a ==== [Parser.C] parsing block 805121a [Parser.C:1274] curAddr 0x805121a: push EBP, ESP [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x805121b: mov EBP, ESP [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x805121d: push EBX, ESP [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x805121e: sub ESP, 24 [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051221: call ffffbada + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffbada + EIP + 5 to 0x8051221...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8051226: add EBX, adda [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x805122c: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x805122f: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051236: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051239: add EAX, EDX [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x805123b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x805123d: cmp EAX, [EBP + 14] [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051240: jz 65 + EIP + 2 [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called branch or return, ret true [Parser.C:1485] recording block [805121a,8051242) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 65 + EIP + 2 to 0x8051240...SUCCESS (CFT=0x80512a7) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051240->80512a7 resolveable_edge: 1, tailcall: 0, target: 80512a7 [ParserDetails.C:588] pushing 80512a7 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051240->8051242 resolveable_edge: 1, tailcall: 0, target: 8051242 [ParserDetails.C:588] pushing 8051242 onto worklist [Parser.C:1485] recording block [80512a7,80512a7) [Parser.C] parsing block 80512a7 [Parser.C:1274] curAddr 0x80512a7: mov EAX, 1 [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x80512ac: add ESP, 24 [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x80512af: pop EBX, ESP [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x80512b0: pop EBP, ESP [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x80512b1: ret near [ESP] [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called branch or return, ret true [Parser.C:1485] recording block [80512a7,80512b2) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80512b1 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80512b1...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8051242,8051242) [Parser.C] parsing block 8051242 [Parser.C:1274] curAddr 0x8051242: mov EAX, [EBX + 8ec] [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051248: test EAX, EAX [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x805124a: jnz 1c + EIP + 2 [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051242,805124c) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1c + EIP + 2 to 0x805124a...SUCCESS (CFT=0x8051268) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805124a->8051268 resolveable_edge: 1, tailcall: 0, target: 8051268 [ParserDetails.C:588] pushing 8051268 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805124a->805124c resolveable_edge: 1, tailcall: 0, target: 805124c [ParserDetails.C:588] pushing 805124c onto worklist [Parser.C:1485] recording block [8051268,8051268) [Parser.C] parsing block 8051268 [Parser.C:1274] curAddr 0x8051268: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x805126b: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051272: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051275: add EAX, EDX [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051277: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051279: mov EDX, [EBP + 14] [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x805127c: mov [ESP + 10], EDX [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051280: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051284: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051287: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x805128b: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x805128e: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051292: lea EAX, EBX + ffffadf8 [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051298: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x805129b: call 271d + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called IA_IAPI.C[847]: binding PC EIP in call 271d + EIP + 5 to 0x805129b...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051268,80512a0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805129b->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805129b->80512a0 resolveable_edge: 1, tailcall: 0, target: 80512a0 [ParserDetails.C:588] pushing 80512a0 onto worklist [Parser.C] binding call 805129b->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80512a0,80512a0) [Parser.C] parsing block 80512a0 [Parser.C:1274] curAddr 0x80512a0: mov EAX, 0 [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x80512a5: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x80512a5...SUCCESS (CFT=0x80512ac) [Parser.C:1485] recording block [80512a0,80512a7) Getting edges Checking for Tail Call jump to 0x80512ac is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 80512a5->80512ac resolveable_edge: 1, tailcall: 0, target: 80512ac [ParserDetails.C:588] pushing 80512ac onto worklist [Parser.C:1485] recording block [805124c,805124c) [Parser.C] parsing block 805124c [Parser.C:1274] curAddr 0x805124c: mov EAX, [EBP + 1c] [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x805124f: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051253: mov EAX, [EBP + 18] [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051256: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x805125a: lea EAX, EBX + ffffaddf [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051260: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called [Parser.C:1274] curAddr 0x8051263: call 2755 + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyValue hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2755 + EIP + 5 to 0x8051263...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805124c,8051268) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051263->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051263->8051268 resolveable_edge: 1, tailcall: 0, target: 8051268 [ParserDetails.C:588] pushing 8051268 onto worklist [Parser.C] binding call 8051263->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 8051268 exists [Parser.C] skipping locally parsed target at 8051268 [Parser.C] address 80512ac splits [80512a7,80512b2) (0x1ce5660) [Parser.C:1485] recording block [80512ac,80512b2) [Parser.C] skipping locally parsed target at 80512ac [Parser.C] frame 805121a complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] verifyValue return status 3, no waiters [Parser.C] ==== resuming parse of frame 805116d ==== Checking non-returning for verifyValue [Parser.C:1485] recording block [80511b3,80511b3) [Parser.C] parsing block 80511b3 [Parser.C:1274] curAddr 0x80511b3: test EAX, EAX [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x80511b5: jnz a + EIP + 2 [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80511b3,80511b7) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz a + EIP + 2 to 0x80511b5...SUCCESS (CFT=0x80511c1) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80511b5->80511c1 resolveable_edge: 1, tailcall: 0, target: 80511c1 [ParserDetails.C:588] pushing 80511c1 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80511b5->80511b7 resolveable_edge: 1, tailcall: 0, target: 80511b7 [ParserDetails.C:588] pushing 80511b7 onto worklist [Parser.C:1485] recording block [80511c1,80511c1) [Parser.C] parsing block 80511c1 [Parser.C:1274] curAddr 0x80511c1: add ESP, 24 [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x80511c4: pop EBX, ESP [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x80511c5: pop EBP, ESP [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C:1274] curAddr 0x80511c6: ret near [ESP] [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80511c1,80511c7) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80511c6 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80511c6...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [80511b7,80511b7) [Parser.C] parsing block 80511b7 [Parser.C:1274] curAddr 0x80511b7: mov [EBX + 8ec], 1 [Parser.C:1280] leaf 1 funcname verifyValue24 hasCFT called [Parser.C] straight-line parse into block at 80511c1 [Parser.C:1485] recording block [80511b7,80511c1) [Parser.C] block 80511c1 exists [Parser.C] frame 805116d complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] verifyValue24 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80511c7) [Parser.C:180] entered parse_at([804ccd0,80549c4),80511c7) [Parser.C:1485] recording block [80511c7,80511c7) [Parser.C] ==== starting to parse frame 80511c7 ==== [Parser.C] parsing block 80511c7 [Parser.C:1274] curAddr 0x80511c7: push EBP, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x80511c8: mov EBP, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x80511ca: push EBX, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x80511cb: sub ESP, 24 [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x80511ce: call ffffbb2d + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffbb2d + EIP + 5 to 0x80511ce...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x80511d3: add EBX, ae2d [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x80511d9: lea EAX, EBX + ffffadcf [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x80511df: mov [ESP + 10], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x80511e3: lea EAX, EBX + ffffacec [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x80511e9: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x80511ed: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x80511f0: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x80511f4: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x80511f7: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x80511fb: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x80511fe: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x8051201: call 32ea + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 32ea + EIP + 5 to 0x8051201...SUCCESS (CFT=0x80544f0) [Parser.C:1485] recording block [80511c7,8051206) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051201->80544f0 resolveable_edge: 1, tailcall: 0, target: 80544f0 [ParserDetails.C:588] pushing 80544f0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051201->8051206 resolveable_edge: 1, tailcall: 0, target: 8051206 [ParserDetails.C:588] pushing 8051206 onto worklist [Parser.C] binding call 8051201->80544f0 [Parser.C] block 80544f0 exists Checking non-returning for verifyScalarValue Checking non-returning for verifyScalarValue [Parser.C:1485] recording block [8051206,8051206) [Parser.C] parsing block 8051206 [Parser.C:1274] curAddr 0x8051206: test EAX, EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x8051208: jnz a + EIP + 2 [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051206,805120a) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz a + EIP + 2 to 0x8051208...SUCCESS (CFT=0x8051214) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051208->8051214 resolveable_edge: 1, tailcall: 0, target: 8051214 [ParserDetails.C:588] pushing 8051214 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051208->805120a resolveable_edge: 1, tailcall: 0, target: 805120a [ParserDetails.C:588] pushing 805120a onto worklist [Parser.C:1485] recording block [8051214,8051214) [Parser.C] parsing block 8051214 [Parser.C:1274] curAddr 0x8051214: add ESP, 24 [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x8051217: pop EBX, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x8051218: pop EBP, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C:1274] curAddr 0x8051219: ret near [ESP] [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051214,805121a) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8051219 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8051219...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [805120a,805120a) [Parser.C] parsing block 805120a [Parser.C:1274] curAddr 0x805120a: mov [EBX + 8ec], 1 [Parser.C:1280] leaf 1 funcname verifyScalarValue24 hasCFT called [Parser.C] straight-line parse into block at 8051214 [Parser.C:1485] recording block [805120a,8051214) [Parser.C] block 8051214 exists [Parser.C] frame 80511c7 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] verifyScalarValue24 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(805121a) [Parser.C:180] entered parse_at([804ccd0,80549c4),805121a) function at 805121a already parsed, status 3 [Parser.C:224] entered parse_at(80512b2) [Parser.C:180] entered parse_at([804ccd0,80549c4),80512b2) [Parser.C:1485] recording block [80512b2,80512b2) [Parser.C] ==== starting to parse frame 80512b2 ==== [Parser.C] parsing block 80512b2 [Parser.C:1274] curAddr 0x80512b2: push EBP, ESP [Parser.C:1280] leaf 1 funcname call24_2 hasCFT called [Parser.C:1274] curAddr 0x80512b3: mov EBP, ESP [Parser.C:1280] leaf 1 funcname call24_2 hasCFT called [Parser.C:1274] curAddr 0x80512b5: pop EBP, ESP [Parser.C:1280] leaf 1 funcname call24_2 hasCFT called [Parser.C:1274] curAddr 0x80512b6: ret near [ESP] [Parser.C:1280] leaf 1 funcname call24_2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80512b2,80512b7) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80512b6 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80512b6...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 80512b2 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] call24_2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(805135c) [Parser.C:180] entered parse_at([804ccd0,80549c4),805135c) [Parser.C:1485] recording block [805135c,805135c) [Parser.C] ==== starting to parse frame 805135c ==== [Parser.C] parsing block 805135c [Parser.C:1274] curAddr 0x805135c: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805135d: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805135f: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051360: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051363: call ffffb998 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffb998 + EIP + 5 to 0x8051363...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8051368: add EBX, ac98 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805136e: lea EAX, EBX + fc8 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051374: mov [EAX], 17d7841 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805137a: lea EAX, EBX + fb8 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051380: mov [EAX], 17d7842 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051386: lea EAX, EBX + fc0 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805138c: mov [EAX], 17d7843 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051392: lea EAX, EBX + fb4 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051398: mov [EAX], 17d7844 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805139e: lea EAX, EBX + fbc [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80513a4: mov [EAX], 17d7845 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80513aa: lea EAX, EBX + fb0 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80513b0: mov [EAX], fe8287ba [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80513b6: lea EAX, EBX + fc4 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80513bc: mov [EAX], 17d7847 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80513c2: call 1bb + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1bb + EIP + 5 to 0x80513c2...SUCCESS (CFT=0x8051582) [Parser.C:1485] recording block [805135c,80513c7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80513c2->8051582 resolveable_edge: 1, tailcall: 0, target: 8051582 [ParserDetails.C:588] pushing 8051582 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80513c2->80513c7 resolveable_edge: 1, tailcall: 0, target: 80513c7 [ParserDetails.C:588] pushing 80513c7 onto worklist [Parser.C] binding call 80513c2->8051582 [Parser.C:1485] recording block [8051582,8051582) [suspend frame 805135c] [Parser.C] frame 805135c blocked at 80513c2 call target 8051582 [Parser.C] block 8051582 exists [Parser.C] ==== starting to parse frame 8051582 ==== [Parser.C] parsing block 8051582 [Parser.C:1274] curAddr 0x8051582: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_25_call1 hasCFT called [Parser.C:1274] curAddr 0x8051583: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_25_call1 hasCFT called [Parser.C:1274] curAddr 0x8051585: sub ESP, 10 [Parser.C:1280] leaf 1 funcname test1_25_call1 hasCFT called [Parser.C:1274] curAddr 0x8051588: call ffffc5f8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_25_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffc5f8 + EIP + 5 to 0x8051588...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x805158d: add ECX, aa73 [Parser.C:1280] leaf 1 funcname test1_25_call1 hasCFT called [Parser.C:1274] curAddr 0x8051593: mov [EBP + fffffffffffffffc], 1 [Parser.C:1280] leaf 1 funcname test1_25_call1 hasCFT called [Parser.C:1274] curAddr 0x805159a: mov [EBP + fffffffffffffff8], 2 [Parser.C:1280] leaf 1 funcname test1_25_call1 hasCFT called [Parser.C:1274] curAddr 0x80515a1: mov EAX, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname test1_25_call1 hasCFT called [Parser.C:1274] curAddr 0x80515a4: mov EDX, [EBP + fffffffffffffffc] [Parser.C:1280] leaf 1 funcname test1_25_call1 hasCFT called [Parser.C:1274] curAddr 0x80515a7: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_25_call1 hasCFT called [Parser.C:1274] curAddr 0x80515a9: mov [ECX + 8f0], EAX [Parser.C:1280] leaf 1 funcname test1_25_call1 hasCFT called [Parser.C:1274] curAddr 0x80515af: leave [Parser.C:1280] leaf 1 funcname test1_25_call1 hasCFT called [Parser.C:1274] curAddr 0x80515b0: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_25_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051582,80515b1) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80515b0 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80515b0...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8051582 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_25_call1 return status 3, no waiters [Parser.C] ==== resuming parse of frame 805135c ==== Checking non-returning for test1_25_call1 Checking non-returning for test1_25_call1 [Parser.C:1485] recording block [80513c7,80513c7) [Parser.C] parsing block 80513c7 [Parser.C:1274] curAddr 0x80513c7: lea EAX, EBX + fb8 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80513cd: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80513cf: lea EAX, EBX + fc8 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80513d5: cmp EDX, EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80513d7: jz 46 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80513c7,80513d9) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 46 + EIP + 2 to 0x80513d7...SUCCESS (CFT=0x805141f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80513d7->805141f resolveable_edge: 1, tailcall: 0, target: 805141f [ParserDetails.C:588] pushing 805141f onto worklist ParserDetails.C[80]: adding conditional not taken edge 80513d7->80513d9 resolveable_edge: 1, tailcall: 0, target: 80513d9 [ParserDetails.C:588] pushing 80513d9 onto worklist [Parser.C:1485] recording block [805141f,805141f) [Parser.C] parsing block 805141f [Parser.C:1274] curAddr 0x805141f: lea EAX, EBX + fc0 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051425: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051427: lea EAX, EBX + fc8 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805142d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805142f: cmp EDX, EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051431: jz 48 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [805141f,8051433) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 48 + EIP + 2 to 0x8051431...SUCCESS (CFT=0x805147b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051431->805147b resolveable_edge: 1, tailcall: 0, target: 805147b [ParserDetails.C:588] pushing 805147b onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051431->8051433 resolveable_edge: 1, tailcall: 0, target: 8051433 [ParserDetails.C:588] pushing 8051433 onto worklist [Parser.C:1485] recording block [805147b,805147b) [Parser.C] parsing block 805147b [Parser.C:1274] curAddr 0x805147b: lea EAX, EBX + fb4 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051481: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051483: neg EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051485: mov EDX, EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051487: lea EAX, EBX + fbc [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805148d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805148f: cmp EDX, EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051491: jz 4c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [805147b,8051493) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 4c + EIP + 2 to 0x8051491...SUCCESS (CFT=0x80514df) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051491->80514df resolveable_edge: 1, tailcall: 0, target: 80514df [ParserDetails.C:588] pushing 80514df onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051491->8051493 resolveable_edge: 1, tailcall: 0, target: 8051493 [ParserDetails.C:588] pushing 8051493 onto worklist [Parser.C:1485] recording block [80514df,80514df) [Parser.C] parsing block 80514df [Parser.C:1274] curAddr 0x80514df: lea EAX, EBX + fb0 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514e5: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514e7: neg EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514e9: mov EDX, EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514eb: lea EAX, EBX + fc4 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514f1: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514f3: cmp EDX, EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514f5: jz 4c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80514df,80514f7) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 4c + EIP + 2 to 0x80514f5...SUCCESS (CFT=0x8051543) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80514f5->8051543 resolveable_edge: 1, tailcall: 0, target: 8051543 [ParserDetails.C:588] pushing 8051543 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80514f5->80514f7 resolveable_edge: 1, tailcall: 0, target: 80514f7 [ParserDetails.C:588] pushing 80514f7 onto worklist [Parser.C:1485] recording block [8051543,8051543) [Parser.C] parsing block 8051543 [Parser.C:1274] curAddr 0x8051543: mov EAX, [EBX + 8f4] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051549: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805154b: jnz 25 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051543,805154d) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 25 + EIP + 2 to 0x805154b...SUCCESS (CFT=0x8051572) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805154b->8051572 resolveable_edge: 1, tailcall: 0, target: 8051572 [ParserDetails.C:588] pushing 8051572 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805154b->805154d resolveable_edge: 1, tailcall: 0, target: 805154d [ParserDetails.C:588] pushing 805154d onto worklist [Parser.C:1485] recording block [8051572,8051572) [Parser.C] parsing block 8051572 [Parser.C:1274] curAddr 0x8051572: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051579: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805157c: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805157f: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051580: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051581: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051572,8051582) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8051581 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8051581...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [80513d9,80513d9) [Parser.C] parsing block 80513d9 [Parser.C:1274] curAddr 0x80513d9: mov EAX, [EBX + 8f4] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80513df: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80513e1: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80513d9,80513e3) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x80513e1...SUCCESS (CFT=0x80513f1) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80513e1->80513f1 resolveable_edge: 1, tailcall: 0, target: 80513f1 [ParserDetails.C:588] pushing 80513f1 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80513e1->80513e3 resolveable_edge: 1, tailcall: 0, target: 80513e3 [ParserDetails.C:588] pushing 80513e3 onto worklist [Parser.C:1485] recording block [80513f1,80513f1) [Parser.C] parsing block 80513f1 [Parser.C:1274] curAddr 0x80513f1: mov [EBX + 8f4], 1 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80513fb: lea EAX, EBX + fb8 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051401: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051403: lea EDX, EBX + fc8 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051409: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805140d: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051411: lea EAX, EBX + ffffae58 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051417: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805141a: call 259e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 259e + EIP + 5 to 0x805141a...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80513f1,805141f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805141a->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805141a->805141f resolveable_edge: 1, tailcall: 0, target: 805141f [ParserDetails.C:588] pushing 805141f onto worklist [Parser.C] binding call 805141a->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 805141f exists [Parser.C] skipping locally parsed target at 805141f [Parser.C:1485] recording block [80513e3,80513e3) [Parser.C] parsing block 80513e3 [Parser.C:1274] curAddr 0x80513e3: lea EAX, EBX + ffffae30 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80513e9: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80513ec: call 25cc + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 25cc + EIP + 5 to 0x80513ec...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80513e3,80513f1) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80513ec->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80513ec->80513f1 resolveable_edge: 1, tailcall: 0, target: 80513f1 [ParserDetails.C:588] pushing 80513f1 onto worklist [Parser.C] binding call 80513ec->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 80513f1 exists [Parser.C] skipping locally parsed target at 80513f1 [Parser.C:1485] recording block [8051433,8051433) [Parser.C] parsing block 8051433 [Parser.C:1274] curAddr 0x8051433: mov EAX, [EBX + 8f4] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051439: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805143b: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051433,805143d) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x805143b...SUCCESS (CFT=0x805144b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805143b->805144b resolveable_edge: 1, tailcall: 0, target: 805144b [ParserDetails.C:588] pushing 805144b onto worklist ParserDetails.C[80]: adding conditional not taken edge 805143b->805143d resolveable_edge: 1, tailcall: 0, target: 805143d [ParserDetails.C:588] pushing 805143d onto worklist [Parser.C:1485] recording block [805144b,805144b) [Parser.C] parsing block 805144b [Parser.C:1274] curAddr 0x805144b: mov [EBX + 8f4], 1 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051455: lea EAX, EBX + fc8 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805145b: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805145d: lea EAX, EBX + fc0 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051463: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051465: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051469: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805146d: lea EAX, EBX + ffffae84 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051473: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051476: call 2542 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2542 + EIP + 5 to 0x8051476...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805144b,805147b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051476->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051476->805147b resolveable_edge: 1, tailcall: 0, target: 805147b [ParserDetails.C:588] pushing 805147b onto worklist [Parser.C] binding call 8051476->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 805147b exists [Parser.C] skipping locally parsed target at 805147b [Parser.C:1485] recording block [805143d,805143d) [Parser.C] parsing block 805143d [Parser.C:1274] curAddr 0x805143d: lea EAX, EBX + ffffae30 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051443: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051446: call 2572 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2572 + EIP + 5 to 0x8051446...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805143d,805144b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051446->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051446->805144b resolveable_edge: 1, tailcall: 0, target: 805144b [ParserDetails.C:588] pushing 805144b onto worklist [Parser.C] binding call 8051446->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 805144b exists [Parser.C] skipping locally parsed target at 805144b [Parser.C:1485] recording block [8051493,8051493) [Parser.C] parsing block 8051493 [Parser.C:1274] curAddr 0x8051493: mov EAX, [EBX + 8f4] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051499: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805149b: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051493,805149d) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x805149b...SUCCESS (CFT=0x80514ab) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805149b->80514ab resolveable_edge: 1, tailcall: 0, target: 80514ab [ParserDetails.C:588] pushing 80514ab onto worklist ParserDetails.C[80]: adding conditional not taken edge 805149b->805149d resolveable_edge: 1, tailcall: 0, target: 805149d [ParserDetails.C:588] pushing 805149d onto worklist [Parser.C:1485] recording block [80514ab,80514ab) [Parser.C] parsing block 80514ab [Parser.C:1274] curAddr 0x80514ab: mov [EBX + 8f4], 1 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514b5: lea EAX, EBX + fb4 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514bb: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514bd: neg EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514bf: mov EDX, EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514c1: lea EAX, EBX + fbc [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514c7: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514c9: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514cd: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514d1: lea EAX, EBX + ffffaeb0 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514d7: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514da: call 24de + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 24de + EIP + 5 to 0x80514da...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80514ab,80514df) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80514da->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80514da->80514df resolveable_edge: 1, tailcall: 0, target: 80514df [ParserDetails.C:588] pushing 80514df onto worklist [Parser.C] binding call 80514da->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 80514df exists [Parser.C] skipping locally parsed target at 80514df [Parser.C:1485] recording block [805149d,805149d) [Parser.C] parsing block 805149d [Parser.C:1274] curAddr 0x805149d: lea EAX, EBX + ffffae30 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514a3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514a6: call 2512 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2512 + EIP + 5 to 0x80514a6...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805149d,80514ab) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80514a6->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80514a6->80514ab resolveable_edge: 1, tailcall: 0, target: 80514ab [ParserDetails.C:588] pushing 80514ab onto worklist [Parser.C] binding call 80514a6->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 80514ab exists [Parser.C] skipping locally parsed target at 80514ab [Parser.C:1485] recording block [80514f7,80514f7) [Parser.C] parsing block 80514f7 [Parser.C:1274] curAddr 0x80514f7: mov EAX, [EBX + 8f4] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514fd: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x80514ff: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80514f7,8051501) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x80514ff...SUCCESS (CFT=0x805150f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80514ff->805150f resolveable_edge: 1, tailcall: 0, target: 805150f [ParserDetails.C:588] pushing 805150f onto worklist ParserDetails.C[80]: adding conditional not taken edge 80514ff->8051501 resolveable_edge: 1, tailcall: 0, target: 8051501 [ParserDetails.C:588] pushing 8051501 onto worklist [Parser.C:1485] recording block [805150f,805150f) [Parser.C] parsing block 805150f [Parser.C:1274] curAddr 0x805150f: mov [EBX + 8f4], 1 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051519: lea EAX, EBX + fb0 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805151f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051521: neg EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051523: mov EDX, EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051525: lea EAX, EBX + fc4 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805152b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805152d: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051531: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051535: lea EAX, EBX + ffffaedc [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805153b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805153e: call 247a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 247a + EIP + 5 to 0x805153e...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805150f,8051543) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805153e->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805153e->8051543 resolveable_edge: 1, tailcall: 0, target: 8051543 [ParserDetails.C:588] pushing 8051543 onto worklist [Parser.C] binding call 805153e->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 8051543 exists [Parser.C] skipping locally parsed target at 8051543 [Parser.C:1485] recording block [8051501,8051501) [Parser.C] parsing block 8051501 [Parser.C:1274] curAddr 0x8051501: lea EAX, EBX + ffffae30 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051507: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x805150a: call 24ae + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 24ae + EIP + 5 to 0x805150a...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051501,805150f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805150a->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805150a->805150f resolveable_edge: 1, tailcall: 0, target: 805150f [ParserDetails.C:588] pushing 805150f onto worklist [Parser.C] binding call 805150a->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 805150f exists [Parser.C] skipping locally parsed target at 805150f [Parser.C:1485] recording block [805154d,805154d) [Parser.C] parsing block 805154d [Parser.C:1274] curAddr 0x805154d: lea EAX, EBX + ffffaf08 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051553: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051556: call 2462 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2462 + EIP + 5 to 0x8051556...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805154d,805155b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051556->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051556->805155b resolveable_edge: 1, tailcall: 0, target: 805155b [ParserDetails.C:588] pushing 805155b onto worklist [Parser.C] binding call 8051556->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [805155b,805155b) [Parser.C] parsing block 805155b [Parser.C:1274] curAddr 0x805155b: mov EAX, [EBX + 594] [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051561: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051564: call 2e3c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2e3c + EIP + 5 to 0x8051564...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [805155b,8051569) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051564->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051564->8051569 resolveable_edge: 1, tailcall: 0, target: 8051569 [ParserDetails.C:588] pushing 8051569 onto worklist [Parser.C] binding call 8051564->80543a5 [Parser.C:1485] recording block [80543a5,80543a5) [suspend frame 805135c] [Parser.C] frame 805135c blocked at 8051564 call target 80543a5 [Parser.C] block 80543a5 exists [Parser.C] ==== starting to parse frame 80543a5 ==== [Parser.C] parsing block 80543a5 [Parser.C:1274] curAddr 0x80543a5: push EBP, ESP [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543a6: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543a8: push EBX, ESP [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543a9: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543ac: call ffff894f + EIP + 5 [Parser.C:1280] leaf 1 funcname test_passes hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff894f + EIP + 5 to 0x80543ac...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x80543b1: add EBX, 7c4f [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543b7: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543be: jmp 39 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_passes hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 39 + EIP + 2 to 0x80543be...SUCCESS (CFT=0x80543f9) [Parser.C:1485] recording block [80543a5,80543c0) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 80543be->80543f9 resolveable_edge: 1, tailcall: 0, target: 80543f9 [ParserDetails.C:588] pushing 80543f9 onto worklist [Parser.C:1485] recording block [80543f9,80543f9) [Parser.C] parsing block 80543f9 [Parser.C:1274] curAddr 0x80543f9: lea EAX, EBX + cc [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543ff: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x8054401: cmp [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x8054404: jl ffffffffffffffba + EIP + 2 [Parser.C:1280] leaf 1 funcname test_passes hasCFT called branch or return, ret true [Parser.C:1485] recording block [80543f9,8054406) Getting edges IA_IAPI.C[847]: binding PC EIP in jl ffffffffffffffba + EIP + 2 to 0x8054404...SUCCESS (CFT=0x80543c0) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054404->80543c0 resolveable_edge: 1, tailcall: 0, target: 80543c0 [ParserDetails.C:588] pushing 80543c0 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054404->8054406 resolveable_edge: 1, tailcall: 0, target: 8054406 [ParserDetails.C:588] pushing 8054406 onto worklist [Parser.C:1485] recording block [80543c0,80543c0) [Parser.C] parsing block 80543c0 [Parser.C:1274] curAddr 0x80543c0: lea EAX, EBX + e0 [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543c6: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543c9: shl/sal EDX, 4 [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543cc: add EAX, EDX [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543ce: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543d0: mov EDX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543d3: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543d7: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543da: call ffff8661 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_passes hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8661 + EIP + 5 to 0x80543da...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [80543c0,80543df) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80543da->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80543da->80543df resolveable_edge: 1, tailcall: 0, target: 80543df [ParserDetails.C:588] pushing 80543df onto worklist [Parser.C] binding call 80543da->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [80543df,80543df) [Parser.C] parsing block 80543df [Parser.C:1274] curAddr 0x80543df: test EAX, EAX [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543e1: jnz 12 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_passes hasCFT called branch or return, ret true [Parser.C:1485] recording block [80543df,80543e3) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 12 + EIP + 2 to 0x80543e1...SUCCESS (CFT=0x80543f5) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80543e1->80543f5 resolveable_edge: 1, tailcall: 0, target: 80543f5 [ParserDetails.C:588] pushing 80543f5 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80543e1->80543e3 resolveable_edge: 1, tailcall: 0, target: 80543e3 [ParserDetails.C:588] pushing 80543e3 onto worklist [Parser.C:1485] recording block [80543f5,80543f5) [Parser.C] parsing block 80543f5 [Parser.C:1274] curAddr 0x80543f5: add [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C] straight-line parse into block at 80543f9 [Parser.C:1485] recording block [80543f5,80543f9) [Parser.C] block 80543f9 exists [Parser.C:1485] recording block [80543e3,80543e3) [Parser.C] parsing block 80543e3 [Parser.C:1274] curAddr 0x80543e3: lea EAX, EBX + ae0 [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543e9: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543ec: mov [EAX + EDX * 4], 1 [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x80543f3: jmp 11 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_passes hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 11 + EIP + 2 to 0x80543f3...SUCCESS (CFT=0x8054406) [Parser.C:1485] recording block [80543e3,80543f5) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 80543f3->8054406 resolveable_edge: 1, tailcall: 0, target: 8054406 [ParserDetails.C:588] pushing 8054406 onto worklist [Parser.C:1485] recording block [8054406,8054406) [Parser.C] parsing block 8054406 [Parser.C:1274] curAddr 0x8054406: add ESP, 24 [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x8054409: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x805440a: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test_passes hasCFT called [Parser.C:1274] curAddr 0x805440b: ret near [ESP] [Parser.C:1280] leaf 1 funcname test_passes hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054406,805440c) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x805440b Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x805440b...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] block 8054406 exists [Parser.C] skipping locally parsed target at 8054406 [Parser.C] frame 80543a5 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test_passes return status 3, no waiters [Parser.C] ==== resuming parse of frame 805135c ==== Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8051569,8051569) [Parser.C] parsing block 8051569 [Parser.C:1274] curAddr 0x8051569: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051570: jmp 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_25_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 7 + EIP + 2 to 0x8051570...SUCCESS (CFT=0x8051579) [Parser.C:1485] recording block [8051569,8051572) Getting edges Checking for Tail Call jump to 0x8051579 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8051570->8051579 resolveable_edge: 1, tailcall: 0, target: 8051579 [ParserDetails.C:588] pushing 8051579 onto worklist [Parser.C] address 8051579 splits [8051572,8051582) (0x1cf0de0) [Parser.C:1485] recording block [8051579,8051582) [Parser.C] skipping locally parsed target at 8051579 [Parser.C] frame 805135c complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_25_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80517fe) [Parser.C:180] entered parse_at([804ccd0,80549c4),80517fe) [Parser.C:1485] recording block [80517fe,80517fe) [Parser.C] ==== starting to parse frame 80517fe ==== [Parser.C] parsing block 80517fe [Parser.C:1274] curAddr 0x80517fe: push EBP, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x80517ff: mov EBP, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x8051801: push EBX, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x8051802: sub ESP, 24 [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x8051805: call ffffb4f6 + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffb4f6 + EIP + 5 to 0x8051805...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x805180a: add EBX, a7f6 [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x8051810: lea EAX, EBX + ffffb08b [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x8051816: mov [ESP + 10], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x805181a: lea EAX, EBX + ffffaf2c [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x8051820: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x8051824: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x8051827: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x805182b: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x805182e: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x8051832: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x8051835: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x8051838: call 2cb3 + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2cb3 + EIP + 5 to 0x8051838...SUCCESS (CFT=0x80544f0) [Parser.C:1485] recording block [80517fe,805183d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051838->80544f0 resolveable_edge: 1, tailcall: 0, target: 80544f0 [ParserDetails.C:588] pushing 80544f0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051838->805183d resolveable_edge: 1, tailcall: 0, target: 805183d [ParserDetails.C:588] pushing 805183d onto worklist [Parser.C] binding call 8051838->80544f0 [Parser.C] block 80544f0 exists Checking non-returning for verifyScalarValue Checking non-returning for verifyScalarValue [Parser.C:1485] recording block [805183d,805183d) [Parser.C] parsing block 805183d [Parser.C:1274] curAddr 0x805183d: test EAX, EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x805183f: jnz a + EIP + 2 [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called branch or return, ret true [Parser.C:1485] recording block [805183d,8051841) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz a + EIP + 2 to 0x805183f...SUCCESS (CFT=0x805184b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805183f->805184b resolveable_edge: 1, tailcall: 0, target: 805184b [ParserDetails.C:588] pushing 805184b onto worklist ParserDetails.C[80]: adding conditional not taken edge 805183f->8051841 resolveable_edge: 1, tailcall: 0, target: 8051841 [ParserDetails.C:588] pushing 8051841 onto worklist [Parser.C:1485] recording block [805184b,805184b) [Parser.C] parsing block 805184b [Parser.C:1274] curAddr 0x805184b: add ESP, 24 [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x805184e: pop EBX, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x805184f: pop EBP, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C:1274] curAddr 0x8051850: ret near [ESP] [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called branch or return, ret true [Parser.C:1485] recording block [805184b,8051851) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8051850 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8051850...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8051841,8051841) [Parser.C] parsing block 8051841 [Parser.C:1274] curAddr 0x8051841: mov [EBX + 8fc], 1 [Parser.C:1280] leaf 1 funcname verifyScalarValue26 hasCFT called [Parser.C] straight-line parse into block at 805184b [Parser.C:1485] recording block [8051841,805184b) [Parser.C] block 805184b exists [Parser.C] frame 80517fe complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] verifyScalarValue26 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8051851) [Parser.C:180] entered parse_at([804ccd0,80549c4),8051851) [Parser.C:1485] recording block [8051851,8051851) [Parser.C] ==== starting to parse frame 8051851 ==== [Parser.C] parsing block 8051851 [Parser.C:1274] curAddr 0x8051851: push EBP, ESP [Parser.C:1280] leaf 1 funcname call26_2 hasCFT called [Parser.C:1274] curAddr 0x8051852: mov EBP, ESP [Parser.C:1280] leaf 1 funcname call26_2 hasCFT called [Parser.C:1274] curAddr 0x8051854: pop EBP, ESP [Parser.C:1280] leaf 1 funcname call26_2 hasCFT called [Parser.C:1274] curAddr 0x8051855: ret near [ESP] [Parser.C:1280] leaf 1 funcname call26_2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051851,8051856) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8051855 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8051855...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8051851 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] call26_2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8051a9e) [Parser.C:180] entered parse_at([804ccd0,80549c4),8051a9e) [Parser.C:1485] recording block [8051a9e,8051a9e) [Parser.C] ==== starting to parse frame 8051a9e ==== [Parser.C] parsing block 8051a9e [Parser.C:1274] curAddr 0x8051a9e: push EBP, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051a9f: mov EBP, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051aa1: push EBX, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051aa2: sub ESP, 24 [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051aa5: call ffffb256 + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffb256 + EIP + 5 to 0x8051aa5...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8051aaa: add EBX, a556 [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051ab0: lea EAX, EBX + ffffb197 [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051ab6: mov [ESP + 10], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051aba: lea EAX, EBX + ffffb0d0 [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051ac0: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051ac4: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051ac7: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051acb: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051ace: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051ad2: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051ad5: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051ad8: call 2a13 + EIP + 5 [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2a13 + EIP + 5 to 0x8051ad8...SUCCESS (CFT=0x80544f0) [Parser.C:1485] recording block [8051a9e,8051add) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051ad8->80544f0 resolveable_edge: 1, tailcall: 0, target: 80544f0 [ParserDetails.C:588] pushing 80544f0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051ad8->8051add resolveable_edge: 1, tailcall: 0, target: 8051add [ParserDetails.C:588] pushing 8051add onto worklist [Parser.C] binding call 8051ad8->80544f0 [Parser.C] block 80544f0 exists Checking non-returning for verifyScalarValue Checking non-returning for verifyScalarValue [Parser.C:1485] recording block [8051add,8051add) [Parser.C] parsing block 8051add [Parser.C:1274] curAddr 0x8051add: test EAX, EAX [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051adf: jnz a + EIP + 2 [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051add,8051ae1) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz a + EIP + 2 to 0x8051adf...SUCCESS (CFT=0x8051aeb) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051adf->8051aeb resolveable_edge: 1, tailcall: 0, target: 8051aeb [ParserDetails.C:588] pushing 8051aeb onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051adf->8051ae1 resolveable_edge: 1, tailcall: 0, target: 8051ae1 [ParserDetails.C:588] pushing 8051ae1 onto worklist [Parser.C:1485] recording block [8051aeb,8051aeb) [Parser.C] parsing block 8051aeb [Parser.C:1274] curAddr 0x8051aeb: add ESP, 24 [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051aee: pop EBX, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051aef: pop EBP, ESP [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C:1274] curAddr 0x8051af0: ret near [ESP] [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051aeb,8051af1) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8051af0 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8051af0...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8051ae1,8051ae1) [Parser.C] parsing block 8051ae1 [Parser.C:1274] curAddr 0x8051ae1: mov [EBX + 908], 1 [Parser.C:1280] leaf 1 funcname verifyScalarValue28 hasCFT called [Parser.C] straight-line parse into block at 8051aeb [Parser.C:1485] recording block [8051ae1,8051aeb) [Parser.C] block 8051aeb exists [Parser.C] frame 8051a9e complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] verifyScalarValue28 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8051d86) [Parser.C:180] entered parse_at([804ccd0,80549c4),8051d86) [Parser.C:1485] recording block [8051d86,8051d86) [Parser.C] ==== starting to parse frame 8051d86 ==== [Parser.C] parsing block 8051d86 [Parser.C:1274] curAddr 0x8051d86: push EBP, ESP [Parser.C:1280] leaf 1 funcname func30_2 hasCFT called [Parser.C:1274] curAddr 0x8051d87: mov EBP, ESP [Parser.C:1280] leaf 1 funcname func30_2 hasCFT called [Parser.C:1274] curAddr 0x8051d89: sub ESP, 10 [Parser.C:1280] leaf 1 funcname func30_2 hasCFT called [Parser.C:1274] curAddr 0x8051d8c: call ffffbdf4 + EIP + 5 [Parser.C:1280] leaf 1 funcname func30_2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffbdf4 + EIP + 5 to 0x8051d8c...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8051d91: add ECX, a26f [Parser.C:1280] leaf 1 funcname func30_2 hasCFT called [Parser.C:1274] curAddr 0x8051d97: mov [EBP + fffffffffffffffc], 1 [Parser.C:1280] leaf 1 funcname func30_2 hasCFT called [Parser.C:1274] curAddr 0x8051d9e: mov [EBP + fffffffffffffff8], 2 [Parser.C:1280] leaf 1 funcname func30_2 hasCFT called [Parser.C:1274] curAddr 0x8051da5: mov EAX, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname func30_2 hasCFT called [Parser.C:1274] curAddr 0x8051da8: mov EDX, [EBP + fffffffffffffffc] [Parser.C:1280] leaf 1 funcname func30_2 hasCFT called [Parser.C:1274] curAddr 0x8051dab: add EAX, EDX [Parser.C:1280] leaf 1 funcname func30_2 hasCFT called [Parser.C:1274] curAddr 0x8051dad: mov [ECX + 924], EAX [Parser.C:1280] leaf 1 funcname func30_2 hasCFT called [Parser.C:1274] curAddr 0x8051db3: leave [Parser.C:1280] leaf 1 funcname func30_2 hasCFT called [Parser.C:1274] curAddr 0x8051db4: ret near [ESP] [Parser.C:1280] leaf 1 funcname func30_2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051d86,8051db5) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8051db4 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8051db4...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8051d86 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] func30_2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804fa51) [Parser.C:180] entered parse_at([804ccd0,80549c4),804fa51) [Parser.C:1485] recording block [804fa51,804fa51) [Parser.C] ==== starting to parse frame 804fa51 ==== [Parser.C] parsing block 804fa51 [Parser.C:1274] curAddr 0x804fa51: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called [Parser.C:1274] curAddr 0x804fa52: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called [Parser.C:1274] curAddr 0x804fa54: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called [Parser.C:1274] curAddr 0x804fa55: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called [Parser.C:1274] curAddr 0x804fa58: call ffffd2a3 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd2a3 + EIP + 5 to 0x804fa58...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804fa5d: add EBX, c5a3 [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called [Parser.C:1274] curAddr 0x804fa63: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called [Parser.C:1274] curAddr 0x804fa69: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called [Parser.C:1274] curAddr 0x804fa6b: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called [Parser.C:1274] curAddr 0x804fa6d: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fa51,804fa6f) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804fa6d...SUCCESS (CFT=0x804fa7d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fa6d->804fa7d resolveable_edge: 1, tailcall: 0, target: 804fa7d [ParserDetails.C:588] pushing 804fa7d onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fa6d->804fa6f resolveable_edge: 1, tailcall: 0, target: 804fa6f [ParserDetails.C:588] pushing 804fa6f onto worklist [Parser.C:1485] recording block [804fa7d,804fa7d) [Parser.C] parsing block 804fa7d [Parser.C:1274] curAddr 0x804fa7d: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called [Parser.C:1274] curAddr 0x804fa80: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called [Parser.C:1274] curAddr 0x804fa81: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called [Parser.C:1274] curAddr 0x804fa82: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fa7d,804fa83) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804fa82 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804fa82...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804fa6f,804fa6f) [Parser.C] parsing block 804fa6f [Parser.C:1274] curAddr 0x804fa6f: lea EAX, EBX + ffffa2d0 [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called [Parser.C:1274] curAddr 0x804fa75: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called [Parser.C:1274] curAddr 0x804fa78: call ffffd0a3 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func3 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd0a3 + EIP + 5 to 0x804fa78...SUCCESS (CFT=0x804cb20) [Parser.C:1485] recording block [804fa6f,804fa7d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fa78->804cb20 resolveable_edge: 1, tailcall: 0, target: 804cb20 [ParserDetails.C:588] pushing 804cb20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fa78->804fa7d resolveable_edge: 1, tailcall: 0, target: 804fa7d [ParserDetails.C:588] pushing 804fa7d onto worklist [Parser.C] binding call 804fa78->804cb20 [Parser.C] block 804cb20 exists Checking non-returning for puts [Parser.C] block 804fa7d exists [Parser.C] skipping locally parsed target at 804fa7d [Parser.C] frame 804fa51 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_16_func3 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8054895) [Parser.C:180] entered parse_at([804ccd0,80549c4),8054895) [Parser.C:1485] recording block [8054895,8054895) [Parser.C] ==== starting to parse frame 8054895 ==== [Parser.C] parsing block 8054895 [Parser.C:1274] curAddr 0x8054895: push EBP, ESP [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x8054896: mov EBP, ESP [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x8054898: push EBX, ESP [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x8054899: sub ESP, 24 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x805489c: call ffff845f + EIP + 5 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff845f + EIP + 5 to 0x805489c...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x80548a1: add EBX, 775f [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548a7: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548ae: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548b1: mov [EAX + 8], 0 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548b8: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548bb: mov [EAX + c], 0 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548c2: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548c5: mov [EAX], 0 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548cb: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548ce: mov [EAX + 4], 0 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548d5: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548d8: mov [ESP + 8], 0 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548e0: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548e4: mov [ESP], 2 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548eb: call ffff8140 + EIP + 5 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8140 + EIP + 5 to 0x80548eb...SUCCESS (CFT=0x804ca30) [Parser.C:1485] recording block [8054895,80548f0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80548eb->804ca30 resolveable_edge: 1, tailcall: 0, target: 804ca30 [ParserDetails.C:588] pushing 804ca30 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80548eb->80548f0 resolveable_edge: 1, tailcall: 0, target: 80548f0 [ParserDetails.C:588] pushing 80548f0 onto worklist [Parser.C] binding call 80548eb->804ca30 [ParseData.C] new function for target 804ca30 [Parser.C:1485] recording block [804ca30,804ca30) [suspend frame 8054895] [Parser.C] frame 8054895 blocked at 80548eb call target 804ca30 [Parser.C] block 804ca30 exists [Parser.C] ==== starting to parse frame 804ca30 ==== [Parser.C] parsing block 804ca30 [Parser.C:1274] curAddr 0x804ca30: jmp [805c010] [Parser.C:1280] leaf 1 funcname targ804ca30 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c010] to 0x804ca30...FAIL (CFT=0x0), callTarget exp: [805c010] ... indirect jump at 0x804ca30, delay parsing it [Parser.C:1485] recording block [804ca30,804ca36) ... continue parse indirect jump at 804ca30 [Parser.C:1485] recording block [804ca30,804ca36) Getting edges ... indirect jump at 0x804ca30 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c010] at 0x804ca30 Apply indirect control flow analysis at 804ca30 Looking for thunk Looking for thunk in block [804ca30,804ca36).......WARNING: after advance at 0x804ca36, curInsn() NULL Expanding instruction @ 804ca30: jmp [805c010] Original expand: (<134594576:32>,) Adding assignment (@804ca30<[x86::eip]>[_805c010]) in instruction jmp [805c010] at 804ca30, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804ca30, insn: jmp [805c010] Old fact for 804ca30: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804ca30 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804ca30<[x86::eip]>[_805c010]) Instruction: jmp [805c010] AST: (<134594576:64>,) Generate bound fact for Interval 0[134594576,134594576] 0[805c010,805c010], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594576:64>,) Apply relations2 to (<134594576:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594576,134594576] 0[805c010,805c010], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594576:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804ca30 The fact from 804ca30 before applying transfer function Do not track predicate Var: , Interval 0[134594576,134594576] 0[805c010,805c010], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594576:64>,) No known value at the top of the stack Fact from 804ca30 after applying transfer function Do not track predicate Var: , Interval 0[134594576,134594576] 0[805c010,805c010], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594576:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594576,134594576] 0[805c010,805c010], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594576:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594576,134594576] 0[805c010,805c010], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c010 not read only, returning false Not jump table format! [Parser.C] finalizing targ804ca30 (804ca30) No targets, exits func Adding block 0x804ca30 as exit 804ca30 extent [804ca30,804ca36) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c010] at 0x804ca30 in function targ804ca30 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804ca30->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for setitimer [Parser.C] frame 804ca30 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] setitimer return status 2, no waiters [Parser.C] ==== resuming parse of frame 8054895 ==== Checking non-returning for setitimer [Parser.C:1485] recording block [80548f0,80548f0) [Parser.C] parsing block 80548f0 [Parser.C:1274] curAddr 0x80548f0: cmp EAX, ff [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548f3: jnz 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called branch or return, ret true [Parser.C:1485] recording block [80548f0,80548f5) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 7 + EIP + 2 to 0x80548f3...SUCCESS (CFT=0x80548fc) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80548f3->80548fc resolveable_edge: 1, tailcall: 0, target: 80548fc [ParserDetails.C:588] pushing 80548fc onto worklist ParserDetails.C[80]: adding conditional not taken edge 80548f3->80548f5 resolveable_edge: 1, tailcall: 0, target: 80548f5 [ParserDetails.C:588] pushing 80548f5 onto worklist [Parser.C:1485] recording block [80548fc,80548fc) [Parser.C] parsing block 80548fc [Parser.C:1274] curAddr 0x80548fc: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548ff: add EAX, 9c [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x8054904: mov [ESP + 8], 0 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x805490c: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x8054910: mov [ESP], 1b [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x8054917: call ffff8374 + EIP + 5 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8374 + EIP + 5 to 0x8054917...SUCCESS (CFT=0x804cc90) [Parser.C:1485] recording block [80548fc,805491c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8054917->804cc90 resolveable_edge: 1, tailcall: 0, target: 804cc90 [ParserDetails.C:588] pushing 804cc90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8054917->805491c resolveable_edge: 1, tailcall: 0, target: 805491c [ParserDetails.C:588] pushing 805491c onto worklist [Parser.C] binding call 8054917->804cc90 [ParseData.C] new function for target 804cc90 [Parser.C:1485] recording block [804cc90,804cc90) [suspend frame 8054895] [Parser.C] frame 8054895 blocked at 8054917 call target 804cc90 [Parser.C] block 804cc90 exists [Parser.C] ==== starting to parse frame 804cc90 ==== [Parser.C] parsing block 804cc90 [Parser.C:1274] curAddr 0x804cc90: jmp [805c0a8] [Parser.C:1280] leaf 1 funcname targ804cc90 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c0a8] to 0x804cc90...FAIL (CFT=0x0), callTarget exp: [805c0a8] ... indirect jump at 0x804cc90, delay parsing it [Parser.C:1485] recording block [804cc90,804cc96) ... continue parse indirect jump at 804cc90 [Parser.C:1485] recording block [804cc90,804cc96) Getting edges ... indirect jump at 0x804cc90 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c0a8] at 0x804cc90 Apply indirect control flow analysis at 804cc90 Looking for thunk Looking for thunk in block [804cc90,804cc96).......WARNING: after advance at 0x804cc96, curInsn() NULL Expanding instruction @ 804cc90: jmp [805c0a8] Original expand: (<134594728:32>,) Adding assignment (@804cc90<[x86::eip]>[_805c0a8]) in instruction jmp [805c0a8] at 804cc90, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cc90, insn: jmp [805c0a8] Old fact for 804cc90: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cc90 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cc90<[x86::eip]>[_805c0a8]) Instruction: jmp [805c0a8] AST: (<134594728:64>,) Generate bound fact for Interval 0[134594728,134594728] 0[805c0a8,805c0a8], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594728:64>,) Apply relations2 to (<134594728:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594728,134594728] 0[805c0a8,805c0a8], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594728:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cc90 The fact from 804cc90 before applying transfer function Do not track predicate Var: , Interval 0[134594728,134594728] 0[805c0a8,805c0a8], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594728:64>,) No known value at the top of the stack Fact from 804cc90 after applying transfer function Do not track predicate Var: , Interval 0[134594728,134594728] 0[805c0a8,805c0a8], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594728:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594728,134594728] 0[805c0a8,805c0a8], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594728:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594728,134594728] 0[805c0a8,805c0a8], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c0a8 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cc90 (804cc90) No targets, exits func Adding block 0x804cc90 as exit 804cc90 extent [804cc90,804cc96) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c0a8] at 0x804cc90 in function targ804cc90 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cc90->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for sigaction [Parser.C] frame 804cc90 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] sigaction return status 2, no waiters [Parser.C] ==== resuming parse of frame 8054895 ==== Checking non-returning for sigaction [Parser.C:1485] recording block [805491c,805491c) [Parser.C] parsing block 805491c [Parser.C:1274] curAddr 0x805491c: test EAX, EAX [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x805491e: jz 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called branch or return, ret true [Parser.C:1485] recording block [805491c,8054920) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 7 + EIP + 2 to 0x805491e...SUCCESS (CFT=0x8054927) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805491e->8054927 resolveable_edge: 1, tailcall: 0, target: 8054927 [ParserDetails.C:588] pushing 8054927 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805491e->8054920 resolveable_edge: 1, tailcall: 0, target: 8054920 [ParserDetails.C:588] pushing 8054920 onto worklist [Parser.C:1485] recording block [8054927,8054927) [Parser.C] parsing block 8054927 [Parser.C:1274] curAddr 0x8054927: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x805492a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x805492d: call ffff814e + EIP + 5 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff814e + EIP + 5 to 0x805492d...SUCCESS (CFT=0x804ca80) [Parser.C:1485] recording block [8054927,8054932) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805492d->804ca80 resolveable_edge: 1, tailcall: 0, target: 804ca80 [ParserDetails.C:588] pushing 804ca80 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805492d->8054932 resolveable_edge: 1, tailcall: 0, target: 8054932 [ParserDetails.C:588] pushing 8054932 onto worklist [Parser.C] binding call 805492d->804ca80 [ParseData.C] new function for target 804ca80 [Parser.C:1485] recording block [804ca80,804ca80) [suspend frame 8054895] [Parser.C] frame 8054895 blocked at 805492d call target 804ca80 [Parser.C] block 804ca80 exists [Parser.C] ==== starting to parse frame 804ca80 ==== [Parser.C] parsing block 804ca80 [Parser.C:1274] curAddr 0x804ca80: jmp [805c024] [Parser.C:1280] leaf 1 funcname targ804ca80 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c024] to 0x804ca80...FAIL (CFT=0x0), callTarget exp: [805c024] ... indirect jump at 0x804ca80, delay parsing it [Parser.C:1485] recording block [804ca80,804ca86) ... continue parse indirect jump at 804ca80 [Parser.C:1485] recording block [804ca80,804ca86) Getting edges ... indirect jump at 0x804ca80 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c024] at 0x804ca80 Apply indirect control flow analysis at 804ca80 Looking for thunk Looking for thunk in block [804ca80,804ca86).......WARNING: after advance at 0x804ca86, curInsn() NULL Expanding instruction @ 804ca80: jmp [805c024] Original expand: (<134594596:32>,) Adding assignment (@804ca80<[x86::eip]>[_805c024]) in instruction jmp [805c024] at 804ca80, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804ca80, insn: jmp [805c024] Old fact for 804ca80: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804ca80 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804ca80<[x86::eip]>[_805c024]) Instruction: jmp [805c024] AST: (<134594596:64>,) Generate bound fact for Interval 0[134594596,134594596] 0[805c024,805c024], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594596:64>,) Apply relations2 to (<134594596:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594596,134594596] 0[805c024,805c024], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594596:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804ca80 The fact from 804ca80 before applying transfer function Do not track predicate Var: , Interval 0[134594596,134594596] 0[805c024,805c024], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594596:64>,) No known value at the top of the stack Fact from 804ca80 after applying transfer function Do not track predicate Var: , Interval 0[134594596,134594596] 0[805c024,805c024], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594596:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594596,134594596] 0[805c024,805c024], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594596:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594596,134594596] 0[805c024,805c024], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c024 not read only, returning false Not jump table format! [Parser.C] finalizing targ804ca80 (804ca80) No targets, exits func Adding block 0x804ca80 as exit 804ca80 extent [804ca80,804ca86) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c024] at 0x804ca80 in function targ804ca80 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804ca80->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for free [Parser.C] frame 804ca80 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] free return status 2, no waiters [Parser.C] ==== resuming parse of frame 8054895 ==== Checking non-returning for free [Parser.C:1485] recording block [8054932,8054932) [Parser.C] parsing block 8054932 [Parser.C:1274] curAddr 0x8054932: mov [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x8054939: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x805493c: add ESP, 24 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x805493f: pop EBX, ESP [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x8054940: pop EBP, ESP [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x8054941: ret near [ESP] [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054932,8054942) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8054941 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8054941...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [80548f5,80548f5) [Parser.C] parsing block 80548f5 [Parser.C:1274] curAddr 0x80548f5: mov EAX, 0 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x80548fa: jmp 40 + EIP + 2 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 40 + EIP + 2 to 0x80548fa...SUCCESS (CFT=0x805493c) [Parser.C:1485] recording block [80548f5,80548fc) Getting edges Checking for Tail Call jump to 0x805493c is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 80548fa->805493c resolveable_edge: 1, tailcall: 0, target: 805493c [ParserDetails.C:588] pushing 805493c onto worklist [Parser.C:1485] recording block [8054920,8054920) [Parser.C] parsing block 8054920 [Parser.C:1274] curAddr 0x8054920: mov EAX, 0 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called [Parser.C:1274] curAddr 0x8054925: jmp 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname stopEventSource hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 15 + EIP + 2 to 0x8054925...SUCCESS (CFT=0x805493c) [Parser.C:1485] recording block [8054920,8054927) Getting edges Checking for Tail Call jump to 0x805493c is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8054925->805493c resolveable_edge: 1, tailcall: 0, target: 805493c [ParserDetails.C:588] pushing 805493c onto worklist [Parser.C] address 805493c splits [8054932,8054942) (0x1d00bf0) [Parser.C:1485] recording block [805493c,8054942) [Parser.C] skipping locally parsed target at 805493c [Parser.C] block 805493c exists [Parser.C] skipping locally parsed target at 805493c [Parser.C] frame 8054895 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] stopEventSource return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804f8a4) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f8a4) [Parser.C:1485] recording block [804f8a4,804f8a4) [Parser.C] ==== starting to parse frame 804f8a4 ==== [Parser.C] parsing block 804f8a4 [Parser.C:1274] curAddr 0x804f8a4: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8a5: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8a7: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8a8: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8ab: call ffffd450 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd450 + EIP + 5 to 0x804f8ab...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804f8b0: add EBX, c750 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8b6: mov [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8bd: call 15d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 15d + EIP + 5 to 0x804f8bd...SUCCESS (CFT=0x804fa1f) [Parser.C:1485] recording block [804f8a4,804f8c2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f8bd->804fa1f resolveable_edge: 1, tailcall: 0, target: 804fa1f [ParserDetails.C:588] pushing 804fa1f onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f8bd->804f8c2 resolveable_edge: 1, tailcall: 0, target: 804f8c2 [ParserDetails.C:588] pushing 804f8c2 onto worklist [Parser.C] binding call 804f8bd->804fa1f [Parser.C:1485] recording block [804fa1f,804fa1f) [suspend frame 804f8a4] [Parser.C] frame 804f8a4 blocked at 804f8bd call target 804fa1f [Parser.C] block 804fa1f exists [Parser.C] ==== starting to parse frame 804fa1f ==== [Parser.C] parsing block 804fa1f [Parser.C:1274] curAddr 0x804fa1f: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called [Parser.C:1274] curAddr 0x804fa20: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called [Parser.C:1274] curAddr 0x804fa22: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called [Parser.C:1274] curAddr 0x804fa23: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called [Parser.C:1274] curAddr 0x804fa26: call ffffd2d5 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd2d5 + EIP + 5 to 0x804fa26...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804fa2b: add EBX, c5d5 [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called [Parser.C:1274] curAddr 0x804fa31: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called [Parser.C:1274] curAddr 0x804fa37: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called [Parser.C:1274] curAddr 0x804fa39: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called [Parser.C:1274] curAddr 0x804fa3b: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fa1f,804fa3d) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804fa3b...SUCCESS (CFT=0x804fa4b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fa3b->804fa4b resolveable_edge: 1, tailcall: 0, target: 804fa4b [ParserDetails.C:588] pushing 804fa4b onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fa3b->804fa3d resolveable_edge: 1, tailcall: 0, target: 804fa3d [ParserDetails.C:588] pushing 804fa3d onto worklist [Parser.C:1485] recording block [804fa4b,804fa4b) [Parser.C] parsing block 804fa4b [Parser.C:1274] curAddr 0x804fa4b: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called [Parser.C:1274] curAddr 0x804fa4e: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called [Parser.C:1274] curAddr 0x804fa4f: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called [Parser.C:1274] curAddr 0x804fa50: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fa4b,804fa51) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804fa50 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804fa50...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804fa3d,804fa3d) [Parser.C] parsing block 804fa3d [Parser.C:1274] curAddr 0x804fa3d: lea EAX, EBX + ffffa2b7 [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called [Parser.C:1274] curAddr 0x804fa43: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called [Parser.C:1274] curAddr 0x804fa46: call ffffd0d5 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd0d5 + EIP + 5 to 0x804fa46...SUCCESS (CFT=0x804cb20) [Parser.C:1485] recording block [804fa3d,804fa4b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fa46->804cb20 resolveable_edge: 1, tailcall: 0, target: 804cb20 [ParserDetails.C:588] pushing 804cb20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fa46->804fa4b resolveable_edge: 1, tailcall: 0, target: 804fa4b [ParserDetails.C:588] pushing 804fa4b onto worklist [Parser.C] binding call 804fa46->804cb20 [Parser.C] block 804cb20 exists Checking non-returning for puts [Parser.C] block 804fa4b exists [Parser.C] skipping locally parsed target at 804fa4b [Parser.C] frame 804fa1f complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_16_func2 return status 3, no waiters [Parser.C] ==== resuming parse of frame 804f8a4 ==== Checking non-returning for test1_16_func2 Checking non-returning for test1_16_func2 [Parser.C:1485] recording block [804f8c2,804f8c2) [Parser.C] parsing block 804f8c2 [Parser.C:1274] curAddr 0x804f8c2: lea EAX, EBX + 850 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8c8: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8ca: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8cd: jnz c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f8c2,804f8cf) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz c + EIP + 2 to 0x804f8cd...SUCCESS (CFT=0x804f8db) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f8cd->804f8db resolveable_edge: 1, tailcall: 0, target: 804f8db [ParserDetails.C:588] pushing 804f8db onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f8cd->804f8cf resolveable_edge: 1, tailcall: 0, target: 804f8cf [ParserDetails.C:588] pushing 804f8cf onto worklist [Parser.C:1485] recording block [804f8db,804f8db) [Parser.C] parsing block 804f8db [Parser.C:1274] curAddr 0x804f8db: lea EAX, EBX + ffffa13d [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8e1: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8e4: call 40d4 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 40d4 + EIP + 5 to 0x804f8e4...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f8db,804f8e9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f8e4->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f8e4->804f8e9 resolveable_edge: 1, tailcall: 0, target: 804f8e9 [ParserDetails.C:588] pushing 804f8e9 onto worklist [Parser.C] binding call 804f8e4->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804f8e9,804f8e9) [Parser.C] parsing block 804f8e9 [Parser.C:1274] curAddr 0x804f8e9: lea EAX, EBX + 850 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8ef: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8f1: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8f4: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f8e9,804f8f6) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804f8f4...SUCCESS (CFT=0x804f904) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f8f4->804f904 resolveable_edge: 1, tailcall: 0, target: 804f904 [ParserDetails.C:588] pushing 804f904 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f8f4->804f8f6 resolveable_edge: 1, tailcall: 0, target: 804f8f6 [ParserDetails.C:588] pushing 804f8f6 onto worklist [Parser.C:1485] recording block [804f904,804f904) [Parser.C] parsing block 804f904 [Parser.C:1274] curAddr 0x804f904: lea EAX, EBX + 854 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f90a: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f90c: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f90e: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f904,804f910) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804f90e...SUCCESS (CFT=0x804f91e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f90e->804f91e resolveable_edge: 1, tailcall: 0, target: 804f91e [ParserDetails.C:588] pushing 804f91e onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f90e->804f910 resolveable_edge: 1, tailcall: 0, target: 804f910 [ParserDetails.C:588] pushing 804f910 onto worklist [Parser.C:1485] recording block [804f91e,804f91e) [Parser.C] parsing block 804f91e [Parser.C:1274] curAddr 0x804f91e: mov [EBP + fffffffffffffff0], 1 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f925: call 127 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 127 + EIP + 5 to 0x804f925...SUCCESS (CFT=0x804fa51) [Parser.C:1485] recording block [804f91e,804f92a) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f925->804fa51 resolveable_edge: 1, tailcall: 0, target: 804fa51 [ParserDetails.C:588] pushing 804fa51 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f925->804f92a resolveable_edge: 1, tailcall: 0, target: 804f92a [ParserDetails.C:588] pushing 804f92a onto worklist [Parser.C] binding call 804f925->804fa51 [Parser.C] block 804fa51 exists Checking non-returning for test1_16_func3 Checking non-returning for test1_16_func3 [Parser.C:1485] recording block [804f92a,804f92a) [Parser.C] parsing block 804f92a [Parser.C:1274] curAddr 0x804f92a: lea EAX, EBX + 858 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f930: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f932: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f934: jnz d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f92a,804f936) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz d + EIP + 2 to 0x804f934...SUCCESS (CFT=0x804f943) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f934->804f943 resolveable_edge: 1, tailcall: 0, target: 804f943 [ParserDetails.C:588] pushing 804f943 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f934->804f936 resolveable_edge: 1, tailcall: 0, target: 804f936 [ParserDetails.C:588] pushing 804f936 onto worklist [Parser.C:1485] recording block [804f943,804f943) [Parser.C] parsing block 804f943 [Parser.C:1274] curAddr 0x804f943: lea EAX, EBX + ffffa13d [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f949: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f94c: call 406c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 406c + EIP + 5 to 0x804f94c...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f943,804f951) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f94c->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f94c->804f951 resolveable_edge: 1, tailcall: 0, target: 804f951 [ParserDetails.C:588] pushing 804f951 onto worklist [Parser.C] binding call 804f94c->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804f951,804f951) [Parser.C] parsing block 804f951 [Parser.C:1274] curAddr 0x804f951: lea EAX, EBX + 858 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f957: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f959: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f95c: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f951,804f95e) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804f95c...SUCCESS (CFT=0x804f96c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f95c->804f96c resolveable_edge: 1, tailcall: 0, target: 804f96c [ParserDetails.C:588] pushing 804f96c onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f95c->804f95e resolveable_edge: 1, tailcall: 0, target: 804f95e [ParserDetails.C:588] pushing 804f95e onto worklist [Parser.C:1485] recording block [804f96c,804f96c) [Parser.C] parsing block 804f96c [Parser.C:1274] curAddr 0x804f96c: lea EAX, EBX + 85c [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f972: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f974: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f976: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f96c,804f978) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804f976...SUCCESS (CFT=0x804f986) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f976->804f986 resolveable_edge: 1, tailcall: 0, target: 804f986 [ParserDetails.C:588] pushing 804f986 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f976->804f978 resolveable_edge: 1, tailcall: 0, target: 804f978 [ParserDetails.C:588] pushing 804f978 onto worklist [Parser.C:1485] recording block [804f986,804f986) [Parser.C] parsing block 804f986 [Parser.C:1274] curAddr 0x804f986: mov [EBP + fffffffffffffff0], 1 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f98d: call f1 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call f1 + EIP + 5 to 0x804f98d...SUCCESS (CFT=0x804fa83) [Parser.C:1485] recording block [804f986,804f992) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f98d->804fa83 resolveable_edge: 1, tailcall: 0, target: 804fa83 [ParserDetails.C:588] pushing 804fa83 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f98d->804f992 resolveable_edge: 1, tailcall: 0, target: 804f992 [ParserDetails.C:588] pushing 804f992 onto worklist [Parser.C] binding call 804f98d->804fa83 [Parser.C:1485] recording block [804fa83,804fa83) [suspend frame 804f8a4] [Parser.C] frame 804f8a4 blocked at 804f98d call target 804fa83 [Parser.C] block 804fa83 exists [Parser.C] ==== starting to parse frame 804fa83 ==== [Parser.C] parsing block 804fa83 [Parser.C:1274] curAddr 0x804fa83: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called [Parser.C:1274] curAddr 0x804fa84: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called [Parser.C:1274] curAddr 0x804fa86: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called [Parser.C:1274] curAddr 0x804fa87: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called [Parser.C:1274] curAddr 0x804fa8a: call ffffd271 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd271 + EIP + 5 to 0x804fa8a...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804fa8f: add EBX, c571 [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called [Parser.C:1274] curAddr 0x804fa95: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called [Parser.C:1274] curAddr 0x804fa9b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called [Parser.C:1274] curAddr 0x804fa9d: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called [Parser.C:1274] curAddr 0x804fa9f: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fa83,804faa1) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804fa9f...SUCCESS (CFT=0x804faaf) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fa9f->804faaf resolveable_edge: 1, tailcall: 0, target: 804faaf [ParserDetails.C:588] pushing 804faaf onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fa9f->804faa1 resolveable_edge: 1, tailcall: 0, target: 804faa1 [ParserDetails.C:588] pushing 804faa1 onto worklist [Parser.C:1485] recording block [804faaf,804faaf) [Parser.C] parsing block 804faaf [Parser.C:1274] curAddr 0x804faaf: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called [Parser.C:1274] curAddr 0x804fab2: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called [Parser.C:1274] curAddr 0x804fab3: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called [Parser.C:1274] curAddr 0x804fab4: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804faaf,804fab5) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804fab4 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804fab4...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804faa1,804faa1) [Parser.C] parsing block 804faa1 [Parser.C:1274] curAddr 0x804faa1: lea EAX, EBX + ffffa2e9 [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called [Parser.C:1274] curAddr 0x804faa7: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called [Parser.C:1274] curAddr 0x804faaa: call ffffd071 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func4 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd071 + EIP + 5 to 0x804faaa...SUCCESS (CFT=0x804cb20) [Parser.C:1485] recording block [804faa1,804faaf) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804faaa->804cb20 resolveable_edge: 1, tailcall: 0, target: 804cb20 [ParserDetails.C:588] pushing 804cb20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804faaa->804faaf resolveable_edge: 1, tailcall: 0, target: 804faaf [ParserDetails.C:588] pushing 804faaf onto worklist [Parser.C] binding call 804faaa->804cb20 [Parser.C] block 804cb20 exists Checking non-returning for puts [Parser.C] block 804faaf exists [Parser.C] skipping locally parsed target at 804faaf [Parser.C] frame 804fa83 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_16_func4 return status 3, no waiters [Parser.C] ==== resuming parse of frame 804f8a4 ==== Checking non-returning for test1_16_func4 Checking non-returning for test1_16_func4 [Parser.C:1485] recording block [804f992,804f992) [Parser.C] parsing block 804f992 [Parser.C:1274] curAddr 0x804f992: lea EAX, EBX + 860 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f998: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f99a: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f99c: jnz 3f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f992,804f99e) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 3f + EIP + 2 to 0x804f99c...SUCCESS (CFT=0x804f9dd) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f99c->804f9dd resolveable_edge: 1, tailcall: 0, target: 804f9dd [ParserDetails.C:588] pushing 804f9dd onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f99c->804f99e resolveable_edge: 1, tailcall: 0, target: 804f99e [ParserDetails.C:588] pushing 804f99e onto worklist [Parser.C:1485] recording block [804f9dd,804f9dd) [Parser.C] parsing block 804f9dd [Parser.C:1274] curAddr 0x804f9dd: lea EAX, EBX + ffffa278 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9e3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9e6: call 3fd2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3fd2 + EIP + 5 to 0x804f9e6...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f9dd,804f9eb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f9e6->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f9e6->804f9eb resolveable_edge: 1, tailcall: 0, target: 804f9eb [ParserDetails.C:588] pushing 804f9eb onto worklist [Parser.C] binding call 804f9e6->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804f9eb,804f9eb) [Parser.C] parsing block 804f9eb [Parser.C:1274] curAddr 0x804f9eb: mov [EBP + fffffffffffffff0], 1 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9f2: cmp [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9f6: jnz 17 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f9eb,804f9f8) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 17 + EIP + 2 to 0x804f9f6...SUCCESS (CFT=0x804fa0f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f9f6->804fa0f resolveable_edge: 1, tailcall: 0, target: 804fa0f [ParserDetails.C:588] pushing 804fa0f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f9f6->804f9f8 resolveable_edge: 1, tailcall: 0, target: 804f9f8 [ParserDetails.C:588] pushing 804f9f8 onto worklist [Parser.C:1485] recording block [804fa0f,804fa0f) [Parser.C] parsing block 804fa0f [Parser.C:1274] curAddr 0x804fa0f: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804fa16: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804fa19: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804fa1c: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804fa1d: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804fa1e: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fa0f,804fa1f) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804fa1e Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804fa1e...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804f8cf,804f8cf) [Parser.C] parsing block 804f8cf [Parser.C:1274] curAddr 0x804f8cf: lea EAX, EBX + 854 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8d5: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8d7: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8d9: jz 4a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f8cf,804f8db) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 4a + EIP + 2 to 0x804f8d9...SUCCESS (CFT=0x804f925) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f925 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f8d9->804f925 resolveable_edge: 1, tailcall: 0, target: 804f925 [ParserDetails.C:588] pushing 804f925 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f8d9->804f8db resolveable_edge: 1, tailcall: 0, target: 804f8db [ParserDetails.C:588] pushing 804f8db onto worklist [Parser.C] address 804f925 splits [804f91e,804f92a) (0x1d016f0) [Parser.C:1485] recording block [804f925,804f92a) [Parser.C] skipping locally parsed target at 804f925 [Parser.C] block 804f8db exists [Parser.C] skipping locally parsed target at 804f8db [Parser.C:1485] recording block [804f8f6,804f8f6) [Parser.C] parsing block 804f8f6 [Parser.C:1274] curAddr 0x804f8f6: lea EAX, EBX + ffffa15c [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8fc: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f8ff: call 40b9 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 40b9 + EIP + 5 to 0x804f8ff...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f8f6,804f904) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f8ff->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f8ff->804f904 resolveable_edge: 1, tailcall: 0, target: 804f904 [ParserDetails.C:588] pushing 804f904 onto worklist [Parser.C] binding call 804f8ff->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f904 exists [Parser.C] skipping locally parsed target at 804f904 [Parser.C:1485] recording block [804f910,804f910) [Parser.C] parsing block 804f910 [Parser.C:1274] curAddr 0x804f910: lea EAX, EBX + ffffa1a0 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f916: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f919: call 409f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 409f + EIP + 5 to 0x804f919...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f910,804f91e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f919->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f919->804f91e resolveable_edge: 1, tailcall: 0, target: 804f91e [ParserDetails.C:588] pushing 804f91e onto worklist [Parser.C] binding call 804f919->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f91e exists [Parser.C] skipping locally parsed target at 804f91e [Parser.C:1485] recording block [804f936,804f936) [Parser.C] parsing block 804f936 [Parser.C:1274] curAddr 0x804f936: lea EAX, EBX + 85c [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f93c: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f93e: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f941: jz 4a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f936,804f943) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 4a + EIP + 2 to 0x804f941...SUCCESS (CFT=0x804f98d) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f98d is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f941->804f98d resolveable_edge: 1, tailcall: 0, target: 804f98d [ParserDetails.C:588] pushing 804f98d onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f941->804f943 resolveable_edge: 1, tailcall: 0, target: 804f943 [ParserDetails.C:588] pushing 804f943 onto worklist [Parser.C] address 804f98d splits [804f986,804f992) (0x1d024c0) [Parser.C:1485] recording block [804f98d,804f992) [Parser.C] skipping locally parsed target at 804f98d [Parser.C] block 804f943 exists [Parser.C] skipping locally parsed target at 804f943 [Parser.C:1485] recording block [804f95e,804f95e) [Parser.C] parsing block 804f95e [Parser.C:1274] curAddr 0x804f95e: lea EAX, EBX + ffffa1e8 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f964: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f967: call 4051 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4051 + EIP + 5 to 0x804f967...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f95e,804f96c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f967->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f967->804f96c resolveable_edge: 1, tailcall: 0, target: 804f96c [ParserDetails.C:588] pushing 804f96c onto worklist [Parser.C] binding call 804f967->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f96c exists [Parser.C] skipping locally parsed target at 804f96c [Parser.C:1485] recording block [804f978,804f978) [Parser.C] parsing block 804f978 [Parser.C:1274] curAddr 0x804f978: lea EAX, EBX + ffffa230 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f97e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f981: call 4037 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4037 + EIP + 5 to 0x804f981...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f978,804f986) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f981->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f981->804f986 resolveable_edge: 1, tailcall: 0, target: 804f986 [ParserDetails.C:588] pushing 804f986 onto worklist [Parser.C] binding call 804f981->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f986 exists [Parser.C] skipping locally parsed target at 804f986 [Parser.C:1485] recording block [804f99e,804f99e) [Parser.C] parsing block 804f99e [Parser.C:1274] curAddr 0x804f99e: lea EAX, EBX + 864 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9a4: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9a6: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9a9: jnz 32 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f99e,804f9ab) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 32 + EIP + 2 to 0x804f9a9...SUCCESS (CFT=0x804f9dd) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f9dd is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f9a9->804f9dd resolveable_edge: 1, tailcall: 0, target: 804f9dd [ParserDetails.C:588] pushing 804f9dd onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f9a9->804f9ab resolveable_edge: 1, tailcall: 0, target: 804f9ab [ParserDetails.C:588] pushing 804f9ab onto worklist [Parser.C] block 804f9dd exists [Parser.C] skipping locally parsed target at 804f9dd [Parser.C:1485] recording block [804f9ab,804f9ab) [Parser.C] parsing block 804f9ab [Parser.C:1274] curAddr 0x804f9ab: lea EAX, EBX + 868 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9b1: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9b3: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9b5: jnz 26 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f9ab,804f9b7) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 26 + EIP + 2 to 0x804f9b5...SUCCESS (CFT=0x804f9dd) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f9dd is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f9b5->804f9dd resolveable_edge: 1, tailcall: 0, target: 804f9dd [ParserDetails.C:588] pushing 804f9dd onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f9b5->804f9b7 resolveable_edge: 1, tailcall: 0, target: 804f9b7 [ParserDetails.C:588] pushing 804f9b7 onto worklist [Parser.C] block 804f9dd exists [Parser.C] skipping locally parsed target at 804f9dd [Parser.C:1485] recording block [804f9b7,804f9b7) [Parser.C] parsing block 804f9b7 [Parser.C:1274] curAddr 0x804f9b7: lea EAX, EBX + 86c [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9bd: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9bf: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9c2: jnz 19 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f9b7,804f9c4) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 19 + EIP + 2 to 0x804f9c2...SUCCESS (CFT=0x804f9dd) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f9dd is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f9c2->804f9dd resolveable_edge: 1, tailcall: 0, target: 804f9dd [ParserDetails.C:588] pushing 804f9dd onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f9c2->804f9c4 resolveable_edge: 1, tailcall: 0, target: 804f9c4 [ParserDetails.C:588] pushing 804f9c4 onto worklist [Parser.C] block 804f9dd exists [Parser.C] skipping locally parsed target at 804f9dd [Parser.C:1485] recording block [804f9c4,804f9c4) [Parser.C] parsing block 804f9c4 [Parser.C:1274] curAddr 0x804f9c4: lea EAX, EBX + 870 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9ca: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9cc: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9ce: jnz d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f9c4,804f9d0) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz d + EIP + 2 to 0x804f9ce...SUCCESS (CFT=0x804f9dd) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f9dd is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f9ce->804f9dd resolveable_edge: 1, tailcall: 0, target: 804f9dd [ParserDetails.C:588] pushing 804f9dd onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f9ce->804f9d0 resolveable_edge: 1, tailcall: 0, target: 804f9d0 [ParserDetails.C:588] pushing 804f9d0 onto worklist [Parser.C] block 804f9dd exists [Parser.C] skipping locally parsed target at 804f9dd [Parser.C:1485] recording block [804f9d0,804f9d0) [Parser.C] parsing block 804f9d0 [Parser.C:1274] curAddr 0x804f9d0: lea EAX, EBX + 874 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9d6: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9d8: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9db: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f9d0,804f9dd) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f9db...SUCCESS (CFT=0x804f9f2) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f9f2 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f9db->804f9f2 resolveable_edge: 1, tailcall: 0, target: 804f9f2 [ParserDetails.C:588] pushing 804f9f2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f9db->804f9dd resolveable_edge: 1, tailcall: 0, target: 804f9dd [ParserDetails.C:588] pushing 804f9dd onto worklist [Parser.C] address 804f9f2 splits [804f9eb,804f9f8) (0x1d037e0) [Parser.C:1485] recording block [804f9f2,804f9f8) [Parser.C] skipping locally parsed target at 804f9f2 [Parser.C] block 804f9dd exists [Parser.C] skipping locally parsed target at 804f9dd [Parser.C:1485] recording block [804f9f8,804f9f8) [Parser.C] parsing block 804f9f8 [Parser.C:1274] curAddr 0x804f9f8: lea EAX, EBX + ffffa29c [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804f9fe: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804fa01: call 3fb7 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3fb7 + EIP + 5 to 0x804fa01...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f9f8,804fa06) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fa01->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fa01->804fa06 resolveable_edge: 1, tailcall: 0, target: 804fa06 [ParserDetails.C:588] pushing 804fa06 onto worklist [Parser.C] binding call 804fa01->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804fa06,804fa06) [Parser.C] parsing block 804fa06 [Parser.C:1274] curAddr 0x804fa06: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called [Parser.C:1274] curAddr 0x804fa0d: jmp 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 7 + EIP + 2 to 0x804fa0d...SUCCESS (CFT=0x804fa16) [Parser.C:1485] recording block [804fa06,804fa0f) Getting edges Checking for Tail Call jump to 0x804fa16 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804fa0d->804fa16 resolveable_edge: 1, tailcall: 0, target: 804fa16 [ParserDetails.C:588] pushing 804fa16 onto worklist [Parser.C] address 804fa16 splits [804fa0f,804fa1f) (0x1d03960) [Parser.C:1485] recording block [804fa16,804fa1f) [Parser.C] skipping locally parsed target at 804fa16 [Parser.C] frame 804f8a4 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_16_func1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80539f5) [Parser.C:180] entered parse_at([804ccd0,80549c4),80539f5) [Parser.C:1485] recording block [80539f5,80539f5) [Parser.C] ==== starting to parse frame 80539f5 ==== [Parser.C] parsing block 80539f5 [Parser.C:1274] curAddr 0x80539f5: push EBP, ESP [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called [Parser.C:1274] curAddr 0x80539f6: mov EBP, ESP [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called [Parser.C:1274] curAddr 0x80539f8: push EBX, ESP [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called [Parser.C:1274] curAddr 0x80539f9: sub ESP, 14 [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called [Parser.C:1274] curAddr 0x80539fc: call ffff92ff + EIP + 5 [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff92ff + EIP + 5 to 0x80539fc...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053a01: add EBX, 85ff [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053a07: lea EAX, EBX + 9e4 [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053a0d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053a0f: test EAX, EAX [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053a11: jz 10 + EIP + 2 [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [80539f5,8053a13) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 10 + EIP + 2 to 0x8053a11...SUCCESS (CFT=0x8053a23) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053a11->8053a23 resolveable_edge: 1, tailcall: 0, target: 8053a23 [ParserDetails.C:588] pushing 8053a23 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053a11->8053a13 resolveable_edge: 1, tailcall: 0, target: 8053a13 [ParserDetails.C:588] pushing 8053a13 onto worklist [Parser.C:1485] recording block [8053a23,8053a23) [Parser.C] parsing block 8053a23 [Parser.C:1274] curAddr 0x8053a23: add ESP, 14 [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053a26: pop EBX, ESP [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053a27: pop EBP, ESP [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053a28: ret near [ESP] [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053a23,8053a29) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053a28 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053a28...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8053a13,8053a13) [Parser.C] parsing block 8053a13 [Parser.C:1274] curAddr 0x8053a13: lea EAX, EBX + 9e4 [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053a19: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053a1b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053a1e: call ffff903d + EIP + 5 [Parser.C:1280] leaf 1 funcname flushOutputLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff903d + EIP + 5 to 0x8053a1e...SUCCESS (CFT=0x804ca60) [Parser.C:1485] recording block [8053a13,8053a23) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053a1e->804ca60 resolveable_edge: 1, tailcall: 0, target: 804ca60 [ParserDetails.C:588] pushing 804ca60 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053a1e->8053a23 resolveable_edge: 1, tailcall: 0, target: 8053a23 [ParserDetails.C:588] pushing 8053a23 onto worklist [Parser.C] binding call 8053a1e->804ca60 [ParseData.C] new function for target 804ca60 [Parser.C:1485] recording block [804ca60,804ca60) [suspend frame 80539f5] [Parser.C] frame 80539f5 blocked at 8053a1e call target 804ca60 [Parser.C] block 804ca60 exists [Parser.C] ==== starting to parse frame 804ca60 ==== [Parser.C] parsing block 804ca60 [Parser.C:1274] curAddr 0x804ca60: jmp [805c01c] [Parser.C:1280] leaf 1 funcname targ804ca60 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c01c] to 0x804ca60...FAIL (CFT=0x0), callTarget exp: [805c01c] ... indirect jump at 0x804ca60, delay parsing it [Parser.C:1485] recording block [804ca60,804ca66) ... continue parse indirect jump at 804ca60 [Parser.C:1485] recording block [804ca60,804ca66) Getting edges ... indirect jump at 0x804ca60 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c01c] at 0x804ca60 Apply indirect control flow analysis at 804ca60 Looking for thunk Looking for thunk in block [804ca60,804ca66).......WARNING: after advance at 0x804ca66, curInsn() NULL Expanding instruction @ 804ca60: jmp [805c01c] Original expand: (<134594588:32>,) Adding assignment (@804ca60<[x86::eip]>[_805c01c]) in instruction jmp [805c01c] at 804ca60, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804ca60, insn: jmp [805c01c] Old fact for 804ca60: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804ca60 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804ca60<[x86::eip]>[_805c01c]) Instruction: jmp [805c01c] AST: (<134594588:64>,) Generate bound fact for Interval 0[134594588,134594588] 0[805c01c,805c01c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594588:64>,) Apply relations2 to (<134594588:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594588,134594588] 0[805c01c,805c01c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594588:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804ca60 The fact from 804ca60 before applying transfer function Do not track predicate Var: , Interval 0[134594588,134594588] 0[805c01c,805c01c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594588:64>,) No known value at the top of the stack Fact from 804ca60 after applying transfer function Do not track predicate Var: , Interval 0[134594588,134594588] 0[805c01c,805c01c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594588:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594588,134594588] 0[805c01c,805c01c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594588:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594588,134594588] 0[805c01c,805c01c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c01c not read only, returning false Not jump table format! [Parser.C] finalizing targ804ca60 (804ca60) No targets, exits func Adding block 0x804ca60 as exit 804ca60 extent [804ca60,804ca66) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c01c] at 0x804ca60 in function targ804ca60 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804ca60->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for fflush [Parser.C] frame 804ca60 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] fflush return status 2, no waiters [Parser.C] ==== resuming parse of frame 80539f5 ==== Checking non-returning for fflush [Parser.C] block 8053a23 exists [Parser.C] skipping locally parsed target at 8053a23 [Parser.C] frame 80539f5 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] flushOutputLog return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804fd14) [Parser.C:180] entered parse_at([804ccd0,80549c4),804fd14) [Parser.C:1485] recording block [804fd14,804fd14) [Parser.C] ==== starting to parse frame 804fd14 ==== [Parser.C] parsing block 804fd14 [Parser.C:1274] curAddr 0x804fd14: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd15: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd17: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd18: sub ESP, 34 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd1b: call ffffcfe0 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffcfe0 + EIP + 5 to 0x804fd1b...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804fd20: add EBX, c2e0 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd26: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd2c: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd2e: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd30: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fd14,804fd32) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804fd30...SUCCESS (CFT=0x804fd47) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fd30->804fd47 resolveable_edge: 1, tailcall: 0, target: 804fd47 [ParserDetails.C:588] pushing 804fd47 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fd30->804fd32 resolveable_edge: 1, tailcall: 0, target: 804fd32 [ParserDetails.C:588] pushing 804fd32 onto worklist [Parser.C:1485] recording block [804fd47,804fd47) [Parser.C] parsing block 804fd47 [Parser.C:1274] curAddr 0x804fd47: cmp [EBP + 8], 0 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd4b: jnz 2a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fd47,804fd4d) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 2a + EIP + 2 to 0x804fd4b...SUCCESS (CFT=0x804fd77) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fd4b->804fd77 resolveable_edge: 1, tailcall: 0, target: 804fd77 [ParserDetails.C:588] pushing 804fd77 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fd4b->804fd4d resolveable_edge: 1, tailcall: 0, target: 804fd4d [ParserDetails.C:588] pushing 804fd4d onto worklist [Parser.C:1485] recording block [804fd77,804fd77) [Parser.C] parsing block 804fd77 [Parser.C:1274] curAddr 0x804fd77: cmp [EBP + 8], 1 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd7b: jz 2a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fd77,804fd7d) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 2a + EIP + 2 to 0x804fd7b...SUCCESS (CFT=0x804fda7) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fd7b->804fda7 resolveable_edge: 1, tailcall: 0, target: 804fda7 [ParserDetails.C:588] pushing 804fda7 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fd7b->804fd7d resolveable_edge: 1, tailcall: 0, target: 804fd7d [ParserDetails.C:588] pushing 804fd7d onto worklist [Parser.C:1485] recording block [804fda7,804fda7) [Parser.C] parsing block 804fda7 [Parser.C:1274] curAddr 0x804fda7: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdaa: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdad: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdb0: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdb3: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdb5: mov [EBP + fffffffffffffff0], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdb8: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdbb: imul EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdbf: mov [EBP + ffffffffffffffec], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdc2: mov EAX, [EBP + ffffffffffffffec] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdc5: cdq EDX, EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdc6: idiv EDX, EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdc9: mov [EBP + ffffffffffffffe8], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdcc: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdcf: mov EDX, [EBP + ffffffffffffffe8] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdd2: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdd4: mov [EBP + ffffffffffffffe4], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdd7: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdda: mov EDX, [EBP + ffffffffffffffe4] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fddd: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fddf: mov [EBP + ffffffffffffffe0], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fde2: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fde5: mov EDX, [EBP + ffffffffffffffe0] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fde8: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdea: mov [EBP + ffffffffffffffdc], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fded: mov [EBX + 884], 19f488 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdf7: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdfd: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fdff: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fe01: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fda7,804fe03) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804fe01...SUCCESS (CFT=0x804fe18) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fe01->804fe18 resolveable_edge: 1, tailcall: 0, target: 804fe18 [ParserDetails.C:588] pushing 804fe18 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fe01->804fe03 resolveable_edge: 1, tailcall: 0, target: 804fe03 [ParserDetails.C:588] pushing 804fe03 onto worklist [Parser.C:1485] recording block [804fe18,804fe18) [Parser.C] parsing block 804fe18 [Parser.C:1274] curAddr 0x804fe18: mov EAX, [EBP + ffffffffffffffdc] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fe1b: add ESP, 34 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fe1e: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fe1f: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fe20: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fe18,804fe21) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804fe20 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804fe20...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804fd32,804fd32) [Parser.C] parsing block 804fd32 [Parser.C:1274] curAddr 0x804fd32: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd35: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd39: lea EAX, EBX + ffffa46e [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd3f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd42: call ffffcd09 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffcd09 + EIP + 5 to 0x804fd42...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [804fd32,804fd47) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fd42->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fd42->804fd47 resolveable_edge: 1, tailcall: 0, target: 804fd47 [ParserDetails.C:588] pushing 804fd47 onto worklist [Parser.C] binding call 804fd42->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 804fd47 exists [Parser.C] skipping locally parsed target at 804fd47 [Parser.C:1485] recording block [804fd4d,804fd4d) [Parser.C] parsing block 804fd4d [Parser.C:1274] curAddr 0x804fd4d: lea EAX, EBX + ffffa4ae [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd53: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd57: mov [ESP + 8], 90 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd5f: lea EAX, EBX + ffffa3e4 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd65: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd69: lea EAX, EBX + ffffa449 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd6f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd72: call ffffcf49 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffcf49 + EIP + 5 to 0x804fd72...SUCCESS (CFT=0x804ccc0) [Parser.C:1485] recording block [804fd4d,804fd77) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fd72->804ccc0 resolveable_edge: 1, tailcall: 0, target: 804ccc0 [ParserDetails.C:588] pushing 804ccc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fd72->804fd77 resolveable_edge: 1, tailcall: 0, target: 804fd77 [ParserDetails.C:588] pushing 804fd77 onto worklist [Parser.C] binding call 804fd72->804ccc0 [ParseData.C] new function for target 804ccc0 [Parser.C:1485] recording block [804ccc0,804ccc0) [suspend frame 804fd14] [Parser.C] frame 804fd14 blocked at 804fd72 call target 804ccc0 [Parser.C] block 804ccc0 exists [Parser.C] ==== starting to parse frame 804ccc0 ==== [Parser.C] parsing block 804ccc0 [Parser.C:1274] curAddr 0x804ccc0: jmp [805c0b4] [Parser.C:1280] leaf 1 funcname targ804ccc0 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c0b4] to 0x804ccc0...FAIL (CFT=0x0), callTarget exp: [805c0b4] ... indirect jump at 0x804ccc0, delay parsing it [Parser.C:1485] recording block [804ccc0,804ccc6) ... continue parse indirect jump at 804ccc0 [Parser.C:1485] recording block [804ccc0,804ccc6) Getting edges ... indirect jump at 0x804ccc0 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c0b4] at 0x804ccc0 Apply indirect control flow analysis at 804ccc0 Looking for thunk Looking for thunk in block [804ccc0,804ccc6).......WARNING: after advance at 0x804ccc6, curInsn() NULL Expanding instruction @ 804ccc0: jmp [805c0b4] Original expand: (<134594740:32>,) Adding assignment (@804ccc0<[x86::eip]>[_805c0b4]) in instruction jmp [805c0b4] at 804ccc0, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804ccc0, insn: jmp [805c0b4] Old fact for 804ccc0: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804ccc0 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804ccc0<[x86::eip]>[_805c0b4]) Instruction: jmp [805c0b4] AST: (<134594740:64>,) Generate bound fact for Interval 0[134594740,134594740] 0[805c0b4,805c0b4], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594740:64>,) Apply relations2 to (<134594740:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594740,134594740] 0[805c0b4,805c0b4], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594740:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804ccc0 The fact from 804ccc0 before applying transfer function Do not track predicate Var: , Interval 0[134594740,134594740] 0[805c0b4,805c0b4], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594740:64>,) No known value at the top of the stack Fact from 804ccc0 after applying transfer function Do not track predicate Var: , Interval 0[134594740,134594740] 0[805c0b4,805c0b4], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594740:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594740,134594740] 0[805c0b4,805c0b4], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594740:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594740,134594740] 0[805c0b4,805c0b4], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c0b4 not read only, returning false Not jump table format! [Parser.C] finalizing targ804ccc0 (804ccc0) No targets, exits func Adding block 0x804ccc0 as exit 804ccc0 extent [804ccc0,804ccc6) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c0b4] at 0x804ccc0 in function targ804ccc0 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804ccc0->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for __assert_fail [Parser.C] frame 804ccc0 complete, return status: 1 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] __assert_fail return status 1, no waiters [Parser.C] ==== resuming parse of frame 804fd14 ==== Checking non-returning for __assert_fail Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804ccc0 at 804fd72 [Parser.C:1485] recording block [804fd7d,804fd7d) [Parser.C] parsing block 804fd7d [Parser.C:1274] curAddr 0x804fd7d: lea EAX, EBX + ffffa4ae [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd83: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd87: mov [ESP + 8], 91 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd8f: lea EAX, EBX + ffffa3e4 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd95: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd99: lea EAX, EBX + ffffa44f [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fd9f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fda2: call ffffcf19 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffcf19 + EIP + 5 to 0x804fda2...SUCCESS (CFT=0x804ccc0) [Parser.C:1485] recording block [804fd7d,804fda7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fda2->804ccc0 resolveable_edge: 1, tailcall: 0, target: 804ccc0 [ParserDetails.C:588] pushing 804ccc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fda2->804fda7 resolveable_edge: 1, tailcall: 0, target: 804fda7 [ParserDetails.C:588] pushing 804fda7 onto worklist [Parser.C] binding call 804fda2->804ccc0 [Parser.C] block 804ccc0 exists Checking non-returning for __assert_fail Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804ccc0 at 804fda2 [Parser.C:1485] recording block [804fe03,804fe03) [Parser.C] parsing block 804fe03 [Parser.C:1274] curAddr 0x804fe03: mov EAX, [EBP + ffffffffffffffdc] [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fe06: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fe0a: lea EAX, EBX + ffffa486 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fe10: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called [Parser.C:1274] curAddr 0x804fe13: call ffffcc38 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffcc38 + EIP + 5 to 0x804fe13...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [804fe03,804fe18) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fe13->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fe13->804fe18 resolveable_edge: 1, tailcall: 0, target: 804fe18 [ParserDetails.C:588] pushing 804fe18 onto worklist [Parser.C] binding call 804fe13->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 804fe18 exists [Parser.C] skipping locally parsed target at 804fe18 [Parser.C] frame 804fd14 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_17_call2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804f179) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f179) [Parser.C:1485] recording block [804f179,804f179) [Parser.C] ==== starting to parse frame 804f179 ==== [Parser.C] parsing block 804f179 [Parser.C:1274] curAddr 0x804f179: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f17a: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f17c: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f17d: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f180: call ffffdb7b + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffdb7b + EIP + 5 to 0x804f180...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804f185: add EBX, ce7b [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f18b: mov EAX, [EBX + 814] [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f191: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f194: jnz 3b + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f179,804f196) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 3b + EIP + 2 to 0x804f194...SUCCESS (CFT=0x804f1d1) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f194->804f1d1 resolveable_edge: 1, tailcall: 0, target: 804f1d1 [ParserDetails.C:588] pushing 804f1d1 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f194->804f196 resolveable_edge: 1, tailcall: 0, target: 804f196 [ParserDetails.C:588] pushing 804f196 onto worklist [Parser.C:1485] recording block [804f1d1,804f1d1) [Parser.C] parsing block 804f1d1 [Parser.C:1274] curAddr 0x804f1d1: lea EAX, EBX + ffff9d0c [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f1d7: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f1da: call 47de + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 47de + EIP + 5 to 0x804f1da...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f1d1,804f1df) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f1da->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f1da->804f1df resolveable_edge: 1, tailcall: 0, target: 804f1df [ParserDetails.C:588] pushing 804f1df onto worklist [Parser.C] binding call 804f1da->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804f1df,804f1df) [Parser.C] parsing block 804f1df [Parser.C:1274] curAddr 0x804f1df: mov EAX, [EBX + 814] [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f1e5: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f1e7: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f1df,804f1e9) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x804f1e7...SUCCESS (CFT=0x804f1f7) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f1e7->804f1f7 resolveable_edge: 1, tailcall: 0, target: 804f1f7 [ParserDetails.C:588] pushing 804f1f7 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f1e7->804f1e9 resolveable_edge: 1, tailcall: 0, target: 804f1e9 [ParserDetails.C:588] pushing 804f1e9 onto worklist [Parser.C:1485] recording block [804f1f7,804f1f7) [Parser.C] parsing block 804f1f7 [Parser.C:1274] curAddr 0x804f1f7: mov EAX, [EBX + 818] [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f1fd: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f1ff: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f1f7,804f201) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x804f1ff...SUCCESS (CFT=0x804f20f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f1ff->804f20f resolveable_edge: 1, tailcall: 0, target: 804f20f [ParserDetails.C:588] pushing 804f20f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f1ff->804f201 resolveable_edge: 1, tailcall: 0, target: 804f201 [ParserDetails.C:588] pushing 804f201 onto worklist [Parser.C:1485] recording block [804f20f,804f20f) [Parser.C] parsing block 804f20f [Parser.C:1274] curAddr 0x804f20f: mov EAX, [EBX + 81c] [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f215: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f217: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f20f,804f219) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x804f217...SUCCESS (CFT=0x804f227) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f217->804f227 resolveable_edge: 1, tailcall: 0, target: 804f227 [ParserDetails.C:588] pushing 804f227 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f217->804f219 resolveable_edge: 1, tailcall: 0, target: 804f219 [ParserDetails.C:588] pushing 804f219 onto worklist [Parser.C:1485] recording block [804f227,804f227) [Parser.C] parsing block 804f227 [Parser.C:1274] curAddr 0x804f227: mov [EBX + 824], 0 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f231: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f234: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f235: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f236: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f227,804f237) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f236 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f236...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804f196,804f196) [Parser.C] parsing block 804f196 [Parser.C:1274] curAddr 0x804f196: mov EAX, [EBX + 818] [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f19c: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f19f: jnz 30 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f196,804f1a1) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 30 + EIP + 2 to 0x804f19f...SUCCESS (CFT=0x804f1d1) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f1d1 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f19f->804f1d1 resolveable_edge: 1, tailcall: 0, target: 804f1d1 [ParserDetails.C:588] pushing 804f1d1 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f19f->804f1a1 resolveable_edge: 1, tailcall: 0, target: 804f1a1 [ParserDetails.C:588] pushing 804f1a1 onto worklist [Parser.C] block 804f1d1 exists [Parser.C] skipping locally parsed target at 804f1d1 [Parser.C:1485] recording block [804f1a1,804f1a1) [Parser.C] parsing block 804f1a1 [Parser.C:1274] curAddr 0x804f1a1: mov EAX, [EBX + 81c] [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f1a7: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f1aa: jnz 25 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f1a1,804f1ac) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 25 + EIP + 2 to 0x804f1aa...SUCCESS (CFT=0x804f1d1) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f1d1 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f1aa->804f1d1 resolveable_edge: 1, tailcall: 0, target: 804f1d1 [ParserDetails.C:588] pushing 804f1d1 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f1aa->804f1ac resolveable_edge: 1, tailcall: 0, target: 804f1ac [ParserDetails.C:588] pushing 804f1ac onto worklist [Parser.C] block 804f1d1 exists [Parser.C] skipping locally parsed target at 804f1d1 [Parser.C:1485] recording block [804f1ac,804f1ac) [Parser.C] parsing block 804f1ac [Parser.C:1274] curAddr 0x804f1ac: mov EAX, [EBX + 820] [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f1b2: cmp EAX, 3 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f1b5: jnz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f1ac,804f1b7) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1a + EIP + 2 to 0x804f1b5...SUCCESS (CFT=0x804f1d1) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f1d1 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f1b5->804f1d1 resolveable_edge: 1, tailcall: 0, target: 804f1d1 [ParserDetails.C:588] pushing 804f1d1 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f1b5->804f1b7 resolveable_edge: 1, tailcall: 0, target: 804f1b7 [ParserDetails.C:588] pushing 804f1b7 onto worklist [Parser.C] block 804f1d1 exists [Parser.C] skipping locally parsed target at 804f1d1 [Parser.C:1485] recording block [804f1b7,804f1b7) [Parser.C] parsing block 804f1b7 [Parser.C:1274] curAddr 0x804f1b7: lea EAX, EBX + ffff9ce4 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f1bd: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f1c0: call 47f8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 47f8 + EIP + 5 to 0x804f1c0...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f1b7,804f1c5) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f1c0->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f1c0->804f1c5 resolveable_edge: 1, tailcall: 0, target: 804f1c5 [ParserDetails.C:588] pushing 804f1c5 onto worklist [Parser.C] binding call 804f1c0->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804f1c5,804f1c5) [Parser.C] parsing block 804f1c5 [Parser.C:1274] curAddr 0x804f1c5: mov [EBX + 824], 1 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f1cf: jmp 60 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 60 + EIP + 2 to 0x804f1cf...SUCCESS (CFT=0x804f231) [Parser.C:1485] recording block [804f1c5,804f1d1) Getting edges Checking for Tail Call jump to 0x804f231 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804f1cf->804f231 resolveable_edge: 1, tailcall: 0, target: 804f231 [ParserDetails.C:588] pushing 804f231 onto worklist [Parser.C:1485] recording block [804f1e9,804f1e9) [Parser.C] parsing block 804f1e9 [Parser.C:1274] curAddr 0x804f1e9: lea EAX, EBX + ffff9d38 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f1ef: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f1f2: call 47c6 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 47c6 + EIP + 5 to 0x804f1f2...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f1e9,804f1f7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f1f2->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f1f2->804f1f7 resolveable_edge: 1, tailcall: 0, target: 804f1f7 [ParserDetails.C:588] pushing 804f1f7 onto worklist [Parser.C] binding call 804f1f2->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f1f7 exists [Parser.C] skipping locally parsed target at 804f1f7 [Parser.C:1485] recording block [804f201,804f201) [Parser.C] parsing block 804f201 [Parser.C:1274] curAddr 0x804f201: lea EAX, EBX + ffff9d64 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f207: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f20a: call 47ae + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 47ae + EIP + 5 to 0x804f20a...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f201,804f20f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f20a->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f20a->804f20f resolveable_edge: 1, tailcall: 0, target: 804f20f [ParserDetails.C:588] pushing 804f20f onto worklist [Parser.C] binding call 804f20a->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f20f exists [Parser.C] skipping locally parsed target at 804f20f [Parser.C:1485] recording block [804f219,804f219) [Parser.C] parsing block 804f219 [Parser.C:1274] curAddr 0x804f219: lea EAX, EBX + ffff9d90 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f21f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called [Parser.C:1274] curAddr 0x804f222: call 4796 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_10_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4796 + EIP + 5 to 0x804f222...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f219,804f227) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f222->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f222->804f227 resolveable_edge: 1, tailcall: 0, target: 804f227 [ParserDetails.C:588] pushing 804f227 onto worklist [Parser.C] binding call 804f222->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f227 exists [Parser.C] skipping locally parsed target at 804f227 [Parser.C] address 804f231 splits [804f227,804f237) (0x1d08fc0) [Parser.C:1485] recording block [804f231,804f237) [Parser.C] skipping locally parsed target at 804f231 [Parser.C] frame 804f179 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_10_func1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052b85) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052b85) [Parser.C:1485] recording block [8052b85,8052b85) [Parser.C] ==== starting to parse frame 8052b85 ==== [Parser.C] parsing block 8052b85 [Parser.C:1274] curAddr 0x8052b85: push EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_1 hasCFT called [Parser.C:1274] curAddr 0x8052b86: mov EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_1 hasCFT called [Parser.C:1274] curAddr 0x8052b88: call ffffaff8 + EIP + 5 [Parser.C:1280] leaf 1 funcname funCall38_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffaff8 + EIP + 5 to 0x8052b88...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8052b8d: add ECX, 9473 [Parser.C:1280] leaf 1 funcname funCall38_1 hasCFT called [Parser.C:1274] curAddr 0x8052b93: mov EAX, [ECX + 9a4] [Parser.C:1280] leaf 1 funcname funCall38_1 hasCFT called [Parser.C:1274] curAddr 0x8052b99: add EAX, 1 [Parser.C:1280] leaf 1 funcname funCall38_1 hasCFT called [Parser.C:1274] curAddr 0x8052b9c: mov [ECX + 9a4], EAX [Parser.C:1280] leaf 1 funcname funCall38_1 hasCFT called [Parser.C:1274] curAddr 0x8052ba2: pop EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_1 hasCFT called [Parser.C:1274] curAddr 0x8052ba3: ret near [ESP] [Parser.C:1280] leaf 1 funcname funCall38_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052b85,8052ba4) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052ba3 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052ba3...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052b85 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] funCall38_1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052ba4) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052ba4) [Parser.C:1485] recording block [8052ba4,8052ba4) [Parser.C] ==== starting to parse frame 8052ba4 ==== [Parser.C] parsing block 8052ba4 [Parser.C:1274] curAddr 0x8052ba4: push EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_2 hasCFT called [Parser.C:1274] curAddr 0x8052ba5: mov EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_2 hasCFT called [Parser.C:1274] curAddr 0x8052ba7: call ffffafd9 + EIP + 5 [Parser.C:1280] leaf 1 funcname funCall38_2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffafd9 + EIP + 5 to 0x8052ba7...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8052bac: add ECX, 9454 [Parser.C:1280] leaf 1 funcname funCall38_2 hasCFT called [Parser.C:1274] curAddr 0x8052bb2: mov EAX, [ECX + 9a4] [Parser.C:1280] leaf 1 funcname funCall38_2 hasCFT called [Parser.C:1274] curAddr 0x8052bb8: add EAX, 1 [Parser.C:1280] leaf 1 funcname funCall38_2 hasCFT called [Parser.C:1274] curAddr 0x8052bbb: mov [ECX + 9a4], EAX [Parser.C:1280] leaf 1 funcname funCall38_2 hasCFT called [Parser.C:1274] curAddr 0x8052bc1: pop EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_2 hasCFT called [Parser.C:1274] curAddr 0x8052bc2: ret near [ESP] [Parser.C:1280] leaf 1 funcname funCall38_2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052ba4,8052bc3) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052bc2 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052bc2...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052ba4 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] funCall38_2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052bc3) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052bc3) [Parser.C:1485] recording block [8052bc3,8052bc3) [Parser.C] ==== starting to parse frame 8052bc3 ==== [Parser.C] parsing block 8052bc3 [Parser.C:1274] curAddr 0x8052bc3: push EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_3 hasCFT called [Parser.C:1274] curAddr 0x8052bc4: mov EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_3 hasCFT called [Parser.C:1274] curAddr 0x8052bc6: call ffffafba + EIP + 5 [Parser.C:1280] leaf 1 funcname funCall38_3 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffafba + EIP + 5 to 0x8052bc6...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8052bcb: add ECX, 9435 [Parser.C:1280] leaf 1 funcname funCall38_3 hasCFT called [Parser.C:1274] curAddr 0x8052bd1: mov EAX, [ECX + 9a4] [Parser.C:1280] leaf 1 funcname funCall38_3 hasCFT called [Parser.C:1274] curAddr 0x8052bd7: add EAX, 1 [Parser.C:1280] leaf 1 funcname funCall38_3 hasCFT called [Parser.C:1274] curAddr 0x8052bda: mov [ECX + 9a4], EAX [Parser.C:1280] leaf 1 funcname funCall38_3 hasCFT called [Parser.C:1274] curAddr 0x8052be0: pop EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_3 hasCFT called [Parser.C:1274] curAddr 0x8052be1: ret near [ESP] [Parser.C:1280] leaf 1 funcname funCall38_3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052bc3,8052be2) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052be1 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052be1...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052bc3 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] funCall38_3 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052be2) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052be2) [Parser.C:1485] recording block [8052be2,8052be2) [Parser.C] ==== starting to parse frame 8052be2 ==== [Parser.C] parsing block 8052be2 [Parser.C:1274] curAddr 0x8052be2: push EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_4 hasCFT called [Parser.C:1274] curAddr 0x8052be3: mov EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_4 hasCFT called [Parser.C:1274] curAddr 0x8052be5: call ffffaf9b + EIP + 5 [Parser.C:1280] leaf 1 funcname funCall38_4 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffaf9b + EIP + 5 to 0x8052be5...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8052bea: add ECX, 9416 [Parser.C:1280] leaf 1 funcname funCall38_4 hasCFT called [Parser.C:1274] curAddr 0x8052bf0: mov EAX, [ECX + 9a4] [Parser.C:1280] leaf 1 funcname funCall38_4 hasCFT called [Parser.C:1274] curAddr 0x8052bf6: add EAX, 1 [Parser.C:1280] leaf 1 funcname funCall38_4 hasCFT called [Parser.C:1274] curAddr 0x8052bf9: mov [ECX + 9a4], EAX [Parser.C:1280] leaf 1 funcname funCall38_4 hasCFT called [Parser.C:1274] curAddr 0x8052bff: pop EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_4 hasCFT called [Parser.C:1274] curAddr 0x8052c00: ret near [ESP] [Parser.C:1280] leaf 1 funcname funCall38_4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052be2,8052c01) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052c00 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052c00...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052be2 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] funCall38_4 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052c01) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052c01) [Parser.C:1485] recording block [8052c01,8052c01) [Parser.C] ==== starting to parse frame 8052c01 ==== [Parser.C] parsing block 8052c01 [Parser.C:1274] curAddr 0x8052c01: push EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_5 hasCFT called [Parser.C:1274] curAddr 0x8052c02: mov EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_5 hasCFT called [Parser.C:1274] curAddr 0x8052c04: call ffffaf7c + EIP + 5 [Parser.C:1280] leaf 1 funcname funCall38_5 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffaf7c + EIP + 5 to 0x8052c04...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8052c09: add ECX, 93f7 [Parser.C:1280] leaf 1 funcname funCall38_5 hasCFT called [Parser.C:1274] curAddr 0x8052c0f: mov EAX, [ECX + 9a4] [Parser.C:1280] leaf 1 funcname funCall38_5 hasCFT called [Parser.C:1274] curAddr 0x8052c15: add EAX, 1 [Parser.C:1280] leaf 1 funcname funCall38_5 hasCFT called [Parser.C:1274] curAddr 0x8052c18: mov [ECX + 9a4], EAX [Parser.C:1280] leaf 1 funcname funCall38_5 hasCFT called [Parser.C:1274] curAddr 0x8052c1e: pop EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_5 hasCFT called [Parser.C:1274] curAddr 0x8052c1f: ret near [ESP] [Parser.C:1280] leaf 1 funcname funCall38_5 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052c01,8052c20) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052c1f Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052c1f...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052c01 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] funCall38_5 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052c20) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052c20) [Parser.C:1485] recording block [8052c20,8052c20) [Parser.C] ==== starting to parse frame 8052c20 ==== [Parser.C] parsing block 8052c20 [Parser.C:1274] curAddr 0x8052c20: push EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_6 hasCFT called [Parser.C:1274] curAddr 0x8052c21: mov EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_6 hasCFT called [Parser.C:1274] curAddr 0x8052c23: call ffffaf5d + EIP + 5 [Parser.C:1280] leaf 1 funcname funCall38_6 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffaf5d + EIP + 5 to 0x8052c23...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8052c28: add ECX, 93d8 [Parser.C:1280] leaf 1 funcname funCall38_6 hasCFT called [Parser.C:1274] curAddr 0x8052c2e: mov EAX, [ECX + 9a4] [Parser.C:1280] leaf 1 funcname funCall38_6 hasCFT called [Parser.C:1274] curAddr 0x8052c34: add EAX, 1 [Parser.C:1280] leaf 1 funcname funCall38_6 hasCFT called [Parser.C:1274] curAddr 0x8052c37: mov [ECX + 9a4], EAX [Parser.C:1280] leaf 1 funcname funCall38_6 hasCFT called [Parser.C:1274] curAddr 0x8052c3d: pop EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_6 hasCFT called [Parser.C:1274] curAddr 0x8052c3e: ret near [ESP] [Parser.C:1280] leaf 1 funcname funCall38_6 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052c20,8052c3f) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052c3e Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052c3e...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052c20 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] funCall38_6 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052c3f) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052c3f) [Parser.C:1485] recording block [8052c3f,8052c3f) [Parser.C] ==== starting to parse frame 8052c3f ==== [Parser.C] parsing block 8052c3f [Parser.C:1274] curAddr 0x8052c3f: push EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_7 hasCFT called [Parser.C:1274] curAddr 0x8052c40: mov EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_7 hasCFT called [Parser.C:1274] curAddr 0x8052c42: call ffffaf3e + EIP + 5 [Parser.C:1280] leaf 1 funcname funCall38_7 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffaf3e + EIP + 5 to 0x8052c42...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8052c47: add ECX, 93b9 [Parser.C:1280] leaf 1 funcname funCall38_7 hasCFT called [Parser.C:1274] curAddr 0x8052c4d: mov EAX, [ECX + 9a4] [Parser.C:1280] leaf 1 funcname funCall38_7 hasCFT called [Parser.C:1274] curAddr 0x8052c53: add EAX, 1 [Parser.C:1280] leaf 1 funcname funCall38_7 hasCFT called [Parser.C:1274] curAddr 0x8052c56: mov [ECX + 9a4], EAX [Parser.C:1280] leaf 1 funcname funCall38_7 hasCFT called [Parser.C:1274] curAddr 0x8052c5c: pop EBP, ESP [Parser.C:1280] leaf 1 funcname funCall38_7 hasCFT called [Parser.C:1274] curAddr 0x8052c5d: ret near [ESP] [Parser.C:1280] leaf 1 funcname funCall38_7 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052c3f,8052c5e) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052c5d Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052c5d...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052c3f complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] funCall38_7 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8054473) [Parser.C:180] entered parse_at([804ccd0,80549c4),8054473) function at 8054473 already parsed, status 3 [Parser.C:224] entered parse_at(8053d8b) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053d8b) [Parser.C:1485] recording block [8053d8b,8053d8b) [Parser.C] ==== starting to parse frame 8053d8b ==== [Parser.C] parsing block 8053d8b [Parser.C:1274] curAddr 0x8053d8b: push EBP, ESP [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053d8c: mov EBP, ESP [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053d8e: push EBX, ESP [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053d8f: sub ESP, 14 [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053d92: call ffff8f69 + EIP + 5 [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8f69 + EIP + 5 to 0x8053d92...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053d97: add EBX, 8269 [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053d9d: mov EAX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053da3: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053da5: mov [ESP + c], 182 [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053dad: lea EDX, EBX + ffffbedc [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053db3: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053db7: lea EDX, EBX + ffffbf38 [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053dbd: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053dc1: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053dc4: call ffff8dc7 + EIP + 5 [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8dc7 + EIP + 5 to 0x8053dc4...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [8053d8b,8053dc9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053dc4->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053dc4->8053dc9 resolveable_edge: 1, tailcall: 0, target: 8053dc9 [ParserDetails.C:588] pushing 8053dc9 onto worklist [Parser.C] binding call 8053dc4->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C:1485] recording block [8053dc9,8053dc9) [Parser.C] parsing block 8053dc9 [Parser.C:1274] curAddr 0x8053dc9: add ESP, 14 [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053dcc: pop EBX, ESP [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053dcd: pop EBP, ESP [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053dce: ret near [ESP] [Parser.C:1280] leaf 1 funcname warningSetTestName hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053dc9,8053dcf) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053dce Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053dce...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8053d8b complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] warningSetTestName return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804f713) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f713) [Parser.C:1485] recording block [804f713,804f713) [Parser.C] ==== starting to parse frame 804f713 ==== [Parser.C] parsing block 804f713 [Parser.C:1274] curAddr 0x804f713: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f714: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f716: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f717: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f71a: call ffffd5e1 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd5e1 + EIP + 5 to 0x804f71a...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804f71f: add EBX, c8e1 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f725: cmp [EBP + 8], 83 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f72c: jnz f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f713,804f72e) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz f + EIP + 2 to 0x804f72c...SUCCESS (CFT=0x804f73d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f72c->804f73d resolveable_edge: 1, tailcall: 0, target: 804f73d [ParserDetails.C:588] pushing 804f73d onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f72c->804f72e resolveable_edge: 1, tailcall: 0, target: 804f72e [ParserDetails.C:588] pushing 804f72e onto worklist [Parser.C:1485] recording block [804f73d,804f73d) [Parser.C] parsing block 804f73d [Parser.C:1274] curAddr 0x804f73d: cmp [EBP + c], 84 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f744: jnz f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f73d,804f746) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz f + EIP + 2 to 0x804f744...SUCCESS (CFT=0x804f755) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f744->804f755 resolveable_edge: 1, tailcall: 0, target: 804f755 [ParserDetails.C:588] pushing 804f755 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f744->804f746 resolveable_edge: 1, tailcall: 0, target: 804f746 [ParserDetails.C:588] pushing 804f746 onto worklist [Parser.C:1485] recording block [804f755,804f755) [Parser.C] parsing block 804f755 [Parser.C:1274] curAddr 0x804f755: cmp [EBP + 10], 85 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f75c: jnz f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f755,804f75e) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz f + EIP + 2 to 0x804f75c...SUCCESS (CFT=0x804f76d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f75c->804f76d resolveable_edge: 1, tailcall: 0, target: 804f76d [ParserDetails.C:588] pushing 804f76d onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f75c->804f75e resolveable_edge: 1, tailcall: 0, target: 804f75e [ParserDetails.C:588] pushing 804f75e onto worklist [Parser.C:1485] recording block [804f76d,804f76d) [Parser.C] parsing block 804f76d [Parser.C:1274] curAddr 0x804f76d: cmp [EBP + 14], 86 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f774: jnz f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f76d,804f776) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz f + EIP + 2 to 0x804f774...SUCCESS (CFT=0x804f785) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f774->804f785 resolveable_edge: 1, tailcall: 0, target: 804f785 [ParserDetails.C:588] pushing 804f785 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f774->804f776 resolveable_edge: 1, tailcall: 0, target: 804f776 [ParserDetails.C:588] pushing 804f776 onto worklist [Parser.C:1485] recording block [804f785,804f785) [Parser.C] parsing block 804f785 [Parser.C:1274] curAddr 0x804f785: cmp [EBP + 18], 87 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f78c: jnz f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f785,804f78e) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz f + EIP + 2 to 0x804f78c...SUCCESS (CFT=0x804f79d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f78c->804f79d resolveable_edge: 1, tailcall: 0, target: 804f79d [ParserDetails.C:588] pushing 804f79d onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f78c->804f78e resolveable_edge: 1, tailcall: 0, target: 804f78e [ParserDetails.C:588] pushing 804f78e onto worklist [Parser.C:1485] recording block [804f79d,804f79d) [Parser.C] parsing block 804f79d [Parser.C:1274] curAddr 0x804f79d: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7a3: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7a5: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7a7: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f79d,804f7a9) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f7a7...SUCCESS (CFT=0x804f7be) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f7a7->804f7be resolveable_edge: 1, tailcall: 0, target: 804f7be [ParserDetails.C:588] pushing 804f7be onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f7a7->804f7a9 resolveable_edge: 1, tailcall: 0, target: 804f7a9 [ParserDetails.C:588] pushing 804f7a9 onto worklist [Parser.C:1485] recording block [804f7be,804f7be) [Parser.C] parsing block 804f7be [Parser.C:1274] curAddr 0x804f7be: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7c4: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7c6: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7c8: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f7be,804f7ca) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f7c8...SUCCESS (CFT=0x804f7df) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f7c8->804f7df resolveable_edge: 1, tailcall: 0, target: 804f7df [ParserDetails.C:588] pushing 804f7df onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f7c8->804f7ca resolveable_edge: 1, tailcall: 0, target: 804f7ca [ParserDetails.C:588] pushing 804f7ca onto worklist [Parser.C:1485] recording block [804f7df,804f7df) [Parser.C] parsing block 804f7df [Parser.C:1274] curAddr 0x804f7df: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7e5: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7e7: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7e9: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f7df,804f7eb) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f7e9...SUCCESS (CFT=0x804f800) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f7e9->804f800 resolveable_edge: 1, tailcall: 0, target: 804f800 [ParserDetails.C:588] pushing 804f800 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f7e9->804f7eb resolveable_edge: 1, tailcall: 0, target: 804f7eb [ParserDetails.C:588] pushing 804f7eb onto worklist [Parser.C:1485] recording block [804f800,804f800) [Parser.C] parsing block 804f800 [Parser.C:1274] curAddr 0x804f800: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f806: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f808: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f80a: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f800,804f80c) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f80a...SUCCESS (CFT=0x804f821) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f80a->804f821 resolveable_edge: 1, tailcall: 0, target: 804f821 [ParserDetails.C:588] pushing 804f821 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f80a->804f80c resolveable_edge: 1, tailcall: 0, target: 804f80c [ParserDetails.C:588] pushing 804f80c onto worklist [Parser.C:1485] recording block [804f821,804f821) [Parser.C] parsing block 804f821 [Parser.C:1274] curAddr 0x804f821: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f827: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f829: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f82b: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f821,804f82d) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f82b...SUCCESS (CFT=0x804f842) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f82b->804f842 resolveable_edge: 1, tailcall: 0, target: 804f842 [ParserDetails.C:588] pushing 804f842 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f82b->804f82d resolveable_edge: 1, tailcall: 0, target: 804f82d [ParserDetails.C:588] pushing 804f82d onto worklist [Parser.C:1485] recording block [804f842,804f842) [Parser.C] parsing block 804f842 [Parser.C:1274] curAddr 0x804f842: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f845: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f846: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f847: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f842,804f848) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f847 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f847...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804f72e,804f72e) [Parser.C] parsing block 804f72e [Parser.C:1274] curAddr 0x804f72e: mov EAX, [EBX + 848] [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f734: or EAX, 1 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f737: mov [EBX + 848], EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C] straight-line parse into block at 804f73d [Parser.C:1485] recording block [804f72e,804f73d) [Parser.C] block 804f73d exists [Parser.C:1485] recording block [804f746,804f746) [Parser.C] parsing block 804f746 [Parser.C:1274] curAddr 0x804f746: mov EAX, [EBX + 848] [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f74c: or EAX, 2 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f74f: mov [EBX + 848], EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C] straight-line parse into block at 804f755 [Parser.C:1485] recording block [804f746,804f755) [Parser.C] block 804f755 exists [Parser.C:1485] recording block [804f75e,804f75e) [Parser.C] parsing block 804f75e [Parser.C:1274] curAddr 0x804f75e: mov EAX, [EBX + 848] [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f764: or EAX, 4 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f767: mov [EBX + 848], EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C] straight-line parse into block at 804f76d [Parser.C:1485] recording block [804f75e,804f76d) [Parser.C] block 804f76d exists [Parser.C:1485] recording block [804f776,804f776) [Parser.C] parsing block 804f776 [Parser.C:1274] curAddr 0x804f776: mov EAX, [EBX + 848] [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f77c: or EAX, 8 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f77f: mov [EBX + 848], EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C] straight-line parse into block at 804f785 [Parser.C:1485] recording block [804f776,804f785) [Parser.C] block 804f785 exists [Parser.C:1485] recording block [804f78e,804f78e) [Parser.C] parsing block 804f78e [Parser.C:1274] curAddr 0x804f78e: mov EAX, [EBX + 848] [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f794: or EAX, 10 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f797: mov [EBX + 848], EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C] straight-line parse into block at 804f79d [Parser.C:1485] recording block [804f78e,804f79d) [Parser.C] block 804f79d exists [Parser.C:1485] recording block [804f7a9,804f7a9) [Parser.C] parsing block 804f7a9 [Parser.C:1274] curAddr 0x804f7a9: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7ac: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7b0: lea EAX, EBX + ffffa0e9 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7b6: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7b9: call ffffd292 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd292 + EIP + 5 to 0x804f7b9...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [804f7a9,804f7be) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f7b9->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f7b9->804f7be resolveable_edge: 1, tailcall: 0, target: 804f7be [ParserDetails.C:588] pushing 804f7be onto worklist [Parser.C] binding call 804f7b9->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 804f7be exists [Parser.C] skipping locally parsed target at 804f7be [Parser.C:1485] recording block [804f7ca,804f7ca) [Parser.C] parsing block 804f7ca [Parser.C:1274] curAddr 0x804f7ca: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7cd: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7d1: lea EAX, EBX + ffffa0f2 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7d7: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7da: call ffffd271 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd271 + EIP + 5 to 0x804f7da...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [804f7ca,804f7df) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f7da->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f7da->804f7df resolveable_edge: 1, tailcall: 0, target: 804f7df [ParserDetails.C:588] pushing 804f7df onto worklist [Parser.C] binding call 804f7da->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 804f7df exists [Parser.C] skipping locally parsed target at 804f7df [Parser.C:1485] recording block [804f7eb,804f7eb) [Parser.C] parsing block 804f7eb [Parser.C:1274] curAddr 0x804f7eb: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7ee: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7f2: lea EAX, EBX + ffffa0fb [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7f8: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f7fb: call ffffd250 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd250 + EIP + 5 to 0x804f7fb...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [804f7eb,804f800) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f7fb->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f7fb->804f800 resolveable_edge: 1, tailcall: 0, target: 804f800 [ParserDetails.C:588] pushing 804f800 onto worklist [Parser.C] binding call 804f7fb->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 804f800 exists [Parser.C] skipping locally parsed target at 804f800 [Parser.C:1485] recording block [804f80c,804f80c) [Parser.C] parsing block 804f80c [Parser.C:1274] curAddr 0x804f80c: mov EAX, [EBP + 14] [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f80f: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f813: lea EAX, EBX + ffffa104 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f819: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f81c: call ffffd22f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd22f + EIP + 5 to 0x804f81c...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [804f80c,804f821) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f81c->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f81c->804f821 resolveable_edge: 1, tailcall: 0, target: 804f821 [ParserDetails.C:588] pushing 804f821 onto worklist [Parser.C] binding call 804f81c->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 804f821 exists [Parser.C] skipping locally parsed target at 804f821 [Parser.C:1485] recording block [804f82d,804f82d) [Parser.C] parsing block 804f82d [Parser.C:1274] curAddr 0x804f82d: mov EAX, [EBP + 18] [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f830: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f834: lea EAX, EBX + ffffa10d [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f83a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called [Parser.C:1274] curAddr 0x804f83d: call ffffd20e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd20e + EIP + 5 to 0x804f83d...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [804f82d,804f842) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f83d->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f83d->804f842 resolveable_edge: 1, tailcall: 0, target: 804f842 [ParserDetails.C:588] pushing 804f842 onto worklist [Parser.C] binding call 804f83d->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 804f842 exists [Parser.C] skipping locally parsed target at 804f842 [Parser.C] frame 804f713 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_13_call1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(805086f) [Parser.C:180] entered parse_at([804ccd0,80549c4),805086f) [Parser.C:1485] recording block [805086f,805086f) [Parser.C] ==== starting to parse frame 805086f ==== [Parser.C] parsing block 805086f [Parser.C:1274] curAddr 0x805086f: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050870: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050872: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050873: sub ESP, b4 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050879: call ffffc482 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffc482 + EIP + 5 to 0x8050879...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x805087e: add EBX, b782 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050884: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x805088b: mov EAX, [EBX + 550] [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050891: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050895: lea EAX, EBX + ffffa91d [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x805089b: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x805089f: lea EAX, EBP + ffffff64 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80508a5: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80508a8: call ffffc3a3 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffc3a3 + EIP + 5 to 0x80508a8...SUCCESS (CFT=0x804cc50) [Parser.C:1485] recording block [805086f,80508ad) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80508a8->804cc50 resolveable_edge: 1, tailcall: 0, target: 804cc50 [ParserDetails.C:588] pushing 804cc50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80508a8->80508ad resolveable_edge: 1, tailcall: 0, target: 80508ad [ParserDetails.C:588] pushing 80508ad onto worklist [Parser.C] binding call 80508a8->804cc50 [ParseData.C] new function for target 804cc50 [Parser.C:1485] recording block [804cc50,804cc50) [suspend frame 805086f] [Parser.C] frame 805086f blocked at 80508a8 call target 804cc50 [Parser.C] block 804cc50 exists [Parser.C] ==== starting to parse frame 804cc50 ==== [Parser.C] parsing block 804cc50 [Parser.C:1274] curAddr 0x804cc50: jmp [805c098] [Parser.C:1280] leaf 1 funcname targ804cc50 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c098] to 0x804cc50...FAIL (CFT=0x0), callTarget exp: [805c098] ... indirect jump at 0x804cc50, delay parsing it [Parser.C:1485] recording block [804cc50,804cc56) ... continue parse indirect jump at 804cc50 [Parser.C:1485] recording block [804cc50,804cc56) Getting edges ... indirect jump at 0x804cc50 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c098] at 0x804cc50 Apply indirect control flow analysis at 804cc50 Looking for thunk Looking for thunk in block [804cc50,804cc56).......WARNING: after advance at 0x804cc56, curInsn() NULL Expanding instruction @ 804cc50: jmp [805c098] Original expand: (<134594712:32>,) Adding assignment (@804cc50<[x86::eip]>[_805c098]) in instruction jmp [805c098] at 804cc50, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cc50, insn: jmp [805c098] Old fact for 804cc50: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cc50 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cc50<[x86::eip]>[_805c098]) Instruction: jmp [805c098] AST: (<134594712:64>,) Generate bound fact for Interval 0[134594712,134594712] 0[805c098,805c098], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594712:64>,) Apply relations2 to (<134594712:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594712,134594712] 0[805c098,805c098], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594712:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cc50 The fact from 804cc50 before applying transfer function Do not track predicate Var: , Interval 0[134594712,134594712] 0[805c098,805c098], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594712:64>,) No known value at the top of the stack Fact from 804cc50 after applying transfer function Do not track predicate Var: , Interval 0[134594712,134594712] 0[805c098,805c098], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594712:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594712,134594712] 0[805c098,805c098], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594712:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594712,134594712] 0[805c098,805c098], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c098 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cc50 (804cc50) No targets, exits func Adding block 0x804cc50 as exit 804cc50 extent [804cc50,804cc56) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c098] at 0x804cc50 in function targ804cc50 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cc50->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for sprintf [Parser.C] frame 804cc50 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] sprintf return status 2, no waiters [Parser.C] ==== resuming parse of frame 805086f ==== Checking non-returning for sprintf [Parser.C:1485] recording block [80508ad,80508ad) [Parser.C] parsing block 80508ad [Parser.C:1274] curAddr 0x80508ad: mov [EBX + 8a8], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80508b3: lea EAX, EBP + ffffff64 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80508b9: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80508bc: call ffffff1f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffff1f + EIP + 5 to 0x80508bc...SUCCESS (CFT=0x80507e0) [Parser.C:1485] recording block [80508ad,80508c1) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80508bc->80507e0 resolveable_edge: 1, tailcall: 0, target: 80507e0 [ParserDetails.C:588] pushing 80507e0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80508bc->80508c1 resolveable_edge: 1, tailcall: 0, target: 80508c1 [ParserDetails.C:588] pushing 80508c1 onto worklist [Parser.C] binding call 80508bc->80507e0 [Parser.C:1485] recording block [80507e0,80507e0) [suspend frame 805086f] [Parser.C] frame 805086f blocked at 80508bc call target 80507e0 [Parser.C] block 80507e0 exists [Parser.C] ==== starting to parse frame 80507e0 ==== [Parser.C] parsing block 80507e0 [Parser.C:1274] curAddr 0x80507e0: push EBP, ESP [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x80507e1: mov EBP, ESP [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x80507e3: push EBX, ESP [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x80507e4: sub ESP, 24 [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x80507e7: call ffffc514 + EIP + 5 [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffc514 + EIP + 5 to 0x80507e7...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x80507ec: add EBX, b814 [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x80507f2: mov [EBP + fffffffffffffff4], 2 [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x80507f9: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x80507fc: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x8050800: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x8050803: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x8050806: call ffffc465 + EIP + 5 [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffc465 + EIP + 5 to 0x8050806...SUCCESS (CFT=0x804cc70) [Parser.C:1485] recording block [80507e0,805080b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050806->804cc70 resolveable_edge: 1, tailcall: 0, target: 804cc70 [ParserDetails.C:588] pushing 804cc70 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050806->805080b resolveable_edge: 1, tailcall: 0, target: 805080b [ParserDetails.C:588] pushing 805080b onto worklist [Parser.C] binding call 8050806->804cc70 [ParseData.C] new function for target 804cc70 [Parser.C:1485] recording block [804cc70,804cc70) [suspend frame 80507e0] [Parser.C] frame 80507e0 blocked at 8050806 call target 804cc70 [Parser.C] block 804cc70 exists [Parser.C] ==== starting to parse frame 804cc70 ==== [Parser.C] parsing block 804cc70 [Parser.C:1274] curAddr 0x804cc70: jmp [805c0a0] [Parser.C:1280] leaf 1 funcname targ804cc70 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c0a0] to 0x804cc70...FAIL (CFT=0x0), callTarget exp: [805c0a0] ... indirect jump at 0x804cc70, delay parsing it [Parser.C:1485] recording block [804cc70,804cc76) ... continue parse indirect jump at 804cc70 [Parser.C:1485] recording block [804cc70,804cc76) Getting edges ... indirect jump at 0x804cc70 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c0a0] at 0x804cc70 Apply indirect control flow analysis at 804cc70 Looking for thunk Looking for thunk in block [804cc70,804cc76).......WARNING: after advance at 0x804cc76, curInsn() NULL Expanding instruction @ 804cc70: jmp [805c0a0] Original expand: (<134594720:32>,) Adding assignment (@804cc70<[x86::eip]>[_805c0a0]) in instruction jmp [805c0a0] at 804cc70, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cc70, insn: jmp [805c0a0] Old fact for 804cc70: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cc70 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cc70<[x86::eip]>[_805c0a0]) Instruction: jmp [805c0a0] AST: (<134594720:64>,) Generate bound fact for Interval 0[134594720,134594720] 0[805c0a0,805c0a0], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594720:64>,) Apply relations2 to (<134594720:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594720,134594720] 0[805c0a0,805c0a0], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594720:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cc70 The fact from 804cc70 before applying transfer function Do not track predicate Var: , Interval 0[134594720,134594720] 0[805c0a0,805c0a0], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594720:64>,) No known value at the top of the stack Fact from 804cc70 after applying transfer function Do not track predicate Var: , Interval 0[134594720,134594720] 0[805c0a0,805c0a0], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594720:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594720,134594720] 0[805c0a0,805c0a0], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594720:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594720,134594720] 0[805c0a0,805c0a0], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c0a0 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cc70 (804cc70) No targets, exits func Adding block 0x804cc70 as exit 804cc70 extent [804cc70,804cc76) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c0a0] at 0x804cc70 in function targ804cc70 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cc70->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for dlopen [Parser.C] frame 804cc70 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] dlopen return status 2, no waiters [Parser.C] ==== resuming parse of frame 80507e0 ==== Checking non-returning for dlopen [Parser.C:1485] recording block [805080b,805080b) [Parser.C] parsing block 805080b [Parser.C:1274] curAddr 0x805080b: mov [EBP + fffffffffffffff0], EAX [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x805080e: cmp [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x8050812: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called branch or return, ret true [Parser.C:1485] recording block [805080b,8050814) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x8050812...SUCCESS (CFT=0x8050822) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050812->8050822 resolveable_edge: 1, tailcall: 0, target: 8050822 [ParserDetails.C:588] pushing 8050822 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050812->8050814 resolveable_edge: 1, tailcall: 0, target: 8050814 [ParserDetails.C:588] pushing 8050814 onto worklist [Parser.C:1485] recording block [8050822,8050822) [Parser.C] parsing block 8050822 [Parser.C:1274] curAddr 0x8050822: mov EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x8050825: add ESP, 24 [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x8050828: pop EBX, ESP [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x8050829: pop EBP, ESP [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x805082a: ret near [ESP] [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050822,805082b) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x805082a Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x805082a...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8050814,8050814) [Parser.C] parsing block 8050814 [Parser.C:1274] curAddr 0x8050814: lea EAX, EBX + ffffa8cc [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x805081a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called [Parser.C:1274] curAddr 0x805081d: call ffffc29e + EIP + 5 [Parser.C:1280] leaf 1 funcname loadDynamicLibrary hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffc29e + EIP + 5 to 0x805081d...SUCCESS (CFT=0x804cac0) [Parser.C:1485] recording block [8050814,8050822) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805081d->804cac0 resolveable_edge: 1, tailcall: 0, target: 804cac0 [ParserDetails.C:588] pushing 804cac0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805081d->8050822 resolveable_edge: 1, tailcall: 0, target: 8050822 [ParserDetails.C:588] pushing 8050822 onto worklist [Parser.C] binding call 805081d->804cac0 [ParseData.C] new function for target 804cac0 [Parser.C:1485] recording block [804cac0,804cac0) [suspend frame 80507e0] [Parser.C] frame 80507e0 blocked at 805081d call target 804cac0 [Parser.C] block 804cac0 exists [Parser.C] ==== starting to parse frame 804cac0 ==== [Parser.C] parsing block 804cac0 [Parser.C:1274] curAddr 0x804cac0: jmp [805c034] [Parser.C:1280] leaf 1 funcname targ804cac0 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c034] to 0x804cac0...FAIL (CFT=0x0), callTarget exp: [805c034] ... indirect jump at 0x804cac0, delay parsing it [Parser.C:1485] recording block [804cac0,804cac6) ... continue parse indirect jump at 804cac0 [Parser.C:1485] recording block [804cac0,804cac6) Getting edges ... indirect jump at 0x804cac0 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c034] at 0x804cac0 Apply indirect control flow analysis at 804cac0 Looking for thunk Looking for thunk in block [804cac0,804cac6).......WARNING: after advance at 0x804cac6, curInsn() NULL Expanding instruction @ 804cac0: jmp [805c034] Original expand: (<134594612:32>,) Adding assignment (@804cac0<[x86::eip]>[_805c034]) in instruction jmp [805c034] at 804cac0, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cac0, insn: jmp [805c034] Old fact for 804cac0: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cac0 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cac0<[x86::eip]>[_805c034]) Instruction: jmp [805c034] AST: (<134594612:64>,) Generate bound fact for Interval 0[134594612,134594612] 0[805c034,805c034], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594612:64>,) Apply relations2 to (<134594612:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594612,134594612] 0[805c034,805c034], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594612:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cac0 The fact from 804cac0 before applying transfer function Do not track predicate Var: , Interval 0[134594612,134594612] 0[805c034,805c034], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594612:64>,) No known value at the top of the stack Fact from 804cac0 after applying transfer function Do not track predicate Var: , Interval 0[134594612,134594612] 0[805c034,805c034], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594612:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594612,134594612] 0[805c034,805c034], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594612:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594612,134594612] 0[805c034,805c034], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c034 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cac0 (804cac0) No targets, exits func Adding block 0x804cac0 as exit 804cac0 extent [804cac0,804cac6) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c034] at 0x804cac0 in function targ804cac0 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cac0->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for perror [Parser.C] frame 804cac0 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] perror return status 2, no waiters [Parser.C] ==== resuming parse of frame 80507e0 ==== Checking non-returning for perror [Parser.C] block 8050822 exists [Parser.C] skipping locally parsed target at 8050822 [Parser.C] frame 80507e0 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] loadDynamicLibrary return status 3, no waiters [Parser.C] ==== resuming parse of frame 805086f ==== Checking non-returning for loadDynamicLibrary Checking non-returning for loadDynamicLibrary [Parser.C:1485] recording block [80508c1,80508c1) [Parser.C] parsing block 80508c1 [Parser.C:1274] curAddr 0x80508c1: mov [EBP + fffffffffffffff0], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80508c4: cmp [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80508c8: jnz 2d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80508c1,80508ca) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 2d + EIP + 2 to 0x80508c8...SUCCESS (CFT=0x80508f7) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80508c8->80508f7 resolveable_edge: 1, tailcall: 0, target: 80508f7 [ParserDetails.C:588] pushing 80508f7 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80508c8->80508ca resolveable_edge: 1, tailcall: 0, target: 80508ca [ParserDetails.C:588] pushing 80508ca onto worklist [Parser.C:1485] recording block [80508f7,80508f7) [Parser.C] parsing block 80508f7 [Parser.C:1274] curAddr 0x80508f7: lea EAX, EBX + ffffa96e [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80508fd: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050901: mov EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050904: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050907: call ffffff1f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffff1f + EIP + 5 to 0x8050907...SUCCESS (CFT=0x805082b) [Parser.C:1485] recording block [80508f7,805090c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050907->805082b resolveable_edge: 1, tailcall: 0, target: 805082b [ParserDetails.C:588] pushing 805082b onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050907->805090c resolveable_edge: 1, tailcall: 0, target: 805090c [ParserDetails.C:588] pushing 805090c onto worklist [Parser.C] binding call 8050907->805082b [Parser.C:1485] recording block [805082b,805082b) [suspend frame 805086f] [Parser.C] frame 805086f blocked at 8050907 call target 805082b [Parser.C] block 805082b exists [Parser.C] ==== starting to parse frame 805082b ==== [Parser.C] parsing block 805082b [Parser.C:1274] curAddr 0x805082b: push EBP, ESP [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x805082c: mov EBP, ESP [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x805082e: push EBX, ESP [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x805082f: sub ESP, 24 [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x8050832: call ffffc4c9 + EIP + 5 [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffc4c9 + EIP + 5 to 0x8050832...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8050837: add EBX, b7c9 [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x805083d: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x8050840: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x8050844: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x8050847: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x805084a: call ffffc361 + EIP + 5 [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffc361 + EIP + 5 to 0x805084a...SUCCESS (CFT=0x804cbb0) [Parser.C:1485] recording block [805082b,805084f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805084a->804cbb0 resolveable_edge: 1, tailcall: 0, target: 804cbb0 [ParserDetails.C:588] pushing 804cbb0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805084a->805084f resolveable_edge: 1, tailcall: 0, target: 805084f [ParserDetails.C:588] pushing 805084f onto worklist [Parser.C] binding call 805084a->804cbb0 [ParseData.C] new function for target 804cbb0 [Parser.C:1485] recording block [804cbb0,804cbb0) [suspend frame 805082b] [Parser.C] frame 805082b blocked at 805084a call target 804cbb0 [Parser.C] block 804cbb0 exists [Parser.C] ==== starting to parse frame 804cbb0 ==== [Parser.C] parsing block 804cbb0 [Parser.C:1274] curAddr 0x804cbb0: jmp [805c070] [Parser.C:1280] leaf 1 funcname targ804cbb0 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c070] to 0x804cbb0...FAIL (CFT=0x0), callTarget exp: [805c070] ... indirect jump at 0x804cbb0, delay parsing it [Parser.C:1485] recording block [804cbb0,804cbb6) ... continue parse indirect jump at 804cbb0 [Parser.C:1485] recording block [804cbb0,804cbb6) Getting edges ... indirect jump at 0x804cbb0 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c070] at 0x804cbb0 Apply indirect control flow analysis at 804cbb0 Looking for thunk Looking for thunk in block [804cbb0,804cbb6).......WARNING: after advance at 0x804cbb6, curInsn() NULL Expanding instruction @ 804cbb0: jmp [805c070] Original expand: (<134594672:32>,) Adding assignment (@804cbb0<[x86::eip]>[_805c070]) in instruction jmp [805c070] at 804cbb0, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cbb0, insn: jmp [805c070] Old fact for 804cbb0: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cbb0 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cbb0<[x86::eip]>[_805c070]) Instruction: jmp [805c070] AST: (<134594672:64>,) Generate bound fact for Interval 0[134594672,134594672] 0[805c070,805c070], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594672:64>,) Apply relations2 to (<134594672:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594672,134594672] 0[805c070,805c070], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594672:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cbb0 The fact from 804cbb0 before applying transfer function Do not track predicate Var: , Interval 0[134594672,134594672] 0[805c070,805c070], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594672:64>,) No known value at the top of the stack Fact from 804cbb0 after applying transfer function Do not track predicate Var: , Interval 0[134594672,134594672] 0[805c070,805c070], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594672:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594672,134594672] 0[805c070,805c070], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594672:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594672,134594672] 0[805c070,805c070], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c070 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cbb0 (804cbb0) No targets, exits func Adding block 0x804cbb0 as exit 804cbb0 extent [804cbb0,804cbb6) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c070] at 0x804cbb0 in function targ804cbb0 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cbb0->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for dlsym [Parser.C] frame 804cbb0 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] dlsym return status 2, no waiters [Parser.C] ==== resuming parse of frame 805082b ==== Checking non-returning for dlsym [Parser.C:1485] recording block [805084f,805084f) [Parser.C] parsing block 805084f [Parser.C:1274] curAddr 0x805084f: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x8050852: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x8050856: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called branch or return, ret true [Parser.C:1485] recording block [805084f,8050858) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x8050856...SUCCESS (CFT=0x8050866) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050856->8050866 resolveable_edge: 1, tailcall: 0, target: 8050866 [ParserDetails.C:588] pushing 8050866 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050856->8050858 resolveable_edge: 1, tailcall: 0, target: 8050858 [ParserDetails.C:588] pushing 8050858 onto worklist [Parser.C:1485] recording block [8050866,8050866) [Parser.C] parsing block 8050866 [Parser.C:1274] curAddr 0x8050866: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x8050869: add ESP, 24 [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x805086c: pop EBX, ESP [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x805086d: pop EBP, ESP [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x805086e: ret near [ESP] [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050866,805086f) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x805086e Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x805086e...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8050858,8050858) [Parser.C] parsing block 8050858 [Parser.C:1274] curAddr 0x8050858: lea EAX, EBX + ffffa8f8 [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x805085e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called [Parser.C:1274] curAddr 0x8050861: call ffffc25a + EIP + 5 [Parser.C:1280] leaf 1 funcname getFuncFromDLL hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffc25a + EIP + 5 to 0x8050861...SUCCESS (CFT=0x804cac0) [Parser.C:1485] recording block [8050858,8050866) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050861->804cac0 resolveable_edge: 1, tailcall: 0, target: 804cac0 [ParserDetails.C:588] pushing 804cac0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050861->8050866 resolveable_edge: 1, tailcall: 0, target: 8050866 [ParserDetails.C:588] pushing 8050866 onto worklist [Parser.C] binding call 8050861->804cac0 [Parser.C] block 804cac0 exists Checking non-returning for perror [Parser.C] block 8050866 exists [Parser.C] skipping locally parsed target at 8050866 [Parser.C] frame 805082b complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] getFuncFromDLL return status 3, no waiters [Parser.C] ==== resuming parse of frame 805086f ==== Checking non-returning for getFuncFromDLL Checking non-returning for getFuncFromDLL [Parser.C:1485] recording block [805090c,805090c) [Parser.C] parsing block 805090c [Parser.C:1274] curAddr 0x805090c: mov [EBP + ffffffffffffffec], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x805090f: cmp [EBP + ffffffffffffffec], 0 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050913: jnz 2d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [805090c,8050915) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 2d + EIP + 2 to 0x8050913...SUCCESS (CFT=0x8050942) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050913->8050942 resolveable_edge: 1, tailcall: 0, target: 8050942 [ParserDetails.C:588] pushing 8050942 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050913->8050915 resolveable_edge: 1, tailcall: 0, target: 8050915 [ParserDetails.C:588] pushing 8050915 onto worklist [Parser.C:1485] recording block [8050942,8050942) [Parser.C] parsing block 8050942 [Parser.C:1274] curAddr 0x8050942: lea EAX, EBX + ffffa9aa [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050948: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x805094c: mov EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x805094f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050952: call fffffed4 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffed4 + EIP + 5 to 0x8050952...SUCCESS (CFT=0x805082b) [Parser.C:1485] recording block [8050942,8050957) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050952->805082b resolveable_edge: 1, tailcall: 0, target: 805082b [ParserDetails.C:588] pushing 805082b onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050952->8050957 resolveable_edge: 1, tailcall: 0, target: 8050957 [ParserDetails.C:588] pushing 8050957 onto worklist [Parser.C] binding call 8050952->805082b [Parser.C] block 805082b exists Checking non-returning for getFuncFromDLL Checking non-returning for getFuncFromDLL [Parser.C:1485] recording block [8050957,8050957) [Parser.C] parsing block 8050957 [Parser.C:1274] curAddr 0x8050957: mov [EBP + ffffffffffffffe8], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x805095a: cmp [EBP + ffffffffffffffe8], 0 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x805095e: jnz 2d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050957,8050960) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 2d + EIP + 2 to 0x805095e...SUCCESS (CFT=0x805098d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805095e->805098d resolveable_edge: 1, tailcall: 0, target: 805098d [ParserDetails.C:588] pushing 805098d onto worklist ParserDetails.C[80]: adding conditional not taken edge 805095e->8050960 resolveable_edge: 1, tailcall: 0, target: 8050960 [ParserDetails.C:588] pushing 8050960 onto worklist [Parser.C:1485] recording block [805098d,805098d) [Parser.C] parsing block 805098d [Parser.C:1274] curAddr 0x805098d: mov [ESP], a [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050994: call e2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call e2 + EIP + 5 to 0x8050994...SUCCESS (CFT=0x8050a7b) [Parser.C:1485] recording block [805098d,8050999) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050994->8050a7b resolveable_edge: 1, tailcall: 0, target: 8050a7b [ParserDetails.C:588] pushing 8050a7b onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050994->8050999 resolveable_edge: 1, tailcall: 0, target: 8050999 [ParserDetails.C:588] pushing 8050999 onto worklist [Parser.C] binding call 8050994->8050a7b [Parser.C:1485] recording block [8050a7b,8050a7b) [suspend frame 805086f] [Parser.C] frame 805086f blocked at 8050994 call target 8050a7b [Parser.C] block 8050a7b exists [Parser.C] ==== starting to parse frame 8050a7b ==== [Parser.C] parsing block 8050a7b [Parser.C:1274] curAddr 0x8050a7b: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_22_call1 hasCFT called [Parser.C:1274] curAddr 0x8050a7c: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_22_call1 hasCFT called [Parser.C:1274] curAddr 0x8050a7e: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_22_call1 hasCFT called [Parser.C:1274] curAddr 0x8050a81: add EAX, 219224 [Parser.C:1280] leaf 1 funcname test1_22_call1 hasCFT called [Parser.C:1274] curAddr 0x8050a86: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_22_call1 hasCFT called [Parser.C:1274] curAddr 0x8050a87: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_22_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050a7b,8050a88) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8050a87 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8050a87...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8050a7b complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_22_call1 return status 3, no waiters [Parser.C] ==== resuming parse of frame 805086f ==== Checking non-returning for test1_22_call1 Checking non-returning for test1_22_call1 [Parser.C:1485] recording block [8050999,8050999) [Parser.C] parsing block 8050999 [Parser.C:1274] curAddr 0x8050999: mov [EBP + ffffffffffffffe4], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x805099c: cmp [EBP + ffffffffffffffe4], 219292 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80509a3: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050999,80509a5) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x80509a3...SUCCESS (CFT=0x80509ba) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80509a3->80509ba resolveable_edge: 1, tailcall: 0, target: 80509ba [ParserDetails.C:588] pushing 80509ba onto worklist ParserDetails.C[80]: adding conditional not taken edge 80509a3->80509a5 resolveable_edge: 1, tailcall: 0, target: 80509a5 [ParserDetails.C:588] pushing 80509a5 onto worklist [Parser.C:1485] recording block [80509ba,80509ba) [Parser.C] parsing block 80509ba [Parser.C:1274] curAddr 0x80509ba: mov [ESP], 14 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80509c1: call cf + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call cf + EIP + 5 to 0x80509c1...SUCCESS (CFT=0x8050a95) [Parser.C:1485] recording block [80509ba,80509c6) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80509c1->8050a95 resolveable_edge: 1, tailcall: 0, target: 8050a95 [ParserDetails.C:588] pushing 8050a95 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80509c1->80509c6 resolveable_edge: 1, tailcall: 0, target: 80509c6 [ParserDetails.C:588] pushing 80509c6 onto worklist [Parser.C] binding call 80509c1->8050a95 [Parser.C:1485] recording block [8050a95,8050a95) [suspend frame 805086f] [Parser.C] frame 805086f blocked at 80509c1 call target 8050a95 [Parser.C] block 8050a95 exists [Parser.C] ==== starting to parse frame 8050a95 ==== [Parser.C] parsing block 8050a95 [Parser.C:1274] curAddr 0x8050a95: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_22_call3 hasCFT called [Parser.C:1274] curAddr 0x8050a96: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_22_call3 hasCFT called [Parser.C:1274] curAddr 0x8050a98: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_22_call3 hasCFT called [Parser.C:1274] curAddr 0x8050a9b: add EAX, 2192ec [Parser.C:1280] leaf 1 funcname test1_22_call3 hasCFT called [Parser.C:1274] curAddr 0x8050aa0: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_22_call3 hasCFT called [Parser.C:1274] curAddr 0x8050aa1: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_22_call3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050a95,8050aa2) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8050aa1 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8050aa1...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8050a95 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_22_call3 return status 3, no waiters [Parser.C] ==== resuming parse of frame 805086f ==== Checking non-returning for test1_22_call3 Checking non-returning for test1_22_call3 [Parser.C:1485] recording block [80509c6,80509c6) [Parser.C] parsing block 80509c6 [Parser.C:1274] curAddr 0x80509c6: mov [EBP + ffffffffffffffe4], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80509c9: cmp [EBP + ffffffffffffffe4], 219364 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80509d0: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80509c6,80509d2) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x80509d0...SUCCESS (CFT=0x80509e7) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80509d0->80509e7 resolveable_edge: 1, tailcall: 0, target: 80509e7 [ParserDetails.C:588] pushing 80509e7 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80509d0->80509d2 resolveable_edge: 1, tailcall: 0, target: 80509d2 [ParserDetails.C:588] pushing 80509d2 onto worklist [Parser.C:1485] recording block [80509e7,80509e7) [Parser.C] parsing block 80509e7 [Parser.C:1274] curAddr 0x80509e7: cmp [EBP + ffffffffffffffec], 0 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80509eb: jz 2d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80509e7,80509ed) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 2d + EIP + 2 to 0x80509eb...SUCCESS (CFT=0x8050a1a) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80509eb->8050a1a resolveable_edge: 1, tailcall: 0, target: 8050a1a [ParserDetails.C:588] pushing 8050a1a onto worklist ParserDetails.C[80]: adding conditional not taken edge 80509eb->80509ed resolveable_edge: 1, tailcall: 0, target: 80509ed [ParserDetails.C:588] pushing 80509ed onto worklist [Parser.C:1485] recording block [8050a1a,8050a1a) [Parser.C] parsing block 8050a1a [Parser.C:1274] curAddr 0x8050a1a: cmp [EBP + ffffffffffffffe8], 0 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a1e: jz 2d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050a1a,8050a20) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 2d + EIP + 2 to 0x8050a1e...SUCCESS (CFT=0x8050a4d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050a1e->8050a4d resolveable_edge: 1, tailcall: 0, target: 8050a4d [ParserDetails.C:588] pushing 8050a4d onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050a1e->8050a20 resolveable_edge: 1, tailcall: 0, target: 8050a20 [ParserDetails.C:588] pushing 8050a20 onto worklist [Parser.C:1485] recording block [8050a4d,8050a4d) [Parser.C] parsing block 8050a4d [Parser.C:1274] curAddr 0x8050a4d: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a51: jnz 1c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050a4d,8050a53) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1c + EIP + 2 to 0x8050a51...SUCCESS (CFT=0x8050a6f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050a51->8050a6f resolveable_edge: 1, tailcall: 0, target: 8050a6f [ParserDetails.C:588] pushing 8050a6f onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050a51->8050a53 resolveable_edge: 1, tailcall: 0, target: 8050a53 [ParserDetails.C:588] pushing 8050a53 onto worklist [Parser.C:1485] recording block [8050a6f,8050a6f) [Parser.C] parsing block 8050a6f [Parser.C:1274] curAddr 0x8050a6f: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a72: add ESP, b4 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a78: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a79: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a7a: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050a6f,8050a7b) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8050a7a Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8050a7a...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [80508ca,80508ca) [Parser.C] parsing block 80508ca [Parser.C:1274] curAddr 0x80508ca: lea EAX, EBX + ffffa920 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80508d0: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80508d3: call 30e5 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 30e5 + EIP + 5 to 0x80508d3...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80508ca,80508d8) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80508d3->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80508d3->80508d8 resolveable_edge: 1, tailcall: 0, target: 80508d8 [ParserDetails.C:588] pushing 80508d8 onto worklist [Parser.C] binding call 80508d3->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80508d8,80508d8) [Parser.C] parsing block 80508d8 [Parser.C:1274] curAddr 0x80508d8: mov EAX, [EBX + 550] [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80508de: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80508e2: lea EAX, EBX + ffffa948 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80508e8: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80508eb: call 30cd + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 30cd + EIP + 5 to 0x80508eb...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80508d8,80508f0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80508eb->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80508eb->80508f0 resolveable_edge: 1, tailcall: 0, target: 80508f0 [ParserDetails.C:588] pushing 80508f0 onto worklist [Parser.C] binding call 80508eb->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80508f0,80508f0) [Parser.C] parsing block 80508f0 [Parser.C:1274] curAddr 0x80508f0: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C] straight-line parse into block at 80508f7 [Parser.C:1485] recording block [80508f0,80508f7) [Parser.C] block 80508f7 exists [Parser.C:1485] recording block [8050915,8050915) [Parser.C] parsing block 8050915 [Parser.C:1274] curAddr 0x8050915: lea EAX, EBX + ffffa920 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x805091b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x805091e: call 309a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 309a + EIP + 5 to 0x805091e...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050915,8050923) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805091e->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805091e->8050923 resolveable_edge: 1, tailcall: 0, target: 8050923 [ParserDetails.C:588] pushing 8050923 onto worklist [Parser.C] binding call 805091e->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8050923,8050923) [Parser.C] parsing block 8050923 [Parser.C:1274] curAddr 0x8050923: mov EAX, [EBX + 550] [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050929: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x805092d: lea EAX, EBX + ffffa978 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050933: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050936: call 3082 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3082 + EIP + 5 to 0x8050936...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050923,805093b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050936->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050936->805093b resolveable_edge: 1, tailcall: 0, target: 805093b [ParserDetails.C:588] pushing 805093b onto worklist [Parser.C] binding call 8050936->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [805093b,805093b) [Parser.C] parsing block 805093b [Parser.C:1274] curAddr 0x805093b: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C] straight-line parse into block at 8050942 [Parser.C:1485] recording block [805093b,8050942) [Parser.C] block 8050942 exists [Parser.C:1485] recording block [8050960,8050960) [Parser.C] parsing block 8050960 [Parser.C:1274] curAddr 0x8050960: lea EAX, EBX + ffffa920 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050966: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050969: call 304f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 304f + EIP + 5 to 0x8050969...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050960,805096e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050969->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050969->805096e resolveable_edge: 1, tailcall: 0, target: 805096e [ParserDetails.C:588] pushing 805096e onto worklist [Parser.C] binding call 8050969->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [805096e,805096e) [Parser.C] parsing block 805096e [Parser.C:1274] curAddr 0x805096e: mov EAX, [EBX + 550] [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050974: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050978: lea EAX, EBX + ffffa9b4 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x805097e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050981: call 3037 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3037 + EIP + 5 to 0x8050981...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805096e,8050986) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050981->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050981->8050986 resolveable_edge: 1, tailcall: 0, target: 8050986 [ParserDetails.C:588] pushing 8050986 onto worklist [Parser.C] binding call 8050981->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8050986,8050986) [Parser.C] parsing block 8050986 [Parser.C:1274] curAddr 0x8050986: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C] straight-line parse into block at 805098d [Parser.C:1485] recording block [8050986,805098d) [Parser.C] block 805098d exists [Parser.C:1485] recording block [80509a5,80509a5) [Parser.C] parsing block 80509a5 [Parser.C:1274] curAddr 0x80509a5: lea EAX, EBX + ffffa9e8 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80509ab: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80509ae: call 300a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 300a + EIP + 5 to 0x80509ae...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80509a5,80509b3) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80509ae->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80509ae->80509b3 resolveable_edge: 1, tailcall: 0, target: 80509b3 [ParserDetails.C:588] pushing 80509b3 onto worklist [Parser.C] binding call 80509ae->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80509b3,80509b3) [Parser.C] parsing block 80509b3 [Parser.C:1274] curAddr 0x80509b3: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C] straight-line parse into block at 80509ba [Parser.C:1485] recording block [80509b3,80509ba) [Parser.C] block 80509ba exists [Parser.C:1485] recording block [80509d2,80509d2) [Parser.C] parsing block 80509d2 [Parser.C:1274] curAddr 0x80509d2: lea EAX, EBX + ffffaa20 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80509d8: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80509db: call 2fdd + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2fdd + EIP + 5 to 0x80509db...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80509d2,80509e0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80509db->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80509db->80509e0 resolveable_edge: 1, tailcall: 0, target: 80509e0 [ParserDetails.C:588] pushing 80509e0 onto worklist [Parser.C] binding call 80509db->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80509e0,80509e0) [Parser.C] parsing block 80509e0 [Parser.C:1274] curAddr 0x80509e0: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C] straight-line parse into block at 80509e7 [Parser.C:1485] recording block [80509e0,80509e7) [Parser.C] block 80509e7 exists [Parser.C:1485] recording block [80509ed,80509ed) [Parser.C] parsing block 80509ed [Parser.C:1274] curAddr 0x80509ed: mov [ESP], 1e [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80509f4: mov EAX, [EBP + ffffffffffffffec] [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80509f7: call EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x80509f7...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [80509ed,80509f9) Getting edges Returned 2 edges ... Call 0x80509f7 is indirect ... Call 0x80509f7 is indirect ... Call 0x80509f7 is indirect 2 edges: ParserDetails.C[64]: adding call edge 80509f7->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 80509f7->80509f9 resolveable_edge: 1, tailcall: 0, target: 80509f9 [ParserDetails.C:588] pushing 80509f9 onto worklist [Parser.C:1485] recording block [80509f9,80509f9) [Parser.C] parsing block 80509f9 [Parser.C:1274] curAddr 0x80509f9: mov [EBP + ffffffffffffffe4], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x80509fc: cmp [EBP + ffffffffffffffe4], 2193e6 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a03: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80509f9,8050a05) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x8050a03...SUCCESS (CFT=0x8050a1a) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x8050a1a is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 8050a03->8050a1a resolveable_edge: 1, tailcall: 0, target: 8050a1a [ParserDetails.C:588] pushing 8050a1a onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050a03->8050a05 resolveable_edge: 1, tailcall: 0, target: 8050a05 [ParserDetails.C:588] pushing 8050a05 onto worklist [Parser.C] block 8050a1a exists [Parser.C] skipping locally parsed target at 8050a1a [Parser.C:1485] recording block [8050a05,8050a05) [Parser.C] parsing block 8050a05 [Parser.C:1274] curAddr 0x8050a05: lea EAX, EBX + ffffaa58 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a0b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a0e: call 2faa + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2faa + EIP + 5 to 0x8050a0e...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050a05,8050a13) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050a0e->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050a0e->8050a13 resolveable_edge: 1, tailcall: 0, target: 8050a13 [ParserDetails.C:588] pushing 8050a13 onto worklist [Parser.C] binding call 8050a0e->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8050a13,8050a13) [Parser.C] parsing block 8050a13 [Parser.C:1274] curAddr 0x8050a13: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C] straight-line parse into block at 8050a1a [Parser.C:1485] recording block [8050a13,8050a1a) [Parser.C] block 8050a1a exists [Parser.C:1485] recording block [8050a20,8050a20) [Parser.C] parsing block 8050a20 [Parser.C:1274] curAddr 0x8050a20: mov [ESP], 28 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a27: mov EAX, [EBP + ffffffffffffffe8] [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a2a: call EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x8050a2a...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [8050a20,8050a2c) Getting edges Returned 2 edges ... Call 0x8050a2a is indirect ... Call 0x8050a2a is indirect ... Call 0x8050a2a is indirect 2 edges: ParserDetails.C[64]: adding call edge 8050a2a->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 8050a2a->8050a2c resolveable_edge: 1, tailcall: 0, target: 8050a2c [ParserDetails.C:588] pushing 8050a2c onto worklist [Parser.C:1485] recording block [8050a2c,8050a2c) [Parser.C] parsing block 8050a2c [Parser.C:1274] curAddr 0x8050a2c: mov [EBP + ffffffffffffffe4], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a2f: cmp [EBP + ffffffffffffffe4], 2194a4 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a36: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050a2c,8050a38) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x8050a36...SUCCESS (CFT=0x8050a4d) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x8050a4d is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 8050a36->8050a4d resolveable_edge: 1, tailcall: 0, target: 8050a4d [ParserDetails.C:588] pushing 8050a4d onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050a36->8050a38 resolveable_edge: 1, tailcall: 0, target: 8050a38 [ParserDetails.C:588] pushing 8050a38 onto worklist [Parser.C] block 8050a4d exists [Parser.C] skipping locally parsed target at 8050a4d [Parser.C:1485] recording block [8050a38,8050a38) [Parser.C] parsing block 8050a38 [Parser.C:1274] curAddr 0x8050a38: lea EAX, EBX + ffffaa90 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a3e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a41: call 2f77 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2f77 + EIP + 5 to 0x8050a41...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050a38,8050a46) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050a41->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050a41->8050a46 resolveable_edge: 1, tailcall: 0, target: 8050a46 [ParserDetails.C:588] pushing 8050a46 onto worklist [Parser.C] binding call 8050a41->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8050a46,8050a46) [Parser.C] parsing block 8050a46 [Parser.C:1274] curAddr 0x8050a46: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C] straight-line parse into block at 8050a4d [Parser.C:1485] recording block [8050a46,8050a4d) [Parser.C] block 8050a4d exists [Parser.C:1485] recording block [8050a53,8050a53) [Parser.C] parsing block 8050a53 [Parser.C:1274] curAddr 0x8050a53: lea EAX, EBX + ffffaac8 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a59: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a5c: call 2f5c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2f5c + EIP + 5 to 0x8050a5c...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050a53,8050a61) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050a5c->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050a5c->8050a61 resolveable_edge: 1, tailcall: 0, target: 8050a61 [ParserDetails.C:588] pushing 8050a61 onto worklist [Parser.C] binding call 8050a5c->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8050a61,8050a61) [Parser.C] parsing block 8050a61 [Parser.C:1274] curAddr 0x8050a61: mov EAX, [EBX + 54c] [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a67: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050a6a: call 3936 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_22_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3936 + EIP + 5 to 0x8050a6a...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8050a61,8050a6f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050a6a->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050a6a->8050a6f resolveable_edge: 1, tailcall: 0, target: 8050a6f [ParserDetails.C:588] pushing 8050a6f onto worklist [Parser.C] binding call 8050a6a->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C] block 8050a6f exists [Parser.C] skipping locally parsed target at 8050a6f [Parser.C] frame 805086f complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_22_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8054879) [Parser.C:180] entered parse_at([804ccd0,80549c4),8054879) [Parser.C:1485] recording block [8054879,8054879) [Parser.C] ==== starting to parse frame 8054879 ==== [Parser.C] parsing block 8054879 [Parser.C:1274] curAddr 0x8054879: push EBP, ESP [Parser.C:1280] leaf 1 funcname getEventCounter hasCFT called [Parser.C:1274] curAddr 0x805487a: mov EBP, ESP [Parser.C:1280] leaf 1 funcname getEventCounter hasCFT called [Parser.C:1274] curAddr 0x805487c: call ffff9304 + EIP + 5 [Parser.C:1280] leaf 1 funcname getEventCounter hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9304 + EIP + 5 to 0x805487c...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8054881: add ECX, 777f [Parser.C:1280] leaf 1 funcname getEventCounter hasCFT called [Parser.C:1274] curAddr 0x8054887: mov EAX, [ECX + a00] [Parser.C:1280] leaf 1 funcname getEventCounter hasCFT called [Parser.C:1274] curAddr 0x805488d: mov EDX, [ECX + a04] [Parser.C:1280] leaf 1 funcname getEventCounter hasCFT called [Parser.C:1274] curAddr 0x8054893: pop EBP, ESP [Parser.C:1280] leaf 1 funcname getEventCounter hasCFT called [Parser.C:1274] curAddr 0x8054894: ret near [ESP] [Parser.C:1280] leaf 1 funcname getEventCounter hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054879,8054895) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8054894 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8054894...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8054879 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] getEventCounter return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804cd00) [Parser.C:180] entered parse_at([804ccd0,80549c4),804cd00) [Parser.C:1485] recording block [804cd00,804cd00) [Parser.C] ==== starting to parse frame 804cd00 ==== [Parser.C] parsing block 804cd00 [Parser.C:1274] curAddr 0x804cd00: mov EBX, [ESP] [Parser.C:1280] leaf 1 funcname __x86.get_pc_thunk.bx hasCFT called [Parser.C:1274] curAddr 0x804cd03: ret near [ESP] [Parser.C:1280] leaf 1 funcname __x86.get_pc_thunk.bx hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cd00,804cd04) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804cd03 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804cd03...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 804cd00 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] __x86.get_pc_thunk.bx return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804db85) [Parser.C:180] entered parse_at([804ccd0,80549c4),804db85) [Parser.C:1485] recording block [804db85,804db85) [Parser.C] ==== starting to parse frame 804db85 ==== [Parser.C] parsing block 804db85 [Parser.C:1274] curAddr 0x804db85: mov ECX, [ESP] [Parser.C:1280] leaf 1 funcname __x86.get_pc_thunk.cx hasCFT called [Parser.C:1274] curAddr 0x804db88: ret near [ESP] [Parser.C:1280] leaf 1 funcname __x86.get_pc_thunk.cx hasCFT called branch or return, ret true [Parser.C:1485] recording block [804db85,804db89) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804db88 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804db88...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 804db85 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] __x86.get_pc_thunk.cx return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80549c0) [Parser.C:180] entered parse_at([804ccd0,80549c4),80549c0) [Parser.C:1485] recording block [80549c0,80549c0) [Parser.C] ==== starting to parse frame 80549c0 ==== [Parser.C] parsing block 80549c0 [Parser.C:1274] curAddr 0x80549c0: REP ret near [ESP] [Parser.C:1280] leaf 1 funcname __libc_csu_fini hasCFT called branch or return, ret true [Parser.C:1485] recording block [80549c0,80549c2) Getting edges IA_IAPI.C[694]: return candidate REP ret near [ESP] at 0x80549c0 ......WARNING: after advance at 0x80549c4, curInsn() NULL Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in REP ret near [ESP] to 0x80549c0...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 80549c0 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] __libc_csu_fini return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(805413a) [Parser.C:180] entered parse_at([804ccd0,80549c4),805413a) [Parser.C:1485] recording block [805413a,805413a) [Parser.C] ==== starting to parse frame 805413a ==== [Parser.C] parsing block 805413a [Parser.C:1274] curAddr 0x805413a: push EBP, ESP [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805413b: mov EBP, ESP [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805413d: push ESI, ESP [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805413e: push EBX, ESP [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805413f: sub ESP, 20 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054142: call ffff8bb9 + EIP + 5 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8bb9 + EIP + 5 to 0x8054142...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8054147: add EBX, 7eb9 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805414d: lea EAX, EBX + 78c [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054153: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054155: test EAX, EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054157: jz 1e + EIP + 2 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [805413a,8054159) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1e + EIP + 2 to 0x8054157...SUCCESS (CFT=0x8054177) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054157->8054177 resolveable_edge: 1, tailcall: 0, target: 8054177 [ParserDetails.C:588] pushing 8054177 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054157->8054159 resolveable_edge: 1, tailcall: 0, target: 8054159 [ParserDetails.C:588] pushing 8054159 onto worklist [Parser.C:1485] recording block [8054177,8054177) [Parser.C] parsing block 8054177 [Parser.C:1274] curAddr 0x8054177: mov EAX, [EBX + fffffffc] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805417d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805417f: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054182: jmp 6a + EIP + 2 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 6a + EIP + 2 to 0x8054182...SUCCESS (CFT=0x80541ee) [Parser.C:1485] recording block [8054177,8054184) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8054182->80541ee resolveable_edge: 1, tailcall: 0, target: 80541ee [ParserDetails.C:588] pushing 80541ee onto worklist [Parser.C:1485] recording block [8054159,8054159) [Parser.C] parsing block 8054159 [Parser.C:1274] curAddr 0x8054159: lea EAX, EBX + 78c [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805415f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054161: lea EDX, EBX + ffffbed8 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054167: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805416b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805416e: call ffff88cd + EIP + 5 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff88cd + EIP + 5 to 0x805416e...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [8054159,8054173) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805416e->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805416e->8054173 resolveable_edge: 1, tailcall: 0, target: 8054173 [ParserDetails.C:588] pushing 8054173 onto worklist [Parser.C] binding call 805416e->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [8054173,8054173) [Parser.C] parsing block 8054173 [Parser.C:1274] curAddr 0x8054173: test EAX, EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054175: jnz d + EIP + 2 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054173,8054177) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz d + EIP + 2 to 0x8054175...SUCCESS (CFT=0x8054184) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054175->8054184 resolveable_edge: 1, tailcall: 0, target: 8054184 [ParserDetails.C:588] pushing 8054184 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054175->8054177 resolveable_edge: 1, tailcall: 0, target: 8054177 [ParserDetails.C:588] pushing 8054177 onto worklist [Parser.C:1485] recording block [8054184,8054184) [Parser.C] parsing block 8054184 [Parser.C:1274] curAddr 0x8054184: lea EAX, EBX + 78c [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805418a: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805418c: lea EDX, EBX + ffffbfbc [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054192: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054196: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054199: call ffff8a22 + EIP + 5 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8a22 + EIP + 5 to 0x8054199...SUCCESS (CFT=0x804cbc0) [Parser.C:1485] recording block [8054184,805419e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8054199->804cbc0 resolveable_edge: 1, tailcall: 0, target: 804cbc0 [ParserDetails.C:588] pushing 804cbc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8054199->805419e resolveable_edge: 1, tailcall: 0, target: 805419e [ParserDetails.C:588] pushing 805419e onto worklist [Parser.C] binding call 8054199->804cbc0 [Parser.C] block 804cbc0 exists Checking non-returning for fopen [Parser.C:1485] recording block [805419e,805419e) [Parser.C] parsing block 805419e [Parser.C:1274] curAddr 0x805419e: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541a1: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541a5: jnz 47 + EIP + 2 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [805419e,80541a7) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 47 + EIP + 2 to 0x80541a5...SUCCESS (CFT=0x80541ee) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80541a5->80541ee resolveable_edge: 1, tailcall: 0, target: 80541ee [ParserDetails.C:588] pushing 80541ee onto worklist ParserDetails.C[80]: adding conditional not taken edge 80541a5->80541a7 resolveable_edge: 1, tailcall: 0, target: 80541a7 [ParserDetails.C:588] pushing 80541a7 onto worklist [Parser.C:1485] recording block [80541ee,80541ee) [Parser.C] parsing block 80541ee [Parser.C:1274] curAddr 0x80541ee: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541f4: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541f6: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541f8: lea EAX, EBX + 9ec [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541fe: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054200: test EAX, EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054202: jz a + EIP + 2 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [80541ee,8054204) Getting edges IA_IAPI.C[847]: binding PC EIP in jz a + EIP + 2 to 0x8054202...SUCCESS (CFT=0x805420e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054202->805420e resolveable_edge: 1, tailcall: 0, target: 805420e [ParserDetails.C:588] pushing 805420e onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054202->8054204 resolveable_edge: 1, tailcall: 0, target: 8054204 [ParserDetails.C:588] pushing 8054204 onto worklist [Parser.C:1485] recording block [805420e,805420e) [Parser.C] parsing block 805420e [Parser.C:1274] curAddr 0x805420e: lea EAX, EBX + ffffc133 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054214: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054218: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805421b: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805421f: lea EAX, EBX + ffffc13d [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054225: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054229: mov [ESP], 4 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054230: call EDX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call EDX to 0x8054230...FAIL (CFT=0x0), callTarget exp: EDX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [805420e,8054232) Getting edges Returned 2 edges ... Call 0x8054230 is indirect ... Call 0x8054230 is indirect ... Call 0x8054230 is indirect 2 edges: ParserDetails.C[64]: adding call edge 8054230->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 8054230->8054232 resolveable_edge: 1, tailcall: 0, target: 8054232 [ParserDetails.C:588] pushing 8054232 onto worklist [Parser.C:1485] recording block [8054232,8054232) [Parser.C] parsing block 8054232 [Parser.C:1274] curAddr 0x8054232: lea EAX, EBX + 9f0 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054238: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805423a: test EAX, EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805423c: jz 1f + EIP + 2 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054232,805423e) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1f + EIP + 2 to 0x805423c...SUCCESS (CFT=0x805425d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805423c->805425d resolveable_edge: 1, tailcall: 0, target: 805425d [ParserDetails.C:588] pushing 805425d onto worklist ParserDetails.C[80]: adding conditional not taken edge 805423c->805423e resolveable_edge: 1, tailcall: 0, target: 805423e [ParserDetails.C:588] pushing 805423e onto worklist [Parser.C:1485] recording block [805425d,805425d) [Parser.C] parsing block 805425d [Parser.C:1274] curAddr 0x805425d: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054263: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054265: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054267: lea EDX, EBX + ffffc162 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805426d: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054271: mov [ESP], 4 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054278: call EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x8054278...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [805425d,805427a) Getting edges Returned 2 edges ... Call 0x8054278 is indirect ... Call 0x8054278 is indirect ... Call 0x8054278 is indirect 2 edges: ParserDetails.C[64]: adding call edge 8054278->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 8054278->805427a resolveable_edge: 1, tailcall: 0, target: 805427a [ParserDetails.C:588] pushing 805427a onto worklist [Parser.C:1485] recording block [805427a,805427a) [Parser.C] parsing block 805427a [Parser.C:1274] curAddr 0x805427a: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054280: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054282: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054284: lea EDX, EBX + ffffc169 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805428a: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805428e: mov [ESP], 4 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054295: call EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x8054295...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [805427a,8054297) Getting edges Returned 2 edges ... Call 0x8054295 is indirect ... Call 0x8054295 is indirect ... Call 0x8054295 is indirect 2 edges: ParserDetails.C[64]: adding call edge 8054295->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 8054295->8054297 resolveable_edge: 1, tailcall: 0, target: 8054297 [ParserDetails.C:588] pushing 8054297 onto worklist [Parser.C:1485] recording block [8054297,8054297) [Parser.C] parsing block 8054297 [Parser.C:1274] curAddr 0x8054297: cmp [EBP + c], 4 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805429b: jnbe ab + EIP + 6 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054297,80542a1) Getting edges IA_IAPI.C[847]: binding PC EIP in jnbe ab + EIP + 6 to 0x805429b...SUCCESS (CFT=0x805434c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805429b->805434c resolveable_edge: 1, tailcall: 0, target: 805434c [ParserDetails.C:588] pushing 805434c onto worklist ParserDetails.C[80]: adding conditional not taken edge 805429b->80542a1 resolveable_edge: 1, tailcall: 0, target: 80542a1 [ParserDetails.C:588] pushing 80542a1 onto worklist [Parser.C:1485] recording block [805434c,805434c) [Parser.C] parsing block 805434c [Parser.C:1274] curAddr 0x805434c: mov EAX, [EBX + fffffffc] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054352: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054354: cmp EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054357: jnz d + EIP + 2 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [805434c,8054359) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz d + EIP + 2 to 0x8054357...SUCCESS (CFT=0x8054366) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054357->8054366 resolveable_edge: 1, tailcall: 0, target: 8054366 [ParserDetails.C:588] pushing 8054366 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054357->8054359 resolveable_edge: 1, tailcall: 0, target: 8054359 [ParserDetails.C:588] pushing 8054359 onto worklist [Parser.C:1485] recording block [8054366,8054366) [Parser.C] parsing block 8054366 [Parser.C:1274] curAddr 0x8054366: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054369: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805436c: call ffff872f + EIP + 5 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff872f + EIP + 5 to 0x805436c...SUCCESS (CFT=0x804caa0) [Parser.C:1485] recording block [8054366,8054371) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805436c->804caa0 resolveable_edge: 1, tailcall: 0, target: 804caa0 [ParserDetails.C:588] pushing 804caa0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805436c->8054371 resolveable_edge: 1, tailcall: 0, target: 8054371 [ParserDetails.C:588] pushing 8054371 onto worklist [Parser.C] binding call 805436c->804caa0 [Parser.C] block 804caa0 exists Checking non-returning for fclose [Parser.C:1485] recording block [8054371,8054371) [Parser.C] parsing block 8054371 [Parser.C:1274] curAddr 0x8054371: add ESP, 20 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054374: pop EBX, ESP [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054375: pop ESI, ESP [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054376: pop EBP, ESP [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054377: ret near [ESP] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054371,8054378) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8054377 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8054377...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] block 8054177 exists [Parser.C] skipping locally parsed target at 8054177 [Parser.C:1485] recording block [80541a7,80541a7) [Parser.C] parsing block 80541a7 [Parser.C:1274] curAddr 0x80541a7: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541ad: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541af: mov ESI, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541b1: call ffff8a3a + EIP + 5 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8a3a + EIP + 5 to 0x80541b1...SUCCESS (CFT=0x804cbf0) [Parser.C:1485] recording block [80541a7,80541b6) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80541b1->804cbf0 resolveable_edge: 1, tailcall: 0, target: 804cbf0 [ParserDetails.C:588] pushing 804cbf0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80541b1->80541b6 resolveable_edge: 1, tailcall: 0, target: 80541b6 [ParserDetails.C:588] pushing 80541b6 onto worklist [Parser.C] binding call 80541b1->804cbf0 [ParseData.C] new function for target 804cbf0 [Parser.C:1485] recording block [804cbf0,804cbf0) [suspend frame 805413a] [Parser.C] frame 805413a blocked at 80541b1 call target 804cbf0 [Parser.C] block 804cbf0 exists [Parser.C] ==== starting to parse frame 804cbf0 ==== [Parser.C] parsing block 804cbf0 [Parser.C:1274] curAddr 0x804cbf0: jmp [805c080] [Parser.C:1280] leaf 1 funcname targ804cbf0 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c080] to 0x804cbf0...FAIL (CFT=0x0), callTarget exp: [805c080] ... indirect jump at 0x804cbf0, delay parsing it [Parser.C:1485] recording block [804cbf0,804cbf6) ... continue parse indirect jump at 804cbf0 [Parser.C:1485] recording block [804cbf0,804cbf6) Getting edges ... indirect jump at 0x804cbf0 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c080] at 0x804cbf0 Apply indirect control flow analysis at 804cbf0 Looking for thunk Looking for thunk in block [804cbf0,804cbf6).......WARNING: after advance at 0x804cbf6, curInsn() NULL Expanding instruction @ 804cbf0: jmp [805c080] Original expand: (<134594688:32>,) Adding assignment (@804cbf0<[x86::eip]>[_805c080]) in instruction jmp [805c080] at 804cbf0, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cbf0, insn: jmp [805c080] Old fact for 804cbf0: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cbf0 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cbf0<[x86::eip]>[_805c080]) Instruction: jmp [805c080] AST: (<134594688:64>,) Generate bound fact for Interval 0[134594688,134594688] 0[805c080,805c080], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594688:64>,) Apply relations2 to (<134594688:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594688,134594688] 0[805c080,805c080], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594688:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cbf0 The fact from 804cbf0 before applying transfer function Do not track predicate Var: , Interval 0[134594688,134594688] 0[805c080,805c080], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594688:64>,) No known value at the top of the stack Fact from 804cbf0 after applying transfer function Do not track predicate Var: , Interval 0[134594688,134594688] 0[805c080,805c080], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594688:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594688,134594688] 0[805c080,805c080], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594688:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594688,134594688] 0[805c080,805c080], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c080 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cbf0 (804cbf0) No targets, exits func Adding block 0x804cbf0 as exit 804cbf0 extent [804cbf0,804cbf6) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c080] at 0x804cbf0 in function targ804cbf0 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cbf0->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for __errno_location [Parser.C] frame 804cbf0 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] __errno_location return status 2, no waiters [Parser.C] ==== resuming parse of frame 805413a ==== Checking non-returning for __errno_location [Parser.C:1485] recording block [80541b6,80541b6) [Parser.C] parsing block 80541b6 [Parser.C:1274] curAddr 0x80541b6: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541b8: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541bb: call ffff8970 + EIP + 5 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8970 + EIP + 5 to 0x80541bb...SUCCESS (CFT=0x804cb30) [Parser.C:1485] recording block [80541b6,80541c0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80541bb->804cb30 resolveable_edge: 1, tailcall: 0, target: 804cb30 [ParserDetails.C:588] pushing 804cb30 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80541bb->80541c0 resolveable_edge: 1, tailcall: 0, target: 80541c0 [ParserDetails.C:588] pushing 80541c0 onto worklist [Parser.C] binding call 80541bb->804cb30 [ParseData.C] new function for target 804cb30 [Parser.C:1485] recording block [804cb30,804cb30) [suspend frame 805413a] [Parser.C] frame 805413a blocked at 80541bb call target 804cb30 [Parser.C] block 804cb30 exists [Parser.C] ==== starting to parse frame 804cb30 ==== [Parser.C] parsing block 804cb30 [Parser.C:1274] curAddr 0x804cb30: jmp [805c050] [Parser.C:1280] leaf 1 funcname targ804cb30 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c050] to 0x804cb30...FAIL (CFT=0x0), callTarget exp: [805c050] ... indirect jump at 0x804cb30, delay parsing it [Parser.C:1485] recording block [804cb30,804cb36) ... continue parse indirect jump at 804cb30 [Parser.C:1485] recording block [804cb30,804cb36) Getting edges ... indirect jump at 0x804cb30 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c050] at 0x804cb30 Apply indirect control flow analysis at 804cb30 Looking for thunk Looking for thunk in block [804cb30,804cb36).......WARNING: after advance at 0x804cb36, curInsn() NULL Expanding instruction @ 804cb30: jmp [805c050] Original expand: (<134594640:32>,) Adding assignment (@804cb30<[x86::eip]>[_805c050]) in instruction jmp [805c050] at 804cb30, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cb30, insn: jmp [805c050] Old fact for 804cb30: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cb30 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cb30<[x86::eip]>[_805c050]) Instruction: jmp [805c050] AST: (<134594640:64>,) Generate bound fact for Interval 0[134594640,134594640] 0[805c050,805c050], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594640:64>,) Apply relations2 to (<134594640:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594640,134594640] 0[805c050,805c050], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594640:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cb30 The fact from 804cb30 before applying transfer function Do not track predicate Var: , Interval 0[134594640,134594640] 0[805c050,805c050], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594640:64>,) No known value at the top of the stack Fact from 804cb30 after applying transfer function Do not track predicate Var: , Interval 0[134594640,134594640] 0[805c050,805c050], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594640:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594640,134594640] 0[805c050,805c050], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594640:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594640,134594640] 0[805c050,805c050], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c050 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cb30 (804cb30) No targets, exits func Adding block 0x804cb30 as exit 804cb30 extent [804cb30,804cb36) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c050] at 0x804cb30 in function targ804cb30 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cb30->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for strerror [Parser.C] frame 804cb30 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] strerror return status 2, no waiters [Parser.C] ==== resuming parse of frame 805413a ==== Checking non-returning for strerror [Parser.C:1485] recording block [80541c0,80541c0) [Parser.C] parsing block 80541c0 [Parser.C:1274] curAddr 0x80541c0: lea EDX, EBX + 78c [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541c6: mov EDX, [EDX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541c8: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541cc: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541d0: lea EAX, EBX + ffffc10c [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541d6: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541da: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541e1: call ESI [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ESI to 0x80541e1...FAIL (CFT=0x0), callTarget exp: ESI ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [80541c0,80541e3) Getting edges Returned 2 edges ... Call 0x80541e1 is indirect ... Call 0x80541e1 is indirect ... Call 0x80541e1 is indirect 2 edges: ParserDetails.C[64]: adding call edge 80541e1->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 80541e1->80541e3 resolveable_edge: 1, tailcall: 0, target: 80541e3 [ParserDetails.C:588] pushing 80541e3 onto worklist [Parser.C:1485] recording block [80541e3,80541e3) [Parser.C] parsing block 80541e3 [Parser.C:1274] curAddr 0x80541e3: mov EAX, [EBX + fffffffc] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541e9: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80541eb: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C] straight-line parse into block at 80541ee [Parser.C:1485] recording block [80541e3,80541ee) [Parser.C] block 80541ee exists [Parser.C:1485] recording block [8054204,8054204) [Parser.C] parsing block 8054204 [Parser.C:1274] curAddr 0x8054204: lea EAX, EBX + 9ec [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805420a: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805420c: jmp 6 + EIP + 2 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 6 + EIP + 2 to 0x805420c...SUCCESS (CFT=0x8054214) [Parser.C:1485] recording block [8054204,805420e) Getting edges Checking for Tail Call jump to 0x8054214 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 805420c->8054214 resolveable_edge: 1, tailcall: 0, target: 8054214 [ParserDetails.C:588] pushing 8054214 onto worklist [Parser.C:1485] recording block [805423e,805423e) [Parser.C] parsing block 805423e [Parser.C:1274] curAddr 0x805423e: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054244: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054246: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054248: lea EDX, EBX + ffffc15b [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805424e: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054252: mov [ESP], 4 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054259: call EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x8054259...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [805423e,805425b) Getting edges Returned 2 edges ... Call 0x8054259 is indirect ... Call 0x8054259 is indirect ... Call 0x8054259 is indirect 2 edges: ParserDetails.C[64]: adding call edge 8054259->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 8054259->805425b resolveable_edge: 1, tailcall: 0, target: 805425b [ParserDetails.C:588] pushing 805425b onto worklist [Parser.C:1485] recording block [805425b,805425b) [Parser.C] parsing block 805425b [Parser.C:1274] curAddr 0x805425b: jmp 1d + EIP + 2 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 1d + EIP + 2 to 0x805425b...SUCCESS (CFT=0x805427a) [Parser.C:1485] recording block [805425b,805425d) Getting edges Checking for Tail Call jump to 0x805427a is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 805425b->805427a resolveable_edge: 1, tailcall: 0, target: 805427a [ParserDetails.C:588] pushing 805427a onto worklist [Parser.C:1485] recording block [80542a1,80542a1) [Parser.C] parsing block 80542a1 [Parser.C:1274] curAddr 0x80542a1: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80542a4: shl/sal EAX, 2 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80542a7: mov EAX, [EAX + EBX * 1 + ffffc19c] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80542ae: add EAX, EBX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x80542b0: jmp EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp EAX to 0x80542b0...FAIL (CFT=0x0), callTarget exp: EAX ... indirect jump at 0x80542b0, delay parsing it [Parser.C:1485] recording block [80542a1,80542b2) [Parser.C:1485] recording block [8054359,8054359) [Parser.C] parsing block 8054359 [Parser.C:1274] curAddr 0x8054359: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805435c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called [Parser.C:1274] curAddr 0x805435f: call ffff86fc + EIP + 5 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff86fc + EIP + 5 to 0x805435f...SUCCESS (CFT=0x804ca60) [Parser.C:1485] recording block [8054359,8054364) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805435f->804ca60 resolveable_edge: 1, tailcall: 0, target: 804ca60 [ParserDetails.C:588] pushing 804ca60 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805435f->8054364 resolveable_edge: 1, tailcall: 0, target: 8054364 [ParserDetails.C:588] pushing 8054364 onto worklist [Parser.C] binding call 805435f->804ca60 [Parser.C] block 804ca60 exists Checking non-returning for fflush [Parser.C:1485] recording block [8054364,8054364) [Parser.C] parsing block 8054364 [Parser.C:1274] curAddr 0x8054364: jmp b + EIP + 2 [Parser.C:1280] leaf 1 funcname printResultHumanLog hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp b + EIP + 2 to 0x8054364...SUCCESS (CFT=0x8054371) [Parser.C:1485] recording block [8054364,8054366) Getting edges Checking for Tail Call jump to 0x8054371 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8054364->8054371 resolveable_edge: 1, tailcall: 0, target: 8054371 [ParserDetails.C:588] pushing 8054371 onto worklist [Parser.C] block 80541ee exists [Parser.C] skipping locally parsed target at 80541ee [Parser.C] address 8054214 splits [805420e,8054232) (0x1ceed60) [Parser.C:1485] recording block [8054214,8054232) [Parser.C] skipping locally parsed target at 8054214 [Parser.C] block 805427a exists [Parser.C] skipping locally parsed target at 805427a [Parser.C] block 8054371 exists [Parser.C] skipping locally parsed target at 8054371 ... continue parse indirect jump at 80542b0 [Parser.C:1485] recording block [80542a1,80542b2) Getting edges ... indirect jump at 0x80542b0 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp EAX at 0x80542b0 Apply indirect control flow analysis at 80542b0 Looking for thunk Looking for thunk in block [80541ee,8054204).......WARNING: after advance at 0x8054204, curInsn() NULL Looking for thunk in block [805420e,8054214).......WARNING: after advance at 0x8054214, curInsn() NULL Looking for thunk in block [8054177,8054184).......WARNING: after advance at 0x8054184, curInsn() NULL Looking for thunk in block [8054159,8054173).IA_IAPI.C[847]: binding PC EIP in call ffff88cd + EIP + 5 to 0x805416e...SUCCESS (CFT=0x804ca40) ......WARNING: after advance at 0x8054173, curInsn() NULL Looking for thunk in block [805425d,805427a).IA_IAPI.C[847]: binding PC EIP in call EAX to 0x8054278...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) ......WARNING: after advance at 0x805427a, curInsn() NULL Looking for thunk in block [805427a,8054297).IA_IAPI.C[847]: binding PC EIP in call EAX to 0x8054295...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) ......WARNING: after advance at 0x8054297, curInsn() NULL Looking for thunk in block [8054173,8054177).......WARNING: after advance at 0x8054177, curInsn() NULL Looking for thunk in block [8054232,805423e).......WARNING: after advance at 0x805423e, curInsn() NULL Looking for thunk in block [805419e,80541a7).......WARNING: after advance at 0x80541a7, curInsn() NULL Looking for thunk in block [8054184,805419e).IA_IAPI.C[847]: binding PC EIP in call ffff8a22 + EIP + 5 to 0x8054199...SUCCESS (CFT=0x804cbc0) ......WARNING: after advance at 0x805419e, curInsn() NULL Looking for thunk in block [805413a,8054159).IA_IAPI.C[847]: binding PC EIP in call ffff8bb9 + EIP + 5 to 0x8054142...SUCCESS (CFT=0x804cd00) find thunk at 8054142, storing value 805c000 to x86::ebx ......WARNING: after advance at 0x8054159, curInsn() NULL Looking for thunk in block [8054297,80542a1).......WARNING: after advance at 0x80542a1, curInsn() NULL Looking for thunk in block [80541a7,80541b6).IA_IAPI.C[847]: binding PC EIP in call ffff8a3a + EIP + 5 to 0x80541b1...SUCCESS (CFT=0x804cbf0) ......WARNING: after advance at 0x80541b6, curInsn() NULL Looking for thunk in block [8054204,805420e).......WARNING: after advance at 0x805420e, curInsn() NULL Looking for thunk in block [805423e,805425b).IA_IAPI.C[847]: binding PC EIP in call EAX to 0x8054259...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) ......WARNING: after advance at 0x805425b, curInsn() NULL Looking for thunk in block [805425b,805425d).......WARNING: after advance at 0x805425d, curInsn() NULL Looking for thunk in block [80541b6,80541c0).IA_IAPI.C[847]: binding PC EIP in call ffff8970 + EIP + 5 to 0x80541bb...SUCCESS (CFT=0x804cb30) ......WARNING: after advance at 0x80541c0, curInsn() NULL Looking for thunk in block [80541c0,80541e3).IA_IAPI.C[847]: binding PC EIP in call ESI to 0x80541e1...FAIL (CFT=0x0), callTarget exp: ESI ... Call to 0x0 is invalid (outside code or data) ......WARNING: after advance at 0x80541e3, curInsn() NULL Looking for thunk in block [80541e3,80541ee).......WARNING: after advance at 0x80541ee, curInsn() NULL Looking for thunk in block [80542a1,80542b2).......WARNING: after advance at 0x80542b2, curInsn() NULL Looking for thunk in block [8054214,8054232).IA_IAPI.C[847]: binding PC EIP in call EDX to 0x8054230...FAIL (CFT=0x0), callTarget exp: EDX ... Call to 0x0 is invalid (outside code or data) ......WARNING: after advance at 0x8054232, curInsn() NULL Expanding instruction @ 80542b0: jmp EAX Original expand: Adding assignment (@80542b0<[x86::eip]>[x86::eax]) in instruction jmp EAX at 80542b0, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 80542b0, insn: jmp EAX Old fact for 80542b0: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Check srcAddr at 0, trgAddr at 80542b0, thunk at 8054142 find thunk at 8054142 between the source and the target. Add factInterval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Fact from 0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack New fact at 80542b0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@80542b0<[x86::eip]>[x86::eax]) Instruction: jmp EAX AST: Kill bound fact for and are equal inserting relation and , type 0 Apply relations to Apply relations2 to Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 80542b0 The fact from 80542b0 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack Check srcAddr at 80542b0, trgAddr at 0, thunk at 8054142 Fact from 80542b0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack Facts change! Checking final bound fact for x86::eip jump target expression Expanding instruction @ 80542ae: add EAX, EBX Original expand: (((,<33:32>,),((,<33:32>,),<0:1>,),),<0:33>,<32:33>,) Adding assignment (@80542ae<[x86::eax]>[x86::ebx]>[x86::eax]) in instruction add EAX, EBX at 80542ae, total 2 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 80542ae, insn: add EAX, EBX Old fact for 80542ae: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Check srcAddr at 0, trgAddr at 80542ae, thunk at 8054142 find thunk at 8054142 between the source and the target. Add factInterval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Fact from 0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack New fact at 80542ae Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 51 Expand assignment : (@80542ae<[x86::eax]>[x86::ebx]>[x86::eax]) Instruction: add EAX, EBX AST: (,,) Kill bound fact for Apply relations to (,,) Apply relations2 to (,,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 80542b0, insn: jmp EAX Old fact for 80542b0: do not exist Meet incoming edge from 80542ae The fact from 80542ae before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack Check srcAddr at 80542ae, trgAddr at 80542b0, thunk at 8054142 Fact from 80542ae after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack New fact at 80542b0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@80542b0<[x86::eip]>[x86::eax]) Instruction: jmp EAX AST: Kill bound fact for and are equal inserting relation and , type 0 Apply relations to (,,) Apply relations2 to (,,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack Starting analysis inside SCC 3 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 80542b0 The fact from 80542b0 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack Check srcAddr at 80542b0, trgAddr at 0, thunk at 8054142 Fact from 80542b0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip jump target expression (,,) Expanding instruction @ 80542a7: mov EAX, [EAX + EBX * 1 + ffffc19c] Original expand: (((,((,<1:8>,),<0:40>,<32:40>,),),<4294951324:32>,),) Adding assignment (@80542a7<[x86::eax]>[x86::ebx]>[x86::eax]>H[]) in instruction mov EAX, [EAX + EBX * 1 + ffffc19c] at 80542a7, total 3 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 80542a7, insn: mov EAX, [EAX + EBX * 1 + ffffc19c] Old fact for 80542a7: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Check srcAddr at 0, trgAddr at 80542a7, thunk at 8054142 find thunk at 8054142 between the source and the target. Add factInterval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Fact from 0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack New fact at 80542a7 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 264 Expand assignment : (@80542a7<[x86::eax]>[x86::ebx]>[x86::eax]>H[]) Instruction: mov EAX, [EAX + EBX * 1 + ffffc19c] AST: (((,,),<4294951324:32>,),) Kill bound fact for Apply relations to (((,,),<4294951324:32>,),) Apply relations2 to (((,,),<4294951324:32>,),) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294951324:32>,),) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 80542ae, insn: add EAX, EBX Old fact for 80542ae: do not exist Meet incoming edge from 80542a7 The fact from 80542a7 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294951324:32>,),) No known value at the top of the stack Check srcAddr at 80542a7, trgAddr at 80542ae, thunk at 8054142 Fact from 80542a7 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294951324:32>,),) No known value at the top of the stack New fact at 80542ae Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294951324:32>,),) No known value at the top of the stack Facts change! The predecessor node is normal node entry id 51 Expand assignment : (@80542ae<[x86::eax]>[x86::ebx]>[x86::eax]) Instruction: add EAX, EBX AST: (,,) Kill bound fact for Apply relations to ((((,,),<4294951324:32>,),),,) Apply relations2 to ((((,,),<4294951324:32>,),),,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294951324:32>,),),,) No known value at the top of the stack Starting analysis inside SCC 3 Calculate Meet for 80542b0, insn: jmp EAX Old fact for 80542b0: do not exist Meet incoming edge from 80542ae The fact from 80542ae before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294951324:32>,),),,) No known value at the top of the stack Check srcAddr at 80542ae, trgAddr at 80542b0, thunk at 8054142 Fact from 80542ae after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294951324:32>,),),,) No known value at the top of the stack New fact at 80542b0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294951324:32>,),),,) No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@80542b0<[x86::eip]>[x86::eax]) Instruction: jmp EAX AST: Kill bound fact for and are equal inserting relation and , type 0 Apply relations to ((((,,),<4294951324:32>,),),,) Apply relations2 to ((((,,),<4294951324:32>,),),,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294951324:32>,),),,) = ((((,,),<4294951324:32>,),),,) No known value at the top of the stack Starting analysis inside SCC 4 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 80542b0 The fact from 80542b0 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294951324:32>,),),,) = ((((,,),<4294951324:32>,),),,) No known value at the top of the stack Check srcAddr at 80542b0, trgAddr at 0, thunk at 8054142 Fact from 80542b0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294951324:32>,),),,) = ((((,,),<4294951324:32>,),),,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294951324:32>,),),,) = ((((,,),<4294951324:32>,),),,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip jump target expression ((((,,),<4294951324:32>,),),,) tableBase 0xffffc19c invalid, not jump table format tableBase 0xffffc19c not read only, not jump table format Not jump table format! Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp EAX at 0x80542b0 in function printResultHumanLog UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 80542b0->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff [Parser.C] frame 805413a complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] printResultHumanLog return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8051582) [Parser.C:180] entered parse_at([804ccd0,80549c4),8051582) function at 8051582 already parsed, status 3 [Parser.C:224] entered parse_at(80528d5) [Parser.C:180] entered parse_at([804ccd0,80549c4),80528d5) [Parser.C:1485] recording block [80528d5,80528d5) [Parser.C] ==== starting to parse frame 80528d5 ==== [Parser.C] parsing block 80528d5 [Parser.C:1274] curAddr 0x80528d5: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x80528d6: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x80528d8: sub ESP, 10 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x80528db: call ffffb2a5 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffb2a5 + EIP + 5 to 0x80528db...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x80528e0: add ECX, 9720 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x80528e6: mov [EBP + fffffffffffffffc], 0 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x80528ed: jmp 87 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 87 + EIP + 5 to 0x80528ed...SUCCESS (CFT=0x8052979) [Parser.C:1485] recording block [80528d5,80528f2) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 80528ed->8052979 resolveable_edge: 1, tailcall: 0, target: 8052979 [ParserDetails.C:588] pushing 8052979 onto worklist [Parser.C:1485] recording block [8052979,8052979) [Parser.C] parsing block 8052979 [Parser.C:1274] curAddr 0x8052979: cmp [EBP + fffffffffffffffc], 63 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x805297d: jle ffffff6f + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052979,8052983) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffff6f + EIP + 6 to 0x805297d...SUCCESS (CFT=0x80528f2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805297d->80528f2 resolveable_edge: 1, tailcall: 0, target: 80528f2 [ParserDetails.C:588] pushing 80528f2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805297d->8052983 resolveable_edge: 1, tailcall: 0, target: 8052983 [ParserDetails.C:588] pushing 8052983 onto worklist [Parser.C:1485] recording block [80528f2,80528f2) [Parser.C] parsing block 80528f2 [Parser.C:1274] curAddr 0x80528f2: lea EAX, ECX + 990 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x80528f8: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x80528fa: lea EDX, EAX + 1 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x80528fd: lea EAX, ECX + 990 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052903: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052905: mov [EBP + fffffffffffffff8], 0 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x805290c: jmp 3d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 3d + EIP + 2 to 0x805290c...SUCCESS (CFT=0x805294b) [Parser.C:1485] recording block [80528f2,805290e) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 805290c->805294b resolveable_edge: 1, tailcall: 0, target: 805294b [ParserDetails.C:588] pushing 805294b onto worklist [Parser.C:1485] recording block [8052983,8052983) [Parser.C] parsing block 8052983 [Parser.C:1274] curAddr 0x8052983: leave [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052984: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052983,8052985) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052984 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052984...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [805294b,805294b) [Parser.C] parsing block 805294b [Parser.C:1274] curAddr 0x805294b: cmp [EBP + fffffffffffffff8], 9 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x805294f: jle ffffffffffffffbd + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [805294b,8052951) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffbd + EIP + 2 to 0x805294f...SUCCESS (CFT=0x805290e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805294f->805290e resolveable_edge: 1, tailcall: 0, target: 805290e [ParserDetails.C:588] pushing 805290e onto worklist ParserDetails.C[80]: adding conditional not taken edge 805294f->8052951 resolveable_edge: 1, tailcall: 0, target: 8052951 [ParserDetails.C:588] pushing 8052951 onto worklist [Parser.C:1485] recording block [805290e,805290e) [Parser.C] parsing block 805290e [Parser.C:1274] curAddr 0x805290e: lea EAX, ECX + 990 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052914: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052916: lea EDX, EAX + 1 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052919: lea EAX, ECX + 990 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x805291f: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052921: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052928: jmp 17 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 17 + EIP + 2 to 0x8052928...SUCCESS (CFT=0x8052941) [Parser.C:1485] recording block [805290e,805292a) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8052928->8052941 resolveable_edge: 1, tailcall: 0, target: 8052941 [ParserDetails.C:588] pushing 8052941 onto worklist [Parser.C:1485] recording block [8052951,8052951) [Parser.C] parsing block 8052951 [Parser.C:1274] curAddr 0x8052951: mov [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052958: lea EAX, ECX + 990 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x805295e: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052960: lea EDX, EAX + 1 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052963: lea EAX, ECX + 990 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052969: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x805296b: add [EBP + fffffffffffffff0], 1 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x805296f: cmp [EBP + fffffffffffffff0], 4 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052973: jle ffffffffffffffe3 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052951,8052975) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffe3 + EIP + 2 to 0x8052973...SUCCESS (CFT=0x8052958) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x8052958 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 8052973->8052958 resolveable_edge: 1, tailcall: 0, target: 8052958 [ParserDetails.C:588] pushing 8052958 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052973->8052975 resolveable_edge: 1, tailcall: 0, target: 8052975 [ParserDetails.C:588] pushing 8052975 onto worklist [Parser.C] address 8052958 splits [8052951,8052975) (0x1d1f6b0) [Parser.C:1485] recording block [8052958,8052975) [Parser.C] skipping locally parsed target at 8052958 [Parser.C:1485] recording block [8052975,8052975) [Parser.C] parsing block 8052975 [Parser.C:1274] curAddr 0x8052975: add [EBP + fffffffffffffffc], 1 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C] straight-line parse into block at 8052979 [Parser.C:1485] recording block [8052975,8052979) [Parser.C] block 8052979 exists [Parser.C:1485] recording block [8052941,8052941) [Parser.C] parsing block 8052941 [Parser.C:1274] curAddr 0x8052941: cmp [EBP + fffffffffffffff4], 6 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052945: jle ffffffffffffffe3 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052941,8052947) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffe3 + EIP + 2 to 0x8052945...SUCCESS (CFT=0x805292a) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052945->805292a resolveable_edge: 1, tailcall: 0, target: 805292a [ParserDetails.C:588] pushing 805292a onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052945->8052947 resolveable_edge: 1, tailcall: 0, target: 8052947 [ParserDetails.C:588] pushing 8052947 onto worklist [Parser.C:1485] recording block [805292a,805292a) [Parser.C] parsing block 805292a [Parser.C:1274] curAddr 0x805292a: lea EAX, ECX + 990 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052930: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052932: lea EDX, EAX + 1 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x8052935: lea EAX, ECX + 990 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x805293b: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C:1274] curAddr 0x805293d: add [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C] straight-line parse into block at 8052941 [Parser.C:1485] recording block [805292a,8052941) [Parser.C] block 8052941 exists [Parser.C:1485] recording block [8052947,8052947) [Parser.C] parsing block 8052947 [Parser.C:1274] curAddr 0x8052947: add [EBP + fffffffffffffff8], 1 [Parser.C:1280] leaf 1 funcname test1_37_call1 hasCFT called [Parser.C] straight-line parse into block at 805294b [Parser.C:1485] recording block [8052947,805294b) [Parser.C] block 805294b exists [Parser.C] frame 80528d5 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_37_call1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804f138) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f138) [Parser.C:1485] recording block [804f138,804f138) [Parser.C] ==== starting to parse frame 804f138 ==== [Parser.C] parsing block 804f138 [Parser.C:1274] curAddr 0x804f138: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f139: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f13b: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f13c: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f13f: call ffffdbbc + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffdbbc + EIP + 5 to 0x804f13f...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804f144: add EBX, cebc [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f14a: call 2a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2a + EIP + 5 to 0x804f14a...SUCCESS (CFT=0x804f179) [Parser.C:1485] recording block [804f138,804f14f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f14a->804f179 resolveable_edge: 1, tailcall: 0, target: 804f179 [ParserDetails.C:588] pushing 804f179 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f14a->804f14f resolveable_edge: 1, tailcall: 0, target: 804f14f [ParserDetails.C:588] pushing 804f14f onto worklist [Parser.C] binding call 804f14a->804f179 [Parser.C] block 804f179 exists Checking non-returning for test1_10_func1 Checking non-returning for test1_10_func1 [Parser.C:1485] recording block [804f14f,804f14f) [Parser.C] parsing block 804f14f [Parser.C:1274] curAddr 0x804f14f: mov EAX, [EBX + 824] [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f155: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f157: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f14f,804f159) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f157...SUCCESS (CFT=0x804f16e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f157->804f16e resolveable_edge: 1, tailcall: 0, target: 804f16e [ParserDetails.C:588] pushing 804f16e onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f157->804f159 resolveable_edge: 1, tailcall: 0, target: 804f159 [ParserDetails.C:588] pushing 804f159 onto worklist [Parser.C:1485] recording block [804f16e,804f16e) [Parser.C] parsing block 804f16e [Parser.C:1274] curAddr 0x804f16e: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f173: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f176: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f177: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f178: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f16e,804f179) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f178 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f178...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804f159,804f159) [Parser.C] parsing block 804f159 [Parser.C:1274] curAddr 0x804f159: mov EAX, [EBX + 4dc] [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f15f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f162: call 523e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 523e + EIP + 5 to 0x804f162...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [804f159,804f167) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f162->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f162->804f167 resolveable_edge: 1, tailcall: 0, target: 804f167 [ParserDetails.C:588] pushing 804f167 onto worklist [Parser.C] binding call 804f162->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [804f167,804f167) [Parser.C] parsing block 804f167 [Parser.C:1274] curAddr 0x804f167: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f16c: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_10_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x804f16c...SUCCESS (CFT=0x804f173) [Parser.C:1485] recording block [804f167,804f16e) Getting edges Checking for Tail Call jump to 0x804f173 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804f16c->804f173 resolveable_edge: 1, tailcall: 0, target: 804f173 [ParserDetails.C:588] pushing 804f173 onto worklist [Parser.C] address 804f173 splits [804f16e,804f179) (0x1d219a0) [Parser.C:1485] recording block [804f173,804f179) [Parser.C] skipping locally parsed target at 804f173 [Parser.C] frame 804f138 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_10_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(805440c) [Parser.C:180] entered parse_at([804ccd0,80549c4),805440c) [Parser.C:1485] recording block [805440c,805440c) [Parser.C] ==== starting to parse frame 805440c ==== [Parser.C] parsing block 805440c [Parser.C:1274] curAddr 0x805440c: push EBP, ESP [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x805440d: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x805440f: push EBX, ESP [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x8054410: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x8054413: call ffff88e8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_fails hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff88e8 + EIP + 5 to 0x8054413...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8054418: add EBX, 7be8 [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x805441e: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x8054425: jmp 39 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_fails hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 39 + EIP + 2 to 0x8054425...SUCCESS (CFT=0x8054460) [Parser.C:1485] recording block [805440c,8054427) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8054425->8054460 resolveable_edge: 1, tailcall: 0, target: 8054460 [ParserDetails.C:588] pushing 8054460 onto worklist [Parser.C:1485] recording block [8054460,8054460) [Parser.C] parsing block 8054460 [Parser.C:1274] curAddr 0x8054460: lea EAX, EBX + cc [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x8054466: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x8054468: cmp [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x805446b: jl ffffffffffffffba + EIP + 2 [Parser.C:1280] leaf 1 funcname test_fails hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054460,805446d) Getting edges IA_IAPI.C[847]: binding PC EIP in jl ffffffffffffffba + EIP + 2 to 0x805446b...SUCCESS (CFT=0x8054427) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805446b->8054427 resolveable_edge: 1, tailcall: 0, target: 8054427 [ParserDetails.C:588] pushing 8054427 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805446b->805446d resolveable_edge: 1, tailcall: 0, target: 805446d [ParserDetails.C:588] pushing 805446d onto worklist [Parser.C:1485] recording block [8054427,8054427) [Parser.C] parsing block 8054427 [Parser.C:1274] curAddr 0x8054427: lea EAX, EBX + e0 [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x805442d: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x8054430: shl/sal EDX, 4 [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x8054433: add EAX, EDX [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x8054435: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x8054437: mov EDX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x805443a: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x805443e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x8054441: call ffff85fa + EIP + 5 [Parser.C:1280] leaf 1 funcname test_fails hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff85fa + EIP + 5 to 0x8054441...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [8054427,8054446) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8054441->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8054441->8054446 resolveable_edge: 1, tailcall: 0, target: 8054446 [ParserDetails.C:588] pushing 8054446 onto worklist [Parser.C] binding call 8054441->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [8054446,8054446) [Parser.C] parsing block 8054446 [Parser.C:1274] curAddr 0x8054446: test EAX, EAX [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x8054448: jnz 12 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_fails hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054446,805444a) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 12 + EIP + 2 to 0x8054448...SUCCESS (CFT=0x805445c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054448->805445c resolveable_edge: 1, tailcall: 0, target: 805445c [ParserDetails.C:588] pushing 805445c onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054448->805444a resolveable_edge: 1, tailcall: 0, target: 805444a [ParserDetails.C:588] pushing 805444a onto worklist [Parser.C:1485] recording block [805445c,805445c) [Parser.C] parsing block 805445c [Parser.C:1274] curAddr 0x805445c: add [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C] straight-line parse into block at 8054460 [Parser.C:1485] recording block [805445c,8054460) [Parser.C] block 8054460 exists [Parser.C:1485] recording block [805444a,805444a) [Parser.C] parsing block 805444a [Parser.C:1274] curAddr 0x805444a: lea EAX, EBX + ae0 [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x8054450: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x8054453: mov [EAX + EDX * 4], 0 [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x805445a: jmp 11 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_fails hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 11 + EIP + 2 to 0x805445a...SUCCESS (CFT=0x805446d) [Parser.C:1485] recording block [805444a,805445c) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 805445a->805446d resolveable_edge: 1, tailcall: 0, target: 805446d [ParserDetails.C:588] pushing 805446d onto worklist [Parser.C:1485] recording block [805446d,805446d) [Parser.C] parsing block 805446d [Parser.C:1274] curAddr 0x805446d: add ESP, 24 [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x8054470: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x8054471: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test_fails hasCFT called [Parser.C:1274] curAddr 0x8054472: ret near [ESP] [Parser.C:1280] leaf 1 funcname test_fails hasCFT called branch or return, ret true [Parser.C:1485] recording block [805446d,8054473) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8054472 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8054472...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] block 805446d exists [Parser.C] skipping locally parsed target at 805446d [Parser.C] frame 805440c complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test_fails return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8053f58) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053f58) [Parser.C:1485] recording block [8053f58,8053f58) [Parser.C] ==== starting to parse frame 8053f58 ==== [Parser.C] parsing block 8053f58 [Parser.C:1274] curAddr 0x8053f58: push EBP, ESP [Parser.C:1280] leaf 1 funcname dbRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053f59: mov EBP, ESP [Parser.C:1280] leaf 1 funcname dbRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053f5b: pop EBP, ESP [Parser.C:1280] leaf 1 funcname dbRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053f5c: ret near [ESP] [Parser.C:1280] leaf 1 funcname dbRedirectStream hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053f58,8053f5d) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053f5c Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053f5c...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8053f58 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] dbRedirectStream return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8050455) [Parser.C:180] entered parse_at([804ccd0,80549c4),8050455) [Parser.C:1485] recording block [8050455,8050455) [Parser.C] ==== starting to parse frame 8050455 ==== [Parser.C] parsing block 8050455 [Parser.C:1274] curAddr 0x8050455: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050456: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050458: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050459: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805045c: call ffffc89f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffc89f + EIP + 5 to 0x805045c...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8050461: add EBX, bb9f [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050467: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805046d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805046f: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050471: jz 2c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050455,8050473) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 2c + EIP + 2 to 0x8050471...SUCCESS (CFT=0x805049f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050471->805049f resolveable_edge: 1, tailcall: 0, target: 805049f [ParserDetails.C:588] pushing 805049f onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050471->8050473 resolveable_edge: 1, tailcall: 0, target: 8050473 [ParserDetails.C:588] pushing 8050473 onto worklist [Parser.C:1485] recording block [805049f,805049f) [Parser.C] parsing block 805049f [Parser.C:1274] curAddr 0x805049f: mov EDX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504a5: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504ab: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504ad: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504b3: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504b5: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504bb: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504bd: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504c3: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504c5: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504cb: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504cd: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504d3: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504d5: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504db: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504dd: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504e3: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504e5: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504eb: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504ed: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504f3: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504f5: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504fb: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80504fd: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050503: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050505: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805050b: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805050d: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050513: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050515: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805051b: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805051d: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050523: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050525: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805052b: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805052d: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050533: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050535: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805053b: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805053d: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050543: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050545: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805054b: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805054d: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050553: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050555: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805055b: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805055d: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050563: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050565: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805056b: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805056d: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050573: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050575: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805057b: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805057d: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050583: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050585: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805058b: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805058d: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050593: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050595: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805059b: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805059d: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505a3: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505a5: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505ab: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505ad: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505b3: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505b5: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505bb: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505bd: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505c3: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505c5: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505cb: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505cd: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505d3: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505d5: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505db: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505dd: mov EAX, [EBX + 514] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505e3: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505e5: mov [EBX + 534], EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505eb: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505f1: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505f7: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505f9: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80505ff: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050601: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050607: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050609: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805060f: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050611: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050617: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050619: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805061f: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050621: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050627: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050629: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805062f: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050631: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050637: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050639: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805063f: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050641: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050647: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050649: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805064f: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050651: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050657: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050659: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805065f: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050661: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050667: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050669: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805066f: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050671: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050677: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050679: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805067f: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050681: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050687: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050689: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805068f: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050691: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050697: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050699: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805069f: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506a1: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506a7: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506a9: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506af: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506b1: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506b7: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506b9: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506bf: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506c1: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506c7: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506c9: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506cf: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506d1: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506d7: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506d9: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506df: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506e1: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506e7: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506e9: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506ef: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506f1: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506f7: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506f9: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x80506ff: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050701: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050707: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050709: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805070f: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050711: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050717: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050719: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805071f: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050721: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050727: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050729: fld ST0, [EBX + 518] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805072f: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050731: fstp [EBX + 898], ST0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050737: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805073a: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805073b: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805073c: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [805049f,805073d) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x805073c Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x805073c...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8050473,8050473) [Parser.C] parsing block 8050473 [Parser.C:1274] curAddr 0x8050473: mov EAX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050479: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805047b: mov [ESP + c], 9d [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050483: lea EDX, EBX + ffffa7d0 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050489: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805048d: lea EDX, EBX + ffffa838 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050493: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x8050497: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called [Parser.C:1274] curAddr 0x805049a: call ffffc6f1 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffc6f1 + EIP + 5 to 0x805049a...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [8050473,805049f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805049a->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805049a->805049f resolveable_edge: 1, tailcall: 0, target: 805049f [ParserDetails.C:588] pushing 805049f onto worklist [Parser.C] binding call 805049a->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C] block 805049f exists [Parser.C] skipping locally parsed target at 805049f [Parser.C] frame 8050455 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_20_call1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804f2c4) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f2c4) [Parser.C:1485] recording block [804f2c4,804f2c4) [Parser.C] ==== starting to parse frame 804f2c4 ==== [Parser.C] parsing block 804f2c4 [Parser.C:1274] curAddr 0x804f2c4: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f2c5: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f2c7: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f2c8: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f2cb: call ffffda30 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffda30 + EIP + 5 to 0x804f2cb...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804f2d0: add EBX, cd30 [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f2d6: call 31 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 31 + EIP + 5 to 0x804f2d6...SUCCESS (CFT=0x804f30c) [Parser.C:1485] recording block [804f2c4,804f2db) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f2d6->804f30c resolveable_edge: 1, tailcall: 0, target: 804f30c [ParserDetails.C:588] pushing 804f30c onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f2d6->804f2db resolveable_edge: 1, tailcall: 0, target: 804f2db [ParserDetails.C:588] pushing 804f2db onto worklist [Parser.C] binding call 804f2d6->804f30c [Parser.C:1485] recording block [804f30c,804f30c) [suspend frame 804f2c4] [Parser.C] frame 804f2c4 blocked at 804f2d6 call target 804f30c [Parser.C] block 804f30c exists [Parser.C] ==== starting to parse frame 804f30c ==== [Parser.C] parsing block 804f30c [Parser.C:1274] curAddr 0x804f30c: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_func1 hasCFT called [Parser.C:1274] curAddr 0x804f30d: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_func1 hasCFT called [Parser.C:1274] curAddr 0x804f30f: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_11_func1 hasCFT called [Parser.C:1274] curAddr 0x804f310: sub ESP, 4 [Parser.C:1280] leaf 1 funcname test1_11_func1 hasCFT called [Parser.C:1274] curAddr 0x804f313: call ffffd9e8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_11_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd9e8 + EIP + 5 to 0x804f313...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804f318: add EBX, cce8 [Parser.C:1280] leaf 1 funcname test1_11_func1 hasCFT called [Parser.C:1274] curAddr 0x804f31e: mov [EBX + 82c], 1 [Parser.C:1280] leaf 1 funcname test1_11_func1 hasCFT called [Parser.C:1274] curAddr 0x804f328: call 10 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_11_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 10 + EIP + 5 to 0x804f328...SUCCESS (CFT=0x804f33d) [Parser.C:1485] recording block [804f30c,804f32d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f328->804f33d resolveable_edge: 1, tailcall: 0, target: 804f33d [ParserDetails.C:588] pushing 804f33d onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f328->804f32d resolveable_edge: 1, tailcall: 0, target: 804f32d [ParserDetails.C:588] pushing 804f32d onto worklist [Parser.C] binding call 804f328->804f33d [Parser.C] block 804f33d exists Checking non-returning for func2 [Parser.C:1485] recording block [804f32d,804f32d) [Parser.C] parsing block 804f32d [Parser.C:1274] curAddr 0x804f32d: mov [EBX + 82c], 3 [Parser.C:1280] leaf 1 funcname test1_11_func1 hasCFT called [Parser.C:1274] curAddr 0x804f337: add ESP, 4 [Parser.C:1280] leaf 1 funcname test1_11_func1 hasCFT called [Parser.C:1274] curAddr 0x804f33a: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_11_func1 hasCFT called [Parser.C:1274] curAddr 0x804f33b: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_func1 hasCFT called [Parser.C:1274] curAddr 0x804f33c: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_11_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f32d,804f33d) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f33c Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f33c...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 804f30c complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_11_func1 return status 3, no waiters [Parser.C] ==== resuming parse of frame 804f2c4 ==== Checking non-returning for test1_11_func1 Checking non-returning for test1_11_func1 [Parser.C:1485] recording block [804f2db,804f2db) [Parser.C] parsing block 804f2db [Parser.C:1274] curAddr 0x804f2db: mov EAX, [EBX + 840] [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f2e1: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f2e3: jz 17 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f2db,804f2e5) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 17 + EIP + 2 to 0x804f2e3...SUCCESS (CFT=0x804f2fc) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f2e3->804f2fc resolveable_edge: 1, tailcall: 0, target: 804f2fc [ParserDetails.C:588] pushing 804f2fc onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f2e3->804f2e5 resolveable_edge: 1, tailcall: 0, target: 804f2e5 [ParserDetails.C:588] pushing 804f2e5 onto worklist [Parser.C:1485] recording block [804f2fc,804f2fc) [Parser.C] parsing block 804f2fc [Parser.C:1274] curAddr 0x804f2fc: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f303: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f306: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f309: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f30a: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f30b: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f2fc,804f30c) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f30b Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f30b...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804f2e5,804f2e5) [Parser.C] parsing block 804f2e5 [Parser.C:1274] curAddr 0x804f2e5: mov EAX, [EBX + 4e4] [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f2eb: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f2ee: call 50b2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 50b2 + EIP + 5 to 0x804f2ee...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [804f2e5,804f2f3) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f2ee->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f2ee->804f2f3 resolveable_edge: 1, tailcall: 0, target: 804f2f3 [ParserDetails.C:588] pushing 804f2f3 onto worklist [Parser.C] binding call 804f2ee->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [804f2f3,804f2f3) [Parser.C] parsing block 804f2f3 [Parser.C:1274] curAddr 0x804f2f3: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f2fa: jmp 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_11_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 7 + EIP + 2 to 0x804f2fa...SUCCESS (CFT=0x804f303) [Parser.C:1485] recording block [804f2f3,804f2fc) Getting edges Checking for Tail Call jump to 0x804f303 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804f2fa->804f303 resolveable_edge: 1, tailcall: 0, target: 804f303 [ParserDetails.C:588] pushing 804f303 onto worklist [Parser.C] address 804f303 splits [804f2fc,804f30c) (0x1d44710) [Parser.C:1485] recording block [804f303,804f30c) [Parser.C] skipping locally parsed target at 804f303 [Parser.C] frame 804f2c4 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_11_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804e5cc) [Parser.C:180] entered parse_at([804ccd0,80549c4),804e5cc) [Parser.C:1485] recording block [804e5cc,804e5cc) [Parser.C] ==== starting to parse frame 804e5cc ==== [Parser.C] parsing block 804e5cc [Parser.C:1274] curAddr 0x804e5cc: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e5cd: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e5cf: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e5d0: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e5d3: call ffffe728 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe728 + EIP + 5 to 0x804e5d3...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804e5d8: add EBX, da28 [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e5de: call 2a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2a + EIP + 5 to 0x804e5de...SUCCESS (CFT=0x804e60d) [Parser.C:1485] recording block [804e5cc,804e5e3) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e5de->804e60d resolveable_edge: 1, tailcall: 0, target: 804e60d [ParserDetails.C:588] pushing 804e60d onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e5de->804e5e3 resolveable_edge: 1, tailcall: 0, target: 804e5e3 [ParserDetails.C:588] pushing 804e5e3 onto worklist [Parser.C] binding call 804e5de->804e60d [Parser.C:1485] recording block [804e60d,804e60d) [suspend frame 804e5cc] [Parser.C] frame 804e5cc blocked at 804e5de call target 804e60d [Parser.C] block 804e60d exists [Parser.C] ==== starting to parse frame 804e60d ==== [Parser.C] parsing block 804e60d [Parser.C:1274] curAddr 0x804e60d: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e60e: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e610: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e611: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e614: call ffffe6e7 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe6e7 + EIP + 5 to 0x804e614...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804e619: add EBX, d9e7 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e61f: call 537 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 537 + EIP + 5 to 0x804e61f...SUCCESS (CFT=0x804eb5b) [Parser.C:1485] recording block [804e60d,804e624) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e61f->804eb5b resolveable_edge: 1, tailcall: 0, target: 804eb5b [ParserDetails.C:588] pushing 804eb5b onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e61f->804e624 resolveable_edge: 1, tailcall: 0, target: 804e624 [ParserDetails.C:588] pushing 804e624 onto worklist [Parser.C] binding call 804e61f->804eb5b [Parser.C:1485] recording block [804eb5b,804eb5b) [suspend frame 804e60d] [Parser.C] frame 804e60d blocked at 804e61f call target 804eb5b [Parser.C] block 804eb5b exists [Parser.C] ==== starting to parse frame 804eb5b ==== [Parser.C] parsing block 804eb5b [Parser.C:1274] curAddr 0x804eb5b: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called [Parser.C:1274] curAddr 0x804eb5c: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called [Parser.C:1274] curAddr 0x804eb5e: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called [Parser.C:1274] curAddr 0x804eb5f: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called [Parser.C:1274] curAddr 0x804eb62: call ffffe199 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe199 + EIP + 5 to 0x804eb62...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804eb67: add EBX, d499 [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called [Parser.C:1274] curAddr 0x804eb6d: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called [Parser.C:1274] curAddr 0x804eb73: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called [Parser.C:1274] curAddr 0x804eb75: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called [Parser.C:1274] curAddr 0x804eb77: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804eb5b,804eb79) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804eb77...SUCCESS (CFT=0x804eb87) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804eb77->804eb87 resolveable_edge: 1, tailcall: 0, target: 804eb87 [ParserDetails.C:588] pushing 804eb87 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804eb77->804eb79 resolveable_edge: 1, tailcall: 0, target: 804eb79 [ParserDetails.C:588] pushing 804eb79 onto worklist [Parser.C:1485] recording block [804eb87,804eb87) [Parser.C] parsing block 804eb87 [Parser.C:1274] curAddr 0x804eb87: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called [Parser.C:1274] curAddr 0x804eb8a: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called [Parser.C:1274] curAddr 0x804eb8b: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called [Parser.C:1274] curAddr 0x804eb8c: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804eb87,804eb8d) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804eb8c Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804eb8c...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804eb79,804eb79) [Parser.C] parsing block 804eb79 [Parser.C:1274] curAddr 0x804eb79: lea EAX, EBX + ffff97b9 [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called [Parser.C:1274] curAddr 0x804eb7f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called [Parser.C:1274] curAddr 0x804eb82: call ffffdf99 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffdf99 + EIP + 5 to 0x804eb82...SUCCESS (CFT=0x804cb20) [Parser.C:1485] recording block [804eb79,804eb87) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804eb82->804cb20 resolveable_edge: 1, tailcall: 0, target: 804cb20 [ParserDetails.C:588] pushing 804cb20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804eb82->804eb87 resolveable_edge: 1, tailcall: 0, target: 804eb87 [ParserDetails.C:588] pushing 804eb87 onto worklist [Parser.C] binding call 804eb82->804cb20 [Parser.C] block 804cb20 exists Checking non-returning for puts [Parser.C] block 804eb87 exists [Parser.C] skipping locally parsed target at 804eb87 [Parser.C] frame 804eb5b complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_7_func2 return status 3, no waiters [Parser.C] ==== resuming parse of frame 804e60d ==== Checking non-returning for test1_7_func2 Checking non-returning for test1_7_func2 [Parser.C:1485] recording block [804e624,804e624) [Parser.C] parsing block 804e624 [Parser.C:1274] curAddr 0x804e624: lea EAX, EBX + 420 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e62a: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e62c: cmp EAX, 48 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e62f: jnz 20c + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e624,804e635) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 20c + EIP + 6 to 0x804e62f...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e62f->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e62f->804e635 resolveable_edge: 1, tailcall: 0, target: 804e635 [ParserDetails.C:588] pushing 804e635 onto worklist [Parser.C:1485] recording block [804e841,804e841) [Parser.C] parsing block 804e841 [Parser.C:1274] curAddr 0x804e841: lea EAX, EBX + ffff9654 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e847: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e84a: call 516e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 516e + EIP + 5 to 0x804e84a...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e841,804e84f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e84a->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e84a->804e84f resolveable_edge: 1, tailcall: 0, target: 804e84f [ParserDetails.C:588] pushing 804e84f onto worklist [Parser.C] binding call 804e84a->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804e84f,804e84f) [Parser.C] parsing block 804e84f [Parser.C:1274] curAddr 0x804e84f: lea EAX, EBX + 424 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e855: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e857: lea EAX, EBX + 420 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e85d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e85f: lea ECX, EBX + ffff967f [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e865: mov [ESP + 8], ECX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e869: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e86d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e870: call 24a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 24a + EIP + 5 to 0x804e870...SUCCESS (CFT=0x804eabf) [Parser.C:1485] recording block [804e84f,804e875) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e870->804eabf resolveable_edge: 1, tailcall: 0, target: 804eabf [ParserDetails.C:588] pushing 804eabf onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e870->804e875 resolveable_edge: 1, tailcall: 0, target: 804e875 [ParserDetails.C:588] pushing 804e875 onto worklist [Parser.C] binding call 804e870->804eabf [Parser.C] block 804eabf exists Checking non-returning for fail7Print [Parser.C:1485] recording block [804e875,804e875) [Parser.C] parsing block 804e875 [Parser.C:1274] curAddr 0x804e875: lea EAX, EBX + 42c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e87b: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e87d: lea EAX, EBX + 428 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e883: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e885: lea ECX, EBX + ffff9689 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e88b: mov [ESP + 8], ECX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e88f: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e893: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e896: call 224 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 224 + EIP + 5 to 0x804e896...SUCCESS (CFT=0x804eabf) [Parser.C:1485] recording block [804e875,804e89b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e896->804eabf resolveable_edge: 1, tailcall: 0, target: 804eabf [ParserDetails.C:588] pushing 804eabf onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e896->804e89b resolveable_edge: 1, tailcall: 0, target: 804e89b [ParserDetails.C:588] pushing 804e89b onto worklist [Parser.C] binding call 804e896->804eabf [Parser.C] block 804eabf exists Checking non-returning for fail7Print [Parser.C:1485] recording block [804e89b,804e89b) [Parser.C] parsing block 804e89b [Parser.C:1274] curAddr 0x804e89b: lea EAX, EBX + 434 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8a1: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8a3: lea EAX, EBX + 430 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8a9: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8ab: lea ECX, EBX + ffff9693 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8b1: mov [ESP + 8], ECX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8b5: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8b9: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8bc: call 1fe + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1fe + EIP + 5 to 0x804e8bc...SUCCESS (CFT=0x804eabf) [Parser.C:1485] recording block [804e89b,804e8c1) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e8bc->804eabf resolveable_edge: 1, tailcall: 0, target: 804eabf [ParserDetails.C:588] pushing 804eabf onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e8bc->804e8c1 resolveable_edge: 1, tailcall: 0, target: 804e8c1 [ParserDetails.C:588] pushing 804e8c1 onto worklist [Parser.C] binding call 804e8bc->804eabf [Parser.C] block 804eabf exists Checking non-returning for fail7Print [Parser.C:1485] recording block [804e8c1,804e8c1) [Parser.C] parsing block 804e8c1 [Parser.C:1274] curAddr 0x804e8c1: lea EAX, EBX + 43c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8c7: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8c9: lea EAX, EBX + 438 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8cf: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8d1: lea ECX, EBX + ffff969d [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8d7: mov [ESP + 8], ECX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8db: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8df: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8e2: call 1d8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1d8 + EIP + 5 to 0x804e8e2...SUCCESS (CFT=0x804eabf) [Parser.C:1485] recording block [804e8c1,804e8e7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e8e2->804eabf resolveable_edge: 1, tailcall: 0, target: 804eabf [ParserDetails.C:588] pushing 804eabf onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e8e2->804e8e7 resolveable_edge: 1, tailcall: 0, target: 804e8e7 [ParserDetails.C:588] pushing 804e8e7 onto worklist [Parser.C] binding call 804e8e2->804eabf [Parser.C] block 804eabf exists Checking non-returning for fail7Print [Parser.C:1485] recording block [804e8e7,804e8e7) [Parser.C] parsing block 804e8e7 [Parser.C:1274] curAddr 0x804e8e7: lea EAX, EBX + 444 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8ed: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8ef: lea EAX, EBX + 440 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8f5: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8f7: lea ECX, EBX + ffff96a7 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e8fd: mov [ESP + 8], ECX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e901: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e905: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e908: call 1b2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1b2 + EIP + 5 to 0x804e908...SUCCESS (CFT=0x804eabf) [Parser.C:1485] recording block [804e8e7,804e90d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e908->804eabf resolveable_edge: 1, tailcall: 0, target: 804eabf [ParserDetails.C:588] pushing 804eabf onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e908->804e90d resolveable_edge: 1, tailcall: 0, target: 804e90d [ParserDetails.C:588] pushing 804e90d onto worklist [Parser.C] binding call 804e908->804eabf [Parser.C] block 804eabf exists Checking non-returning for fail7Print [Parser.C:1485] recording block [804e90d,804e90d) [Parser.C] parsing block 804e90d [Parser.C:1274] curAddr 0x804e90d: lea EAX, EBX + 44c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e913: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e915: lea EAX, EBX + 448 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e91b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e91d: lea ECX, EBX + ffff96b1 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e923: mov [ESP + 8], ECX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e927: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e92b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e92e: call 18c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 18c + EIP + 5 to 0x804e92e...SUCCESS (CFT=0x804eabf) [Parser.C:1485] recording block [804e90d,804e933) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e92e->804eabf resolveable_edge: 1, tailcall: 0, target: 804eabf [ParserDetails.C:588] pushing 804eabf onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e92e->804e933 resolveable_edge: 1, tailcall: 0, target: 804e933 [ParserDetails.C:588] pushing 804e933 onto worklist [Parser.C] binding call 804e92e->804eabf [Parser.C] block 804eabf exists Checking non-returning for fail7Print [Parser.C:1485] recording block [804e933,804e933) [Parser.C] parsing block 804e933 [Parser.C:1274] curAddr 0x804e933: lea EAX, EBX + 454 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e939: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e93b: lea EAX, EBX + 450 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e941: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e943: lea ECX, EBX + ffff96bb [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e949: mov [ESP + 8], ECX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e94d: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e951: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e954: call 166 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 166 + EIP + 5 to 0x804e954...SUCCESS (CFT=0x804eabf) [Parser.C:1485] recording block [804e933,804e959) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e954->804eabf resolveable_edge: 1, tailcall: 0, target: 804eabf [ParserDetails.C:588] pushing 804eabf onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e954->804e959 resolveable_edge: 1, tailcall: 0, target: 804e959 [ParserDetails.C:588] pushing 804e959 onto worklist [Parser.C] binding call 804e954->804eabf [Parser.C] block 804eabf exists Checking non-returning for fail7Print [Parser.C:1485] recording block [804e959,804e959) [Parser.C] parsing block 804e959 [Parser.C:1274] curAddr 0x804e959: lea EAX, EBX + 45c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e95f: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e961: lea EAX, EBX + 458 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e967: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e969: lea ECX, EBX + ffff96c6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e96f: mov [ESP + 8], ECX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e973: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e977: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e97a: call 140 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 140 + EIP + 5 to 0x804e97a...SUCCESS (CFT=0x804eabf) [Parser.C:1485] recording block [804e959,804e97f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e97a->804eabf resolveable_edge: 1, tailcall: 0, target: 804eabf [ParserDetails.C:588] pushing 804eabf onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e97a->804e97f resolveable_edge: 1, tailcall: 0, target: 804e97f [ParserDetails.C:588] pushing 804e97f onto worklist [Parser.C] binding call 804e97a->804eabf [Parser.C] block 804eabf exists Checking non-returning for fail7Print [Parser.C:1485] recording block [804e97f,804e97f) [Parser.C] parsing block 804e97f [Parser.C:1274] curAddr 0x804e97f: lea EAX, EBX + 464 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e985: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e987: lea EAX, EBX + 460 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e98d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e98f: lea ECX, EBX + ffff967f [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e995: mov [ESP + 8], ECX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e999: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e99d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9a0: call 168 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 168 + EIP + 5 to 0x804e9a0...SUCCESS (CFT=0x804eb0d) [Parser.C:1485] recording block [804e97f,804e9a5) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e9a0->804eb0d resolveable_edge: 1, tailcall: 0, target: 804eb0d [ParserDetails.C:588] pushing 804eb0d onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e9a0->804e9a5 resolveable_edge: 1, tailcall: 0, target: 804e9a5 [ParserDetails.C:588] pushing 804e9a5 onto worklist [Parser.C] binding call 804e9a0->804eb0d [Parser.C] block 804eb0d exists Checking non-returning for fail7aPrint [Parser.C:1485] recording block [804e9a5,804e9a5) [Parser.C] parsing block 804e9a5 [Parser.C:1274] curAddr 0x804e9a5: lea EAX, EBX + 46c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9ab: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9ad: lea EAX, EBX + 468 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9b3: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9b5: lea ECX, EBX + ffff9689 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9bb: mov [ESP + 8], ECX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9bf: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9c3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9c6: call 142 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 142 + EIP + 5 to 0x804e9c6...SUCCESS (CFT=0x804eb0d) [Parser.C:1485] recording block [804e9a5,804e9cb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e9c6->804eb0d resolveable_edge: 1, tailcall: 0, target: 804eb0d [ParserDetails.C:588] pushing 804eb0d onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e9c6->804e9cb resolveable_edge: 1, tailcall: 0, target: 804e9cb [ParserDetails.C:588] pushing 804e9cb onto worklist [Parser.C] binding call 804e9c6->804eb0d [Parser.C] block 804eb0d exists Checking non-returning for fail7aPrint [Parser.C:1485] recording block [804e9cb,804e9cb) [Parser.C] parsing block 804e9cb [Parser.C:1274] curAddr 0x804e9cb: lea EAX, EBX + 474 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9d1: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9d3: lea EAX, EBX + 470 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9d9: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9db: lea ECX, EBX + ffff9693 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9e1: mov [ESP + 8], ECX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9e5: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9e9: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9ec: call 11c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 11c + EIP + 5 to 0x804e9ec...SUCCESS (CFT=0x804eb0d) [Parser.C:1485] recording block [804e9cb,804e9f1) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e9ec->804eb0d resolveable_edge: 1, tailcall: 0, target: 804eb0d [ParserDetails.C:588] pushing 804eb0d onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e9ec->804e9f1 resolveable_edge: 1, tailcall: 0, target: 804e9f1 [ParserDetails.C:588] pushing 804e9f1 onto worklist [Parser.C] binding call 804e9ec->804eb0d [Parser.C] block 804eb0d exists Checking non-returning for fail7aPrint [Parser.C:1485] recording block [804e9f1,804e9f1) [Parser.C] parsing block 804e9f1 [Parser.C:1274] curAddr 0x804e9f1: lea EAX, EBX + 47c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9f7: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9f9: lea EAX, EBX + 478 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e9ff: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea01: lea ECX, EBX + ffff969d [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea07: mov [ESP + 8], ECX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea0b: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea0f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea12: call f6 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call f6 + EIP + 5 to 0x804ea12...SUCCESS (CFT=0x804eb0d) [Parser.C:1485] recording block [804e9f1,804ea17) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ea12->804eb0d resolveable_edge: 1, tailcall: 0, target: 804eb0d [ParserDetails.C:588] pushing 804eb0d onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ea12->804ea17 resolveable_edge: 1, tailcall: 0, target: 804ea17 [ParserDetails.C:588] pushing 804ea17 onto worklist [Parser.C] binding call 804ea12->804eb0d [Parser.C] block 804eb0d exists Checking non-returning for fail7aPrint [Parser.C:1485] recording block [804ea17,804ea17) [Parser.C] parsing block 804ea17 [Parser.C:1274] curAddr 0x804ea17: lea EAX, EBX + 484 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea1d: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea1f: lea EAX, EBX + 480 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea25: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea27: lea ECX, EBX + ffff96a7 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea2d: mov [ESP + 8], ECX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea31: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea35: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea38: call d0 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call d0 + EIP + 5 to 0x804ea38...SUCCESS (CFT=0x804eb0d) [Parser.C:1485] recording block [804ea17,804ea3d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ea38->804eb0d resolveable_edge: 1, tailcall: 0, target: 804eb0d [ParserDetails.C:588] pushing 804eb0d onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ea38->804ea3d resolveable_edge: 1, tailcall: 0, target: 804ea3d [ParserDetails.C:588] pushing 804ea3d onto worklist [Parser.C] binding call 804ea38->804eb0d [Parser.C] block 804eb0d exists Checking non-returning for fail7aPrint [Parser.C:1485] recording block [804ea3d,804ea3d) [Parser.C] parsing block 804ea3d [Parser.C:1274] curAddr 0x804ea3d: lea EAX, EBX + 48c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea43: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea45: lea EAX, EBX + 488 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea4b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea4d: lea ECX, EBX + ffff96b1 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea53: mov [ESP + 8], ECX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea57: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea5b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea5e: call aa + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call aa + EIP + 5 to 0x804ea5e...SUCCESS (CFT=0x804eb0d) [Parser.C:1485] recording block [804ea3d,804ea63) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ea5e->804eb0d resolveable_edge: 1, tailcall: 0, target: 804eb0d [ParserDetails.C:588] pushing 804eb0d onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ea5e->804ea63 resolveable_edge: 1, tailcall: 0, target: 804ea63 [ParserDetails.C:588] pushing 804ea63 onto worklist [Parser.C] binding call 804ea5e->804eb0d [Parser.C] block 804eb0d exists Checking non-returning for fail7aPrint [Parser.C:1485] recording block [804ea63,804ea63) [Parser.C] parsing block 804ea63 [Parser.C:1274] curAddr 0x804ea63: lea EAX, EBX + 494 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea69: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea6b: lea EAX, EBX + 490 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea71: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea73: lea ECX, EBX + ffff96bb [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea79: mov [ESP + 8], ECX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea7d: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea81: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea84: call 84 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 84 + EIP + 5 to 0x804ea84...SUCCESS (CFT=0x804eb0d) [Parser.C:1485] recording block [804ea63,804ea89) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ea84->804eb0d resolveable_edge: 1, tailcall: 0, target: 804eb0d [ParserDetails.C:588] pushing 804eb0d onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ea84->804ea89 resolveable_edge: 1, tailcall: 0, target: 804ea89 [ParserDetails.C:588] pushing 804ea89 onto worklist [Parser.C] binding call 804ea84->804eb0d [Parser.C] block 804eb0d exists Checking non-returning for fail7aPrint [Parser.C:1485] recording block [804ea89,804ea89) [Parser.C] parsing block 804ea89 [Parser.C:1274] curAddr 0x804ea89: lea EAX, EBX + 49c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea8f: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea91: lea EAX, EBX + 498 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea97: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea99: lea ECX, EBX + ffff96c6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804ea9f: mov [ESP + 8], ECX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804eaa3: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804eaa7: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804eaaa: call 5e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5e + EIP + 5 to 0x804eaaa...SUCCESS (CFT=0x804eb0d) [Parser.C:1485] recording block [804ea89,804eaaf) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804eaaa->804eb0d resolveable_edge: 1, tailcall: 0, target: 804eb0d [ParserDetails.C:588] pushing 804eb0d onto worklist ParserDetails.C[68]: adding function fallthrough edge 804eaaa->804eaaf resolveable_edge: 1, tailcall: 0, target: 804eaaf [ParserDetails.C:588] pushing 804eaaf onto worklist [Parser.C] binding call 804eaaa->804eb0d [Parser.C] block 804eb0d exists Checking non-returning for fail7aPrint [Parser.C:1485] recording block [804eaaf,804eaaf) [Parser.C] parsing block 804eaaf [Parser.C:1274] curAddr 0x804eaaf: mov [EBX + 800], 0 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804eab9: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804eabc: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804eabd: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804eabe: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804eaaf,804eabf) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804eabe Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804eabe...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804e635,804e635) [Parser.C] parsing block 804e635 [Parser.C:1274] curAddr 0x804e635: lea EAX, EBX + 424 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e63b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e63d: cmp EAX, 47 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e640: jnz 1fb + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e635,804e646) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1fb + EIP + 6 to 0x804e640...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e640->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e640->804e646 resolveable_edge: 1, tailcall: 0, target: 804e646 [ParserDetails.C:588] pushing 804e646 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e646,804e646) [Parser.C] parsing block 804e646 [Parser.C:1274] curAddr 0x804e646: lea EAX, EBX + 428 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e64c: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e64e: cmp EAX, 48 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e651: jnz 1ea + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e646,804e657) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1ea + EIP + 6 to 0x804e651...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e651->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e651->804e657 resolveable_edge: 1, tailcall: 0, target: 804e657 [ParserDetails.C:588] pushing 804e657 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e657,804e657) [Parser.C] parsing block 804e657 [Parser.C:1274] curAddr 0x804e657: lea EAX, EBX + 42c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e65d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e65f: cmp EAX, 47 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e662: jnz 1d9 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e657,804e668) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1d9 + EIP + 6 to 0x804e662...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e662->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e662->804e668 resolveable_edge: 1, tailcall: 0, target: 804e668 [ParserDetails.C:588] pushing 804e668 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e668,804e668) [Parser.C] parsing block 804e668 [Parser.C:1274] curAddr 0x804e668: lea EAX, EBX + 430 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e66e: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e670: cmp EAX, 48 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e673: jnz 1c8 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e668,804e679) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1c8 + EIP + 6 to 0x804e673...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e673->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e673->804e679 resolveable_edge: 1, tailcall: 0, target: 804e679 [ParserDetails.C:588] pushing 804e679 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e679,804e679) [Parser.C] parsing block 804e679 [Parser.C:1274] curAddr 0x804e679: lea EAX, EBX + 434 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e67f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e681: cmp EAX, 47 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e684: jnz 1b7 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e679,804e68a) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1b7 + EIP + 6 to 0x804e684...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e684->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e684->804e68a resolveable_edge: 1, tailcall: 0, target: 804e68a [ParserDetails.C:588] pushing 804e68a onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e68a,804e68a) [Parser.C] parsing block 804e68a [Parser.C:1274] curAddr 0x804e68a: lea EAX, EBX + 438 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e690: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e692: cmp EAX, 48 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e695: jnz 1a6 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e68a,804e69b) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1a6 + EIP + 6 to 0x804e695...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e695->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e695->804e69b resolveable_edge: 1, tailcall: 0, target: 804e69b [ParserDetails.C:588] pushing 804e69b onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e69b,804e69b) [Parser.C] parsing block 804e69b [Parser.C:1274] curAddr 0x804e69b: lea EAX, EBX + 43c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6a1: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6a3: cmp EAX, 47 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6a6: jnz 195 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e69b,804e6ac) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 195 + EIP + 6 to 0x804e6a6...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e6a6->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e6a6->804e6ac resolveable_edge: 1, tailcall: 0, target: 804e6ac [ParserDetails.C:588] pushing 804e6ac onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e6ac,804e6ac) [Parser.C] parsing block 804e6ac [Parser.C:1274] curAddr 0x804e6ac: lea EAX, EBX + 440 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6b2: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6b4: cmp EAX, 48 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6b7: jnz 184 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e6ac,804e6bd) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 184 + EIP + 6 to 0x804e6b7...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e6b7->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e6b7->804e6bd resolveable_edge: 1, tailcall: 0, target: 804e6bd [ParserDetails.C:588] pushing 804e6bd onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e6bd,804e6bd) [Parser.C] parsing block 804e6bd [Parser.C:1274] curAddr 0x804e6bd: lea EAX, EBX + 444 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6c3: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6c5: cmp EAX, 47 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6c8: jnz 173 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e6bd,804e6ce) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 173 + EIP + 6 to 0x804e6c8...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e6c8->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e6c8->804e6ce resolveable_edge: 1, tailcall: 0, target: 804e6ce [ParserDetails.C:588] pushing 804e6ce onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e6ce,804e6ce) [Parser.C] parsing block 804e6ce [Parser.C:1274] curAddr 0x804e6ce: lea EAX, EBX + 448 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6d4: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6d6: cmp EAX, 48 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6d9: jnz 162 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e6ce,804e6df) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 162 + EIP + 6 to 0x804e6d9...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e6d9->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e6d9->804e6df resolveable_edge: 1, tailcall: 0, target: 804e6df [ParserDetails.C:588] pushing 804e6df onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e6df,804e6df) [Parser.C] parsing block 804e6df [Parser.C:1274] curAddr 0x804e6df: lea EAX, EBX + 44c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6e5: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6e7: cmp EAX, 47 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6ea: jnz 151 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e6df,804e6f0) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 151 + EIP + 6 to 0x804e6ea...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e6ea->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e6ea->804e6f0 resolveable_edge: 1, tailcall: 0, target: 804e6f0 [ParserDetails.C:588] pushing 804e6f0 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e6f0,804e6f0) [Parser.C] parsing block 804e6f0 [Parser.C:1274] curAddr 0x804e6f0: lea EAX, EBX + 450 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6f6: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6f8: cmp EAX, 48 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e6fb: jnz 140 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e6f0,804e701) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 140 + EIP + 6 to 0x804e6fb...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e6fb->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e6fb->804e701 resolveable_edge: 1, tailcall: 0, target: 804e701 [ParserDetails.C:588] pushing 804e701 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e701,804e701) [Parser.C] parsing block 804e701 [Parser.C:1274] curAddr 0x804e701: lea EAX, EBX + 454 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e707: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e709: cmp EAX, 47 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e70c: jnz 12f + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e701,804e712) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 12f + EIP + 6 to 0x804e70c...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e70c->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e70c->804e712 resolveable_edge: 1, tailcall: 0, target: 804e712 [ParserDetails.C:588] pushing 804e712 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e712,804e712) [Parser.C] parsing block 804e712 [Parser.C:1274] curAddr 0x804e712: lea EAX, EBX + 458 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e718: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e71a: cmp EAX, 48 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e71d: jnz 11e + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e712,804e723) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 11e + EIP + 6 to 0x804e71d...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e71d->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e71d->804e723 resolveable_edge: 1, tailcall: 0, target: 804e723 [ParserDetails.C:588] pushing 804e723 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e723,804e723) [Parser.C] parsing block 804e723 [Parser.C:1274] curAddr 0x804e723: lea EAX, EBX + 45c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e729: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e72b: cmp EAX, 47 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e72e: jnz 10d + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e723,804e734) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 10d + EIP + 6 to 0x804e72e...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e72e->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e72e->804e734 resolveable_edge: 1, tailcall: 0, target: 804e734 [ParserDetails.C:588] pushing 804e734 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e734,804e734) [Parser.C] parsing block 804e734 [Parser.C:1274] curAddr 0x804e734: lea EAX, EBX + 460 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e73a: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e73c: cmp EAX, 4a [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e73f: jnz fc + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e734,804e745) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz fc + EIP + 6 to 0x804e73f...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e73f->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e73f->804e745 resolveable_edge: 1, tailcall: 0, target: 804e745 [ParserDetails.C:588] pushing 804e745 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e745,804e745) [Parser.C] parsing block 804e745 [Parser.C:1274] curAddr 0x804e745: lea EAX, EBX + 464 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e74b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e74d: cmp EAX, 49 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e750: jnz eb + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e745,804e756) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz eb + EIP + 6 to 0x804e750...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e750->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e750->804e756 resolveable_edge: 1, tailcall: 0, target: 804e756 [ParserDetails.C:588] pushing 804e756 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e756,804e756) [Parser.C] parsing block 804e756 [Parser.C:1274] curAddr 0x804e756: lea EAX, EBX + 468 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e75c: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e75e: cmp EAX, 4a [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e761: jnz da + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e756,804e767) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz da + EIP + 6 to 0x804e761...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e761->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e761->804e767 resolveable_edge: 1, tailcall: 0, target: 804e767 [ParserDetails.C:588] pushing 804e767 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e767,804e767) [Parser.C] parsing block 804e767 [Parser.C:1274] curAddr 0x804e767: lea EAX, EBX + 46c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e76d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e76f: cmp EAX, 49 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e772: jnz c9 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e767,804e778) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz c9 + EIP + 6 to 0x804e772...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e772->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e772->804e778 resolveable_edge: 1, tailcall: 0, target: 804e778 [ParserDetails.C:588] pushing 804e778 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e778,804e778) [Parser.C] parsing block 804e778 [Parser.C:1274] curAddr 0x804e778: lea EAX, EBX + 470 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e77e: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e780: cmp EAX, 4a [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e783: jnz b8 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e778,804e789) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz b8 + EIP + 6 to 0x804e783...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e783->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e783->804e789 resolveable_edge: 1, tailcall: 0, target: 804e789 [ParserDetails.C:588] pushing 804e789 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e789,804e789) [Parser.C] parsing block 804e789 [Parser.C:1274] curAddr 0x804e789: lea EAX, EBX + 474 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e78f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e791: cmp EAX, 49 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e794: jnz a7 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e789,804e79a) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz a7 + EIP + 6 to 0x804e794...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e794->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e794->804e79a resolveable_edge: 1, tailcall: 0, target: 804e79a [ParserDetails.C:588] pushing 804e79a onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e79a,804e79a) [Parser.C] parsing block 804e79a [Parser.C:1274] curAddr 0x804e79a: lea EAX, EBX + 478 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7a0: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7a2: cmp EAX, 4a [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7a5: jnz 96 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e79a,804e7ab) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 96 + EIP + 6 to 0x804e7a5...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e7a5->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e7a5->804e7ab resolveable_edge: 1, tailcall: 0, target: 804e7ab [ParserDetails.C:588] pushing 804e7ab onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e7ab,804e7ab) [Parser.C] parsing block 804e7ab [Parser.C:1274] curAddr 0x804e7ab: lea EAX, EBX + 47c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7b1: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7b3: cmp EAX, 49 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7b6: jnz 85 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e7ab,804e7bc) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 85 + EIP + 6 to 0x804e7b6...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e7b6->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e7b6->804e7bc resolveable_edge: 1, tailcall: 0, target: 804e7bc [ParserDetails.C:588] pushing 804e7bc onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e7bc,804e7bc) [Parser.C] parsing block 804e7bc [Parser.C:1274] curAddr 0x804e7bc: lea EAX, EBX + 480 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7c2: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7c4: cmp EAX, 4a [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7c7: jnz 78 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e7bc,804e7c9) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 78 + EIP + 2 to 0x804e7c7...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e7c7->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e7c7->804e7c9 resolveable_edge: 1, tailcall: 0, target: 804e7c9 [ParserDetails.C:588] pushing 804e7c9 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e7c9,804e7c9) [Parser.C] parsing block 804e7c9 [Parser.C:1274] curAddr 0x804e7c9: lea EAX, EBX + 484 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7cf: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7d1: cmp EAX, 49 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7d4: jnz 6b + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e7c9,804e7d6) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 6b + EIP + 2 to 0x804e7d4...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e7d4->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e7d4->804e7d6 resolveable_edge: 1, tailcall: 0, target: 804e7d6 [ParserDetails.C:588] pushing 804e7d6 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e7d6,804e7d6) [Parser.C] parsing block 804e7d6 [Parser.C:1274] curAddr 0x804e7d6: lea EAX, EBX + 488 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7dc: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7de: cmp EAX, 4a [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7e1: jnz 5e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e7d6,804e7e3) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 5e + EIP + 2 to 0x804e7e1...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e7e1->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e7e1->804e7e3 resolveable_edge: 1, tailcall: 0, target: 804e7e3 [ParserDetails.C:588] pushing 804e7e3 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e7e3,804e7e3) [Parser.C] parsing block 804e7e3 [Parser.C:1274] curAddr 0x804e7e3: lea EAX, EBX + 48c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7e9: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7eb: cmp EAX, 49 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7ee: jnz 51 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e7e3,804e7f0) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 51 + EIP + 2 to 0x804e7ee...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e7ee->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e7ee->804e7f0 resolveable_edge: 1, tailcall: 0, target: 804e7f0 [ParserDetails.C:588] pushing 804e7f0 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e7f0,804e7f0) [Parser.C] parsing block 804e7f0 [Parser.C:1274] curAddr 0x804e7f0: lea EAX, EBX + 490 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7f6: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7f8: cmp EAX, 4a [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e7fb: jnz 44 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e7f0,804e7fd) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 44 + EIP + 2 to 0x804e7fb...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e7fb->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e7fb->804e7fd resolveable_edge: 1, tailcall: 0, target: 804e7fd [ParserDetails.C:588] pushing 804e7fd onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e7fd,804e7fd) [Parser.C] parsing block 804e7fd [Parser.C:1274] curAddr 0x804e7fd: lea EAX, EBX + 494 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e803: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e805: cmp EAX, 49 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e808: jnz 37 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e7fd,804e80a) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 37 + EIP + 2 to 0x804e808...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e808->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e808->804e80a resolveable_edge: 1, tailcall: 0, target: 804e80a [ParserDetails.C:588] pushing 804e80a onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e80a,804e80a) [Parser.C] parsing block 804e80a [Parser.C:1274] curAddr 0x804e80a: lea EAX, EBX + 498 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e810: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e812: cmp EAX, 4a [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e815: jnz 2a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e80a,804e817) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 2a + EIP + 2 to 0x804e815...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e815->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e815->804e817 resolveable_edge: 1, tailcall: 0, target: 804e817 [ParserDetails.C:588] pushing 804e817 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e817,804e817) [Parser.C] parsing block 804e817 [Parser.C:1274] curAddr 0x804e817: lea EAX, EBX + 49c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e81d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e81f: cmp EAX, 49 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e822: jnz 1d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e817,804e824) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1d + EIP + 2 to 0x804e822...SUCCESS (CFT=0x804e841) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e841 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e822->804e841 resolveable_edge: 1, tailcall: 0, target: 804e841 [ParserDetails.C:588] pushing 804e841 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e822->804e824 resolveable_edge: 1, tailcall: 0, target: 804e824 [ParserDetails.C:588] pushing 804e824 onto worklist [Parser.C] block 804e841 exists [Parser.C] skipping locally parsed target at 804e841 [Parser.C:1485] recording block [804e824,804e824) [Parser.C] parsing block 804e824 [Parser.C:1274] curAddr 0x804e824: lea EAX, EBX + ffff962c [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e82a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e82d: call 518b + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 518b + EIP + 5 to 0x804e82d...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e824,804e832) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e82d->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e82d->804e832 resolveable_edge: 1, tailcall: 0, target: 804e832 [ParserDetails.C:588] pushing 804e832 onto worklist [Parser.C] binding call 804e82d->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804e832,804e832) [Parser.C] parsing block 804e832 [Parser.C:1274] curAddr 0x804e832: mov [EBX + 800], 1 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called [Parser.C:1274] curAddr 0x804e83c: jmp 278 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 278 + EIP + 5 to 0x804e83c...SUCCESS (CFT=0x804eab9) [Parser.C:1485] recording block [804e832,804e841) Getting edges Checking for Tail Call jump to 0x804eab9 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804e83c->804eab9 resolveable_edge: 1, tailcall: 0, target: 804eab9 [ParserDetails.C:588] pushing 804eab9 onto worklist [Parser.C] address 804eab9 splits [804eaaf,804eabf) (0x1d42760) [Parser.C:1485] recording block [804eab9,804eabf) [Parser.C] skipping locally parsed target at 804eab9 [Parser.C] frame 804e60d complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_7_func1 return status 3, no waiters [Parser.C] ==== resuming parse of frame 804e5cc ==== Checking non-returning for test1_7_func1 Checking non-returning for test1_7_func1 [Parser.C:1485] recording block [804e5e3,804e5e3) [Parser.C] parsing block 804e5e3 [Parser.C:1274] curAddr 0x804e5e3: mov EAX, [EBX + 800] [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e5e9: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e5eb: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e5e3,804e5ed) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804e5eb...SUCCESS (CFT=0x804e602) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e5eb->804e602 resolveable_edge: 1, tailcall: 0, target: 804e602 [ParserDetails.C:588] pushing 804e602 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e5eb->804e5ed resolveable_edge: 1, tailcall: 0, target: 804e5ed [ParserDetails.C:588] pushing 804e5ed onto worklist [Parser.C:1485] recording block [804e602,804e602) [Parser.C] parsing block 804e602 [Parser.C:1274] curAddr 0x804e602: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e607: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e60a: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e60b: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e60c: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e602,804e60d) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804e60c Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804e60c...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804e5ed,804e5ed) [Parser.C] parsing block 804e5ed [Parser.C:1274] curAddr 0x804e5ed: mov EAX, [EBX + 4c0] [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e5f3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e5f6: call 5daa + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5daa + EIP + 5 to 0x804e5f6...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [804e5ed,804e5fb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e5f6->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e5f6->804e5fb resolveable_edge: 1, tailcall: 0, target: 804e5fb [ParserDetails.C:588] pushing 804e5fb onto worklist [Parser.C] binding call 804e5f6->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [804e5fb,804e5fb) [Parser.C] parsing block 804e5fb [Parser.C:1274] curAddr 0x804e5fb: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e600: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_7_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x804e600...SUCCESS (CFT=0x804e607) [Parser.C:1485] recording block [804e5fb,804e602) Getting edges Checking for Tail Call jump to 0x804e607 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804e600->804e607 resolveable_edge: 1, tailcall: 0, target: 804e607 [ParserDetails.C:588] pushing 804e607 onto worklist [Parser.C] address 804e607 splits [804e602,804e60d) (0x1d40030) [Parser.C:1485] recording block [804e607,804e60d) [Parser.C] skipping locally parsed target at 804e607 [Parser.C] frame 804e5cc complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_7_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8050d65) [Parser.C:180] entered parse_at([804ccd0,80549c4),8050d65) [Parser.C:1485] recording block [8050d65,8050d65) [Parser.C] ==== starting to parse frame 8050d65 ==== [Parser.C] parsing block 8050d65 [Parser.C:1274] curAddr 0x8050d65: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_23_call2 hasCFT called [Parser.C:1274] curAddr 0x8050d66: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_23_call2 hasCFT called [Parser.C:1274] curAddr 0x8050d68: call ffffce18 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_23_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffce18 + EIP + 5 to 0x8050d68...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8050d6d: add ECX, b293 [Parser.C:1280] leaf 1 funcname test1_23_call2 hasCFT called [Parser.C:1274] curAddr 0x8050d73: lea EAX, ECX + 568 [Parser.C:1280] leaf 1 funcname test1_23_call2 hasCFT called [Parser.C:1274] curAddr 0x8050d79: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_23_call2 hasCFT called [Parser.C:1274] curAddr 0x8050d7b: mov [ECX + 574], EAX [Parser.C:1280] leaf 1 funcname test1_23_call2 hasCFT called [Parser.C:1274] curAddr 0x8050d81: lea EAX, ECX + 56c [Parser.C:1280] leaf 1 funcname test1_23_call2 hasCFT called [Parser.C:1274] curAddr 0x8050d87: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_23_call2 hasCFT called [Parser.C:1274] curAddr 0x8050d89: mov [ECX + 578], EAX [Parser.C:1280] leaf 1 funcname test1_23_call2 hasCFT called [Parser.C:1274] curAddr 0x8050d8f: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_23_call2 hasCFT called [Parser.C:1274] curAddr 0x8050d90: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_23_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050d65,8050d91) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8050d90 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8050d90...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8050d65 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_23_call2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80540ef) [Parser.C:180] entered parse_at([804ccd0,80549c4),80540ef) [Parser.C:1485] recording block [80540ef,80540ef) [Parser.C] ==== starting to parse frame 80540ef ==== [Parser.C] parsing block 80540ef [Parser.C:1274] curAddr 0x80540ef: push EBP, ESP [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called [Parser.C:1274] curAddr 0x80540f0: mov EBP, ESP [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called [Parser.C:1274] curAddr 0x80540f2: push EBX, ESP [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called [Parser.C:1274] curAddr 0x80540f3: sub ESP, 14 [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called [Parser.C:1274] curAddr 0x80540f6: call ffff8c05 + EIP + 5 [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8c05 + EIP + 5 to 0x80540f6...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x80540fb: add EBX, 7f05 [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054101: cmp [EBP + 8], 0 [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054105: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [80540ef,8054107) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x8054105...SUCCESS (CFT=0x8054115) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054105->8054115 resolveable_edge: 1, tailcall: 0, target: 8054115 [ParserDetails.C:588] pushing 8054115 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054105->8054107 resolveable_edge: 1, tailcall: 0, target: 8054107 [ParserDetails.C:588] pushing 8054107 onto worklist [Parser.C:1485] recording block [8054115,8054115) [Parser.C] parsing block 8054115 [Parser.C:1274] curAddr 0x8054115: lea EAX, EBX + 770 [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called [Parser.C:1274] curAddr 0x805411b: mov [EAX], 1 [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054121: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054124: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054128: mov [ESP], 4 [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called [Parser.C:1274] curAddr 0x805412f: call fffff1ec + EIP + 5 [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff1ec + EIP + 5 to 0x805412f...SUCCESS (CFT=0x8053320) [Parser.C:1485] recording block [8054115,8054134) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805412f->8053320 resolveable_edge: 1, tailcall: 0, target: 8053320 [ParserDetails.C:588] pushing 8053320 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805412f->8054134 resolveable_edge: 1, tailcall: 0, target: 8054134 [ParserDetails.C:588] pushing 8054134 onto worklist [Parser.C] binding call 805412f->8053320 [Parser.C:1485] recording block [8053320,8053320) [suspend frame 80540ef] [Parser.C] frame 80540ef blocked at 805412f call target 8053320 [Parser.C] block 8053320 exists [Parser.C] ==== starting to parse frame 8053320 ==== [Parser.C] parsing block 8053320 [Parser.C:1274] curAddr 0x8053320: push EBP, ESP [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053321: mov EBP, ESP [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053323: push EBX, ESP [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053324: sub ESP, 24 [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053327: call ffff99d4 + EIP + 5 [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff99d4 + EIP + 5 to 0x8053327...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x805332c: add EBX, 8cd4 [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053332: cmp [EBP + c], 0 [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053336: jz 2a + EIP + 2 [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053320,8053338) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 2a + EIP + 2 to 0x8053336...SUCCESS (CFT=0x8053362) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053336->8053362 resolveable_edge: 1, tailcall: 0, target: 8053362 [ParserDetails.C:588] pushing 8053362 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053336->8053338 resolveable_edge: 1, tailcall: 0, target: 8053338 [ParserDetails.C:588] pushing 8053338 onto worklist [Parser.C:1485] recording block [8053362,8053362) [Parser.C] parsing block 8053362 [Parser.C:1274] curAddr 0x8053362: cmp [EBP + 8], 4 [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053366: jnbe 3c8 + EIP + 6 [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053362,805336c) Getting edges IA_IAPI.C[847]: binding PC EIP in jnbe 3c8 + EIP + 6 to 0x8053366...SUCCESS (CFT=0x8053734) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053366->8053734 resolveable_edge: 1, tailcall: 0, target: 8053734 [ParserDetails.C:588] pushing 8053734 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053366->805336c resolveable_edge: 1, tailcall: 0, target: 805336c [ParserDetails.C:588] pushing 805336c onto worklist [Parser.C:1485] recording block [8053734,8053734) [Parser.C] parsing block 8053734 [Parser.C:1274] curAddr 0x8053734: add ESP, 24 [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053737: pop EBX, ESP [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053738: pop EBP, ESP [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053739: ret near [ESP] [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053734,805373a) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053739 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053739...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8053338,8053338) [Parser.C] parsing block 8053338 [Parser.C:1274] curAddr 0x8053338: lea EAX, EBX + ffffbed8 [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x805333e: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053342: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053345: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053348: call ffff96f3 + EIP + 5 [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff96f3 + EIP + 5 to 0x8053348...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [8053338,805334d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053348->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053348->805334d resolveable_edge: 1, tailcall: 0, target: 805334d [ParserDetails.C:588] pushing 805334d onto worklist [Parser.C] binding call 8053348->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [805334d,805334d) [Parser.C] parsing block 805334d [Parser.C:1274] curAddr 0x805334d: test EAX, EAX [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x805334f: jz 11 + EIP + 2 [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called branch or return, ret true [Parser.C:1485] recording block [805334d,8053351) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 11 + EIP + 2 to 0x805334f...SUCCESS (CFT=0x8053362) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x8053362 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 805334f->8053362 resolveable_edge: 1, tailcall: 0, target: 8053362 [ParserDetails.C:588] pushing 8053362 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805334f->8053351 resolveable_edge: 1, tailcall: 0, target: 8053351 [ParserDetails.C:588] pushing 8053351 onto worklist [Parser.C] block 8053362 exists [Parser.C] skipping locally parsed target at 8053362 [Parser.C:1485] recording block [8053351,8053351) [Parser.C] parsing block 8053351 [Parser.C:1274] curAddr 0x8053351: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053354: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053357: call ffff9814 + EIP + 5 [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9814 + EIP + 5 to 0x8053357...SUCCESS (CFT=0x804cb70) [Parser.C:1485] recording block [8053351,805335c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053357->804cb70 resolveable_edge: 1, tailcall: 0, target: 804cb70 [ParserDetails.C:588] pushing 804cb70 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053357->805335c resolveable_edge: 1, tailcall: 0, target: 805335c [ParserDetails.C:588] pushing 805335c onto worklist [Parser.C] binding call 8053357->804cb70 [ParseData.C] new function for target 804cb70 [Parser.C:1485] recording block [804cb70,804cb70) [suspend frame 8053320] [Parser.C] frame 8053320 blocked at 8053357 call target 804cb70 [Parser.C] block 804cb70 exists [Parser.C] ==== starting to parse frame 804cb70 ==== [Parser.C] parsing block 804cb70 [Parser.C:1274] curAddr 0x804cb70: jmp [805c060] [Parser.C:1280] leaf 1 funcname targ804cb70 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c060] to 0x804cb70...FAIL (CFT=0x0), callTarget exp: [805c060] ... indirect jump at 0x804cb70, delay parsing it [Parser.C:1485] recording block [804cb70,804cb76) ... continue parse indirect jump at 804cb70 [Parser.C:1485] recording block [804cb70,804cb76) Getting edges ... indirect jump at 0x804cb70 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c060] at 0x804cb70 Apply indirect control flow analysis at 804cb70 Looking for thunk Looking for thunk in block [804cb70,804cb76).......WARNING: after advance at 0x804cb76, curInsn() NULL Expanding instruction @ 804cb70: jmp [805c060] Original expand: (<134594656:32>,) Adding assignment (@804cb70<[x86::eip]>[_805c060]) in instruction jmp [805c060] at 804cb70, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cb70, insn: jmp [805c060] Old fact for 804cb70: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cb70 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cb70<[x86::eip]>[_805c060]) Instruction: jmp [805c060] AST: (<134594656:64>,) Generate bound fact for Interval 0[134594656,134594656] 0[805c060,805c060], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594656:64>,) Apply relations2 to (<134594656:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594656,134594656] 0[805c060,805c060], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594656:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cb70 The fact from 804cb70 before applying transfer function Do not track predicate Var: , Interval 0[134594656,134594656] 0[805c060,805c060], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594656:64>,) No known value at the top of the stack Fact from 804cb70 after applying transfer function Do not track predicate Var: , Interval 0[134594656,134594656] 0[805c060,805c060], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594656:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594656,134594656] 0[805c060,805c060], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594656:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594656,134594656] 0[805c060,805c060], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c060 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cb70 (804cb70) No targets, exits func Adding block 0x804cb70 as exit 804cb70 extent [804cb70,804cb76) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c060] at 0x804cb70 in function targ804cb70 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cb70->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for strlen [Parser.C] frame 804cb70 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] strlen return status 2, no waiters [Parser.C] ==== resuming parse of frame 8053320 ==== Checking non-returning for strlen [Parser.C:1485] recording block [805335c,805335c) [Parser.C] parsing block 805335c [Parser.C:1274] curAddr 0x805335c: add EAX, 1 [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x805335f: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C] straight-line parse into block at 8053362 [Parser.C:1485] recording block [805335c,8053362) [Parser.C] block 8053362 exists [Parser.C:1485] recording block [805336c,805336c) [Parser.C] parsing block 805336c [Parser.C:1274] curAddr 0x805336c: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x805336f: shl/sal EAX, 2 [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053372: mov EAX, [EAX + EBX * 1 + ffffbfa8] [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x8053379: add EAX, EBX [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called [Parser.C:1274] curAddr 0x805337b: jmp EAX [Parser.C:1280] leaf 1 funcname redirectStream hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp EAX to 0x805337b...FAIL (CFT=0x0), callTarget exp: EAX ... indirect jump at 0x805337b, delay parsing it [Parser.C:1485] recording block [805336c,805337d) ... continue parse indirect jump at 805337b [Parser.C:1485] recording block [805336c,805337d) Getting edges ... indirect jump at 0x805337b Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp EAX at 0x805337b Apply indirect control flow analysis at 805337b Looking for thunk Looking for thunk in block [805336c,805337d).......WARNING: after advance at 0x805337d, curInsn() NULL Looking for thunk in block [805335c,8053362).......WARNING: after advance at 0x8053362, curInsn() NULL Looking for thunk in block [8053362,805336c).......WARNING: after advance at 0x805336c, curInsn() NULL Looking for thunk in block [8053338,805334d).IA_IAPI.C[847]: binding PC EIP in call ffff96f3 + EIP + 5 to 0x8053348...SUCCESS (CFT=0x804ca40) ......WARNING: after advance at 0x805334d, curInsn() NULL Looking for thunk in block [805334d,8053351).......WARNING: after advance at 0x8053351, curInsn() NULL Looking for thunk in block [8053351,805335c).IA_IAPI.C[847]: binding PC EIP in call ffff9814 + EIP + 5 to 0x8053357...SUCCESS (CFT=0x804cb70) ......WARNING: after advance at 0x805335c, curInsn() NULL Looking for thunk in block [8053320,8053338).IA_IAPI.C[847]: binding PC EIP in call ffff99d4 + EIP + 5 to 0x8053327...SUCCESS (CFT=0x804cd00) find thunk at 8053327, storing value 805c000 to x86::ebx ......WARNING: after advance at 0x8053338, curInsn() NULL Expanding instruction @ 805337b: jmp EAX Original expand: Adding assignment (@805337b<[x86::eip]>[x86::eax]) in instruction jmp EAX at 805337b, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 805337b, insn: jmp EAX Old fact for 805337b: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Check srcAddr at 0, trgAddr at 805337b, thunk at 8053327 find thunk at 8053327 between the source and the target. Add factInterval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Fact from 0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack New fact at 805337b Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@805337b<[x86::eip]>[x86::eax]) Instruction: jmp EAX AST: Kill bound fact for and are equal inserting relation and , type 0 Apply relations to Apply relations2 to Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 805337b The fact from 805337b before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack Check srcAddr at 805337b, trgAddr at 0, thunk at 8053327 Fact from 805337b after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack Facts change! Checking final bound fact for x86::eip jump target expression Expanding instruction @ 8053379: add EAX, EBX Original expand: (((,<33:32>,),((,<33:32>,),<0:1>,),),<0:33>,<32:33>,) Adding assignment (@8053379<[x86::eax]>[x86::ebx]>[x86::eax]) in instruction add EAX, EBX at 8053379, total 2 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 8053379, insn: add EAX, EBX Old fact for 8053379: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Check srcAddr at 0, trgAddr at 8053379, thunk at 8053327 find thunk at 8053327 between the source and the target. Add factInterval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Fact from 0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack New fact at 8053379 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 51 Expand assignment : (@8053379<[x86::eax]>[x86::ebx]>[x86::eax]) Instruction: add EAX, EBX AST: (,,) Kill bound fact for Apply relations to (,,) Apply relations2 to (,,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 805337b, insn: jmp EAX Old fact for 805337b: do not exist Meet incoming edge from 8053379 The fact from 8053379 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack Check srcAddr at 8053379, trgAddr at 805337b, thunk at 8053327 Fact from 8053379 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack New fact at 805337b Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@805337b<[x86::eip]>[x86::eax]) Instruction: jmp EAX AST: Kill bound fact for and are equal inserting relation and , type 0 Apply relations to (,,) Apply relations2 to (,,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack Starting analysis inside SCC 3 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 805337b The fact from 805337b before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack Check srcAddr at 805337b, trgAddr at 0, thunk at 8053327 Fact from 805337b after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip jump target expression (,,) Expanding instruction @ 8053372: mov EAX, [EAX + EBX * 1 + ffffbfa8] Original expand: (((,((,<1:8>,),<0:40>,<32:40>,),),<4294950824:32>,),) Adding assignment (@8053372<[x86::eax]>[x86::eax]>[x86::ebx]>H[]) in instruction mov EAX, [EAX + EBX * 1 + ffffbfa8] at 8053372, total 3 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 8053372, insn: mov EAX, [EAX + EBX * 1 + ffffbfa8] Old fact for 8053372: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Check srcAddr at 0, trgAddr at 8053372, thunk at 8053327 find thunk at 8053327 between the source and the target. Add factInterval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Fact from 0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack New fact at 8053372 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 264 Expand assignment : (@8053372<[x86::eax]>[x86::eax]>[x86::ebx]>H[]) Instruction: mov EAX, [EAX + EBX * 1 + ffffbfa8] AST: (((,,),<4294950824:32>,),) Kill bound fact for Apply relations to (((,,),<4294950824:32>,),) Apply relations2 to (((,,),<4294950824:32>,),) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294950824:32>,),) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 8053379, insn: add EAX, EBX Old fact for 8053379: do not exist Meet incoming edge from 8053372 The fact from 8053372 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294950824:32>,),) No known value at the top of the stack Check srcAddr at 8053372, trgAddr at 8053379, thunk at 8053327 Fact from 8053372 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294950824:32>,),) No known value at the top of the stack New fact at 8053379 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294950824:32>,),) No known value at the top of the stack Facts change! The predecessor node is normal node entry id 51 Expand assignment : (@8053379<[x86::eax]>[x86::ebx]>[x86::eax]) Instruction: add EAX, EBX AST: (,,) Kill bound fact for Apply relations to ((((,,),<4294950824:32>,),),,) Apply relations2 to ((((,,),<4294950824:32>,),),,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294950824:32>,),),,) No known value at the top of the stack Starting analysis inside SCC 3 Calculate Meet for 805337b, insn: jmp EAX Old fact for 805337b: do not exist Meet incoming edge from 8053379 The fact from 8053379 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294950824:32>,),),,) No known value at the top of the stack Check srcAddr at 8053379, trgAddr at 805337b, thunk at 8053327 Fact from 8053379 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294950824:32>,),),,) No known value at the top of the stack New fact at 805337b Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294950824:32>,),),,) No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@805337b<[x86::eip]>[x86::eax]) Instruction: jmp EAX AST: Kill bound fact for and are equal inserting relation and , type 0 Apply relations to ((((,,),<4294950824:32>,),),,) Apply relations2 to ((((,,),<4294950824:32>,),),,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294950824:32>,),),,) = ((((,,),<4294950824:32>,),),,) No known value at the top of the stack Starting analysis inside SCC 4 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 805337b The fact from 805337b before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294950824:32>,),),,) = ((((,,),<4294950824:32>,),),,) No known value at the top of the stack Check srcAddr at 805337b, trgAddr at 0, thunk at 8053327 Fact from 805337b after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294950824:32>,),),,) = ((((,,),<4294950824:32>,),),,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294950824:32>,),),,) = ((((,,),<4294950824:32>,),),,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip jump target expression ((((,,),<4294950824:32>,),),,) tableBase 0xffffbfa8 invalid, not jump table format tableBase 0xffffbfa8 not read only, not jump table format Not jump table format! Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp EAX at 0x805337b in function redirectStream UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 805337b->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff [Parser.C] frame 8053320 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] redirectStream return status 3, no waiters [Parser.C] ==== resuming parse of frame 80540ef ==== Checking non-returning for redirectStream Checking non-returning for redirectStream [Parser.C:1485] recording block [8054134,8054134) [Parser.C] parsing block 8054134 [Parser.C:1274] curAddr 0x8054134: add ESP, 14 [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054137: pop EBX, ESP [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054138: pop EBP, ESP [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054139: ret near [ESP] [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054134,805413a) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8054139 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8054139...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8054107,8054107) [Parser.C] parsing block 8054107 [Parser.C:1274] curAddr 0x8054107: lea EAX, EBX + 770 [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called [Parser.C:1274] curAddr 0x805410d: mov [EAX], 0 [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called [Parser.C:1274] curAddr 0x8054113: jmp c + EIP + 2 [Parser.C:1280] leaf 1 funcname setHumanLog hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp c + EIP + 2 to 0x8054113...SUCCESS (CFT=0x8054121) [Parser.C:1485] recording block [8054107,8054115) Getting edges Checking for Tail Call jump to 0x8054121 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8054113->8054121 resolveable_edge: 1, tailcall: 0, target: 8054121 [ParserDetails.C:588] pushing 8054121 onto worklist [Parser.C] address 8054121 splits [8054115,8054134) (0x1d3f650) [Parser.C:1485] recording block [8054121,8054134) [Parser.C] skipping locally parsed target at 8054121 [Parser.C] frame 80540ef complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] setHumanLog return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052741) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052741) [Parser.C:1485] recording block [8052741,8052741) [Parser.C] ==== starting to parse frame 8052741 ==== [Parser.C] parsing block 8052741 [Parser.C:1274] curAddr 0x8052741: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x8052742: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x8052744: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x8052747: mov EDX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x805274a: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x805274c: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x805274f: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x8052751: mov EAX, [EBP + 14] [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x8052754: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x8052756: mov EAX, [EBP + 18] [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x8052759: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x805275b: mov EAX, [EBP + 1c] [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x805275e: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x8052760: mov EAX, [EBP + 20] [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x8052763: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x8052765: mov EAX, [EBP + 24] [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x8052768: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x805276a: mov EAX, [EBP + 28] [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x805276d: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x805276f: mov EAX, [EBP + 2c] [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x8052772: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x8052774: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called [Parser.C:1274] curAddr 0x8052775: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_36_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052741,8052776) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052775 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052775...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052741 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_36_call1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80531d8) [Parser.C:180] entered parse_at([804ccd0,80549c4),80531d8) [Parser.C:1485] recording block [80531d8,80531d8) [Parser.C] ==== starting to parse frame 80531d8 ==== [Parser.C] parsing block 80531d8 [Parser.C:1274] curAddr 0x80531d8: push EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called [Parser.C:1274] curAddr 0x80531d9: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called [Parser.C:1274] curAddr 0x80531db: push EBX, ESP [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called [Parser.C:1274] curAddr 0x80531dc: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called [Parser.C:1274] curAddr 0x80531df: call ffff9b1c + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9b1c + EIP + 5 to 0x80531df...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x80531e4: add EBX, 8e1c [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called [Parser.C:1274] curAddr 0x80531ea: call fffffee1 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffee1 + EIP + 5 to 0x80531ea...SUCCESS (CFT=0x80530d0) [Parser.C:1485] recording block [80531d8,80531ef) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80531ea->80530d0 resolveable_edge: 1, tailcall: 0, target: 80530d0 [ParserDetails.C:588] pushing 80530d0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80531ea->80531ef resolveable_edge: 1, tailcall: 0, target: 80531ef [ParserDetails.C:588] pushing 80531ef onto worklist [Parser.C] binding call 80531ea->80530d0 [Parser.C:1485] recording block [80530d0,80530d0) [suspend frame 80531d8] [Parser.C] frame 80531d8 blocked at 80531ea call target 80530d0 [Parser.C] block 80530d0 exists [Parser.C] ==== starting to parse frame 80530d0 ==== [Parser.C] parsing block 80530d0 [Parser.C:1274] curAddr 0x80530d0: push EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80530d1: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80530d3: push EBX, ESP [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80530d4: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80530d7: call ffff9c24 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9c24 + EIP + 5 to 0x80530d7...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x80530dc: add EBX, 8f24 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80530e2: mov [ESP + 1c], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80530ea: mov [ESP + 18], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80530f2: mov [ESP + 14], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80530fa: mov [ESP + 10], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x8053102: mov [ESP + c], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x805310a: mov [ESP + 8], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x8053112: mov [ESP + 4], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x805311a: mov [ESP], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x8053121: call fffffd86 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffd86 + EIP + 5 to 0x8053121...SUCCESS (CFT=0x8052eac) [Parser.C:1485] recording block [80530d0,8053126) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053121->8052eac resolveable_edge: 1, tailcall: 0, target: 8052eac [ParserDetails.C:588] pushing 8052eac onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053121->8053126 resolveable_edge: 1, tailcall: 0, target: 8053126 [ParserDetails.C:588] pushing 8053126 onto worklist [Parser.C] binding call 8053121->8052eac [Parser.C:1485] recording block [8052eac,8052eac) [suspend frame 80530d0] [Parser.C] frame 80530d0 blocked at 8053121 call target 8052eac [Parser.C] block 8052eac exists [Parser.C] ==== starting to parse frame 8052eac ==== [Parser.C] parsing block 8052eac [Parser.C:1274] curAddr 0x8052eac: push EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052ead: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052eaf: push EBX, ESP [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052eb0: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052eb3: call ffff9e48 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9e48 + EIP + 5 to 0x8052eb3...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052eb8: add EBX, 9148 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052ebe: cmp [EBP + 8], 1 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052ec2: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052eac,8052ec4) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x8052ec2...SUCCESS (CFT=0x8052edc) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052ec2->8052edc resolveable_edge: 1, tailcall: 0, target: 8052edc [ParserDetails.C:588] pushing 8052edc onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052ec2->8052ec4 resolveable_edge: 1, tailcall: 0, target: 8052ec4 [ParserDetails.C:588] pushing 8052ec4 onto worklist [Parser.C:1485] recording block [8052edc,8052edc) [Parser.C] parsing block 8052edc [Parser.C:1274] curAddr 0x8052edc: cmp [EBP + c], 2 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052ee0: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052edc,8052ee2) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x8052ee0...SUCCESS (CFT=0x8052efa) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052ee0->8052efa resolveable_edge: 1, tailcall: 0, target: 8052efa [ParserDetails.C:588] pushing 8052efa onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052ee0->8052ee2 resolveable_edge: 1, tailcall: 0, target: 8052ee2 [ParserDetails.C:588] pushing 8052ee2 onto worklist [Parser.C:1485] recording block [8052efa,8052efa) [Parser.C] parsing block 8052efa [Parser.C:1274] curAddr 0x8052efa: cmp [EBP + 10], 3 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052efe: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052efa,8052f00) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x8052efe...SUCCESS (CFT=0x8052f18) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052efe->8052f18 resolveable_edge: 1, tailcall: 0, target: 8052f18 [ParserDetails.C:588] pushing 8052f18 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052efe->8052f00 resolveable_edge: 1, tailcall: 0, target: 8052f00 [ParserDetails.C:588] pushing 8052f00 onto worklist [Parser.C:1485] recording block [8052f18,8052f18) [Parser.C] parsing block 8052f18 [Parser.C:1274] curAddr 0x8052f18: cmp [EBP + 14], 4 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f1c: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052f18,8052f1e) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x8052f1c...SUCCESS (CFT=0x8052f36) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052f1c->8052f36 resolveable_edge: 1, tailcall: 0, target: 8052f36 [ParserDetails.C:588] pushing 8052f36 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052f1c->8052f1e resolveable_edge: 1, tailcall: 0, target: 8052f1e [ParserDetails.C:588] pushing 8052f1e onto worklist [Parser.C:1485] recording block [8052f36,8052f36) [Parser.C] parsing block 8052f36 [Parser.C:1274] curAddr 0x8052f36: cmp [EBP + 18], 5 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f3a: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052f36,8052f3c) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x8052f3a...SUCCESS (CFT=0x8052f54) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052f3a->8052f54 resolveable_edge: 1, tailcall: 0, target: 8052f54 [ParserDetails.C:588] pushing 8052f54 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052f3a->8052f3c resolveable_edge: 1, tailcall: 0, target: 8052f3c [ParserDetails.C:588] pushing 8052f3c onto worklist [Parser.C:1485] recording block [8052f54,8052f54) [Parser.C] parsing block 8052f54 [Parser.C:1274] curAddr 0x8052f54: cmp [EBP + 1c], 6 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f58: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052f54,8052f5a) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x8052f58...SUCCESS (CFT=0x8052f72) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052f58->8052f72 resolveable_edge: 1, tailcall: 0, target: 8052f72 [ParserDetails.C:588] pushing 8052f72 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052f58->8052f5a resolveable_edge: 1, tailcall: 0, target: 8052f5a [ParserDetails.C:588] pushing 8052f5a onto worklist [Parser.C:1485] recording block [8052f72,8052f72) [Parser.C] parsing block 8052f72 [Parser.C:1274] curAddr 0x8052f72: cmp [EBP + 20], 7 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f76: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052f72,8052f78) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x8052f76...SUCCESS (CFT=0x8052f90) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052f76->8052f90 resolveable_edge: 1, tailcall: 0, target: 8052f90 [ParserDetails.C:588] pushing 8052f90 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052f76->8052f78 resolveable_edge: 1, tailcall: 0, target: 8052f78 [ParserDetails.C:588] pushing 8052f78 onto worklist [Parser.C:1485] recording block [8052f90,8052f90) [Parser.C] parsing block 8052f90 [Parser.C:1274] curAddr 0x8052f90: cmp [EBP + 24], 8 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f94: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052f90,8052f96) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x8052f94...SUCCESS (CFT=0x8052fae) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052f94->8052fae resolveable_edge: 1, tailcall: 0, target: 8052fae [ParserDetails.C:588] pushing 8052fae onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052f94->8052f96 resolveable_edge: 1, tailcall: 0, target: 8052f96 [ParserDetails.C:588] pushing 8052f96 onto worklist [Parser.C:1485] recording block [8052fae,8052fae) [Parser.C] parsing block 8052fae [Parser.C:1274] curAddr 0x8052fae: add ESP, 14 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052fb1: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052fb2: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052fb3: ret near [ESP] [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052fae,8052fb4) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052fb3 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052fb3...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8052ec4,8052ec4) [Parser.C] parsing block 8052ec4 [Parser.C:1274] curAddr 0x8052ec4: lea EAX, EBX + ffffbc30 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052eca: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052ecd: call aeb + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call aeb + EIP + 5 to 0x8052ecd...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052ec4,8052ed2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052ecd->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052ecd->8052ed2 resolveable_edge: 1, tailcall: 0, target: 8052ed2 [ParserDetails.C:588] pushing 8052ed2 onto worklist [Parser.C] binding call 8052ecd->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052ed2,8052ed2) [Parser.C] parsing block 8052ed2 [Parser.C:1274] curAddr 0x8052ed2: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C] straight-line parse into block at 8052edc [Parser.C:1485] recording block [8052ed2,8052edc) [Parser.C] block 8052edc exists [Parser.C:1485] recording block [8052ee2,8052ee2) [Parser.C] parsing block 8052ee2 [Parser.C:1274] curAddr 0x8052ee2: lea EAX, EBX + ffffbc54 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052ee8: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052eeb: call acd + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call acd + EIP + 5 to 0x8052eeb...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052ee2,8052ef0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052eeb->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052eeb->8052ef0 resolveable_edge: 1, tailcall: 0, target: 8052ef0 [ParserDetails.C:588] pushing 8052ef0 onto worklist [Parser.C] binding call 8052eeb->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052ef0,8052ef0) [Parser.C] parsing block 8052ef0 [Parser.C:1274] curAddr 0x8052ef0: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C] straight-line parse into block at 8052efa [Parser.C:1485] recording block [8052ef0,8052efa) [Parser.C] block 8052efa exists [Parser.C:1485] recording block [8052f00,8052f00) [Parser.C] parsing block 8052f00 [Parser.C:1274] curAddr 0x8052f00: lea EAX, EBX + ffffbc78 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f06: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f09: call aaf + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call aaf + EIP + 5 to 0x8052f09...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052f00,8052f0e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052f09->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052f09->8052f0e resolveable_edge: 1, tailcall: 0, target: 8052f0e [ParserDetails.C:588] pushing 8052f0e onto worklist [Parser.C] binding call 8052f09->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052f0e,8052f0e) [Parser.C] parsing block 8052f0e [Parser.C:1274] curAddr 0x8052f0e: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C] straight-line parse into block at 8052f18 [Parser.C:1485] recording block [8052f0e,8052f18) [Parser.C] block 8052f18 exists [Parser.C:1485] recording block [8052f1e,8052f1e) [Parser.C] parsing block 8052f1e [Parser.C:1274] curAddr 0x8052f1e: lea EAX, EBX + ffffbc9c [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f24: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f27: call a91 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call a91 + EIP + 5 to 0x8052f27...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052f1e,8052f2c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052f27->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052f27->8052f2c resolveable_edge: 1, tailcall: 0, target: 8052f2c [ParserDetails.C:588] pushing 8052f2c onto worklist [Parser.C] binding call 8052f27->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052f2c,8052f2c) [Parser.C] parsing block 8052f2c [Parser.C:1274] curAddr 0x8052f2c: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C] straight-line parse into block at 8052f36 [Parser.C:1485] recording block [8052f2c,8052f36) [Parser.C] block 8052f36 exists [Parser.C:1485] recording block [8052f3c,8052f3c) [Parser.C] parsing block 8052f3c [Parser.C:1274] curAddr 0x8052f3c: lea EAX, EBX + ffffbcc0 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f42: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f45: call a73 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call a73 + EIP + 5 to 0x8052f45...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052f3c,8052f4a) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052f45->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052f45->8052f4a resolveable_edge: 1, tailcall: 0, target: 8052f4a [ParserDetails.C:588] pushing 8052f4a onto worklist [Parser.C] binding call 8052f45->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052f4a,8052f4a) [Parser.C] parsing block 8052f4a [Parser.C:1274] curAddr 0x8052f4a: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C] straight-line parse into block at 8052f54 [Parser.C:1485] recording block [8052f4a,8052f54) [Parser.C] block 8052f54 exists [Parser.C:1485] recording block [8052f5a,8052f5a) [Parser.C] parsing block 8052f5a [Parser.C:1274] curAddr 0x8052f5a: lea EAX, EBX + ffffbce4 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f60: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f63: call a55 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call a55 + EIP + 5 to 0x8052f63...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052f5a,8052f68) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052f63->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052f63->8052f68 resolveable_edge: 1, tailcall: 0, target: 8052f68 [ParserDetails.C:588] pushing 8052f68 onto worklist [Parser.C] binding call 8052f63->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052f68,8052f68) [Parser.C] parsing block 8052f68 [Parser.C:1274] curAddr 0x8052f68: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C] straight-line parse into block at 8052f72 [Parser.C:1485] recording block [8052f68,8052f72) [Parser.C] block 8052f72 exists [Parser.C:1485] recording block [8052f78,8052f78) [Parser.C] parsing block 8052f78 [Parser.C:1274] curAddr 0x8052f78: lea EAX, EBX + ffffbd08 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f7e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f81: call a37 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call a37 + EIP + 5 to 0x8052f81...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052f78,8052f86) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052f81->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052f81->8052f86 resolveable_edge: 1, tailcall: 0, target: 8052f86 [ParserDetails.C:588] pushing 8052f86 onto worklist [Parser.C] binding call 8052f81->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052f86,8052f86) [Parser.C] parsing block 8052f86 [Parser.C:1274] curAddr 0x8052f86: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C] straight-line parse into block at 8052f90 [Parser.C:1485] recording block [8052f86,8052f90) [Parser.C] block 8052f90 exists [Parser.C:1485] recording block [8052f96,8052f96) [Parser.C] parsing block 8052f96 [Parser.C:1274] curAddr 0x8052f96: lea EAX, EBX + ffffbd2c [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f9c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C:1274] curAddr 0x8052f9f: call a19 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call a19 + EIP + 5 to 0x8052f9f...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052f96,8052fa4) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052f9f->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052f9f->8052fa4 resolveable_edge: 1, tailcall: 0, target: 8052fa4 [ParserDetails.C:588] pushing 8052fa4 onto worklist [Parser.C] binding call 8052f9f->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052fa4,8052fa4) [Parser.C] parsing block 8052fa4 [Parser.C:1274] curAddr 0x8052fa4: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_call1 hasCFT called [Parser.C] straight-line parse into block at 8052fae [Parser.C:1485] recording block [8052fa4,8052fae) [Parser.C] block 8052fae exists [Parser.C] frame 8052eac complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test_write_param_call1 return status 3, no waiters [Parser.C] ==== resuming parse of frame 80530d0 ==== Checking non-returning for test_write_param_call1 Checking non-returning for test_write_param_call1 [Parser.C:1485] recording block [8053126,8053126) [Parser.C] parsing block 8053126 [Parser.C:1274] curAddr 0x8053126: mov [ESP + 1c], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x805312e: mov [ESP + 18], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x8053136: mov [ESP + 14], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x805313e: mov [ESP + 10], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x8053146: mov [ESP + c], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x805314e: mov [ESP + 8], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x8053156: mov [ESP + 4], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x805315e: mov [ESP], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x8053165: call fffffe4a + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffe4a + EIP + 5 to 0x8053165...SUCCESS (CFT=0x8052fb4) [Parser.C:1485] recording block [8053126,805316a) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053165->8052fb4 resolveable_edge: 1, tailcall: 0, target: 8052fb4 [ParserDetails.C:588] pushing 8052fb4 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053165->805316a resolveable_edge: 1, tailcall: 0, target: 805316a [ParserDetails.C:588] pushing 805316a onto worklist [Parser.C] binding call 8053165->8052fb4 [Parser.C:1485] recording block [8052fb4,8052fb4) [suspend frame 80530d0] [Parser.C] frame 80530d0 blocked at 8053165 call target 8052fb4 [Parser.C] block 8052fb4 exists [Parser.C] ==== starting to parse frame 8052fb4 ==== [Parser.C] parsing block 8052fb4 [Parser.C:1274] curAddr 0x8052fb4: push EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8052fb5: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8052fb7: push EBX, ESP [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8052fb8: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8052fbb: call ffff9d40 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9d40 + EIP + 5 to 0x8052fbb...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052fc0: add EBX, 9040 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8052fc6: cmp [EBP + 8], b [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8052fca: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052fb4,8052fcc) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x8052fca...SUCCESS (CFT=0x8052fe4) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052fca->8052fe4 resolveable_edge: 1, tailcall: 0, target: 8052fe4 [ParserDetails.C:588] pushing 8052fe4 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052fca->8052fcc resolveable_edge: 1, tailcall: 0, target: 8052fcc [ParserDetails.C:588] pushing 8052fcc onto worklist [Parser.C:1485] recording block [8052fe4,8052fe4) [Parser.C] parsing block 8052fe4 [Parser.C:1274] curAddr 0x8052fe4: cmp [EBP + c], c [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8052fe8: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052fe4,8052fea) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x8052fe8...SUCCESS (CFT=0x8053002) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052fe8->8053002 resolveable_edge: 1, tailcall: 0, target: 8053002 [ParserDetails.C:588] pushing 8053002 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052fe8->8052fea resolveable_edge: 1, tailcall: 0, target: 8052fea [ParserDetails.C:588] pushing 8052fea onto worklist [Parser.C:1485] recording block [8053002,8053002) [Parser.C] parsing block 8053002 [Parser.C:1274] curAddr 0x8053002: cmp [EBP + 10], d [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8053006: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053002,8053008) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x8053006...SUCCESS (CFT=0x8053020) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053006->8053020 resolveable_edge: 1, tailcall: 0, target: 8053020 [ParserDetails.C:588] pushing 8053020 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053006->8053008 resolveable_edge: 1, tailcall: 0, target: 8053008 [ParserDetails.C:588] pushing 8053008 onto worklist [Parser.C:1485] recording block [8053020,8053020) [Parser.C] parsing block 8053020 [Parser.C:1274] curAddr 0x8053020: cmp [EBP + 14], e [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8053024: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053020,8053026) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x8053024...SUCCESS (CFT=0x805303e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053024->805303e resolveable_edge: 1, tailcall: 0, target: 805303e [ParserDetails.C:588] pushing 805303e onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053024->8053026 resolveable_edge: 1, tailcall: 0, target: 8053026 [ParserDetails.C:588] pushing 8053026 onto worklist [Parser.C:1485] recording block [805303e,805303e) [Parser.C] parsing block 805303e [Parser.C:1274] curAddr 0x805303e: cmp [EBP + 18], f [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8053042: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [805303e,8053044) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x8053042...SUCCESS (CFT=0x805305c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053042->805305c resolveable_edge: 1, tailcall: 0, target: 805305c [ParserDetails.C:588] pushing 805305c onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053042->8053044 resolveable_edge: 1, tailcall: 0, target: 8053044 [ParserDetails.C:588] pushing 8053044 onto worklist [Parser.C:1485] recording block [805305c,805305c) [Parser.C] parsing block 805305c [Parser.C:1274] curAddr 0x805305c: cmp [EBP + 1c], 10 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8053060: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [805305c,8053062) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x8053060...SUCCESS (CFT=0x805307a) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053060->805307a resolveable_edge: 1, tailcall: 0, target: 805307a [ParserDetails.C:588] pushing 805307a onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053060->8053062 resolveable_edge: 1, tailcall: 0, target: 8053062 [ParserDetails.C:588] pushing 8053062 onto worklist [Parser.C:1485] recording block [805307a,805307a) [Parser.C] parsing block 805307a [Parser.C:1274] curAddr 0x805307a: cmp [EBP + 20], 11 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x805307e: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [805307a,8053080) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x805307e...SUCCESS (CFT=0x8053098) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805307e->8053098 resolveable_edge: 1, tailcall: 0, target: 8053098 [ParserDetails.C:588] pushing 8053098 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805307e->8053080 resolveable_edge: 1, tailcall: 0, target: 8053080 [ParserDetails.C:588] pushing 8053080 onto worklist [Parser.C:1485] recording block [8053098,8053098) [Parser.C] parsing block 8053098 [Parser.C:1274] curAddr 0x8053098: cmp [EBP + 24], 12 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x805309c: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053098,805309e) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x805309c...SUCCESS (CFT=0x80530b6) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805309c->80530b6 resolveable_edge: 1, tailcall: 0, target: 80530b6 [ParserDetails.C:588] pushing 80530b6 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805309c->805309e resolveable_edge: 1, tailcall: 0, target: 805309e [ParserDetails.C:588] pushing 805309e onto worklist [Parser.C:1485] recording block [80530b6,80530b6) [Parser.C] parsing block 80530b6 [Parser.C:1274] curAddr 0x80530b6: add ESP, 14 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x80530b9: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x80530ba: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x80530bb: ret near [ESP] [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80530b6,80530bc) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80530bb Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80530bb...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8052fcc,8052fcc) [Parser.C] parsing block 8052fcc [Parser.C:1274] curAddr 0x8052fcc: lea EAX, EBX + ffffbd50 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8052fd2: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8052fd5: call 9e3 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 9e3 + EIP + 5 to 0x8052fd5...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052fcc,8052fda) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052fd5->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052fd5->8052fda resolveable_edge: 1, tailcall: 0, target: 8052fda [ParserDetails.C:588] pushing 8052fda onto worklist [Parser.C] binding call 8052fd5->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052fda,8052fda) [Parser.C] parsing block 8052fda [Parser.C:1274] curAddr 0x8052fda: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C] straight-line parse into block at 8052fe4 [Parser.C:1485] recording block [8052fda,8052fe4) [Parser.C] block 8052fe4 exists [Parser.C:1485] recording block [8052fea,8052fea) [Parser.C] parsing block 8052fea [Parser.C:1274] curAddr 0x8052fea: lea EAX, EBX + ffffbd74 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8052ff0: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8052ff3: call 9c5 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 9c5 + EIP + 5 to 0x8052ff3...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052fea,8052ff8) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052ff3->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052ff3->8052ff8 resolveable_edge: 1, tailcall: 0, target: 8052ff8 [ParserDetails.C:588] pushing 8052ff8 onto worklist [Parser.C] binding call 8052ff3->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052ff8,8052ff8) [Parser.C] parsing block 8052ff8 [Parser.C:1274] curAddr 0x8052ff8: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C] straight-line parse into block at 8053002 [Parser.C:1485] recording block [8052ff8,8053002) [Parser.C] block 8053002 exists [Parser.C:1485] recording block [8053008,8053008) [Parser.C] parsing block 8053008 [Parser.C:1274] curAddr 0x8053008: lea EAX, EBX + ffffbd98 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x805300e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8053011: call 9a7 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 9a7 + EIP + 5 to 0x8053011...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8053008,8053016) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053011->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053011->8053016 resolveable_edge: 1, tailcall: 0, target: 8053016 [ParserDetails.C:588] pushing 8053016 onto worklist [Parser.C] binding call 8053011->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8053016,8053016) [Parser.C] parsing block 8053016 [Parser.C:1274] curAddr 0x8053016: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C] straight-line parse into block at 8053020 [Parser.C:1485] recording block [8053016,8053020) [Parser.C] block 8053020 exists [Parser.C:1485] recording block [8053026,8053026) [Parser.C] parsing block 8053026 [Parser.C:1274] curAddr 0x8053026: lea EAX, EBX + ffffbdbc [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x805302c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x805302f: call 989 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 989 + EIP + 5 to 0x805302f...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8053026,8053034) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805302f->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805302f->8053034 resolveable_edge: 1, tailcall: 0, target: 8053034 [ParserDetails.C:588] pushing 8053034 onto worklist [Parser.C] binding call 805302f->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8053034,8053034) [Parser.C] parsing block 8053034 [Parser.C:1274] curAddr 0x8053034: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C] straight-line parse into block at 805303e [Parser.C:1485] recording block [8053034,805303e) [Parser.C] block 805303e exists [Parser.C:1485] recording block [8053044,8053044) [Parser.C] parsing block 8053044 [Parser.C:1274] curAddr 0x8053044: lea EAX, EBX + ffffbde0 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x805304a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x805304d: call 96b + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 96b + EIP + 5 to 0x805304d...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8053044,8053052) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805304d->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805304d->8053052 resolveable_edge: 1, tailcall: 0, target: 8053052 [ParserDetails.C:588] pushing 8053052 onto worklist [Parser.C] binding call 805304d->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8053052,8053052) [Parser.C] parsing block 8053052 [Parser.C:1274] curAddr 0x8053052: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C] straight-line parse into block at 805305c [Parser.C:1485] recording block [8053052,805305c) [Parser.C] block 805305c exists [Parser.C:1485] recording block [8053062,8053062) [Parser.C] parsing block 8053062 [Parser.C:1274] curAddr 0x8053062: lea EAX, EBX + ffffbe04 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8053068: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x805306b: call 94d + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 94d + EIP + 5 to 0x805306b...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8053062,8053070) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805306b->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805306b->8053070 resolveable_edge: 1, tailcall: 0, target: 8053070 [ParserDetails.C:588] pushing 8053070 onto worklist [Parser.C] binding call 805306b->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8053070,8053070) [Parser.C] parsing block 8053070 [Parser.C:1274] curAddr 0x8053070: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C] straight-line parse into block at 805307a [Parser.C:1485] recording block [8053070,805307a) [Parser.C] block 805307a exists [Parser.C:1485] recording block [8053080,8053080) [Parser.C] parsing block 8053080 [Parser.C:1274] curAddr 0x8053080: lea EAX, EBX + ffffbe28 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8053086: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x8053089: call 92f + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 92f + EIP + 5 to 0x8053089...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8053080,805308e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053089->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053089->805308e resolveable_edge: 1, tailcall: 0, target: 805308e [ParserDetails.C:588] pushing 805308e onto worklist [Parser.C] binding call 8053089->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [805308e,805308e) [Parser.C] parsing block 805308e [Parser.C:1274] curAddr 0x805308e: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C] straight-line parse into block at 8053098 [Parser.C:1485] recording block [805308e,8053098) [Parser.C] block 8053098 exists [Parser.C:1485] recording block [805309e,805309e) [Parser.C] parsing block 805309e [Parser.C:1274] curAddr 0x805309e: lea EAX, EBX + ffffbe4c [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x80530a4: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C:1274] curAddr 0x80530a7: call 911 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 911 + EIP + 5 to 0x80530a7...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805309e,80530ac) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80530a7->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80530a7->80530ac resolveable_edge: 1, tailcall: 0, target: 80530ac [ParserDetails.C:588] pushing 80530ac onto worklist [Parser.C] binding call 80530a7->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80530ac,80530ac) [Parser.C] parsing block 80530ac [Parser.C:1274] curAddr 0x80530ac: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_call2 hasCFT called [Parser.C] straight-line parse into block at 80530b6 [Parser.C:1485] recording block [80530ac,80530b6) [Parser.C] block 80530b6 exists [Parser.C] frame 8052fb4 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test_write_param_call2 return status 3, no waiters [Parser.C] ==== resuming parse of frame 80530d0 ==== Checking non-returning for test_write_param_call2 Checking non-returning for test_write_param_call2 [Parser.C:1485] recording block [805316a,805316a) [Parser.C] parsing block 805316a [Parser.C:1274] curAddr 0x805316a: call ffffff4d + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffff4d + EIP + 5 to 0x805316a...SUCCESS (CFT=0x80530bc) [Parser.C:1485] recording block [805316a,805316f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805316a->80530bc resolveable_edge: 1, tailcall: 0, target: 80530bc [ParserDetails.C:588] pushing 80530bc onto worklist ParserDetails.C[68]: adding function fallthrough edge 805316a->805316f resolveable_edge: 1, tailcall: 0, target: 805316f [ParserDetails.C:588] pushing 805316f onto worklist [Parser.C] binding call 805316a->80530bc [Parser.C:1485] recording block [80530bc,80530bc) [suspend frame 80530d0] [Parser.C] frame 80530d0 blocked at 805316a call target 80530bc [Parser.C] block 80530bc exists [Parser.C] ==== starting to parse frame 80530bc ==== [Parser.C] parsing block 80530bc [Parser.C:1274] curAddr 0x80530bc: push EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_call3 hasCFT called [Parser.C:1274] curAddr 0x80530bd: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_call3 hasCFT called [Parser.C:1274] curAddr 0x80530bf: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test_write_param_call3 hasCFT called [Parser.C:1274] curAddr 0x80530c4: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_call3 hasCFT called [Parser.C:1274] curAddr 0x80530c5: ret near [ESP] [Parser.C:1280] leaf 1 funcname test_write_param_call3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80530bc,80530c6) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80530c5 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80530c5...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 80530bc complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test_write_param_call3 return status 3, no waiters [Parser.C] ==== resuming parse of frame 80530d0 ==== Checking non-returning for test_write_param_call3 Checking non-returning for test_write_param_call3 [Parser.C:1485] recording block [805316f,805316f) [Parser.C] parsing block 805316f [Parser.C:1274] curAddr 0x805316f: cmp EAX, 14 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x8053172: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called branch or return, ret true [Parser.C:1485] recording block [805316f,8053174) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x8053172...SUCCESS (CFT=0x805318c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053172->805318c resolveable_edge: 1, tailcall: 0, target: 805318c [ParserDetails.C:588] pushing 805318c onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053172->8053174 resolveable_edge: 1, tailcall: 0, target: 8053174 [ParserDetails.C:588] pushing 8053174 onto worklist [Parser.C:1485] recording block [805318c,805318c) [Parser.C] parsing block 805318c [Parser.C:1274] curAddr 0x805318c: call ffffff35 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffff35 + EIP + 5 to 0x805318c...SUCCESS (CFT=0x80530c6) [Parser.C:1485] recording block [805318c,8053191) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805318c->80530c6 resolveable_edge: 1, tailcall: 0, target: 80530c6 [ParserDetails.C:588] pushing 80530c6 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805318c->8053191 resolveable_edge: 1, tailcall: 0, target: 8053191 [ParserDetails.C:588] pushing 8053191 onto worklist [Parser.C] binding call 805318c->80530c6 [Parser.C:1485] recording block [80530c6,80530c6) [suspend frame 80530d0] [Parser.C] frame 80530d0 blocked at 805318c call target 80530c6 [Parser.C] block 80530c6 exists [Parser.C] ==== starting to parse frame 80530c6 ==== [Parser.C] parsing block 80530c6 [Parser.C:1274] curAddr 0x80530c6: push EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_call4 hasCFT called [Parser.C:1274] curAddr 0x80530c7: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_call4 hasCFT called [Parser.C:1274] curAddr 0x80530c9: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test_write_param_call4 hasCFT called [Parser.C:1274] curAddr 0x80530ce: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_call4 hasCFT called [Parser.C:1274] curAddr 0x80530cf: ret near [ESP] [Parser.C:1280] leaf 1 funcname test_write_param_call4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80530c6,80530d0) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80530cf Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80530cf...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 80530c6 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test_write_param_call4 return status 3, no waiters [Parser.C] ==== resuming parse of frame 80530d0 ==== Checking non-returning for test_write_param_call4 Checking non-returning for test_write_param_call4 [Parser.C:1485] recording block [8053191,8053191) [Parser.C] parsing block 8053191 [Parser.C:1274] curAddr 0x8053191: cmp EAX, 1e [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x8053194: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053191,8053196) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x8053194...SUCCESS (CFT=0x80531ae) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053194->80531ae resolveable_edge: 1, tailcall: 0, target: 80531ae [ParserDetails.C:588] pushing 80531ae onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053194->8053196 resolveable_edge: 1, tailcall: 0, target: 8053196 [ParserDetails.C:588] pushing 8053196 onto worklist [Parser.C:1485] recording block [80531ae,80531ae) [Parser.C] parsing block 80531ae [Parser.C:1274] curAddr 0x80531ae: mov EAX, [EBX + 760] [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80531b4: test EAX, EAX [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80531b6: jnz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called branch or return, ret true [Parser.C:1485] recording block [80531ae,80531b8) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 15 + EIP + 2 to 0x80531b6...SUCCESS (CFT=0x80531cd) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80531b6->80531cd resolveable_edge: 1, tailcall: 0, target: 80531cd [ParserDetails.C:588] pushing 80531cd onto worklist ParserDetails.C[80]: adding conditional not taken edge 80531b6->80531b8 resolveable_edge: 1, tailcall: 0, target: 80531b8 [ParserDetails.C:588] pushing 80531b8 onto worklist [Parser.C:1485] recording block [80531cd,80531cd) [Parser.C] parsing block 80531cd [Parser.C:1274] curAddr 0x80531cd: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80531d2: add ESP, 24 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80531d5: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80531d6: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80531d7: ret near [ESP] [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called branch or return, ret true [Parser.C:1485] recording block [80531cd,80531d8) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80531d7 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80531d7...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8053174,8053174) [Parser.C] parsing block 8053174 [Parser.C:1274] curAddr 0x8053174: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x805317e: lea EAX, EBX + ffffbe70 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x8053184: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x8053187: call 831 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called IA_IAPI.C[847]: binding PC EIP in call 831 + EIP + 5 to 0x8053187...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8053174,805318c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053187->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053187->805318c resolveable_edge: 1, tailcall: 0, target: 805318c [ParserDetails.C:588] pushing 805318c onto worklist [Parser.C] binding call 8053187->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 805318c exists [Parser.C] skipping locally parsed target at 805318c [Parser.C:1485] recording block [8053196,8053196) [Parser.C] parsing block 8053196 [Parser.C:1274] curAddr 0x8053196: mov [EBX + 760], 0 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80531a0: lea EAX, EBX + ffffbe98 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80531a6: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80531a9: call 80f + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called IA_IAPI.C[847]: binding PC EIP in call 80f + EIP + 5 to 0x80531a9...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8053196,80531ae) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80531a9->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80531a9->80531ae resolveable_edge: 1, tailcall: 0, target: 80531ae [ParserDetails.C:588] pushing 80531ae onto worklist [Parser.C] binding call 80531a9->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 80531ae exists [Parser.C] skipping locally parsed target at 80531ae [Parser.C:1485] recording block [80531b8,80531b8) [Parser.C] parsing block 80531b8 [Parser.C:1274] curAddr 0x80531b8: lea EAX, EBX + ffffbebe [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80531be: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80531c1: call 7f7 + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called IA_IAPI.C[847]: binding PC EIP in call 7f7 + EIP + 5 to 0x80531c1...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80531b8,80531c6) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80531c1->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80531c1->80531c6 resolveable_edge: 1, tailcall: 0, target: 80531c6 [ParserDetails.C:588] pushing 80531c6 onto worklist [Parser.C] binding call 80531c1->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80531c6,80531c6) [Parser.C] parsing block 80531c6 [Parser.C:1274] curAddr 0x80531c6: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called [Parser.C:1274] curAddr 0x80531cb: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_func hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x80531cb...SUCCESS (CFT=0x80531d2) [Parser.C:1485] recording block [80531c6,80531cd) Getting edges Checking for Tail Call jump to 0x80531d2 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 80531cb->80531d2 resolveable_edge: 1, tailcall: 0, target: 80531d2 [ParserDetails.C:588] pushing 80531d2 onto worklist [Parser.C] address 80531d2 splits [80531cd,80531d8) (0x1d49550) [Parser.C:1485] recording block [80531d2,80531d8) [Parser.C] skipping locally parsed target at 80531d2 [Parser.C] frame 80530d0 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test_write_param_func return status 3, no waiters [Parser.C] ==== resuming parse of frame 80531d8 ==== Checking non-returning for test_write_param_func Checking non-returning for test_write_param_func [Parser.C:1485] recording block [80531ef,80531ef) [Parser.C] parsing block 80531ef [Parser.C:1274] curAddr 0x80531ef: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called [Parser.C:1274] curAddr 0x80531f2: cmp [EBP + fffffffffffffff4], ff [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called [Parser.C:1274] curAddr 0x80531f6: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80531ef,80531f8) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x80531f6...SUCCESS (CFT=0x805320d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80531f6->805320d resolveable_edge: 1, tailcall: 0, target: 805320d [ParserDetails.C:588] pushing 805320d onto worklist ParserDetails.C[80]: adding conditional not taken edge 80531f6->80531f8 resolveable_edge: 1, tailcall: 0, target: 80531f8 [ParserDetails.C:588] pushing 80531f8 onto worklist [Parser.C:1485] recording block [805320d,805320d) [Parser.C] parsing block 805320d [Parser.C:1274] curAddr 0x805320d: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called [Parser.C:1274] curAddr 0x8053212: add ESP, 24 [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called [Parser.C:1274] curAddr 0x8053215: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called [Parser.C:1274] curAddr 0x8053216: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called [Parser.C:1274] curAddr 0x8053217: ret near [ESP] [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [805320d,8053218) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053217 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053217...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [80531f8,80531f8) [Parser.C] parsing block 80531f8 [Parser.C:1274] curAddr 0x80531f8: mov EAX, [EBX + 764] [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called [Parser.C:1274] curAddr 0x80531fe: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called [Parser.C:1274] curAddr 0x8053201: call 119f + EIP + 5 [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 119f + EIP + 5 to 0x8053201...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [80531f8,8053206) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053201->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053201->8053206 resolveable_edge: 1, tailcall: 0, target: 8053206 [ParserDetails.C:588] pushing 8053206 onto worklist [Parser.C] binding call 8053201->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8053206,8053206) [Parser.C] parsing block 8053206 [Parser.C:1274] curAddr 0x8053206: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called [Parser.C:1274] curAddr 0x805320b: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test_write_param_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x805320b...SUCCESS (CFT=0x8053212) [Parser.C:1485] recording block [8053206,805320d) Getting edges Checking for Tail Call jump to 0x8053212 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 805320b->8053212 resolveable_edge: 1, tailcall: 0, target: 8053212 [ParserDetails.C:588] pushing 8053212 onto worklist [Parser.C] address 8053212 splits [805320d,8053218) (0x1d49d90) [Parser.C:1485] recording block [8053212,8053218) [Parser.C] skipping locally parsed target at 8053212 [Parser.C] frame 80531d8 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test_write_param_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052db3) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052db3) [Parser.C:1485] recording block [8052db3,8052db3) [Parser.C] ==== starting to parse frame 8052db3 ==== [Parser.C] parsing block 8052db3 [Parser.C:1274] curAddr 0x8052db3: push EBP, ESP [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052db4: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052db6: push EBX, ESP [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052db7: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052dba: call ffff9f41 + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9f41 + EIP + 5 to 0x8052dba...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052dbf: add EBX, 9241 [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052dc5: call ffffffba + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffffba + EIP + 5 to 0x8052dc5...SUCCESS (CFT=0x8052d84) [Parser.C:1485] recording block [8052db3,8052dca) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052dc5->8052d84 resolveable_edge: 1, tailcall: 0, target: 8052d84 [ParserDetails.C:588] pushing 8052d84 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052dc5->8052dca resolveable_edge: 1, tailcall: 0, target: 8052dca [ParserDetails.C:588] pushing 8052dca onto worklist [Parser.C] binding call 8052dc5->8052d84 [Parser.C:1485] recording block [8052d84,8052d84) [suspend frame 8052db3] [Parser.C] frame 8052db3 blocked at 8052dc5 call target 8052d84 [Parser.C] block 8052d84 exists [Parser.C] ==== starting to parse frame 8052d84 ==== [Parser.C] parsing block 8052d84 [Parser.C:1274] curAddr 0x8052d84: push EBP, ESP [Parser.C:1280] leaf 1 funcname test2_11_func1 hasCFT called [Parser.C:1274] curAddr 0x8052d85: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test2_11_func1 hasCFT called [Parser.C:1274] curAddr 0x8052d87: sub ESP, 10 [Parser.C:1280] leaf 1 funcname test2_11_func1 hasCFT called [Parser.C:1274] curAddr 0x8052d8a: call ffffadf6 + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_11_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffadf6 + EIP + 5 to 0x8052d8a...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8052d8f: add ECX, 9271 [Parser.C:1280] leaf 1 funcname test2_11_func1 hasCFT called [Parser.C:1274] curAddr 0x8052d95: mov [EBP + fffffffffffffffc], 1 [Parser.C:1280] leaf 1 funcname test2_11_func1 hasCFT called [Parser.C:1274] curAddr 0x8052d9c: mov [EBP + fffffffffffffff8], 2 [Parser.C:1280] leaf 1 funcname test2_11_func1 hasCFT called [Parser.C:1274] curAddr 0x8052da3: mov EAX, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname test2_11_func1 hasCFT called [Parser.C:1274] curAddr 0x8052da6: mov EDX, [EBP + fffffffffffffffc] [Parser.C:1280] leaf 1 funcname test2_11_func1 hasCFT called [Parser.C:1274] curAddr 0x8052da9: add EAX, EDX [Parser.C:1280] leaf 1 funcname test2_11_func1 hasCFT called [Parser.C:1274] curAddr 0x8052dab: mov [ECX + 9c4], EAX [Parser.C:1280] leaf 1 funcname test2_11_func1 hasCFT called [Parser.C:1274] curAddr 0x8052db1: leave [Parser.C:1280] leaf 1 funcname test2_11_func1 hasCFT called [Parser.C:1274] curAddr 0x8052db2: ret near [ESP] [Parser.C:1280] leaf 1 funcname test2_11_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052d84,8052db3) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052db2 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052db2...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052d84 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test2_11_func1 return status 3, no waiters [Parser.C] ==== resuming parse of frame 8052db3 ==== Checking non-returning for test2_11_func1 Checking non-returning for test2_11_func1 [Parser.C:1485] recording block [8052dca,8052dca) [Parser.C] parsing block 8052dca [Parser.C:1274] curAddr 0x8052dca: lea EAX, EBX + 9c0 [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052dd0: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052dd2: test EAX, EAX [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052dd4: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052dca,8052dd6) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x8052dd4...SUCCESS (CFT=0x8052deb) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052dd4->8052deb resolveable_edge: 1, tailcall: 0, target: 8052deb [ParserDetails.C:588] pushing 8052deb onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052dd4->8052dd6 resolveable_edge: 1, tailcall: 0, target: 8052dd6 [ParserDetails.C:588] pushing 8052dd6 onto worklist [Parser.C:1485] recording block [8052deb,8052deb) [Parser.C] parsing block 8052deb [Parser.C:1274] curAddr 0x8052deb: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052df0: add ESP, 14 [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052df3: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052df4: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052df5: ret near [ESP] [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052deb,8052df6) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052df5 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052df5...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8052dd6,8052dd6) [Parser.C] parsing block 8052dd6 [Parser.C:1274] curAddr 0x8052dd6: mov EAX, [EBX + 748] [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ddc: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ddf: call 15c1 + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 15c1 + EIP + 5 to 0x8052ddf...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8052dd6,8052de4) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052ddf->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052ddf->8052de4 resolveable_edge: 1, tailcall: 0, target: 8052de4 [ParserDetails.C:588] pushing 8052de4 onto worklist [Parser.C] binding call 8052ddf->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8052de4,8052de4) [Parser.C] parsing block 8052de4 [Parser.C:1274] curAddr 0x8052de4: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052de9: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test2_11_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x8052de9...SUCCESS (CFT=0x8052df0) [Parser.C:1485] recording block [8052de4,8052deb) Getting edges Checking for Tail Call jump to 0x8052df0 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8052de9->8052df0 resolveable_edge: 1, tailcall: 0, target: 8052df0 [ParserDetails.C:588] pushing 8052df0 onto worklist [Parser.C] address 8052df0 splits [8052deb,8052df6) (0x1d2c7c0) [Parser.C:1485] recording block [8052df0,8052df6) [Parser.C] skipping locally parsed target at 8052df0 [Parser.C] frame 8052db3 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test2_11_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804e59a) [Parser.C:180] entered parse_at([804ccd0,80549c4),804e59a) [Parser.C:1485] recording block [804e59a,804e59a) [Parser.C] ==== starting to parse frame 804e59a ==== [Parser.C] parsing block 804e59a [Parser.C:1274] curAddr 0x804e59a: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called [Parser.C:1274] curAddr 0x804e59b: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called [Parser.C:1274] curAddr 0x804e59d: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called [Parser.C:1274] curAddr 0x804e59e: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called [Parser.C:1274] curAddr 0x804e5a1: call ffffe75a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe75a + EIP + 5 to 0x804e5a1...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804e5a6: add EBX, da5a [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called [Parser.C:1274] curAddr 0x804e5ac: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called [Parser.C:1274] curAddr 0x804e5b2: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called [Parser.C:1274] curAddr 0x804e5b4: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called [Parser.C:1274] curAddr 0x804e5b6: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e59a,804e5b8) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804e5b6...SUCCESS (CFT=0x804e5c6) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e5b6->804e5c6 resolveable_edge: 1, tailcall: 0, target: 804e5c6 [ParserDetails.C:588] pushing 804e5c6 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e5b6->804e5b8 resolveable_edge: 1, tailcall: 0, target: 804e5b8 [ParserDetails.C:588] pushing 804e5b8 onto worklist [Parser.C:1485] recording block [804e5c6,804e5c6) [Parser.C] parsing block 804e5c6 [Parser.C:1274] curAddr 0x804e5c6: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called [Parser.C:1274] curAddr 0x804e5c9: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called [Parser.C:1274] curAddr 0x804e5ca: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called [Parser.C:1274] curAddr 0x804e5cb: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e5c6,804e5cc) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804e5cb Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804e5cb...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804e5b8,804e5b8) [Parser.C] parsing block 804e5b8 [Parser.C:1274] curAddr 0x804e5b8: lea EAX, EBX + ffff960a [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called [Parser.C:1274] curAddr 0x804e5be: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called [Parser.C:1274] curAddr 0x804e5c1: call ffffe55a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe55a + EIP + 5 to 0x804e5c1...SUCCESS (CFT=0x804cb20) [Parser.C:1485] recording block [804e5b8,804e5c6) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e5c1->804cb20 resolveable_edge: 1, tailcall: 0, target: 804cb20 [ParserDetails.C:588] pushing 804cb20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e5c1->804e5c6 resolveable_edge: 1, tailcall: 0, target: 804e5c6 [ParserDetails.C:588] pushing 804e5c6 onto worklist [Parser.C] binding call 804e5c1->804cb20 [Parser.C] block 804cb20 exists Checking non-returning for puts [Parser.C] block 804e5c6 exists [Parser.C] skipping locally parsed target at 804e5c6 [Parser.C] frame 804e59a complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_6_func2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804e60d) [Parser.C:180] entered parse_at([804ccd0,80549c4),804e60d) function at 804e60d already parsed, status 3 [Parser.C:224] entered parse_at(804dc04) [Parser.C:180] entered parse_at([804ccd0,80549c4),804dc04) [Parser.C:1485] recording block [804dc04,804dc04) [Parser.C] ==== starting to parse frame 804dc04 ==== [Parser.C] parsing block 804dc04 [Parser.C:1274] curAddr 0x804dc04: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc05: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc07: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc08: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc0b: call fffff0f0 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff0f0 + EIP + 5 to 0x804dc0b...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804dc10: add EBX, e3f0 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc16: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc1c: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc1e: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc20: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dc04,804dc22) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x804dc20...SUCCESS (CFT=0x804dc3a) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804dc20->804dc3a resolveable_edge: 1, tailcall: 0, target: 804dc3a [ParserDetails.C:588] pushing 804dc3a onto worklist ParserDetails.C[80]: adding conditional not taken edge 804dc20->804dc22 resolveable_edge: 1, tailcall: 0, target: 804dc22 [ParserDetails.C:588] pushing 804dc22 onto worklist [Parser.C:1485] recording block [804dc3a,804dc3a) [Parser.C] parsing block 804dc3a [Parser.C:1274] curAddr 0x804dc3a: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc40: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc42: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc44: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dc3a,804dc46) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x804dc44...SUCCESS (CFT=0x804dc5e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804dc44->804dc5e resolveable_edge: 1, tailcall: 0, target: 804dc5e [ParserDetails.C:588] pushing 804dc5e onto worklist ParserDetails.C[80]: adding conditional not taken edge 804dc44->804dc46 resolveable_edge: 1, tailcall: 0, target: 804dc46 [ParserDetails.C:588] pushing 804dc46 onto worklist [Parser.C:1485] recording block [804dc5e,804dc5e) [Parser.C] parsing block 804dc5e [Parser.C:1274] curAddr 0x804dc5e: call ffffff65 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffff65 + EIP + 5 to 0x804dc5e...SUCCESS (CFT=0x804dbc8) [Parser.C:1485] recording block [804dc5e,804dc63) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dc5e->804dbc8 resolveable_edge: 1, tailcall: 0, target: 804dbc8 [ParserDetails.C:588] pushing 804dbc8 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dc5e->804dc63 resolveable_edge: 1, tailcall: 0, target: 804dc63 [ParserDetails.C:588] pushing 804dc63 onto worklist [Parser.C] binding call 804dc5e->804dbc8 [Parser.C] block 804dbc8 exists Checking non-returning for func1_2 [Parser.C:1485] recording block [804dc63,804dc63) [Parser.C] parsing block 804dc63 [Parser.C:1274] curAddr 0x804dc63: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc69: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc6b: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc6d: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dc63,804dc6f) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x804dc6d...SUCCESS (CFT=0x804dc87) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804dc6d->804dc87 resolveable_edge: 1, tailcall: 0, target: 804dc87 [ParserDetails.C:588] pushing 804dc87 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804dc6d->804dc6f resolveable_edge: 1, tailcall: 0, target: 804dc6f [ParserDetails.C:588] pushing 804dc6f onto worklist [Parser.C:1485] recording block [804dc87,804dc87) [Parser.C] parsing block 804dc87 [Parser.C:1274] curAddr 0x804dc87: mov EAX, [EBX + 7cc] [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc8d: cmp EAX, b [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc90: jnz 10 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dc87,804dc92) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 10 + EIP + 2 to 0x804dc90...SUCCESS (CFT=0x804dca2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804dc90->804dca2 resolveable_edge: 1, tailcall: 0, target: 804dca2 [ParserDetails.C:588] pushing 804dca2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804dc90->804dc92 resolveable_edge: 1, tailcall: 0, target: 804dc92 [ParserDetails.C:588] pushing 804dc92 onto worklist [Parser.C:1485] recording block [804dca2,804dca2) [Parser.C] parsing block 804dca2 [Parser.C:1274] curAddr 0x804dca2: lea EAX, EBX + ffff8fa0 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dca8: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dcab: call 5d0d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5d0d + EIP + 5 to 0x804dcab...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804dca2,804dcb0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dcab->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dcab->804dcb0 resolveable_edge: 1, tailcall: 0, target: 804dcb0 [ParserDetails.C:588] pushing 804dcb0 onto worklist [Parser.C] binding call 804dcab->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804dcb0,804dcb0) [Parser.C] parsing block 804dcb0 [Parser.C:1274] curAddr 0x804dcb0: mov EAX, [EBX + 7cc] [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dcb6: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dcba: lea EAX, EBX + ffff8fd0 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dcc0: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dcc3: call 5cf5 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5cf5 + EIP + 5 to 0x804dcc3...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804dcb0,804dcc8) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dcc3->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dcc3->804dcc8 resolveable_edge: 1, tailcall: 0, target: 804dcc8 [ParserDetails.C:588] pushing 804dcc8 onto worklist [Parser.C] binding call 804dcc3->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804dcc8,804dcc8) [Parser.C] parsing block 804dcc8 [Parser.C:1274] curAddr 0x804dcc8: call 5d28 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5d28 + EIP + 5 to 0x804dcc8...SUCCESS (CFT=0x80539f5) [Parser.C:1485] recording block [804dcc8,804dccd) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dcc8->80539f5 resolveable_edge: 1, tailcall: 0, target: 80539f5 [ParserDetails.C:588] pushing 80539f5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dcc8->804dccd resolveable_edge: 1, tailcall: 0, target: 804dccd [ParserDetails.C:588] pushing 804dccd onto worklist [Parser.C] binding call 804dcc8->80539f5 [Parser.C] block 80539f5 exists Checking non-returning for flushOutputLog Checking non-returning for flushOutputLog [Parser.C:1485] recording block [804dccd,804dccd) [Parser.C] parsing block 804dccd [Parser.C:1274] curAddr 0x804dccd: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dcd0: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dcd1: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dcd2: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dccd,804dcd3) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804dcd2 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804dcd2...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804dc22,804dc22) [Parser.C] parsing block 804dc22 [Parser.C:1274] curAddr 0x804dc22: mov EAX, [EBX + 7cc] [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc28: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc2c: lea EAX, EBX + ffff8f00 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc32: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc35: call ffffee16 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffee16 + EIP + 5 to 0x804dc35...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [804dc22,804dc3a) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dc35->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dc35->804dc3a resolveable_edge: 1, tailcall: 0, target: 804dc3a [ParserDetails.C:588] pushing 804dc3a onto worklist [Parser.C] binding call 804dc35->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 804dc3a exists [Parser.C] skipping locally parsed target at 804dc3a [Parser.C:1485] recording block [804dc46,804dc46) [Parser.C] parsing block 804dc46 [Parser.C:1274] curAddr 0x804dc46: lea EAX, EBX + ffff1bc8 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc4c: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc50: lea EAX, EBX + ffff8f24 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc56: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc59: call ffffedf2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffedf2 + EIP + 5 to 0x804dc59...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [804dc46,804dc5e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dc59->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dc59->804dc5e resolveable_edge: 1, tailcall: 0, target: 804dc5e [ParserDetails.C:588] pushing 804dc5e onto worklist [Parser.C] binding call 804dc59->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 804dc5e exists [Parser.C] skipping locally parsed target at 804dc5e [Parser.C:1485] recording block [804dc6f,804dc6f) [Parser.C] parsing block 804dc6f [Parser.C:1274] curAddr 0x804dc6f: mov EAX, [EBX + 7cc] [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc75: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc79: lea EAX, EBX + ffff8f4c [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc7f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc82: call ffffedc9 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffedc9 + EIP + 5 to 0x804dc82...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [804dc6f,804dc87) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dc82->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dc82->804dc87 resolveable_edge: 1, tailcall: 0, target: 804dc87 [ParserDetails.C:588] pushing 804dc87 onto worklist [Parser.C] binding call 804dc82->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 804dc87 exists [Parser.C] skipping locally parsed target at 804dc87 [Parser.C:1485] recording block [804dc92,804dc92) [Parser.C] parsing block 804dc92 [Parser.C:1274] curAddr 0x804dc92: lea EAX, EBX + ffff8f74 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc98: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called [Parser.C:1274] curAddr 0x804dc9b: call 5d1d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5d1d + EIP + 5 to 0x804dc9b...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804dc92,804dca0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dc9b->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dc9b->804dca0 resolveable_edge: 1, tailcall: 0, target: 804dca0 [ParserDetails.C:588] pushing 804dca0 onto worklist [Parser.C] binding call 804dc9b->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804dca0,804dca0) [Parser.C] parsing block 804dca0 [Parser.C:1274] curAddr 0x804dca0: jmp 26 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_1_func1_1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 26 + EIP + 2 to 0x804dca0...SUCCESS (CFT=0x804dcc8) [Parser.C:1485] recording block [804dca0,804dca2) Getting edges Checking for Tail Call jump to 0x804dcc8 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804dca0->804dcc8 resolveable_edge: 1, tailcall: 0, target: 804dcc8 [ParserDetails.C:588] pushing 804dcc8 onto worklist [Parser.C] block 804dcc8 exists [Parser.C] skipping locally parsed target at 804dcc8 [Parser.C] frame 804dc04 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_1_func1_1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80538d8) [Parser.C:180] entered parse_at([804ccd0,80549c4),80538d8) [Parser.C:1485] recording block [80538d8,80538d8) [Parser.C] ==== starting to parse frame 80538d8 ==== [Parser.C] parsing block 80538d8 [Parser.C:1274] curAddr 0x80538d8: push EBP, ESP [Parser.C:1280] leaf 1 funcname stdLogResult hasCFT called [Parser.C:1274] curAddr 0x80538d9: mov EBP, ESP [Parser.C:1280] leaf 1 funcname stdLogResult hasCFT called [Parser.C:1274] curAddr 0x80538db: push EBX, ESP [Parser.C:1280] leaf 1 funcname stdLogResult hasCFT called [Parser.C:1274] curAddr 0x80538dc: sub ESP, 14 [Parser.C:1280] leaf 1 funcname stdLogResult hasCFT called [Parser.C:1274] curAddr 0x80538df: call ffff941c + EIP + 5 [Parser.C:1280] leaf 1 funcname stdLogResult hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff941c + EIP + 5 to 0x80538df...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x80538e4: add EBX, 871c [Parser.C:1280] leaf 1 funcname stdLogResult hasCFT called [Parser.C:1274] curAddr 0x80538ea: mov EAX, [EBX + 9f8] [Parser.C:1280] leaf 1 funcname stdLogResult hasCFT called [Parser.C:1274] curAddr 0x80538f0: mov EDX, [EBP + 8] [Parser.C:1280] leaf 1 funcname stdLogResult hasCFT called [Parser.C:1274] curAddr 0x80538f3: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname stdLogResult hasCFT called [Parser.C:1274] curAddr 0x80538f7: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname stdLogResult hasCFT called [Parser.C:1274] curAddr 0x80538fa: call 83b + EIP + 5 [Parser.C:1280] leaf 1 funcname stdLogResult hasCFT called IA_IAPI.C[847]: binding PC EIP in call 83b + EIP + 5 to 0x80538fa...SUCCESS (CFT=0x805413a) [Parser.C:1485] recording block [80538d8,80538ff) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80538fa->805413a resolveable_edge: 1, tailcall: 0, target: 805413a [ParserDetails.C:588] pushing 805413a onto worklist ParserDetails.C[68]: adding function fallthrough edge 80538fa->80538ff resolveable_edge: 1, tailcall: 0, target: 80538ff [ParserDetails.C:588] pushing 80538ff onto worklist [Parser.C] binding call 80538fa->805413a [Parser.C] block 805413a exists Checking non-returning for printResultHumanLog Checking non-returning for printResultHumanLog [Parser.C:1485] recording block [80538ff,80538ff) [Parser.C] parsing block 80538ff [Parser.C:1274] curAddr 0x80538ff: add ESP, 14 [Parser.C:1280] leaf 1 funcname stdLogResult hasCFT called [Parser.C:1274] curAddr 0x8053902: pop EBX, ESP [Parser.C:1280] leaf 1 funcname stdLogResult hasCFT called [Parser.C:1274] curAddr 0x8053903: pop EBP, ESP [Parser.C:1280] leaf 1 funcname stdLogResult hasCFT called [Parser.C:1274] curAddr 0x8053904: ret near [ESP] [Parser.C:1280] leaf 1 funcname stdLogResult hasCFT called branch or return, ret true [Parser.C:1485] recording block [80538ff,8053905) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053904 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053904...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 80538d8 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] stdLogResult return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804eb90) [Parser.C:180] entered parse_at([804ccd0,80549c4),804eb90) [Parser.C:1485] recording block [804eb90,804eb90) [Parser.C] ==== starting to parse frame 804eb90 ==== [Parser.C] parsing block 804eb90 [Parser.C:1274] curAddr 0x804eb90: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804eb91: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804eb93: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804eb94: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804eb97: call ffffe164 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe164 + EIP + 5 to 0x804eb97...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804eb9c: add EBX, d464 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804eba2: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804eba8: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ebaa: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ebac: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804eb90,804ebae) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804ebac...SUCCESS (CFT=0x804ebbc) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ebac->804ebbc resolveable_edge: 1, tailcall: 0, target: 804ebbc [ParserDetails.C:588] pushing 804ebbc onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ebac->804ebae resolveable_edge: 1, tailcall: 0, target: 804ebae [ParserDetails.C:588] pushing 804ebae onto worklist [Parser.C:1485] recording block [804ebbc,804ebbc) [Parser.C] parsing block 804ebbc [Parser.C:1274] curAddr 0x804ebbc: lea EAX, EBX + 4c8 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ebc2: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ebc4: cmp EAX, 2a4 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ebc9: jz 28 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ebbc,804ebcb) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 28 + EIP + 2 to 0x804ebc9...SUCCESS (CFT=0x804ebf3) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ebc9->804ebf3 resolveable_edge: 1, tailcall: 0, target: 804ebf3 [ParserDetails.C:588] pushing 804ebf3 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ebc9->804ebcb resolveable_edge: 1, tailcall: 0, target: 804ebcb [ParserDetails.C:588] pushing 804ebcb onto worklist [Parser.C:1485] recording block [804ebf3,804ebf3) [Parser.C] parsing block 804ebf3 [Parser.C:1274] curAddr 0x804ebf3: cmp [EBP + 8], 1 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ebf7: jnz 50 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ebf3,804ebf9) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 50 + EIP + 2 to 0x804ebf7...SUCCESS (CFT=0x804ec49) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ebf7->804ec49 resolveable_edge: 1, tailcall: 0, target: 804ec49 [ParserDetails.C:588] pushing 804ec49 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ebf7->804ebf9 resolveable_edge: 1, tailcall: 0, target: 804ebf9 [ParserDetails.C:588] pushing 804ebf9 onto worklist [Parser.C:1485] recording block [804ec49,804ec49) [Parser.C] parsing block 804ec49 [Parser.C:1274] curAddr 0x804ec49: lea EAX, EBX + ffff9898 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec4f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec52: call 4d66 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4d66 + EIP + 5 to 0x804ec52...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ec49,804ec57) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ec52->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ec52->804ec57 resolveable_edge: 1, tailcall: 0, target: 804ec57 [ParserDetails.C:588] pushing 804ec57 onto worklist [Parser.C] binding call 804ec52->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804ec57,804ec57) [Parser.C] parsing block 804ec57 [Parser.C:1274] curAddr 0x804ec57: cmp [EBP + 8], 1 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec5b: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ec57,804ec5d) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804ec5b...SUCCESS (CFT=0x804ec72) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ec5b->804ec72 resolveable_edge: 1, tailcall: 0, target: 804ec72 [ParserDetails.C:588] pushing 804ec72 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ec5b->804ec5d resolveable_edge: 1, tailcall: 0, target: 804ec5d [ParserDetails.C:588] pushing 804ec5d onto worklist [Parser.C:1485] recording block [804ec72,804ec72) [Parser.C] parsing block 804ec72 [Parser.C:1274] curAddr 0x804ec72: cmp [EBP + c], 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec76: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ec72,804ec78) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804ec76...SUCCESS (CFT=0x804ec8d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ec76->804ec8d resolveable_edge: 1, tailcall: 0, target: 804ec8d [ParserDetails.C:588] pushing 804ec8d onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ec76->804ec78 resolveable_edge: 1, tailcall: 0, target: 804ec78 [ParserDetails.C:588] pushing 804ec78 onto worklist [Parser.C:1485] recording block [804ec8d,804ec8d) [Parser.C] parsing block 804ec8d [Parser.C:1274] curAddr 0x804ec8d: cmp [EBP + 10], 3 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec91: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ec8d,804ec93) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804ec91...SUCCESS (CFT=0x804eca8) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ec91->804eca8 resolveable_edge: 1, tailcall: 0, target: 804eca8 [ParserDetails.C:588] pushing 804eca8 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ec91->804ec93 resolveable_edge: 1, tailcall: 0, target: 804ec93 [ParserDetails.C:588] pushing 804ec93 onto worklist [Parser.C:1485] recording block [804eca8,804eca8) [Parser.C] parsing block 804eca8 [Parser.C:1274] curAddr 0x804eca8: cmp [EBP + 14], 4 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ecac: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804eca8,804ecae) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804ecac...SUCCESS (CFT=0x804ecc3) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ecac->804ecc3 resolveable_edge: 1, tailcall: 0, target: 804ecc3 [ParserDetails.C:588] pushing 804ecc3 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ecac->804ecae resolveable_edge: 1, tailcall: 0, target: 804ecae [ParserDetails.C:588] pushing 804ecae onto worklist [Parser.C:1485] recording block [804ecc3,804ecc3) [Parser.C] parsing block 804ecc3 [Parser.C:1274] curAddr 0x804ecc3: cmp [EBP + 18], 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ecc7: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ecc3,804ecc9) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804ecc7...SUCCESS (CFT=0x804ecde) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ecc7->804ecde resolveable_edge: 1, tailcall: 0, target: 804ecde [ParserDetails.C:588] pushing 804ecde onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ecc7->804ecc9 resolveable_edge: 1, tailcall: 0, target: 804ecc9 [ParserDetails.C:588] pushing 804ecc9 onto worklist [Parser.C:1485] recording block [804ecde,804ecde) [Parser.C] parsing block 804ecde [Parser.C:1274] curAddr 0x804ecde: cmp [EBP + 1c], 6 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ece2: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ecde,804ece4) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804ece2...SUCCESS (CFT=0x804ecf9) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ece2->804ecf9 resolveable_edge: 1, tailcall: 0, target: 804ecf9 [ParserDetails.C:588] pushing 804ecf9 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ece2->804ece4 resolveable_edge: 1, tailcall: 0, target: 804ece4 [ParserDetails.C:588] pushing 804ece4 onto worklist [Parser.C:1485] recording block [804ecf9,804ecf9) [Parser.C] parsing block 804ecf9 [Parser.C:1274] curAddr 0x804ecf9: cmp [EBP + 20], 7 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ecfd: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ecf9,804ecff) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804ecfd...SUCCESS (CFT=0x804ed14) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ecfd->804ed14 resolveable_edge: 1, tailcall: 0, target: 804ed14 [ParserDetails.C:588] pushing 804ed14 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ecfd->804ecff resolveable_edge: 1, tailcall: 0, target: 804ecff [ParserDetails.C:588] pushing 804ecff onto worklist [Parser.C:1485] recording block [804ed14,804ed14) [Parser.C] parsing block 804ed14 [Parser.C:1274] curAddr 0x804ed14: cmp [EBP + 24], 8 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed18: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ed14,804ed1a) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804ed18...SUCCESS (CFT=0x804ed2f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ed18->804ed2f resolveable_edge: 1, tailcall: 0, target: 804ed2f [ParserDetails.C:588] pushing 804ed2f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ed18->804ed1a resolveable_edge: 1, tailcall: 0, target: 804ed1a [ParserDetails.C:588] pushing 804ed1a onto worklist [Parser.C:1485] recording block [804ed2f,804ed2f) [Parser.C] parsing block 804ed2f [Parser.C:1274] curAddr 0x804ed2f: cmp [EBP + 28], 9 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed33: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ed2f,804ed35) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804ed33...SUCCESS (CFT=0x804ed4a) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ed33->804ed4a resolveable_edge: 1, tailcall: 0, target: 804ed4a [ParserDetails.C:588] pushing 804ed4a onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ed33->804ed35 resolveable_edge: 1, tailcall: 0, target: 804ed35 [ParserDetails.C:588] pushing 804ed35 onto worklist [Parser.C:1485] recording block [804ed4a,804ed4a) [Parser.C] parsing block 804ed4a [Parser.C:1274] curAddr 0x804ed4a: cmp [EBP + 2c], a [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed4e: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ed4a,804ed50) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804ed4e...SUCCESS (CFT=0x804ed65) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ed4e->804ed65 resolveable_edge: 1, tailcall: 0, target: 804ed65 [ParserDetails.C:588] pushing 804ed65 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ed4e->804ed50 resolveable_edge: 1, tailcall: 0, target: 804ed50 [ParserDetails.C:588] pushing 804ed50 onto worklist [Parser.C:1485] recording block [804ed65,804ed65) [Parser.C] parsing block 804ed65 [Parser.C:1274] curAddr 0x804ed65: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed6c: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed6f: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed72: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed73: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed74: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ed65,804ed75) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804ed74 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804ed74...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804ebae,804ebae) [Parser.C] parsing block 804ebae [Parser.C:1274] curAddr 0x804ebae: lea EAX, EBX + ffff97dc [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ebb4: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ebb7: call ffffdf64 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffdf64 + EIP + 5 to 0x804ebb7...SUCCESS (CFT=0x804cb20) [Parser.C:1485] recording block [804ebae,804ebbc) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ebb7->804cb20 resolveable_edge: 1, tailcall: 0, target: 804cb20 [ParserDetails.C:588] pushing 804cb20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ebb7->804ebbc resolveable_edge: 1, tailcall: 0, target: 804ebbc [ParserDetails.C:588] pushing 804ebbc onto worklist [Parser.C] binding call 804ebb7->804cb20 [Parser.C] block 804cb20 exists Checking non-returning for puts [Parser.C] block 804ebbc exists [Parser.C] skipping locally parsed target at 804ebbc [Parser.C:1485] recording block [804ebcb,804ebcb) [Parser.C] parsing block 804ebcb [Parser.C:1274] curAddr 0x804ebcb: lea EAX, EBX + ffff97f8 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ebd1: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ebd4: call 4de4 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4de4 + EIP + 5 to 0x804ebd4...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ebcb,804ebd9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ebd4->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ebd4->804ebd9 resolveable_edge: 1, tailcall: 0, target: 804ebd9 [ParserDetails.C:588] pushing 804ebd9 onto worklist [Parser.C] binding call 804ebd4->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804ebd9,804ebd9) [Parser.C] parsing block 804ebd9 [Parser.C:1274] curAddr 0x804ebd9: lea EAX, EBX + ffff9828 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ebdf: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ebe2: call 4dd6 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4dd6 + EIP + 5 to 0x804ebe2...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ebd9,804ebe7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ebe2->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ebe2->804ebe7 resolveable_edge: 1, tailcall: 0, target: 804ebe7 [ParserDetails.C:588] pushing 804ebe7 onto worklist [Parser.C] binding call 804ebe2->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804ebe7,804ebe7) [Parser.C] parsing block 804ebe7 [Parser.C:1274] curAddr 0x804ebe7: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ebee: jmp 179 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 179 + EIP + 5 to 0x804ebee...SUCCESS (CFT=0x804ed6c) [Parser.C:1485] recording block [804ebe7,804ebf3) Getting edges Checking for Tail Call jump to 0x804ed6c is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804ebee->804ed6c resolveable_edge: 1, tailcall: 0, target: 804ed6c [ParserDetails.C:588] pushing 804ed6c onto worklist [Parser.C:1485] recording block [804ebf9,804ebf9) [Parser.C] parsing block 804ebf9 [Parser.C:1274] curAddr 0x804ebf9: cmp [EBP + c], 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ebfd: jnz 4a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ebf9,804ebff) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 4a + EIP + 2 to 0x804ebfd...SUCCESS (CFT=0x804ec49) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804ec49 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804ebfd->804ec49 resolveable_edge: 1, tailcall: 0, target: 804ec49 [ParserDetails.C:588] pushing 804ec49 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ebfd->804ebff resolveable_edge: 1, tailcall: 0, target: 804ebff [ParserDetails.C:588] pushing 804ebff onto worklist [Parser.C] block 804ec49 exists [Parser.C] skipping locally parsed target at 804ec49 [Parser.C:1485] recording block [804ebff,804ebff) [Parser.C] parsing block 804ebff [Parser.C:1274] curAddr 0x804ebff: cmp [EBP + 10], 3 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec03: jnz 44 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ebff,804ec05) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 44 + EIP + 2 to 0x804ec03...SUCCESS (CFT=0x804ec49) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804ec49 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804ec03->804ec49 resolveable_edge: 1, tailcall: 0, target: 804ec49 [ParserDetails.C:588] pushing 804ec49 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ec03->804ec05 resolveable_edge: 1, tailcall: 0, target: 804ec05 [ParserDetails.C:588] pushing 804ec05 onto worklist [Parser.C] block 804ec49 exists [Parser.C] skipping locally parsed target at 804ec49 [Parser.C:1485] recording block [804ec05,804ec05) [Parser.C] parsing block 804ec05 [Parser.C:1274] curAddr 0x804ec05: cmp [EBP + 14], 4 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec09: jnz 3e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ec05,804ec0b) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 3e + EIP + 2 to 0x804ec09...SUCCESS (CFT=0x804ec49) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804ec49 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804ec09->804ec49 resolveable_edge: 1, tailcall: 0, target: 804ec49 [ParserDetails.C:588] pushing 804ec49 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ec09->804ec0b resolveable_edge: 1, tailcall: 0, target: 804ec0b [ParserDetails.C:588] pushing 804ec0b onto worklist [Parser.C] block 804ec49 exists [Parser.C] skipping locally parsed target at 804ec49 [Parser.C:1485] recording block [804ec0b,804ec0b) [Parser.C] parsing block 804ec0b [Parser.C:1274] curAddr 0x804ec0b: cmp [EBP + 18], 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec0f: jnz 38 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ec0b,804ec11) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 38 + EIP + 2 to 0x804ec0f...SUCCESS (CFT=0x804ec49) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804ec49 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804ec0f->804ec49 resolveable_edge: 1, tailcall: 0, target: 804ec49 [ParserDetails.C:588] pushing 804ec49 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ec0f->804ec11 resolveable_edge: 1, tailcall: 0, target: 804ec11 [ParserDetails.C:588] pushing 804ec11 onto worklist [Parser.C] block 804ec49 exists [Parser.C] skipping locally parsed target at 804ec49 [Parser.C:1485] recording block [804ec11,804ec11) [Parser.C] parsing block 804ec11 [Parser.C:1274] curAddr 0x804ec11: cmp [EBP + 1c], 6 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec15: jnz 32 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ec11,804ec17) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 32 + EIP + 2 to 0x804ec15...SUCCESS (CFT=0x804ec49) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804ec49 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804ec15->804ec49 resolveable_edge: 1, tailcall: 0, target: 804ec49 [ParserDetails.C:588] pushing 804ec49 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ec15->804ec17 resolveable_edge: 1, tailcall: 0, target: 804ec17 [ParserDetails.C:588] pushing 804ec17 onto worklist [Parser.C] block 804ec49 exists [Parser.C] skipping locally parsed target at 804ec49 [Parser.C:1485] recording block [804ec17,804ec17) [Parser.C] parsing block 804ec17 [Parser.C:1274] curAddr 0x804ec17: cmp [EBP + 20], 7 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec1b: jnz 2c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ec17,804ec1d) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 2c + EIP + 2 to 0x804ec1b...SUCCESS (CFT=0x804ec49) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804ec49 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804ec1b->804ec49 resolveable_edge: 1, tailcall: 0, target: 804ec49 [ParserDetails.C:588] pushing 804ec49 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ec1b->804ec1d resolveable_edge: 1, tailcall: 0, target: 804ec1d [ParserDetails.C:588] pushing 804ec1d onto worklist [Parser.C] block 804ec49 exists [Parser.C] skipping locally parsed target at 804ec49 [Parser.C:1485] recording block [804ec1d,804ec1d) [Parser.C] parsing block 804ec1d [Parser.C:1274] curAddr 0x804ec1d: cmp [EBP + 24], 8 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec21: jnz 26 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ec1d,804ec23) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 26 + EIP + 2 to 0x804ec21...SUCCESS (CFT=0x804ec49) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804ec49 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804ec21->804ec49 resolveable_edge: 1, tailcall: 0, target: 804ec49 [ParserDetails.C:588] pushing 804ec49 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ec21->804ec23 resolveable_edge: 1, tailcall: 0, target: 804ec23 [ParserDetails.C:588] pushing 804ec23 onto worklist [Parser.C] block 804ec49 exists [Parser.C] skipping locally parsed target at 804ec49 [Parser.C:1485] recording block [804ec23,804ec23) [Parser.C] parsing block 804ec23 [Parser.C:1274] curAddr 0x804ec23: cmp [EBP + 28], 9 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec27: jnz 20 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ec23,804ec29) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 20 + EIP + 2 to 0x804ec27...SUCCESS (CFT=0x804ec49) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804ec49 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804ec27->804ec49 resolveable_edge: 1, tailcall: 0, target: 804ec49 [ParserDetails.C:588] pushing 804ec49 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ec27->804ec29 resolveable_edge: 1, tailcall: 0, target: 804ec29 [ParserDetails.C:588] pushing 804ec29 onto worklist [Parser.C] block 804ec49 exists [Parser.C] skipping locally parsed target at 804ec49 [Parser.C:1485] recording block [804ec29,804ec29) [Parser.C] parsing block 804ec29 [Parser.C:1274] curAddr 0x804ec29: cmp [EBP + 2c], a [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec2d: jnz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ec29,804ec2f) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1a + EIP + 2 to 0x804ec2d...SUCCESS (CFT=0x804ec49) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804ec49 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804ec2d->804ec49 resolveable_edge: 1, tailcall: 0, target: 804ec49 [ParserDetails.C:588] pushing 804ec49 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ec2d->804ec2f resolveable_edge: 1, tailcall: 0, target: 804ec2f [ParserDetails.C:588] pushing 804ec2f onto worklist [Parser.C] block 804ec49 exists [Parser.C] skipping locally parsed target at 804ec49 [Parser.C:1485] recording block [804ec2f,804ec2f) [Parser.C] parsing block 804ec2f [Parser.C:1274] curAddr 0x804ec2f: lea EAX, EBX + ffff986c [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec35: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec38: call 4d80 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4d80 + EIP + 5 to 0x804ec38...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ec2f,804ec3d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ec38->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ec38->804ec3d resolveable_edge: 1, tailcall: 0, target: 804ec3d [ParserDetails.C:588] pushing 804ec3d onto worklist [Parser.C] binding call 804ec38->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804ec3d,804ec3d) [Parser.C] parsing block 804ec3d [Parser.C:1274] curAddr 0x804ec3d: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec44: jmp 123 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 123 + EIP + 5 to 0x804ec44...SUCCESS (CFT=0x804ed6c) [Parser.C:1485] recording block [804ec3d,804ec49) Getting edges Checking for Tail Call jump to 0x804ed6c is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804ec44->804ed6c resolveable_edge: 1, tailcall: 0, target: 804ed6c [ParserDetails.C:588] pushing 804ed6c onto worklist [Parser.C:1485] recording block [804ec5d,804ec5d) [Parser.C] parsing block 804ec5d [Parser.C:1274] curAddr 0x804ec5d: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec60: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec64: lea EAX, EBX + ffff98c9 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec6a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec6d: call 4d4b + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4d4b + EIP + 5 to 0x804ec6d...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ec5d,804ec72) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ec6d->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ec6d->804ec72 resolveable_edge: 1, tailcall: 0, target: 804ec72 [ParserDetails.C:588] pushing 804ec72 onto worklist [Parser.C] binding call 804ec6d->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804ec72 exists [Parser.C] skipping locally parsed target at 804ec72 [Parser.C:1485] recording block [804ec78,804ec78) [Parser.C] parsing block 804ec78 [Parser.C:1274] curAddr 0x804ec78: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec7b: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec7f: lea EAX, EBX + ffff98e7 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec85: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec88: call 4d30 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4d30 + EIP + 5 to 0x804ec88...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ec78,804ec8d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ec88->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ec88->804ec8d resolveable_edge: 1, tailcall: 0, target: 804ec8d [ParserDetails.C:588] pushing 804ec8d onto worklist [Parser.C] binding call 804ec88->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804ec8d exists [Parser.C] skipping locally parsed target at 804ec8d [Parser.C:1485] recording block [804ec93,804ec93) [Parser.C] parsing block 804ec93 [Parser.C:1274] curAddr 0x804ec93: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec96: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ec9a: lea EAX, EBX + ffff9905 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804eca0: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804eca3: call 4d15 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4d15 + EIP + 5 to 0x804eca3...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ec93,804eca8) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804eca3->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804eca3->804eca8 resolveable_edge: 1, tailcall: 0, target: 804eca8 [ParserDetails.C:588] pushing 804eca8 onto worklist [Parser.C] binding call 804eca3->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804eca8 exists [Parser.C] skipping locally parsed target at 804eca8 [Parser.C:1485] recording block [804ecae,804ecae) [Parser.C] parsing block 804ecae [Parser.C:1274] curAddr 0x804ecae: mov EAX, [EBP + 14] [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ecb1: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ecb5: lea EAX, EBX + ffff9923 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ecbb: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ecbe: call 4cfa + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4cfa + EIP + 5 to 0x804ecbe...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ecae,804ecc3) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ecbe->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ecbe->804ecc3 resolveable_edge: 1, tailcall: 0, target: 804ecc3 [ParserDetails.C:588] pushing 804ecc3 onto worklist [Parser.C] binding call 804ecbe->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804ecc3 exists [Parser.C] skipping locally parsed target at 804ecc3 [Parser.C:1485] recording block [804ecc9,804ecc9) [Parser.C] parsing block 804ecc9 [Parser.C:1274] curAddr 0x804ecc9: mov EAX, [EBP + 18] [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804eccc: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ecd0: lea EAX, EBX + ffff9941 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ecd6: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ecd9: call 4cdf + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4cdf + EIP + 5 to 0x804ecd9...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ecc9,804ecde) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ecd9->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ecd9->804ecde resolveable_edge: 1, tailcall: 0, target: 804ecde [ParserDetails.C:588] pushing 804ecde onto worklist [Parser.C] binding call 804ecd9->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804ecde exists [Parser.C] skipping locally parsed target at 804ecde [Parser.C:1485] recording block [804ece4,804ece4) [Parser.C] parsing block 804ece4 [Parser.C:1274] curAddr 0x804ece4: mov EAX, [EBP + 1c] [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ece7: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804eceb: lea EAX, EBX + ffff995f [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ecf1: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ecf4: call 4cc4 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4cc4 + EIP + 5 to 0x804ecf4...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ece4,804ecf9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ecf4->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ecf4->804ecf9 resolveable_edge: 1, tailcall: 0, target: 804ecf9 [ParserDetails.C:588] pushing 804ecf9 onto worklist [Parser.C] binding call 804ecf4->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804ecf9 exists [Parser.C] skipping locally parsed target at 804ecf9 [Parser.C:1485] recording block [804ecff,804ecff) [Parser.C] parsing block 804ecff [Parser.C:1274] curAddr 0x804ecff: mov EAX, [EBP + 20] [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed02: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed06: lea EAX, EBX + ffff997d [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed0c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed0f: call 4ca9 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4ca9 + EIP + 5 to 0x804ed0f...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ecff,804ed14) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ed0f->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ed0f->804ed14 resolveable_edge: 1, tailcall: 0, target: 804ed14 [ParserDetails.C:588] pushing 804ed14 onto worklist [Parser.C] binding call 804ed0f->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804ed14 exists [Parser.C] skipping locally parsed target at 804ed14 [Parser.C:1485] recording block [804ed1a,804ed1a) [Parser.C] parsing block 804ed1a [Parser.C:1274] curAddr 0x804ed1a: mov EAX, [EBP + 24] [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed1d: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed21: lea EAX, EBX + ffff999b [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed27: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed2a: call 4c8e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4c8e + EIP + 5 to 0x804ed2a...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ed1a,804ed2f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ed2a->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ed2a->804ed2f resolveable_edge: 1, tailcall: 0, target: 804ed2f [ParserDetails.C:588] pushing 804ed2f onto worklist [Parser.C] binding call 804ed2a->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804ed2f exists [Parser.C] skipping locally parsed target at 804ed2f [Parser.C:1485] recording block [804ed35,804ed35) [Parser.C] parsing block 804ed35 [Parser.C:1274] curAddr 0x804ed35: mov EAX, [EBP + 28] [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed38: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed3c: lea EAX, EBX + ffff99b9 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed42: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed45: call 4c73 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4c73 + EIP + 5 to 0x804ed45...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ed35,804ed4a) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ed45->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ed45->804ed4a resolveable_edge: 1, tailcall: 0, target: 804ed4a [ParserDetails.C:588] pushing 804ed4a onto worklist [Parser.C] binding call 804ed45->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804ed4a exists [Parser.C] skipping locally parsed target at 804ed4a [Parser.C:1485] recording block [804ed50,804ed50) [Parser.C] parsing block 804ed50 [Parser.C:1274] curAddr 0x804ed50: mov EAX, [EBP + 2c] [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed53: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed57: lea EAX, EBX + ffff99d8 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed5d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called [Parser.C:1274] curAddr 0x804ed60: call 4c58 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4c58 + EIP + 5 to 0x804ed60...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ed50,804ed65) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ed60->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ed60->804ed65 resolveable_edge: 1, tailcall: 0, target: 804ed65 [ParserDetails.C:588] pushing 804ed65 onto worklist [Parser.C] binding call 804ed60->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804ed65 exists [Parser.C] skipping locally parsed target at 804ed65 [Parser.C] address 804ed6c splits [804ed65,804ed75) (0x1d4e220) [Parser.C:1485] recording block [804ed6c,804ed75) [Parser.C] skipping locally parsed target at 804ed6c [Parser.C] block 804ed6c exists [Parser.C] skipping locally parsed target at 804ed6c [Parser.C] frame 804eb90 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_8_func1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052cad) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052cad) [Parser.C:1485] recording block [8052cad,8052cad) [Parser.C] ==== starting to parse frame 8052cad ==== [Parser.C] parsing block 8052cad [Parser.C:1274] curAddr 0x8052cad: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_39_func1 hasCFT called [Parser.C:1274] curAddr 0x8052cae: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_39_func1 hasCFT called [Parser.C:1274] curAddr 0x8052cb0: sub ESP, 10 [Parser.C:1280] leaf 1 funcname test1_39_func1 hasCFT called [Parser.C:1274] curAddr 0x8052cb3: call ffffaecd + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_39_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffaecd + EIP + 5 to 0x8052cb3...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8052cb8: add ECX, 9348 [Parser.C:1280] leaf 1 funcname test1_39_func1 hasCFT called [Parser.C:1274] curAddr 0x8052cbe: mov [EBP + fffffffffffffffc], 1 [Parser.C:1280] leaf 1 funcname test1_39_func1 hasCFT called [Parser.C:1274] curAddr 0x8052cc5: mov [EBP + fffffffffffffff8], 2 [Parser.C:1280] leaf 1 funcname test1_39_func1 hasCFT called [Parser.C:1274] curAddr 0x8052ccc: mov EAX, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname test1_39_func1 hasCFT called [Parser.C:1274] curAddr 0x8052ccf: mov EDX, [EBP + fffffffffffffffc] [Parser.C:1280] leaf 1 funcname test1_39_func1 hasCFT called [Parser.C:1274] curAddr 0x8052cd2: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_39_func1 hasCFT called [Parser.C:1274] curAddr 0x8052cd4: mov [ECX + 9a8], EAX [Parser.C:1280] leaf 1 funcname test1_39_func1 hasCFT called [Parser.C:1274] curAddr 0x8052cda: leave [Parser.C:1280] leaf 1 funcname test1_39_func1 hasCFT called [Parser.C:1274] curAddr 0x8052cdb: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_39_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052cad,8052cdc) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052cdb Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052cdb...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052cad complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_39_func1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8054051) [Parser.C:180] entered parse_at([804ccd0,80549c4),8054051) [Parser.C:1485] recording block [8054051,8054051) [Parser.C] ==== starting to parse frame 8054051 ==== [Parser.C] parsing block 8054051 [Parser.C:1274] curAddr 0x8054051: push EBP, ESP [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054052: mov EBP, ESP [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054054: push EBX, ESP [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054055: sub ESP, 14 [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054058: call ffff8ca3 + EIP + 5 [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8ca3 + EIP + 5 to 0x8054058...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x805405d: add EBX, 7fa3 [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054063: mov EAX, [EBX + 768] [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054069: cmp EAX, ff [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x805406c: jnz 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054051,805406e) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 7 + EIP + 2 to 0x805406c...SUCCESS (CFT=0x8054075) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805406c->8054075 resolveable_edge: 1, tailcall: 0, target: 8054075 [ParserDetails.C:588] pushing 8054075 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805406c->805406e resolveable_edge: 1, tailcall: 0, target: 805406e [ParserDetails.C:588] pushing 805406e onto worklist [Parser.C:1485] recording block [8054075,8054075) [Parser.C] parsing block 8054075 [Parser.C:1274] curAddr 0x8054075: mov EDX, [EBX + 76c] [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x805407b: mov EAX, [EBX + 768] [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054081: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054085: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054088: call ffff8993 + EIP + 5 [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8993 + EIP + 5 to 0x8054088...SUCCESS (CFT=0x804ca20) [Parser.C:1485] recording block [8054075,805408d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8054088->804ca20 resolveable_edge: 1, tailcall: 0, target: 804ca20 [ParserDetails.C:588] pushing 804ca20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8054088->805408d resolveable_edge: 1, tailcall: 0, target: 805408d [ParserDetails.C:588] pushing 805408d onto worklist [Parser.C] binding call 8054088->804ca20 [ParseData.C] new function for target 804ca20 [Parser.C:1485] recording block [804ca20,804ca20) [suspend frame 8054051] [Parser.C] frame 8054051 blocked at 8054088 call target 804ca20 [Parser.C] block 804ca20 exists [Parser.C] ==== starting to parse frame 804ca20 ==== [Parser.C] parsing block 804ca20 [Parser.C:1274] curAddr 0x804ca20: jmp [805c00c] [Parser.C:1280] leaf 1 funcname targ804ca20 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c00c] to 0x804ca20...FAIL (CFT=0x0), callTarget exp: [805c00c] ... indirect jump at 0x804ca20, delay parsing it [Parser.C:1485] recording block [804ca20,804ca26) ... continue parse indirect jump at 804ca20 [Parser.C:1485] recording block [804ca20,804ca26) Getting edges ... indirect jump at 0x804ca20 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c00c] at 0x804ca20 Apply indirect control flow analysis at 804ca20 Looking for thunk Looking for thunk in block [804ca20,804ca26).......WARNING: after advance at 0x804ca26, curInsn() NULL Expanding instruction @ 804ca20: jmp [805c00c] Original expand: (<134594572:32>,) Adding assignment (@804ca20<[x86::eip]>[_805c00c]) in instruction jmp [805c00c] at 804ca20, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804ca20, insn: jmp [805c00c] Old fact for 804ca20: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804ca20 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804ca20<[x86::eip]>[_805c00c]) Instruction: jmp [805c00c] AST: (<134594572:64>,) Generate bound fact for Interval 0[134594572,134594572] 0[805c00c,805c00c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594572:64>,) Apply relations2 to (<134594572:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594572,134594572] 0[805c00c,805c00c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594572:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804ca20 The fact from 804ca20 before applying transfer function Do not track predicate Var: , Interval 0[134594572,134594572] 0[805c00c,805c00c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594572:64>,) No known value at the top of the stack Fact from 804ca20 after applying transfer function Do not track predicate Var: , Interval 0[134594572,134594572] 0[805c00c,805c00c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594572:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594572,134594572] 0[805c00c,805c00c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594572:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594572,134594572] 0[805c00c,805c00c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c00c not read only, returning false Not jump table format! [Parser.C] finalizing targ804ca20 (804ca20) No targets, exits func Adding block 0x804ca20 as exit 804ca20 extent [804ca20,804ca26) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c00c] at 0x804ca20 in function targ804ca20 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804ca20->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for dup2 [Parser.C] frame 804ca20 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] dup2 return status 2, no waiters [Parser.C] ==== resuming parse of frame 8054051 ==== Checking non-returning for dup2 [Parser.C:1485] recording block [805408d,805408d) [Parser.C] parsing block 805408d [Parser.C:1274] curAddr 0x805408d: cmp EAX, ff [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054090: jnz 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called branch or return, ret true [Parser.C:1485] recording block [805408d,8054092) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 7 + EIP + 2 to 0x8054090...SUCCESS (CFT=0x8054099) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054090->8054099 resolveable_edge: 1, tailcall: 0, target: 8054099 [ParserDetails.C:588] pushing 8054099 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054090->8054092 resolveable_edge: 1, tailcall: 0, target: 8054092 [ParserDetails.C:588] pushing 8054092 onto worklist [Parser.C:1485] recording block [8054099,8054099) [Parser.C] parsing block 8054099 [Parser.C:1274] curAddr 0x8054099: mov EAX, 0 [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x805409e: add ESP, 14 [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x80540a1: pop EBX, ESP [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x80540a2: pop EBP, ESP [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x80540a3: ret near [ESP] [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054099,80540a4) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80540a3 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80540a3...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [805406e,805406e) [Parser.C] parsing block 805406e [Parser.C:1274] curAddr 0x805406e: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054073: jmp 29 + EIP + 2 [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 29 + EIP + 2 to 0x8054073...SUCCESS (CFT=0x805409e) [Parser.C:1485] recording block [805406e,8054075) Getting edges Checking for Tail Call jump to 0x805409e is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8054073->805409e resolveable_edge: 1, tailcall: 0, target: 805409e [ParserDetails.C:588] pushing 805409e onto worklist [Parser.C:1485] recording block [8054092,8054092) [Parser.C] parsing block 8054092 [Parser.C:1274] curAddr 0x8054092: mov EAX, fffffffe [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054097: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname cleanupFortranOutput hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x8054097...SUCCESS (CFT=0x805409e) [Parser.C:1485] recording block [8054092,8054099) Getting edges Checking for Tail Call jump to 0x805409e is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8054097->805409e resolveable_edge: 1, tailcall: 0, target: 805409e [ParserDetails.C:588] pushing 805409e onto worklist [Parser.C] address 805409e splits [8054099,80540a4) (0x1d4e760) [Parser.C:1485] recording block [805409e,80540a4) [Parser.C] skipping locally parsed target at 805409e [Parser.C] block 805409e exists [Parser.C] skipping locally parsed target at 805409e [Parser.C] frame 8054051 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] cleanupFortranOutput return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804ff50) [Parser.C:180] entered parse_at([804ccd0,80549c4),804ff50) [Parser.C:1485] recording block [804ff50,804ff50) [Parser.C] ==== starting to parse frame 804ff50 ==== [Parser.C] parsing block 804ff50 [Parser.C:1274] curAddr 0x804ff50: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff51: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff53: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff54: sub ESP, 44 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff57: call ffffcda4 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffcda4 + EIP + 5 to 0x804ff57...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804ff5c: add EBX, c0a4 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff62: mov [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff69: mov [EBP + ffffffffffffffec], 0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff70: fld1 ST0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff72: fstp [EBP + ffffffffffffffe0], ST0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff75: lea EAX, EBP + ffffffffffffffe0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff78: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff7c: lea EAX, EBP + ffffffffffffffec [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff7f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff82: call 18a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 18a + EIP + 5 to 0x804ff82...SUCCESS (CFT=0x8050111) [Parser.C:1485] recording block [804ff50,804ff87) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ff82->8050111 resolveable_edge: 1, tailcall: 0, target: 8050111 [ParserDetails.C:588] pushing 8050111 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ff82->804ff87 resolveable_edge: 1, tailcall: 0, target: 804ff87 [ParserDetails.C:588] pushing 804ff87 onto worklist [Parser.C] binding call 804ff82->8050111 [Parser.C:1485] recording block [8050111,8050111) [suspend frame 804ff50] [Parser.C] frame 804ff50 blocked at 804ff82 call target 8050111 [Parser.C] block 8050111 exists [Parser.C] ==== starting to parse frame 8050111 ==== [Parser.C] parsing block 8050111 [Parser.C:1274] curAddr 0x8050111: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050112: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050114: sub ESP, 10 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050117: call ffffda69 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffda69 + EIP + 5 to 0x8050117...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x805011c: add ECX, bee4 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050122: mov [EBP + fffffffffffffff8], 1 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050129: mov EDX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805012f: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050135: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050137: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805013d: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805013f: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050145: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050147: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805014d: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805014f: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050155: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050157: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805015d: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805015f: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050165: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050167: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805016d: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805016f: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050175: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050177: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805017d: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805017f: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050185: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050187: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805018d: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805018f: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050195: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050197: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805019d: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805019f: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501a5: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501a7: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501ad: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501af: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501b5: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501b7: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501bd: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501bf: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501c5: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501c7: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501cd: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501cf: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501d5: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501d7: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501dd: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501df: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501e5: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501e7: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501ed: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501ef: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501f5: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501f7: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501fd: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80501ff: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050205: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050207: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805020d: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805020f: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050215: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050217: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805021d: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805021f: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050225: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050227: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805022d: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805022f: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050235: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050237: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805023d: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805023f: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050245: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050247: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805024d: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805024f: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050255: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050257: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805025d: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805025f: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050265: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050267: mov EAX, [ECX + 520] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805026d: add EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805026f: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050272: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050274: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805027a: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050280: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050282: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050288: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805028a: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050290: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050292: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050298: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805029a: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502a0: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502a2: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502a8: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502aa: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502b0: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502b2: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502b8: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502ba: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502c0: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502c2: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502c8: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502ca: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502d0: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502d2: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502d8: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502da: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502e0: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502e2: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502e8: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502ea: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502f0: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502f2: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502f8: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80502fa: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050300: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050302: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050308: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805030a: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050310: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050312: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050318: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805031a: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050320: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050322: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050328: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805032a: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050330: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050332: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050338: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805033a: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050340: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050342: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050348: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805034a: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050350: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050352: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050358: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805035a: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050360: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050362: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050368: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805036a: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050370: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050372: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050378: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805037a: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050380: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050382: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050388: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805038a: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050390: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050392: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050398: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805039a: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503a0: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503a2: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503a8: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503aa: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503b0: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503b2: fld ST0, [ECX + 528] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503b8: faddp ST1, ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503ba: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503bd: fstp [EAX], ST0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503bf: mov [EBP + fffffffffffffffc], 0 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503c6: jmp 5e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5e + EIP + 2 to 0x80503c6...SUCCESS (CFT=0x8050426) [Parser.C:1485] recording block [8050111,80503c8) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 80503c6->8050426 resolveable_edge: 1, tailcall: 0, target: 8050426 [ParserDetails.C:588] pushing 8050426 onto worklist [Parser.C:1485] recording block [8050426,8050426) [Parser.C] parsing block 8050426 [Parser.C:1274] curAddr 0x8050426: mov EAX, [ECX + 530] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805042c: cmp [EBP + fffffffffffffffc], EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805042f: jl ffffffffffffff97 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050426,8050431) Getting edges IA_IAPI.C[847]: binding PC EIP in jl ffffffffffffff97 + EIP + 2 to 0x805042f...SUCCESS (CFT=0x80503c8) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805042f->80503c8 resolveable_edge: 1, tailcall: 0, target: 80503c8 [ParserDetails.C:588] pushing 80503c8 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805042f->8050431 resolveable_edge: 1, tailcall: 0, target: 8050431 [ParserDetails.C:588] pushing 8050431 onto worklist [Parser.C:1485] recording block [80503c8,80503c8) [Parser.C] parsing block 80503c8 [Parser.C:1274] curAddr 0x80503c8: mov EDX, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503cb: mov EAX, EDX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503cd: add EAX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503cf: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503d1: mov [EBP + fffffffffffffff8], EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503d4: mov EAX, [EBP + fffffffffffffffc] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503d7: cdq EDX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503d8: shr EDX, 1f [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503db: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503dd: and EAX, 1 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503e0: sub EAX, EDX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503e2: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503e5: jnz f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80503c8,80503e7) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz f + EIP + 2 to 0x80503e5...SUCCESS (CFT=0x80503f6) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80503e5->80503f6 resolveable_edge: 1, tailcall: 0, target: 80503f6 [ParserDetails.C:588] pushing 80503f6 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80503e5->80503e7 resolveable_edge: 1, tailcall: 0, target: 80503e7 [ParserDetails.C:588] pushing 80503e7 onto worklist [Parser.C:1485] recording block [80503f6,80503f6) [Parser.C] parsing block 80503f6 [Parser.C:1274] curAddr 0x80503f6: cmp [EBP + fffffffffffffffc], 9 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503fa: jnle f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80503f6,80503fc) Getting edges IA_IAPI.C[847]: binding PC EIP in jnle f + EIP + 2 to 0x80503fa...SUCCESS (CFT=0x805040b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80503fa->805040b resolveable_edge: 1, tailcall: 0, target: 805040b [ParserDetails.C:588] pushing 805040b onto worklist ParserDetails.C[80]: adding conditional not taken edge 80503fa->80503fc resolveable_edge: 1, tailcall: 0, target: 80503fc [ParserDetails.C:588] pushing 80503fc onto worklist [Parser.C:1485] recording block [805040b,805040b) [Parser.C] parsing block 805040b [Parser.C:1274] curAddr 0x805040b: cmp [EBP + fffffffffffffffc], 14 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805040f: jle 11 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [805040b,8050411) Getting edges IA_IAPI.C[847]: binding PC EIP in jle 11 + EIP + 2 to 0x805040f...SUCCESS (CFT=0x8050422) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805040f->8050422 resolveable_edge: 1, tailcall: 0, target: 8050422 [ParserDetails.C:588] pushing 8050422 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805040f->8050411 resolveable_edge: 1, tailcall: 0, target: 8050411 [ParserDetails.C:588] pushing 8050411 onto worklist [Parser.C:1485] recording block [8050422,8050422) [Parser.C] parsing block 8050422 [Parser.C:1274] curAddr 0x8050422: add [EBP + fffffffffffffffc], 1 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C] straight-line parse into block at 8050426 [Parser.C:1485] recording block [8050422,8050426) [Parser.C] block 8050426 exists [Parser.C:1485] recording block [80503e7,80503e7) [Parser.C] parsing block 80503e7 [Parser.C:1274] curAddr 0x80503e7: mov EDX, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503ea: mov EAX, EDX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503ec: shl/sal EAX, 2 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503ef: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503f1: mov [EBP + fffffffffffffff8], EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503f4: jmp 2c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 2c + EIP + 2 to 0x80503f4...SUCCESS (CFT=0x8050422) [Parser.C:1485] recording block [80503e7,80503f6) Getting edges Checking for Tail Call jump to 0x8050422 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 80503f4->8050422 resolveable_edge: 1, tailcall: 0, target: 8050422 [ParserDetails.C:588] pushing 8050422 onto worklist [Parser.C:1485] recording block [80503fc,80503fc) [Parser.C] parsing block 80503fc [Parser.C:1274] curAddr 0x80503fc: mov EDX, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x80503ff: mov EAX, EDX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050401: shl/sal EAX, 3 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050404: sub EAX, EDX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050406: mov [EBP + fffffffffffffff8], EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050409: jmp 17 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 17 + EIP + 2 to 0x8050409...SUCCESS (CFT=0x8050422) [Parser.C:1485] recording block [80503fc,805040b) Getting edges Checking for Tail Call jump to 0x8050422 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8050409->8050422 resolveable_edge: 1, tailcall: 0, target: 8050422 [ParserDetails.C:588] pushing 8050422 onto worklist [Parser.C:1485] recording block [8050411,8050411) [Parser.C] parsing block 8050411 [Parser.C:1274] curAddr 0x8050411: mov EDX, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050414: mov EAX, EDX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050416: shl/sal EAX, 2 [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050419: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805041b: add EAX, EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805041d: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x805041f: mov [EBP + fffffffffffffff8], EAX [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C] straight-line parse into block at 8050422 [Parser.C:1485] recording block [8050411,8050422) [Parser.C] block 8050422 exists [Parser.C:1485] recording block [8050431,8050431) [Parser.C] parsing block 8050431 [Parser.C:1274] curAddr 0x8050431: mov EAX, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050434: leave [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called [Parser.C:1274] curAddr 0x8050435: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_20_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050431,8050436) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8050435 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8050435...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] block 8050422 exists [Parser.C] skipping locally parsed target at 8050422 [Parser.C] block 8050422 exists [Parser.C] skipping locally parsed target at 8050422 [Parser.C] frame 8050111 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_20_func2 return status 3, no waiters [Parser.C] ==== resuming parse of frame 804ff50 ==== Checking non-returning for test1_20_func2 Checking non-returning for test1_20_func2 [Parser.C:1485] recording block [804ff87,804ff87) [Parser.C] parsing block 804ff87 [Parser.C:1274] curAddr 0x804ff87: mov [EBP + fffffffffffffff0], EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff8a: mov EAX, [EBX + 534] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff90: cmp EAX, 7b [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff93: jnz 70 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ff87,804ff95) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 70 + EIP + 2 to 0x804ff93...SUCCESS (CFT=0x8050005) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ff93->8050005 resolveable_edge: 1, tailcall: 0, target: 8050005 [ParserDetails.C:588] pushing 8050005 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ff93->804ff95 resolveable_edge: 1, tailcall: 0, target: 804ff95 [ParserDetails.C:588] pushing 804ff95 onto worklist [Parser.C:1485] recording block [8050005,8050005) [Parser.C] parsing block 8050005 [Parser.C:1274] curAddr 0x8050005: lea EAX, EBX + ffffa694 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x805000b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x805000e: call 39aa + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 39aa + EIP + 5 to 0x805000e...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050005,8050013) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805000e->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805000e->8050013 resolveable_edge: 1, tailcall: 0, target: 8050013 [ParserDetails.C:588] pushing 8050013 onto worklist [Parser.C] binding call 805000e->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8050013,8050013) [Parser.C] parsing block 8050013 [Parser.C:1274] curAddr 0x8050013: mov EAX, [EBX + 534] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050019: cmp EAX, 7b [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x805001c: jz 20 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050013,805001e) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 20 + EIP + 2 to 0x805001c...SUCCESS (CFT=0x805003e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805001c->805003e resolveable_edge: 1, tailcall: 0, target: 805003e [ParserDetails.C:588] pushing 805003e onto worklist ParserDetails.C[80]: adding conditional not taken edge 805001c->805001e resolveable_edge: 1, tailcall: 0, target: 805001e [ParserDetails.C:588] pushing 805001e onto worklist [Parser.C:1485] recording block [805003e,805003e) [Parser.C] parsing block 805003e [Parser.C:1274] curAddr 0x805003e: fld ST0, [EBX + 898] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050044: fld ST0, [EBX + ffffa860] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x805004a: fstp [ESP + 8], ST0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x805004e: fstp [ESP], ST0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050051: call 6e7 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 6e7 + EIP + 5 to 0x8050051...SUCCESS (CFT=0x805073d) [Parser.C:1485] recording block [805003e,8050056) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050051->805073d resolveable_edge: 1, tailcall: 0, target: 805073d [ParserDetails.C:588] pushing 805073d onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050051->8050056 resolveable_edge: 1, tailcall: 0, target: 8050056 [ParserDetails.C:588] pushing 8050056 onto worklist [Parser.C] binding call 8050051->805073d [Parser.C] block 805073d exists Checking non-returning for eq_doubles [Parser.C:1485] recording block [8050056,8050056) [Parser.C] parsing block 8050056 [Parser.C:1274] curAddr 0x8050056: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050058: jnz 22 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050056,805005a) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 22 + EIP + 2 to 0x8050058...SUCCESS (CFT=0x805007c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050058->805007c resolveable_edge: 1, tailcall: 0, target: 805007c [ParserDetails.C:588] pushing 805007c onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050058->805005a resolveable_edge: 1, tailcall: 0, target: 805005a [ParserDetails.C:588] pushing 805005a onto worklist [Parser.C:1485] recording block [805007c,805007c) [Parser.C] parsing block 805007c [Parser.C:1274] curAddr 0x805007c: mov EAX, [EBP + ffffffffffffffec] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x805007f: cmp EAX, 11f [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050084: jz 1d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [805007c,8050086) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1d + EIP + 2 to 0x8050084...SUCCESS (CFT=0x80500a3) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050084->80500a3 resolveable_edge: 1, tailcall: 0, target: 80500a3 [ParserDetails.C:588] pushing 80500a3 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050084->8050086 resolveable_edge: 1, tailcall: 0, target: 8050086 [ParserDetails.C:588] pushing 8050086 onto worklist [Parser.C:1485] recording block [80500a3,80500a3) [Parser.C] parsing block 80500a3 [Parser.C:1274] curAddr 0x80500a3: fld ST0, [EBP + ffffffffffffffe0] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500a6: fld ST0, [EBX + ffffa868] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500ac: fstp [ESP + 8], ST0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500b0: fstp [ESP], ST0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500b3: call 685 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 685 + EIP + 5 to 0x80500b3...SUCCESS (CFT=0x805073d) [Parser.C:1485] recording block [80500a3,80500b8) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80500b3->805073d resolveable_edge: 1, tailcall: 0, target: 805073d [ParserDetails.C:588] pushing 805073d onto worklist ParserDetails.C[68]: adding function fallthrough edge 80500b3->80500b8 resolveable_edge: 1, tailcall: 0, target: 80500b8 [ParserDetails.C:588] pushing 80500b8 onto worklist [Parser.C] binding call 80500b3->805073d [Parser.C] block 805073d exists Checking non-returning for eq_doubles [Parser.C:1485] recording block [80500b8,80500b8) [Parser.C] parsing block 80500b8 [Parser.C:1274] curAddr 0x80500b8: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500ba: jnz 1f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80500b8,80500bc) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1f + EIP + 2 to 0x80500ba...SUCCESS (CFT=0x80500db) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80500ba->80500db resolveable_edge: 1, tailcall: 0, target: 80500db [ParserDetails.C:588] pushing 80500db onto worklist ParserDetails.C[80]: adding conditional not taken edge 80500ba->80500bc resolveable_edge: 1, tailcall: 0, target: 80500bc [ParserDetails.C:588] pushing 80500bc onto worklist [Parser.C:1485] recording block [80500db,80500db) [Parser.C] parsing block 80500db [Parser.C:1274] curAddr 0x80500db: cmp [EBP + fffffffffffffff0], 40e73cd3 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500e2: jz 1d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80500db,80500e4) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1d + EIP + 2 to 0x80500e2...SUCCESS (CFT=0x8050101) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80500e2->8050101 resolveable_edge: 1, tailcall: 0, target: 8050101 [ParserDetails.C:588] pushing 8050101 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80500e2->80500e4 resolveable_edge: 1, tailcall: 0, target: 80500e4 [ParserDetails.C:588] pushing 80500e4 onto worklist [Parser.C:1485] recording block [8050101,8050101) [Parser.C] parsing block 8050101 [Parser.C:1274] curAddr 0x8050101: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050108: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x805010b: add ESP, 44 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x805010e: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x805010f: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050110: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050101,8050111) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8050110 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8050110...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804ff95,804ff95) [Parser.C] parsing block 804ff95 [Parser.C:1274] curAddr 0x804ff95: fld ST0, [EBX + 898] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff9b: fld ST0, [EBX + ffffa860] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ffa1: fstp [ESP + 8], ST0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ffa5: fstp [ESP], ST0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ffa8: call 790 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 790 + EIP + 5 to 0x804ffa8...SUCCESS (CFT=0x805073d) [Parser.C:1485] recording block [804ff95,804ffad) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ffa8->805073d resolveable_edge: 1, tailcall: 0, target: 805073d [ParserDetails.C:588] pushing 805073d onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ffa8->804ffad resolveable_edge: 1, tailcall: 0, target: 804ffad [ParserDetails.C:588] pushing 804ffad onto worklist [Parser.C] binding call 804ffa8->805073d [Parser.C] block 805073d exists Checking non-returning for eq_doubles [Parser.C:1485] recording block [804ffad,804ffad) [Parser.C] parsing block 804ffad [Parser.C:1274] curAddr 0x804ffad: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ffaf: jz 54 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ffad,804ffb1) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 54 + EIP + 2 to 0x804ffaf...SUCCESS (CFT=0x8050005) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x8050005 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804ffaf->8050005 resolveable_edge: 1, tailcall: 0, target: 8050005 [ParserDetails.C:588] pushing 8050005 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ffaf->804ffb1 resolveable_edge: 1, tailcall: 0, target: 804ffb1 [ParserDetails.C:588] pushing 804ffb1 onto worklist [Parser.C] block 8050005 exists [Parser.C] skipping locally parsed target at 8050005 [Parser.C:1485] recording block [804ffb1,804ffb1) [Parser.C] parsing block 804ffb1 [Parser.C:1274] curAddr 0x804ffb1: mov EAX, [EBP + ffffffffffffffec] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ffb4: cmp EAX, 11f [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ffb9: jnz 4a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ffb1,804ffbb) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 4a + EIP + 2 to 0x804ffb9...SUCCESS (CFT=0x8050005) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x8050005 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804ffb9->8050005 resolveable_edge: 1, tailcall: 0, target: 8050005 [ParserDetails.C:588] pushing 8050005 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ffb9->804ffbb resolveable_edge: 1, tailcall: 0, target: 804ffbb [ParserDetails.C:588] pushing 804ffbb onto worklist [Parser.C] block 8050005 exists [Parser.C] skipping locally parsed target at 8050005 [Parser.C:1485] recording block [804ffbb,804ffbb) [Parser.C] parsing block 804ffbb [Parser.C:1274] curAddr 0x804ffbb: fld ST0, [EBP + ffffffffffffffe0] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ffbe: fld ST0, [EBX + ffffa868] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ffc4: fstp [ESP + 8], ST0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ffc8: fstp [ESP], ST0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ffcb: call 76d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 76d + EIP + 5 to 0x804ffcb...SUCCESS (CFT=0x805073d) [Parser.C:1485] recording block [804ffbb,804ffd0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ffcb->805073d resolveable_edge: 1, tailcall: 0, target: 805073d [ParserDetails.C:588] pushing 805073d onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ffcb->804ffd0 resolveable_edge: 1, tailcall: 0, target: 804ffd0 [ParserDetails.C:588] pushing 804ffd0 onto worklist [Parser.C] binding call 804ffcb->805073d [Parser.C] block 805073d exists Checking non-returning for eq_doubles [Parser.C:1485] recording block [804ffd0,804ffd0) [Parser.C] parsing block 804ffd0 [Parser.C:1274] curAddr 0x804ffd0: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ffd2: jz 31 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ffd0,804ffd4) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 31 + EIP + 2 to 0x804ffd2...SUCCESS (CFT=0x8050005) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x8050005 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804ffd2->8050005 resolveable_edge: 1, tailcall: 0, target: 8050005 [ParserDetails.C:588] pushing 8050005 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ffd2->804ffd4 resolveable_edge: 1, tailcall: 0, target: 804ffd4 [ParserDetails.C:588] pushing 804ffd4 onto worklist [Parser.C] block 8050005 exists [Parser.C] skipping locally parsed target at 8050005 [Parser.C:1485] recording block [804ffd4,804ffd4) [Parser.C] parsing block 804ffd4 [Parser.C:1274] curAddr 0x804ffd4: cmp [EBP + fffffffffffffff0], 40e73cd3 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ffdb: jnz 28 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ffd4,804ffdd) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 28 + EIP + 2 to 0x804ffdb...SUCCESS (CFT=0x8050005) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x8050005 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804ffdb->8050005 resolveable_edge: 1, tailcall: 0, target: 8050005 [ParserDetails.C:588] pushing 8050005 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ffdb->804ffdd resolveable_edge: 1, tailcall: 0, target: 804ffdd [ParserDetails.C:588] pushing 804ffdd onto worklist [Parser.C] block 8050005 exists [Parser.C] skipping locally parsed target at 8050005 [Parser.C:1485] recording block [804ffdd,804ffdd) [Parser.C] parsing block 804ffdd [Parser.C:1274] curAddr 0x804ffdd: lea EAX, EBX + ffffa664 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ffe3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ffe6: call 39d2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 39d2 + EIP + 5 to 0x804ffe6...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ffdd,804ffeb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ffe6->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ffe6->804ffeb resolveable_edge: 1, tailcall: 0, target: 804ffeb [ParserDetails.C:588] pushing 804ffeb onto worklist [Parser.C] binding call 804ffe6->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804ffeb,804ffeb) [Parser.C] parsing block 804ffeb [Parser.C:1274] curAddr 0x804ffeb: mov EAX, [EBX + 53c] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fff1: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fff4: call 43ac + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 43ac + EIP + 5 to 0x804fff4...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [804ffeb,804fff9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fff4->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fff4->804fff9 resolveable_edge: 1, tailcall: 0, target: 804fff9 [ParserDetails.C:588] pushing 804fff9 onto worklist [Parser.C] binding call 804fff4->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [804fff9,804fff9) [Parser.C] parsing block 804fff9 [Parser.C:1274] curAddr 0x804fff9: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050000: jmp 103 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 103 + EIP + 5 to 0x8050000...SUCCESS (CFT=0x8050108) [Parser.C:1485] recording block [804fff9,8050005) Getting edges Checking for Tail Call jump to 0x8050108 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8050000->8050108 resolveable_edge: 1, tailcall: 0, target: 8050108 [ParserDetails.C:588] pushing 8050108 onto worklist [Parser.C:1485] recording block [805001e,805001e) [Parser.C] parsing block 805001e [Parser.C:1274] curAddr 0x805001e: mov EAX, [EBX + 534] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050024: mov [ESP + 8], 7b [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x805002c: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050030: lea EAX, EBX + ffffa6c8 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050036: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050039: call 397f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 397f + EIP + 5 to 0x8050039...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805001e,805003e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050039->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050039->805003e resolveable_edge: 1, tailcall: 0, target: 805003e [ParserDetails.C:588] pushing 805003e onto worklist [Parser.C] binding call 8050039->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 805003e exists [Parser.C] skipping locally parsed target at 805003e [Parser.C:1485] recording block [805005a,805005a) [Parser.C] parsing block 805005a [Parser.C:1274] curAddr 0x805005a: fld ST0, [EBX + 898] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050060: fld ST0, [EBX + ffffa860] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050066: fstp [ESP + c], ST0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x805006a: fstp [ESP + 4], ST0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x805006e: lea EAX, EBX + ffffa704 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050074: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050077: call 3941 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3941 + EIP + 5 to 0x8050077...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805005a,805007c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050077->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050077->805007c resolveable_edge: 1, tailcall: 0, target: 805007c [ParserDetails.C:588] pushing 805007c onto worklist [Parser.C] binding call 8050077->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 805007c exists [Parser.C] skipping locally parsed target at 805007c [Parser.C:1485] recording block [8050086,8050086) [Parser.C] parsing block 8050086 [Parser.C:1274] curAddr 0x8050086: mov EAX, [EBP + ffffffffffffffec] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050089: mov [ESP + 8], 11f [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050091: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050095: lea EAX, EBX + ffffa740 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x805009b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x805009e: call 391a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 391a + EIP + 5 to 0x805009e...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050086,80500a3) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805009e->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805009e->80500a3 resolveable_edge: 1, tailcall: 0, target: 80500a3 [ParserDetails.C:588] pushing 80500a3 onto worklist [Parser.C] binding call 805009e->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 80500a3 exists [Parser.C] skipping locally parsed target at 80500a3 [Parser.C:1485] recording block [80500bc,80500bc) [Parser.C] parsing block 80500bc [Parser.C:1274] curAddr 0x80500bc: fld ST0, [EBP + ffffffffffffffe0] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500bf: fld ST0, [EBX + ffffa868] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500c5: fstp [ESP + c], ST0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500c9: fstp [ESP + 4], ST0 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500cd: lea EAX, EBX + ffffa770 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500d3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500d6: call 38e2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 38e2 + EIP + 5 to 0x80500d6...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80500bc,80500db) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80500d6->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80500d6->80500db resolveable_edge: 1, tailcall: 0, target: 80500db [ParserDetails.C:588] pushing 80500db onto worklist [Parser.C] binding call 80500d6->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 80500db exists [Parser.C] skipping locally parsed target at 80500db [Parser.C:1485] recording block [80500e4,80500e4) [Parser.C] parsing block 80500e4 [Parser.C:1274] curAddr 0x80500e4: mov [ESP + 8], 40e73cd3 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500ec: mov EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500ef: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500f3: lea EAX, EBX + ffffa7a4 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500f9: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called [Parser.C:1274] curAddr 0x80500fc: call 38bc + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_20_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 38bc + EIP + 5 to 0x80500fc...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80500e4,8050101) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80500fc->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80500fc->8050101 resolveable_edge: 1, tailcall: 0, target: 8050101 [ParserDetails.C:588] pushing 8050101 onto worklist [Parser.C] binding call 80500fc->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 8050101 exists [Parser.C] skipping locally parsed target at 8050101 [Parser.C] address 8050108 splits [8050101,8050111) (0x1d55bc0) [Parser.C:1485] recording block [8050108,8050111) [Parser.C] skipping locally parsed target at 8050108 [Parser.C] frame 804ff50 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_20_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8050a88) [Parser.C:180] entered parse_at([804ccd0,80549c4),8050a88) [Parser.C:1485] recording block [8050a88,8050a88) [Parser.C] ==== starting to parse frame 8050a88 ==== [Parser.C] parsing block 8050a88 [Parser.C:1274] curAddr 0x8050a88: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_22_call2 hasCFT called [Parser.C:1274] curAddr 0x8050a89: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_22_call2 hasCFT called [Parser.C:1274] curAddr 0x8050a8b: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_22_call2 hasCFT called [Parser.C:1274] curAddr 0x8050a8e: add EAX, 219288 [Parser.C:1280] leaf 1 funcname test1_22_call2 hasCFT called [Parser.C:1274] curAddr 0x8050a93: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_22_call2 hasCFT called [Parser.C:1274] curAddr 0x8050a94: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_22_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050a88,8050a95) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8050a94 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8050a94...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8050a88 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_22_call2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804f357) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f357) [Parser.C:1485] recording block [804f357,804f357) [Parser.C] ==== starting to parse frame 804f357 ==== [Parser.C] parsing block 804f357 [Parser.C:1274] curAddr 0x804f357: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_call1 hasCFT called [Parser.C:1274] curAddr 0x804f358: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_call1 hasCFT called [Parser.C:1274] curAddr 0x804f35a: call ffffe826 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_11_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe826 + EIP + 5 to 0x804f35a...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x804f35f: add ECX, cca1 [Parser.C:1280] leaf 1 funcname test1_11_call1 hasCFT called [Parser.C:1274] curAddr 0x804f365: mov EAX, [ECX + 82c] [Parser.C:1280] leaf 1 funcname test1_11_call1 hasCFT called [Parser.C:1274] curAddr 0x804f36b: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_11_call1 hasCFT called [Parser.C:1274] curAddr 0x804f36d: jnz a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_11_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f357,804f36f) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz a + EIP + 2 to 0x804f36d...SUCCESS (CFT=0x804f379) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f36d->804f379 resolveable_edge: 1, tailcall: 0, target: 804f379 [ParserDetails.C:588] pushing 804f379 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f36d->804f36f resolveable_edge: 1, tailcall: 0, target: 804f36f [ParserDetails.C:588] pushing 804f36f onto worklist [Parser.C:1485] recording block [804f379,804f379) [Parser.C] parsing block 804f379 [Parser.C:1274] curAddr 0x804f379: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_call1 hasCFT called [Parser.C:1274] curAddr 0x804f37a: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_11_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f379,804f37b) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f37a Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f37a...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804f36f,804f36f) [Parser.C] parsing block 804f36f [Parser.C:1274] curAddr 0x804f36f: mov [ECX + 830], 1 [Parser.C:1280] leaf 1 funcname test1_11_call1 hasCFT called [Parser.C] straight-line parse into block at 804f379 [Parser.C:1485] recording block [804f36f,804f379) [Parser.C] block 804f379 exists [Parser.C] frame 804f357 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_11_call1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80543a5) [Parser.C:180] entered parse_at([804ccd0,80549c4),80543a5) function at 80543a5 already parsed, status 3 [Parser.C:224] entered parse_at(804dd3c) [Parser.C:180] entered parse_at([804ccd0,80549c4),804dd3c) [Parser.C:1485] recording block [804dd3c,804dd3c) [Parser.C] ==== starting to parse frame 804dd3c ==== [Parser.C] parsing block 804dd3c [Parser.C:1274] curAddr 0x804dd3c: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd3d: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd3f: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd40: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd43: call ffffefb8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffefb8 + EIP + 5 to 0x804dd43...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804dd48: add EBX, e2b8 [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd4e: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd54: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd56: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd58: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dd3c,804dd5a) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804dd58...SUCCESS (CFT=0x804dd68) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804dd58->804dd68 resolveable_edge: 1, tailcall: 0, target: 804dd68 [ParserDetails.C:588] pushing 804dd68 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804dd58->804dd5a resolveable_edge: 1, tailcall: 0, target: 804dd5a [ParserDetails.C:588] pushing 804dd5a onto worklist [Parser.C:1485] recording block [804dd68,804dd68) [Parser.C] parsing block 804dd68 [Parser.C:1274] curAddr 0x804dd68: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd6b: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd6c: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd6d: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dd68,804dd6e) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804dd6d Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804dd6d...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804dd5a,804dd5a) [Parser.C] parsing block 804dd5a [Parser.C:1274] curAddr 0x804dd5a: lea EAX, EBX + ffff9028 [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd60: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd63: call ffffedb8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_func2_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffedb8 + EIP + 5 to 0x804dd63...SUCCESS (CFT=0x804cb20) [Parser.C:1485] recording block [804dd5a,804dd68) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dd63->804cb20 resolveable_edge: 1, tailcall: 0, target: 804cb20 [ParserDetails.C:588] pushing 804cb20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dd63->804dd68 resolveable_edge: 1, tailcall: 0, target: 804dd68 [ParserDetails.C:588] pushing 804dd68 onto worklist [Parser.C] binding call 804dd63->804cb20 [Parser.C] block 804cb20 exists Checking non-returning for puts [Parser.C] block 804dd68 exists [Parser.C] skipping locally parsed target at 804dd68 [Parser.C] frame 804dd3c complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_2_func2_1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804f3a0) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f3a0) [Parser.C:1485] recording block [804f3a0,804f3a0) [Parser.C] ==== starting to parse frame 804f3a0 ==== [Parser.C] parsing block 804f3a0 [Parser.C:1274] curAddr 0x804f3a0: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_call3 hasCFT called [Parser.C:1274] curAddr 0x804f3a1: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_call3 hasCFT called [Parser.C:1274] curAddr 0x804f3a3: call ffffe7dd + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_11_call3 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe7dd + EIP + 5 to 0x804f3a3...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x804f3a8: add ECX, cc58 [Parser.C:1280] leaf 1 funcname test1_11_call3 hasCFT called [Parser.C:1274] curAddr 0x804f3ae: mov EAX, [ECX + 82c] [Parser.C:1280] leaf 1 funcname test1_11_call3 hasCFT called [Parser.C:1274] curAddr 0x804f3b4: cmp EAX, 2 [Parser.C:1280] leaf 1 funcname test1_11_call3 hasCFT called [Parser.C:1274] curAddr 0x804f3b7: jnz a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_11_call3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f3a0,804f3b9) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz a + EIP + 2 to 0x804f3b7...SUCCESS (CFT=0x804f3c3) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f3b7->804f3c3 resolveable_edge: 1, tailcall: 0, target: 804f3c3 [ParserDetails.C:588] pushing 804f3c3 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f3b7->804f3b9 resolveable_edge: 1, tailcall: 0, target: 804f3b9 [ParserDetails.C:588] pushing 804f3b9 onto worklist [Parser.C:1485] recording block [804f3c3,804f3c3) [Parser.C] parsing block 804f3c3 [Parser.C:1274] curAddr 0x804f3c3: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_call3 hasCFT called [Parser.C:1274] curAddr 0x804f3c4: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_11_call3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f3c3,804f3c5) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f3c4 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f3c4...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804f3b9,804f3b9) [Parser.C] parsing block 804f3b9 [Parser.C:1274] curAddr 0x804f3b9: mov [ECX + 838], 1 [Parser.C:1280] leaf 1 funcname test1_11_call3 hasCFT called [Parser.C] straight-line parse into block at 804f3c3 [Parser.C:1485] recording block [804f3b9,804f3c3) [Parser.C] block 804f3c3 exists [Parser.C] frame 804f3a0 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_11_call3 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804ee68) [Parser.C:180] entered parse_at([804ccd0,80549c4),804ee68) [Parser.C:1485] recording block [804ee68,804ee68) [Parser.C] ==== starting to parse frame 804ee68 ==== [Parser.C] parsing block 804ee68 [Parser.C:1274] curAddr 0x804ee68: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ee69: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ee6b: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ee6c: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ee6f: call ffffde8c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffde8c + EIP + 5 to 0x804ee6f...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804ee74: add EBX, d18c [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ee7a: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ee7d: mov EDX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ee80: lea ECX, EDX + EAX * 1 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ee83: mov EAX, [EBP + 14] [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ee86: mov EDX, [EBP + 10] [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ee89: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ee8b: lea EDX, ECX + EAX * 1 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ee8e: mov EAX, [EBP + 18] [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ee91: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ee93: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ee96: cmp [EBP + fffffffffffffff4], 1d1 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ee9d: jz 9f + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ee68,804eea3) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 9f + EIP + 6 to 0x804ee9d...SUCCESS (CFT=0x804ef42) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ee9d->804ef42 resolveable_edge: 1, tailcall: 0, target: 804ef42 [ParserDetails.C:588] pushing 804ef42 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ee9d->804eea3 resolveable_edge: 1, tailcall: 0, target: 804eea3 [ParserDetails.C:588] pushing 804eea3 onto worklist [Parser.C:1485] recording block [804ef42,804ef42) [Parser.C] parsing block 804ef42 [Parser.C:1274] curAddr 0x804ef42: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef48: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef4a: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef4c: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ef42,804ef4e) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804ef4c...SUCCESS (CFT=0x804ef5c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ef4c->804ef5c resolveable_edge: 1, tailcall: 0, target: 804ef5c [ParserDetails.C:588] pushing 804ef5c onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ef4c->804ef4e resolveable_edge: 1, tailcall: 0, target: 804ef4e [ParserDetails.C:588] pushing 804ef4e onto worklist [Parser.C:1485] recording block [804ef5c,804ef5c) [Parser.C] parsing block 804ef5c [Parser.C:1274] curAddr 0x804ef5c: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef5f: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef62: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef63: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef64: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ef5c,804ef65) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804ef64 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804ef64...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804eea3,804eea3) [Parser.C] parsing block 804eea3 [Parser.C:1274] curAddr 0x804eea3: lea EAX, EBX + ffff9a00 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eea9: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eeac: call 4b0c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4b0c + EIP + 5 to 0x804eeac...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804eea3,804eeb1) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804eeac->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804eeac->804eeb1 resolveable_edge: 1, tailcall: 0, target: 804eeb1 [ParserDetails.C:588] pushing 804eeb1 onto worklist [Parser.C] binding call 804eeac->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804eeb1,804eeb1) [Parser.C] parsing block 804eeb1 [Parser.C:1274] curAddr 0x804eeb1: cmp [EBP + 8], 5b [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eeb5: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804eeb1,804eeb7) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804eeb5...SUCCESS (CFT=0x804eecc) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804eeb5->804eecc resolveable_edge: 1, tailcall: 0, target: 804eecc [ParserDetails.C:588] pushing 804eecc onto worklist ParserDetails.C[80]: adding conditional not taken edge 804eeb5->804eeb7 resolveable_edge: 1, tailcall: 0, target: 804eeb7 [ParserDetails.C:588] pushing 804eeb7 onto worklist [Parser.C:1485] recording block [804eecc,804eecc) [Parser.C] parsing block 804eecc [Parser.C:1274] curAddr 0x804eecc: cmp [EBP + c], 5c [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eed0: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804eecc,804eed2) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804eed0...SUCCESS (CFT=0x804eee7) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804eed0->804eee7 resolveable_edge: 1, tailcall: 0, target: 804eee7 [ParserDetails.C:588] pushing 804eee7 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804eed0->804eed2 resolveable_edge: 1, tailcall: 0, target: 804eed2 [ParserDetails.C:588] pushing 804eed2 onto worklist [Parser.C:1485] recording block [804eee7,804eee7) [Parser.C] parsing block 804eee7 [Parser.C:1274] curAddr 0x804eee7: cmp [EBP + 10], 5d [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eeeb: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804eee7,804eeed) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804eeeb...SUCCESS (CFT=0x804ef02) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804eeeb->804ef02 resolveable_edge: 1, tailcall: 0, target: 804ef02 [ParserDetails.C:588] pushing 804ef02 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804eeeb->804eeed resolveable_edge: 1, tailcall: 0, target: 804eeed [ParserDetails.C:588] pushing 804eeed onto worklist [Parser.C:1485] recording block [804ef02,804ef02) [Parser.C] parsing block 804ef02 [Parser.C:1274] curAddr 0x804ef02: cmp [EBP + 14], 5e [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef06: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ef02,804ef08) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804ef06...SUCCESS (CFT=0x804ef1d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ef06->804ef1d resolveable_edge: 1, tailcall: 0, target: 804ef1d [ParserDetails.C:588] pushing 804ef1d onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ef06->804ef08 resolveable_edge: 1, tailcall: 0, target: 804ef08 [ParserDetails.C:588] pushing 804ef08 onto worklist [Parser.C:1485] recording block [804ef1d,804ef1d) [Parser.C] parsing block 804ef1d [Parser.C:1274] curAddr 0x804ef1d: cmp [EBP + 18], 5f [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef21: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ef1d,804ef23) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804ef21...SUCCESS (CFT=0x804ef38) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ef21->804ef38 resolveable_edge: 1, tailcall: 0, target: 804ef38 [ParserDetails.C:588] pushing 804ef38 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ef21->804ef23 resolveable_edge: 1, tailcall: 0, target: 804ef23 [ParserDetails.C:588] pushing 804ef23 onto worklist [Parser.C:1485] recording block [804ef38,804ef38) [Parser.C] parsing block 804ef38 [Parser.C:1274] curAddr 0x804ef38: mov [EBX + 80c], 1 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C] straight-line parse into block at 804ef42 [Parser.C:1485] recording block [804ef38,804ef42) [Parser.C] block 804ef42 exists [Parser.C:1485] recording block [804eeb7,804eeb7) [Parser.C] parsing block 804eeb7 [Parser.C:1274] curAddr 0x804eeb7: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eeba: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eebe: lea EAX, EBX + ffff9a3c [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eec4: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eec7: call 4af1 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4af1 + EIP + 5 to 0x804eec7...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804eeb7,804eecc) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804eec7->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804eec7->804eecc resolveable_edge: 1, tailcall: 0, target: 804eecc [ParserDetails.C:588] pushing 804eecc onto worklist [Parser.C] binding call 804eec7->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804eecc exists [Parser.C] skipping locally parsed target at 804eecc [Parser.C:1485] recording block [804eed2,804eed2) [Parser.C] parsing block 804eed2 [Parser.C:1274] curAddr 0x804eed2: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eed5: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eed9: lea EAX, EBX + ffff9a68 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eedf: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eee2: call 4ad6 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4ad6 + EIP + 5 to 0x804eee2...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804eed2,804eee7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804eee2->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804eee2->804eee7 resolveable_edge: 1, tailcall: 0, target: 804eee7 [ParserDetails.C:588] pushing 804eee7 onto worklist [Parser.C] binding call 804eee2->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804eee7 exists [Parser.C] skipping locally parsed target at 804eee7 [Parser.C:1485] recording block [804eeed,804eeed) [Parser.C] parsing block 804eeed [Parser.C:1274] curAddr 0x804eeed: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eef0: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eef4: lea EAX, EBX + ffff9a94 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eefa: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804eefd: call 4abb + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4abb + EIP + 5 to 0x804eefd...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804eeed,804ef02) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804eefd->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804eefd->804ef02 resolveable_edge: 1, tailcall: 0, target: 804ef02 [ParserDetails.C:588] pushing 804ef02 onto worklist [Parser.C] binding call 804eefd->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804ef02 exists [Parser.C] skipping locally parsed target at 804ef02 [Parser.C:1485] recording block [804ef08,804ef08) [Parser.C] parsing block 804ef08 [Parser.C:1274] curAddr 0x804ef08: mov EAX, [EBP + 14] [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef0b: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef0f: lea EAX, EBX + ffff9ac0 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef15: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef18: call 4aa0 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4aa0 + EIP + 5 to 0x804ef18...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ef08,804ef1d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ef18->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ef18->804ef1d resolveable_edge: 1, tailcall: 0, target: 804ef1d [ParserDetails.C:588] pushing 804ef1d onto worklist [Parser.C] binding call 804ef18->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804ef1d exists [Parser.C] skipping locally parsed target at 804ef1d [Parser.C:1485] recording block [804ef23,804ef23) [Parser.C] parsing block 804ef23 [Parser.C:1274] curAddr 0x804ef23: mov EAX, [EBP + 18] [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef26: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef2a: lea EAX, EBX + ffff9aec [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef30: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef33: call 4a85 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4a85 + EIP + 5 to 0x804ef33...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ef23,804ef38) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ef33->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ef33->804ef38 resolveable_edge: 1, tailcall: 0, target: 804ef38 [ParserDetails.C:588] pushing 804ef38 onto worklist [Parser.C] binding call 804ef33->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804ef38 exists [Parser.C] skipping locally parsed target at 804ef38 [Parser.C:1485] recording block [804ef4e,804ef4e) [Parser.C] parsing block 804ef4e [Parser.C:1274] curAddr 0x804ef4e: lea EAX, EBX + ffff9b18 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef54: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called [Parser.C:1274] curAddr 0x804ef57: call ffffdbc4 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffdbc4 + EIP + 5 to 0x804ef57...SUCCESS (CFT=0x804cb20) [Parser.C:1485] recording block [804ef4e,804ef5c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ef57->804cb20 resolveable_edge: 1, tailcall: 0, target: 804cb20 [ParserDetails.C:588] pushing 804cb20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ef57->804ef5c resolveable_edge: 1, tailcall: 0, target: 804ef5c [ParserDetails.C:588] pushing 804ef5c onto worklist [Parser.C] binding call 804ef57->804cb20 [Parser.C] block 804cb20 exists Checking non-returning for puts [Parser.C] block 804ef5c exists [Parser.C] skipping locally parsed target at 804ef5c [Parser.C] frame 804ee68 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_9_call1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804e1eb) [Parser.C:180] entered parse_at([804ccd0,80549c4),804e1eb) [Parser.C:1485] recording block [804e1eb,804e1eb) [Parser.C] ==== starting to parse frame 804e1eb ==== [Parser.C] parsing block 804e1eb [Parser.C:1274] curAddr 0x804e1eb: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called [Parser.C:1274] curAddr 0x804e1ec: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called [Parser.C:1274] curAddr 0x804e1ee: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called [Parser.C:1274] curAddr 0x804e1ef: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called [Parser.C:1274] curAddr 0x804e1f2: call ffffeb09 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffeb09 + EIP + 5 to 0x804e1f2...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804e1f7: add EBX, de09 [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called [Parser.C:1274] curAddr 0x804e1fd: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called [Parser.C:1274] curAddr 0x804e203: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called [Parser.C:1274] curAddr 0x804e205: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called [Parser.C:1274] curAddr 0x804e207: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e1eb,804e209) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804e207...SUCCESS (CFT=0x804e217) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e207->804e217 resolveable_edge: 1, tailcall: 0, target: 804e217 [ParserDetails.C:588] pushing 804e217 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e207->804e209 resolveable_edge: 1, tailcall: 0, target: 804e209 [ParserDetails.C:588] pushing 804e209 onto worklist [Parser.C:1485] recording block [804e217,804e217) [Parser.C] parsing block 804e217 [Parser.C:1274] curAddr 0x804e217: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called [Parser.C:1274] curAddr 0x804e21a: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called [Parser.C:1274] curAddr 0x804e21b: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called [Parser.C:1274] curAddr 0x804e21c: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e217,804e21d) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804e21c Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804e21c...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804e209,804e209) [Parser.C] parsing block 804e209 [Parser.C:1274] curAddr 0x804e209: lea EAX, EBX + ffff9371 [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called [Parser.C:1274] curAddr 0x804e20f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called [Parser.C:1274] curAddr 0x804e212: call ffffe909 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_5_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe909 + EIP + 5 to 0x804e212...SUCCESS (CFT=0x804cb20) [Parser.C:1485] recording block [804e209,804e217) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e212->804cb20 resolveable_edge: 1, tailcall: 0, target: 804cb20 [ParserDetails.C:588] pushing 804cb20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e212->804e217 resolveable_edge: 1, tailcall: 0, target: 804e217 [ParserDetails.C:588] pushing 804e217 onto worklist [Parser.C] binding call 804e212->804cb20 [Parser.C] block 804cb20 exists Checking non-returning for puts [Parser.C] block 804e217 exists [Parser.C] skipping locally parsed target at 804e217 [Parser.C] frame 804e1eb complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_5_func2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8053771) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053771) function at 8053771 already parsed, status 3 [Parser.C:224] entered parse_at(8053e53) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053e53) [Parser.C:1485] recording block [8053e53,8053e53) [Parser.C] ==== starting to parse frame 8053e53 ==== [Parser.C] parsing block 8053e53 [Parser.C:1274] curAddr 0x8053e53: push EBP, ESP [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053e54: mov EBP, ESP [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053e56: push EBX, ESP [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053e57: sub ESP, 24 [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053e5a: call ffff8ea1 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8ea1 + EIP + 5 to 0x8053e5a...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053e5f: add EBX, 81a1 [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053e65: lea EAX, EBP + 10 [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053e68: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053e6b: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053e6e: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053e72: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053e75: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053e79: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053e7c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053e7f: call 6 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call 6 + EIP + 5 to 0x8053e7f...SUCCESS (CFT=0x8053e8a) [Parser.C:1485] recording block [8053e53,8053e84) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053e7f->8053e8a resolveable_edge: 1, tailcall: 0, target: 8053e8a [ParserDetails.C:588] pushing 8053e8a onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053e7f->8053e84 resolveable_edge: 1, tailcall: 0, target: 8053e84 [ParserDetails.C:588] pushing 8053e84 onto worklist [Parser.C] binding call 8053e7f->8053e8a [Parser.C:1485] recording block [8053e8a,8053e8a) [suspend frame 8053e53] [Parser.C] frame 8053e53 blocked at 8053e7f call target 8053e8a [Parser.C] block 8053e8a exists [Parser.C] ==== starting to parse frame 8053e8a ==== [Parser.C] parsing block 8053e8a [Parser.C:1274] curAddr 0x8053e8a: push EBP, ESP [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053e8b: mov EBP, ESP [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053e8d: push EBX, ESP [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053e8e: sub ESP, 34 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053e91: call ffff8e6a + EIP + 5 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8e6a + EIP + 5 to 0x8053e91...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053e96: add EBX, 816a [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053e9c: mov EAX, [EBX + 9fc] [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053ea2: test EAX, EAX [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053ea4: jnz 1d + EIP + 2 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053e8a,8053ea6) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1d + EIP + 2 to 0x8053ea4...SUCCESS (CFT=0x8053ec3) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053ea4->8053ec3 resolveable_edge: 1, tailcall: 0, target: 8053ec3 [ParserDetails.C:588] pushing 8053ec3 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053ea4->8053ea6 resolveable_edge: 1, tailcall: 0, target: 8053ea6 [ParserDetails.C:588] pushing 8053ea6 onto worklist [Parser.C:1485] recording block [8053ec3,8053ec3) [Parser.C] parsing block 8053ec3 [Parser.C:1274] curAddr 0x8053ec3: mov EAX, [EBX + 9fc] [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053ec9: lea EDX, EBX + ffffbfbc [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053ecf: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053ed3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053ed6: call ffff8ce5 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8ce5 + EIP + 5 to 0x8053ed6...SUCCESS (CFT=0x804cbc0) [Parser.C:1485] recording block [8053ec3,8053edb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053ed6->804cbc0 resolveable_edge: 1, tailcall: 0, target: 804cbc0 [ParserDetails.C:588] pushing 804cbc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053ed6->8053edb resolveable_edge: 1, tailcall: 0, target: 8053edb [ParserDetails.C:588] pushing 8053edb onto worklist [Parser.C] binding call 8053ed6->804cbc0 [Parser.C] block 804cbc0 exists Checking non-returning for fopen [Parser.C:1485] recording block [8053edb,8053edb) [Parser.C] parsing block 8053edb [Parser.C:1274] curAddr 0x8053edb: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053ede: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053ee2: jnz 4a + EIP + 2 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053edb,8053ee4) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 4a + EIP + 2 to 0x8053ee2...SUCCESS (CFT=0x8053f2e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053ee2->8053f2e resolveable_edge: 1, tailcall: 0, target: 8053f2e [ParserDetails.C:588] pushing 8053f2e onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053ee2->8053ee4 resolveable_edge: 1, tailcall: 0, target: 8053ee4 [ParserDetails.C:588] pushing 8053ee4 onto worklist [Parser.C:1485] recording block [8053f2e,8053f2e) [Parser.C] parsing block 8053f2e [Parser.C:1274] curAddr 0x8053f2e: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f31: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f35: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f38: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f3c: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f3f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f42: call ffff8ce9 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8ce9 + EIP + 5 to 0x8053f42...SUCCESS (CFT=0x804cc30) [Parser.C:1485] recording block [8053f2e,8053f47) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053f42->804cc30 resolveable_edge: 1, tailcall: 0, target: 804cc30 [ParserDetails.C:588] pushing 804cc30 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053f42->8053f47 resolveable_edge: 1, tailcall: 0, target: 8053f47 [ParserDetails.C:588] pushing 8053f47 onto worklist [Parser.C] binding call 8053f42->804cc30 [Parser.C] block 804cc30 exists Checking non-returning for vfprintf [Parser.C:1485] recording block [8053f47,8053f47) [Parser.C] parsing block 8053f47 [Parser.C:1274] curAddr 0x8053f47: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f4a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f4d: call ffff8b4e + EIP + 5 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8b4e + EIP + 5 to 0x8053f4d...SUCCESS (CFT=0x804caa0) [Parser.C:1485] recording block [8053f47,8053f52) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053f4d->804caa0 resolveable_edge: 1, tailcall: 0, target: 804caa0 [ParserDetails.C:588] pushing 804caa0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053f4d->8053f52 resolveable_edge: 1, tailcall: 0, target: 8053f52 [ParserDetails.C:588] pushing 8053f52 onto worklist [Parser.C] binding call 8053f4d->804caa0 [Parser.C] block 804caa0 exists Checking non-returning for fclose [Parser.C:1485] recording block [8053f52,8053f52) [Parser.C] parsing block 8053f52 [Parser.C:1274] curAddr 0x8053f52: add ESP, 34 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f55: pop EBX, ESP [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f56: pop EBP, ESP [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f57: ret near [ESP] [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053f52,8053f58) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053f57 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053f57...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8053ea6,8053ea6) [Parser.C] parsing block 8053ea6 [Parser.C:1274] curAddr 0x8053ea6: mov EAX, [EBX + 788] [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053eac: lea EDX, EBX + ffffbfbc [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053eb2: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053eb6: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053eb9: call ffff8d02 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8d02 + EIP + 5 to 0x8053eb9...SUCCESS (CFT=0x804cbc0) [Parser.C:1485] recording block [8053ea6,8053ebe) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053eb9->804cbc0 resolveable_edge: 1, tailcall: 0, target: 804cbc0 [ParserDetails.C:588] pushing 804cbc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053eb9->8053ebe resolveable_edge: 1, tailcall: 0, target: 8053ebe [ParserDetails.C:588] pushing 8053ebe onto worklist [Parser.C] binding call 8053eb9->804cbc0 [Parser.C] block 804cbc0 exists Checking non-returning for fopen [Parser.C:1485] recording block [8053ebe,8053ebe) [Parser.C] parsing block 8053ebe [Parser.C:1274] curAddr 0x8053ebe: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053ec1: jmp 1b + EIP + 2 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 1b + EIP + 2 to 0x8053ec1...SUCCESS (CFT=0x8053ede) [Parser.C:1485] recording block [8053ebe,8053ec3) Getting edges Checking for Tail Call jump to 0x8053ede is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8053ec1->8053ede resolveable_edge: 1, tailcall: 0, target: 8053ede [ParserDetails.C:588] pushing 8053ede onto worklist [Parser.C:1485] recording block [8053ee4,8053ee4) [Parser.C] parsing block 8053ee4 [Parser.C:1274] curAddr 0x8053ee4: mov EAX, [EBX + 9fc] [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053eea: test EAX, EAX [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053eec: jz 8 + EIP + 2 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053ee4,8053eee) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 8 + EIP + 2 to 0x8053eec...SUCCESS (CFT=0x8053ef6) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053eec->8053ef6 resolveable_edge: 1, tailcall: 0, target: 8053ef6 [ParserDetails.C:588] pushing 8053ef6 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053eec->8053eee resolveable_edge: 1, tailcall: 0, target: 8053eee [ParserDetails.C:588] pushing 8053eee onto worklist [Parser.C:1485] recording block [8053ef6,8053ef6) [Parser.C] parsing block 8053ef6 [Parser.C:1274] curAddr 0x8053ef6: mov EAX, [EBX + 788] [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053efc: mov EDX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f02: mov EDX, [EDX] [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f04: mov [ESP + 10], EAX [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f08: mov [ESP + c], 1a5 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f10: lea EAX, EBX + ffffbedc [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f16: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f1a: lea EAX, EBX + ffffc0d8 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f20: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f24: mov [ESP], EDX [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053f27: call ffff8c64 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8c64 + EIP + 5 to 0x8053f27...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [8053ef6,8053f2c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053f27->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053f27->8053f2c resolveable_edge: 1, tailcall: 0, target: 8053f2c [ParserDetails.C:588] pushing 8053f2c onto worklist [Parser.C] binding call 8053f27->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C:1485] recording block [8053f2c,8053f2c) [Parser.C] parsing block 8053f2c [Parser.C:1274] curAddr 0x8053f2c: jmp 24 + EIP + 2 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 24 + EIP + 2 to 0x8053f2c...SUCCESS (CFT=0x8053f52) [Parser.C:1485] recording block [8053f2c,8053f2e) Getting edges Checking for Tail Call jump to 0x8053f52 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8053f2c->8053f52 resolveable_edge: 1, tailcall: 0, target: 8053f52 [ParserDetails.C:588] pushing 8053f52 onto worklist [Parser.C:1485] recording block [8053eee,8053eee) [Parser.C] parsing block 8053eee [Parser.C:1274] curAddr 0x8053eee: mov EAX, [EBX + 9fc] [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called [Parser.C:1274] curAddr 0x8053ef4: jmp 6 + EIP + 2 [Parser.C:1280] leaf 1 funcname dbOutputVLog hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 6 + EIP + 2 to 0x8053ef4...SUCCESS (CFT=0x8053efc) [Parser.C:1485] recording block [8053eee,8053ef6) Getting edges Checking for Tail Call jump to 0x8053efc is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8053ef4->8053efc resolveable_edge: 1, tailcall: 0, target: 8053efc [ParserDetails.C:588] pushing 8053efc onto worklist [Parser.C] address 8053ede splits [8053edb,8053ee4) (0x1d5d270) [Parser.C:1485] recording block [8053ede,8053ee4) [Parser.C] skipping locally parsed target at 8053ede [Parser.C] address 8053efc splits [8053ef6,8053f2c) (0x1d5df20) [Parser.C:1485] recording block [8053efc,8053f2c) [Parser.C] skipping locally parsed target at 8053efc [Parser.C] block 8053f52 exists [Parser.C] skipping locally parsed target at 8053f52 [Parser.C] frame 8053e8a complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] dbOutputVLog return status 3, no waiters [Parser.C] ==== resuming parse of frame 8053e53 ==== Checking non-returning for dbOutputVLog Checking non-returning for dbOutputVLog [Parser.C:1485] recording block [8053e84,8053e84) [Parser.C] parsing block 8053e84 [Parser.C:1274] curAddr 0x8053e84: add ESP, 24 [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053e87: pop EBX, ESP [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053e88: pop EBP, ESP [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053e89: ret near [ESP] [Parser.C:1280] leaf 1 funcname dbOutputLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053e84,8053e8a) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053e89 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053e89...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8053e53 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] dbOutputLog return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052e6c) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052e6c) [Parser.C:1485] recording block [8052e6c,8052e6c) [Parser.C] ==== starting to parse frame 8052e6c ==== [Parser.C] parsing block 8052e6c [Parser.C:1274] curAddr 0x8052e6c: push EBP, ESP [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e6d: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e6f: push EBX, ESP [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e70: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e73: call ffff9e88 + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9e88 + EIP + 5 to 0x8052e73...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052e78: add EBX, 9188 [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e7e: lea EAX, EBX + 9d0 [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e84: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e86: test EAX, EAX [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e88: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052e6c,8052e8a) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x8052e88...SUCCESS (CFT=0x8052e9f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052e88->8052e9f resolveable_edge: 1, tailcall: 0, target: 8052e9f [ParserDetails.C:588] pushing 8052e9f onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052e88->8052e8a resolveable_edge: 1, tailcall: 0, target: 8052e8a [ParserDetails.C:588] pushing 8052e8a onto worklist [Parser.C:1485] recording block [8052e9f,8052e9f) [Parser.C] parsing block 8052e9f [Parser.C:1274] curAddr 0x8052e9f: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ea4: add ESP, 14 [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ea7: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ea8: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ea9: ret near [ESP] [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052e9f,8052eaa) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052ea9 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052ea9...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8052e8a,8052e8a) [Parser.C] parsing block 8052e8a [Parser.C:1274] curAddr 0x8052e8a: mov EAX, [EBX + 758] [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e90: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e93: call 150d + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 150d + EIP + 5 to 0x8052e93...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8052e8a,8052e98) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052e93->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052e93->8052e98 resolveable_edge: 1, tailcall: 0, target: 8052e98 [ParserDetails.C:588] pushing 8052e98 onto worklist [Parser.C] binding call 8052e93->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8052e98,8052e98) [Parser.C] parsing block 8052e98 [Parser.C:1274] curAddr 0x8052e98: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e9d: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test2_13_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x8052e9d...SUCCESS (CFT=0x8052ea4) [Parser.C:1485] recording block [8052e98,8052e9f) Getting edges Checking for Tail Call jump to 0x8052ea4 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8052e9d->8052ea4 resolveable_edge: 1, tailcall: 0, target: 8052ea4 [ParserDetails.C:588] pushing 8052ea4 onto worklist [Parser.C] address 8052ea4 splits [8052e9f,8052eaa) (0x1d5d0e0) [Parser.C:1485] recording block [8052ea4,8052eaa) [Parser.C] skipping locally parsed target at 8052ea4 [Parser.C] frame 8052e6c complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test2_13_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80540bf) [Parser.C:180] entered parse_at([804ccd0,80549c4),80540bf) [Parser.C:1485] recording block [80540bf,80540bf) [Parser.C] ==== starting to parse frame 80540bf ==== [Parser.C] parsing block 80540bf [Parser.C:1274] curAddr 0x80540bf: push EBP, ESP [Parser.C:1280] leaf 1 funcname setUseAttach hasCFT called [Parser.C:1274] curAddr 0x80540c0: mov EBP, ESP [Parser.C:1280] leaf 1 funcname setUseAttach hasCFT called [Parser.C:1274] curAddr 0x80540c2: call ffff9abe + EIP + 5 [Parser.C:1280] leaf 1 funcname setUseAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9abe + EIP + 5 to 0x80540c2...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x80540c7: add ECX, 7f39 [Parser.C:1280] leaf 1 funcname setUseAttach hasCFT called [Parser.C:1274] curAddr 0x80540cd: cmp [EBP + 8], 0 [Parser.C:1280] leaf 1 funcname setUseAttach hasCFT called [Parser.C:1274] curAddr 0x80540d1: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname setUseAttach hasCFT called branch or return, ret true [Parser.C:1485] recording block [80540bf,80540d3) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x80540d1...SUCCESS (CFT=0x80540e1) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80540d1->80540e1 resolveable_edge: 1, tailcall: 0, target: 80540e1 [ParserDetails.C:588] pushing 80540e1 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80540d1->80540d3 resolveable_edge: 1, tailcall: 0, target: 80540d3 [ParserDetails.C:588] pushing 80540d3 onto worklist [Parser.C:1485] recording block [80540e1,80540e1) [Parser.C] parsing block 80540e1 [Parser.C:1274] curAddr 0x80540e1: lea EAX, ECX + 9f0 [Parser.C:1280] leaf 1 funcname setUseAttach hasCFT called [Parser.C:1274] curAddr 0x80540e7: mov [EAX], 0 [Parser.C:1280] leaf 1 funcname setUseAttach hasCFT called [Parser.C:1274] curAddr 0x80540ed: pop EBP, ESP [Parser.C:1280] leaf 1 funcname setUseAttach hasCFT called [Parser.C:1274] curAddr 0x80540ee: ret near [ESP] [Parser.C:1280] leaf 1 funcname setUseAttach hasCFT called branch or return, ret true [Parser.C:1485] recording block [80540e1,80540ef) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80540ee Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80540ee...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [80540d3,80540d3) [Parser.C] parsing block 80540d3 [Parser.C:1274] curAddr 0x80540d3: lea EAX, ECX + 9f0 [Parser.C:1280] leaf 1 funcname setUseAttach hasCFT called [Parser.C:1274] curAddr 0x80540d9: mov [EAX], 1 [Parser.C:1280] leaf 1 funcname setUseAttach hasCFT called [Parser.C:1274] curAddr 0x80540df: jmp c + EIP + 2 [Parser.C:1280] leaf 1 funcname setUseAttach hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp c + EIP + 2 to 0x80540df...SUCCESS (CFT=0x80540ed) [Parser.C:1485] recording block [80540d3,80540e1) Getting edges Checking for Tail Call jump to 0x80540ed is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 80540df->80540ed resolveable_edge: 1, tailcall: 0, target: 80540ed [ParserDetails.C:588] pushing 80540ed onto worklist [Parser.C] address 80540ed splits [80540e1,80540ef) (0x1d5e670) [Parser.C:1485] recording block [80540ed,80540ef) [Parser.C] skipping locally parsed target at 80540ed [Parser.C] frame 80540bf complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] setUseAttach return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(805216c) [Parser.C:180] entered parse_at([804ccd0,80549c4),805216c) [Parser.C:1485] recording block [805216c,805216c) [Parser.C] ==== starting to parse frame 805216c ==== [Parser.C] parsing block 805216c [Parser.C:1274] curAddr 0x805216c: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x805216d: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x805216f: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052170: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052173: call ffffab88 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffab88 + EIP + 5 to 0x8052173...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052178: add EBX, 9e88 [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x805217e: lea EAX, EBX + 6f0 [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052184: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052186: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052189: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x805218d: jz 23 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [805216c,805218f) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 23 + EIP + 2 to 0x805218d...SUCCESS (CFT=0x80521b2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805218d->80521b2 resolveable_edge: 1, tailcall: 0, target: 80521b2 [ParserDetails.C:588] pushing 80521b2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805218d->805218f resolveable_edge: 1, tailcall: 0, target: 805218f [ParserDetails.C:588] pushing 805218f onto worklist [Parser.C:1485] recording block [80521b2,80521b2) [Parser.C] parsing block 80521b2 [Parser.C:1274] curAddr 0x80521b2: lea EAX, EBX + ffffb6d8 [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x80521b8: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x80521bb: call 17fd + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 17fd + EIP + 5 to 0x80521bb...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80521b2,80521c0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80521bb->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80521bb->80521c0 resolveable_edge: 1, tailcall: 0, target: 80521c0 [ParserDetails.C:588] pushing 80521c0 onto worklist [Parser.C] binding call 80521bb->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80521c0,80521c0) [Parser.C] parsing block 80521c0 [Parser.C:1274] curAddr 0x80521c0: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x80521c5: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x80521c8: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x80521c9: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x80521ca: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80521c0,80521cb) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80521ca Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80521ca...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [805218f,805218f) [Parser.C] parsing block 805218f [Parser.C:1274] curAddr 0x805218f: lea EAX, EBX + ffffb6b0 [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052195: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052198: call 1820 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1820 + EIP + 5 to 0x8052198...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805218f,805219d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052198->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052198->805219d resolveable_edge: 1, tailcall: 0, target: 805219d [ParserDetails.C:588] pushing 805219d onto worklist [Parser.C] binding call 8052198->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [805219d,805219d) [Parser.C] parsing block 805219d [Parser.C:1274] curAddr 0x805219d: mov EAX, [EBX + 6f4] [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x80521a3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x80521a6: call 21fa + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 21fa + EIP + 5 to 0x80521a6...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [805219d,80521ab) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80521a6->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80521a6->80521ab resolveable_edge: 1, tailcall: 0, target: 80521ab [ParserDetails.C:588] pushing 80521ab onto worklist [Parser.C] binding call 80521a6->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [80521ab,80521ab) [Parser.C] parsing block 80521ab [Parser.C:1274] curAddr 0x80521ab: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called [Parser.C:1274] curAddr 0x80521b0: jmp 13 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_33_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 13 + EIP + 2 to 0x80521b0...SUCCESS (CFT=0x80521c5) [Parser.C:1485] recording block [80521ab,80521b2) Getting edges Checking for Tail Call jump to 0x80521c5 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 80521b0->80521c5 resolveable_edge: 1, tailcall: 0, target: 80521c5 [ParserDetails.C:588] pushing 80521c5 onto worklist [Parser.C] address 80521c5 splits [80521c0,80521cb) (0x1d5ea80) [Parser.C:1485] recording block [80521c5,80521cb) [Parser.C] skipping locally parsed target at 80521c5 [Parser.C] frame 805216c complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_33_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804faf0) [Parser.C:180] entered parse_at([804ccd0,80549c4),804faf0) [Parser.C:1485] recording block [804faf0,804faf0) [Parser.C] ==== starting to parse frame 804faf0 ==== [Parser.C] parsing block 804faf0 [Parser.C:1274] curAddr 0x804faf0: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804faf1: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804faf3: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804faf4: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804faf7: call ffffd204 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd204 + EIP + 5 to 0x804faf7...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804fafc: add EBX, c504 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb02: call d2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call d2 + EIP + 5 to 0x804fb02...SUCCESS (CFT=0x804fbd9) [Parser.C:1485] recording block [804faf0,804fb07) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fb02->804fbd9 resolveable_edge: 1, tailcall: 0, target: 804fbd9 [ParserDetails.C:588] pushing 804fbd9 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fb02->804fb07 resolveable_edge: 1, tailcall: 0, target: 804fb07 [ParserDetails.C:588] pushing 804fb07 onto worklist [Parser.C] binding call 804fb02->804fbd9 [Parser.C:1485] recording block [804fbd9,804fbd9) [suspend frame 804faf0] [Parser.C] frame 804faf0 blocked at 804fb02 call target 804fbd9 [Parser.C] block 804fbd9 exists [Parser.C] ==== starting to parse frame 804fbd9 ==== [Parser.C] parsing block 804fbd9 [Parser.C:1274] curAddr 0x804fbd9: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_17_func2 hasCFT called [Parser.C:1274] curAddr 0x804fbda: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_17_func2 hasCFT called [Parser.C:1274] curAddr 0x804fbdc: mov EAX, 19f104 [Parser.C:1280] leaf 1 funcname test1_17_func2 hasCFT called [Parser.C:1274] curAddr 0x804fbe1: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_17_func2 hasCFT called [Parser.C:1274] curAddr 0x804fbe2: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_17_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fbd9,804fbe3) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804fbe2 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804fbe2...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 804fbd9 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_17_func2 return status 3, no waiters [Parser.C] ==== resuming parse of frame 804faf0 ==== Checking non-returning for test1_17_func2 Checking non-returning for test1_17_func2 [Parser.C:1485] recording block [804fb07,804fb07) [Parser.C] parsing block 804fb07 [Parser.C:1274] curAddr 0x804fb07: mov [EBP + fffffffffffffff0], EAX [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb0a: call d4 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call d4 + EIP + 5 to 0x804fb0a...SUCCESS (CFT=0x804fbe3) [Parser.C:1485] recording block [804fb07,804fb0f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fb0a->804fbe3 resolveable_edge: 1, tailcall: 0, target: 804fbe3 [ParserDetails.C:588] pushing 804fbe3 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fb0a->804fb0f resolveable_edge: 1, tailcall: 0, target: 804fb0f [ParserDetails.C:588] pushing 804fb0f onto worklist [Parser.C] binding call 804fb0a->804fbe3 [Parser.C] block 804fbe3 exists Checking non-returning for func17_3 [Parser.C:1485] recording block [804fb0f,804fb0f) [Parser.C] parsing block 804fb0f [Parser.C:1274] curAddr 0x804fb0f: cmp [EBP + fffffffffffffff0], 19f104 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb16: jnz 1e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fb0f,804fb18) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1e + EIP + 2 to 0x804fb16...SUCCESS (CFT=0x804fb36) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fb16->804fb36 resolveable_edge: 1, tailcall: 0, target: 804fb36 [ParserDetails.C:588] pushing 804fb36 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fb16->804fb18 resolveable_edge: 1, tailcall: 0, target: 804fb18 [ParserDetails.C:588] pushing 804fb18 onto worklist [Parser.C:1485] recording block [804fb36,804fb36) [Parser.C] parsing block 804fb36 [Parser.C:1274] curAddr 0x804fb36: lea EAX, EBX + ffffa310 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb3c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb3f: call 3e79 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3e79 + EIP + 5 to 0x804fb3f...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804fb36,804fb44) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fb3f->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fb3f->804fb44 resolveable_edge: 1, tailcall: 0, target: 804fb44 [ParserDetails.C:588] pushing 804fb44 onto worklist [Parser.C] binding call 804fb3f->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804fb44,804fb44) [Parser.C] parsing block 804fb44 [Parser.C:1274] curAddr 0x804fb44: cmp [EBP + fffffffffffffff0], 19f104 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb4b: jz 1d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fb44,804fb4d) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1d + EIP + 2 to 0x804fb4b...SUCCESS (CFT=0x804fb6a) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fb4b->804fb6a resolveable_edge: 1, tailcall: 0, target: 804fb6a [ParserDetails.C:588] pushing 804fb6a onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fb4b->804fb4d resolveable_edge: 1, tailcall: 0, target: 804fb4d [ParserDetails.C:588] pushing 804fb4d onto worklist [Parser.C:1485] recording block [804fb6a,804fb6a) [Parser.C] parsing block 804fb6a [Parser.C:1274] curAddr 0x804fb6a: mov EAX, [EBX + 880] [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb70: cmp EAX, 19f168 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb75: jz 20 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fb6a,804fb77) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 20 + EIP + 2 to 0x804fb75...SUCCESS (CFT=0x804fb97) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fb75->804fb97 resolveable_edge: 1, tailcall: 0, target: 804fb97 [ParserDetails.C:588] pushing 804fb97 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fb75->804fb77 resolveable_edge: 1, tailcall: 0, target: 804fb77 [ParserDetails.C:588] pushing 804fb77 onto worklist [Parser.C:1485] recording block [804fb97,804fb97) [Parser.C] parsing block 804fb97 [Parser.C:1274] curAddr 0x804fb97: mov EAX, [EBX + 884] [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb9d: cmp EAX, 19f488 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fba2: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fb97,804fba4) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804fba2...SUCCESS (CFT=0x804fbb2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fba2->804fbb2 resolveable_edge: 1, tailcall: 0, target: 804fbb2 [ParserDetails.C:588] pushing 804fbb2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fba2->804fba4 resolveable_edge: 1, tailcall: 0, target: 804fba4 [ParserDetails.C:588] pushing 804fba4 onto worklist [Parser.C:1485] recording block [804fbb2,804fbb2) [Parser.C] parsing block 804fbb2 [Parser.C:1274] curAddr 0x804fbb2: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fbb9: jmp 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 15 + EIP + 2 to 0x804fbb9...SUCCESS (CFT=0x804fbd0) [Parser.C:1485] recording block [804fbb2,804fbbb) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 804fbb9->804fbd0 resolveable_edge: 1, tailcall: 0, target: 804fbd0 [ParserDetails.C:588] pushing 804fbd0 onto worklist [Parser.C:1485] recording block [804fb18,804fb18) [Parser.C] parsing block 804fb18 [Parser.C:1274] curAddr 0x804fb18: mov EAX, [EBX + 880] [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb1e: cmp EAX, 19f168 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb23: jnz 11 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fb18,804fb25) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 11 + EIP + 2 to 0x804fb23...SUCCESS (CFT=0x804fb36) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804fb36 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804fb23->804fb36 resolveable_edge: 1, tailcall: 0, target: 804fb36 [ParserDetails.C:588] pushing 804fb36 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fb23->804fb25 resolveable_edge: 1, tailcall: 0, target: 804fb25 [ParserDetails.C:588] pushing 804fb25 onto worklist [Parser.C] block 804fb36 exists [Parser.C] skipping locally parsed target at 804fb36 [Parser.C:1485] recording block [804fb25,804fb25) [Parser.C] parsing block 804fb25 [Parser.C:1274] curAddr 0x804fb25: mov EAX, [EBX + 884] [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb2b: cmp EAX, 19f488 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb30: jz 85 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fb25,804fb36) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 85 + EIP + 6 to 0x804fb30...SUCCESS (CFT=0x804fbbb) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fb30->804fbbb resolveable_edge: 1, tailcall: 0, target: 804fbbb [ParserDetails.C:588] pushing 804fbbb onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fb30->804fb36 resolveable_edge: 1, tailcall: 0, target: 804fb36 [ParserDetails.C:588] pushing 804fb36 onto worklist [Parser.C:1485] recording block [804fbbb,804fbbb) [Parser.C] parsing block 804fbbb [Parser.C:1274] curAddr 0x804fbbb: lea EAX, EBX + ffffa398 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fbc1: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fbc4: call 3df4 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3df4 + EIP + 5 to 0x804fbc4...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804fbbb,804fbc9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fbc4->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fbc4->804fbc9 resolveable_edge: 1, tailcall: 0, target: 804fbc9 [ParserDetails.C:588] pushing 804fbc9 onto worklist [Parser.C] binding call 804fbc4->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804fbc9,804fbc9) [Parser.C] parsing block 804fbc9 [Parser.C:1274] curAddr 0x804fbc9: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fbd0: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fbd3: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fbd6: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fbd7: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fbd8: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fbc9,804fbd9) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804fbd8 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804fbd8...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] block 804fb36 exists [Parser.C] skipping locally parsed target at 804fb36 [Parser.C:1485] recording block [804fb4d,804fb4d) [Parser.C] parsing block 804fb4d [Parser.C:1274] curAddr 0x804fb4d: mov [ESP + 8], 19f104 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb55: mov EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb58: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb5c: lea EAX, EBX + ffffa34c [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb62: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb65: call 3e53 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3e53 + EIP + 5 to 0x804fb65...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804fb4d,804fb6a) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fb65->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fb65->804fb6a resolveable_edge: 1, tailcall: 0, target: 804fb6a [ParserDetails.C:588] pushing 804fb6a onto worklist [Parser.C] binding call 804fb65->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804fb6a exists [Parser.C] skipping locally parsed target at 804fb6a [Parser.C:1485] recording block [804fb77,804fb77) [Parser.C] parsing block 804fb77 [Parser.C:1274] curAddr 0x804fb77: mov EAX, [EBX + 880] [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb7d: mov [ESP + 8], 19f168 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb85: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb89: lea EAX, EBX + ffffa34c [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb8f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fb92: call 3e26 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3e26 + EIP + 5 to 0x804fb92...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804fb77,804fb97) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fb92->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fb92->804fb97 resolveable_edge: 1, tailcall: 0, target: 804fb97 [ParserDetails.C:588] pushing 804fb97 onto worklist [Parser.C] binding call 804fb92->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804fb97 exists [Parser.C] skipping locally parsed target at 804fb97 [Parser.C:1485] recording block [804fba4,804fba4) [Parser.C] parsing block 804fba4 [Parser.C:1274] curAddr 0x804fba4: lea EAX, EBX + ffffa36c [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fbaa: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called [Parser.C:1274] curAddr 0x804fbad: call 3e0b + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3e0b + EIP + 5 to 0x804fbad...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804fba4,804fbb2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fbad->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fbad->804fbb2 resolveable_edge: 1, tailcall: 0, target: 804fbb2 [ParserDetails.C:588] pushing 804fbb2 onto worklist [Parser.C] binding call 804fbad->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804fbb2 exists [Parser.C] skipping locally parsed target at 804fbb2 [Parser.C] address 804fbd0 splits [804fbc9,804fbd9) (0x1d625f0) [Parser.C:1485] recording block [804fbd0,804fbd9) [Parser.C] skipping locally parsed target at 804fbd0 [Parser.C] frame 804faf0 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_17_func1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804cdd0) [Parser.C:180] entered parse_at([804ccd0,80549c4),804cdd0) [Parser.C:1485] recording block [804cdd0,804cdd0) [Parser.C] ==== starting to parse frame 804cdd0 ==== [Parser.C] parsing block 804cdd0 [Parser.C:1274] curAddr 0x804cdd0: push EBP, ESP [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804cdd1: mov EBP, ESP [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804cdd3: push EBX, ESP [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804cdd4: sub ESP, 34 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804cdd7: call ffffff24 + EIP + 5 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffff24 + EIP + 5 to 0x804cdd7...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804cddc: add EBX, f224 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804cde2: cmp [EBP + 8], 0 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804cde6: jnz 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cdd0,804cde8) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 5 + EIP + 2 to 0x804cde6...SUCCESS (CFT=0x804cded) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804cde6->804cded resolveable_edge: 1, tailcall: 0, target: 804cded [ParserDetails.C:588] pushing 804cded onto worklist ParserDetails.C[80]: adding conditional not taken edge 804cde6->804cde8 resolveable_edge: 1, tailcall: 0, target: 804cde8 [ParserDetails.C:588] pushing 804cde8 onto worklist [Parser.C:1485] recording block [804cded,804cded) [Parser.C] parsing block 804cded [Parser.C:1274] curAddr 0x804cded: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804cdf4: jmp 39 + EIP + 2 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 39 + EIP + 2 to 0x804cdf4...SUCCESS (CFT=0x804ce2f) [Parser.C:1485] recording block [804cded,804cdf6) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 804cdf4->804ce2f resolveable_edge: 1, tailcall: 0, target: 804ce2f [ParserDetails.C:588] pushing 804ce2f onto worklist [Parser.C:1485] recording block [804cde8,804cde8) [Parser.C] parsing block 804cde8 [Parser.C:1274] curAddr 0x804cde8: jmp 9a + EIP + 5 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 9a + EIP + 5 to 0x804cde8...SUCCESS (CFT=0x804ce87) [Parser.C:1485] recording block [804cde8,804cded) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 804cde8->804ce87 resolveable_edge: 1, tailcall: 0, target: 804ce87 [ParserDetails.C:588] pushing 804ce87 onto worklist [Parser.C:1485] recording block [804ce2f,804ce2f) [Parser.C] parsing block 804ce2f [Parser.C:1274] curAddr 0x804ce2f: lea EAX, EBX + cc [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce35: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce37: cmp [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce3a: jl ffffffffffffffba + EIP + 2 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ce2f,804ce3c) Getting edges IA_IAPI.C[847]: binding PC EIP in jl ffffffffffffffba + EIP + 2 to 0x804ce3a...SUCCESS (CFT=0x804cdf6) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ce3a->804cdf6 resolveable_edge: 1, tailcall: 0, target: 804cdf6 [ParserDetails.C:588] pushing 804cdf6 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ce3a->804ce3c resolveable_edge: 1, tailcall: 0, target: 804ce3c [ParserDetails.C:588] pushing 804ce3c onto worklist [Parser.C:1485] recording block [804cdf6,804cdf6) [Parser.C] parsing block 804cdf6 [Parser.C:1274] curAddr 0x804cdf6: lea EAX, EBX + e0 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804cdfc: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804cdff: shl/sal EDX, 4 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce02: add EAX, EDX [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce04: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce06: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce0a: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce0d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce10: call fffffc2b + EIP + 5 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffc2b + EIP + 5 to 0x804ce10...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804cdf6,804ce15) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ce10->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ce10->804ce15 resolveable_edge: 1, tailcall: 0, target: 804ce15 [ParserDetails.C:588] pushing 804ce15 onto worklist [Parser.C] binding call 804ce10->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804ce15,804ce15) [Parser.C] parsing block 804ce15 [Parser.C:1274] curAddr 0x804ce15: test EAX, EAX [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce17: jnz 12 + EIP + 2 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ce15,804ce19) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 12 + EIP + 2 to 0x804ce17...SUCCESS (CFT=0x804ce2b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ce17->804ce2b resolveable_edge: 1, tailcall: 0, target: 804ce2b [ParserDetails.C:588] pushing 804ce2b onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ce17->804ce19 resolveable_edge: 1, tailcall: 0, target: 804ce19 [ParserDetails.C:588] pushing 804ce19 onto worklist [Parser.C:1485] recording block [804ce2b,804ce2b) [Parser.C] parsing block 804ce2b [Parser.C:1274] curAddr 0x804ce2b: add [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C] straight-line parse into block at 804ce2f [Parser.C:1485] recording block [804ce2b,804ce2f) [Parser.C] block 804ce2f exists [Parser.C:1485] recording block [804ce19,804ce19) [Parser.C] parsing block 804ce19 [Parser.C:1274] curAddr 0x804ce19: lea EAX, EBX + a20 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce1f: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce22: mov [EAX + EDX * 4], 1 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce29: jmp 11 + EIP + 2 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 11 + EIP + 2 to 0x804ce29...SUCCESS (CFT=0x804ce3c) [Parser.C:1485] recording block [804ce19,804ce2b) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 804ce29->804ce3c resolveable_edge: 1, tailcall: 0, target: 804ce3c [ParserDetails.C:588] pushing 804ce3c onto worklist [Parser.C:1485] recording block [804ce3c,804ce3c) [Parser.C] parsing block 804ce3c [Parser.C:1274] curAddr 0x804ce3c: lea EAX, EBX + cc [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce42: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce44: cmp [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce47: jl 3e + EIP + 2 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ce3c,804ce49) Getting edges IA_IAPI.C[847]: binding PC EIP in jl 3e + EIP + 2 to 0x804ce47...SUCCESS (CFT=0x804ce87) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ce47->804ce87 resolveable_edge: 1, tailcall: 0, target: 804ce87 [ParserDetails.C:588] pushing 804ce87 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ce47->804ce49 resolveable_edge: 1, tailcall: 0, target: 804ce49 [ParserDetails.C:588] pushing 804ce49 onto worklist [Parser.C:1485] recording block [804ce87,804ce87) [Parser.C] parsing block 804ce87 [Parser.C:1274] curAddr 0x804ce87: add ESP, 34 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce8a: pop EBX, ESP [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce8b: pop EBP, ESP [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce8c: ret near [ESP] [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ce87,804ce8d) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804ce8c Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804ce8c...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804ce49,804ce49) [Parser.C] parsing block 804ce49 [Parser.C:1274] curAddr 0x804ce49: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce4f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce51: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce53: lea EDX, EBX + cc [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce59: mov ECX, [EDX] [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce5b: lea EDX, EBX + a10 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce61: mov EDX, [EDX] [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce63: mov EDX, [EDX] [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce65: mov [ESP + 10], ECX [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce69: mov [ESP + c], EDX [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce6d: mov EDX, [EBP + 8] [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce70: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce74: lea EDX, EBX + ffff89e8 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce7a: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce7e: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called [Parser.C:1274] curAddr 0x804ce85: call EAX [Parser.C:1280] leaf 1 funcname setRunTest hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x804ce85...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804ce49,804ce87) Getting edges Returned 2 edges ... Call 0x804ce85 is indirect ... Call 0x804ce85 is indirect ... Call 0x804ce85 is indirect 2 edges: ParserDetails.C[64]: adding call edge 804ce85->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804ce85->804ce87 resolveable_edge: 1, tailcall: 0, target: 804ce87 [ParserDetails.C:588] pushing 804ce87 onto worklist [Parser.C] block 804ce87 exists [Parser.C] skipping locally parsed target at 804ce87 [Parser.C] block 804ce3c exists [Parser.C] skipping locally parsed target at 804ce3c [Parser.C] block 804ce87 exists [Parser.C] skipping locally parsed target at 804ce87 [Parser.C] frame 804cdd0 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] setRunTest return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804df16) [Parser.C:180] entered parse_at([804ccd0,80549c4),804df16) [Parser.C:1485] recording block [804df16,804df16) [Parser.C] ==== starting to parse frame 804df16 ==== [Parser.C] parsing block 804df16 [Parser.C:1274] curAddr 0x804df16: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df17: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df19: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df1a: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df1d: call ffffedde + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffedde + EIP + 5 to 0x804df1d...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804df22: add EBX, e0de [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df28: mov [EBX + 7e4], 1 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df32: cmp [EBP + 8], 1f [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df36: jnz 20 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804df16,804df38) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 20 + EIP + 2 to 0x804df36...SUCCESS (CFT=0x804df58) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804df36->804df58 resolveable_edge: 1, tailcall: 0, target: 804df58 [ParserDetails.C:588] pushing 804df58 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804df36->804df38 resolveable_edge: 1, tailcall: 0, target: 804df38 [ParserDetails.C:588] pushing 804df38 onto worklist [Parser.C:1485] recording block [804df58,804df58) [Parser.C] parsing block 804df58 [Parser.C:1274] curAddr 0x804df58: lea EAX, EBX + ffff9194 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df5e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df61: call 5a57 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5a57 + EIP + 5 to 0x804df61...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804df58,804df66) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804df61->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804df61->804df66 resolveable_edge: 1, tailcall: 0, target: 804df66 [ParserDetails.C:588] pushing 804df66 onto worklist [Parser.C] binding call 804df61->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804df66,804df66) [Parser.C] parsing block 804df66 [Parser.C:1274] curAddr 0x804df66: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df69: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df6d: lea EAX, EBX + ffff91c9 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df73: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df76: call 5a42 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5a42 + EIP + 5 to 0x804df76...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804df66,804df7b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804df76->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804df76->804df7b resolveable_edge: 1, tailcall: 0, target: 804df7b [ParserDetails.C:588] pushing 804df7b onto worklist [Parser.C] binding call 804df76->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804df7b,804df7b) [Parser.C] parsing block 804df7b [Parser.C:1274] curAddr 0x804df7b: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df7e: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df82: lea EAX, EBX + ffff91e6 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df88: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df8b: call 5a2d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5a2d + EIP + 5 to 0x804df8b...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804df7b,804df90) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804df8b->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804df8b->804df90 resolveable_edge: 1, tailcall: 0, target: 804df90 [ParserDetails.C:588] pushing 804df90 onto worklist [Parser.C] binding call 804df8b->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804df90,804df90) [Parser.C] parsing block 804df90 [Parser.C:1274] curAddr 0x804df90: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df93: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df94: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df95: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804df90,804df96) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804df95 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804df95...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804df38,804df38) [Parser.C] parsing block 804df38 [Parser.C:1274] curAddr 0x804df38: cmp [EBP + c], 20 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df3c: jnz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804df38,804df3e) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1a + EIP + 2 to 0x804df3c...SUCCESS (CFT=0x804df58) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804df58 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804df3c->804df58 resolveable_edge: 1, tailcall: 0, target: 804df58 [ParserDetails.C:588] pushing 804df58 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804df3c->804df3e resolveable_edge: 1, tailcall: 0, target: 804df3e [ParserDetails.C:588] pushing 804df3e onto worklist [Parser.C] block 804df58 exists [Parser.C] skipping locally parsed target at 804df58 [Parser.C:1485] recording block [804df3e,804df3e) [Parser.C] parsing block 804df3e [Parser.C:1274] curAddr 0x804df3e: lea EAX, EBX + ffff9160 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df44: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df47: call 5a71 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5a71 + EIP + 5 to 0x804df47...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804df3e,804df4c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804df47->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804df47->804df4c resolveable_edge: 1, tailcall: 0, target: 804df4c [ParserDetails.C:588] pushing 804df4c onto worklist [Parser.C] binding call 804df47->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804df4c,804df4c) [Parser.C] parsing block 804df4c [Parser.C:1274] curAddr 0x804df4c: mov [EBX + 7e0], 1 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called [Parser.C:1274] curAddr 0x804df56: jmp 38 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_3_call3_1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 38 + EIP + 2 to 0x804df56...SUCCESS (CFT=0x804df90) [Parser.C:1485] recording block [804df4c,804df58) Getting edges Checking for Tail Call jump to 0x804df90 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804df56->804df90 resolveable_edge: 1, tailcall: 0, target: 804df90 [ParserDetails.C:588] pushing 804df90 onto worklist [Parser.C] block 804df90 exists [Parser.C] skipping locally parsed target at 804df90 [Parser.C] frame 804df16 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_3_call3_1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8051f53) [Parser.C:180] entered parse_at([804ccd0,80549c4),8051f53) [Parser.C:1485] recording block [8051f53,8051f53) [Parser.C] ==== starting to parse frame 8051f53 ==== [Parser.C] parsing block 8051f53 [Parser.C:1274] curAddr 0x8051f53: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called [Parser.C:1274] curAddr 0x8051f54: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called [Parser.C:1274] curAddr 0x8051f56: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called [Parser.C:1274] curAddr 0x8051f57: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called [Parser.C:1274] curAddr 0x8051f5a: call ffffada1 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffada1 + EIP + 5 to 0x8051f5a...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8051f5f: add EBX, a0a1 [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called [Parser.C:1274] curAddr 0x8051f65: cmp [EBP + 8], 0 [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called [Parser.C:1274] curAddr 0x8051f69: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051f53,8051f6b) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x8051f69...SUCCESS (CFT=0x8051f79) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051f69->8051f79 resolveable_edge: 1, tailcall: 0, target: 8051f79 [ParserDetails.C:588] pushing 8051f79 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051f69->8051f6b resolveable_edge: 1, tailcall: 0, target: 8051f6b [ParserDetails.C:588] pushing 8051f6b onto worklist [Parser.C:1485] recording block [8051f79,8051f79) [Parser.C] parsing block 8051f79 [Parser.C:1274] curAddr 0x8051f79: mov EDX, [EBX + 940] [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called [Parser.C:1274] curAddr 0x8051f7f: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called [Parser.C:1274] curAddr 0x8051f82: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called [Parser.C:1274] curAddr 0x8051f84: mov [EBX + 940], EAX [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called [Parser.C:1274] curAddr 0x8051f8a: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called [Parser.C:1274] curAddr 0x8051f8d: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called [Parser.C:1274] curAddr 0x8051f8e: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called [Parser.C:1274] curAddr 0x8051f8f: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051f79,8051f90) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8051f8f Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8051f8f...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8051f6b,8051f6b) [Parser.C] parsing block 8051f6b [Parser.C:1274] curAddr 0x8051f6b: lea EAX, EBX + ffffb4a0 [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called [Parser.C:1274] curAddr 0x8051f71: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called [Parser.C:1274] curAddr 0x8051f74: call 1a44 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_func4 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1a44 + EIP + 5 to 0x8051f74...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051f6b,8051f79) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051f74->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051f74->8051f79 resolveable_edge: 1, tailcall: 0, target: 8051f79 [ParserDetails.C:588] pushing 8051f79 onto worklist [Parser.C] binding call 8051f74->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 8051f79 exists [Parser.C] skipping locally parsed target at 8051f79 [Parser.C] frame 8051f53 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_31_func4 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8051f1f) [Parser.C:180] entered parse_at([804ccd0,80549c4),8051f1f) [Parser.C:1485] recording block [8051f1f,8051f1f) [Parser.C] ==== starting to parse frame 8051f1f ==== [Parser.C] parsing block 8051f1f [Parser.C:1274] curAddr 0x8051f1f: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_31_func2 hasCFT called [Parser.C:1274] curAddr 0x8051f20: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_31_func2 hasCFT called [Parser.C:1274] curAddr 0x8051f22: call ffffbc5e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffbc5e + EIP + 5 to 0x8051f22...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8051f27: add ECX, a0d9 [Parser.C:1280] leaf 1 funcname test1_31_func2 hasCFT called [Parser.C:1274] curAddr 0x8051f2d: mov [ECX + 938], 1 [Parser.C:1280] leaf 1 funcname test1_31_func2 hasCFT called [Parser.C:1274] curAddr 0x8051f37: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_31_func2 hasCFT called [Parser.C:1274] curAddr 0x8051f38: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_31_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051f1f,8051f39) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8051f38 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8051f38...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8051f1f complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_31_func2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804f50c) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f50c) [Parser.C:1485] recording block [804f50c,804f50c) [Parser.C] ==== starting to parse frame 804f50c ==== [Parser.C] parsing block 804f50c [Parser.C:1274] curAddr 0x804f50c: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_func2 hasCFT called [Parser.C:1274] curAddr 0x804f50d: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_func2 hasCFT called [Parser.C:1274] curAddr 0x804f50f: mov EAX, 13d684 [Parser.C:1280] leaf 1 funcname test1_13_func2 hasCFT called [Parser.C:1274] curAddr 0x804f514: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_func2 hasCFT called [Parser.C:1274] curAddr 0x804f515: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_13_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f50c,804f516) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f515 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f515...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 804f50c complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_13_func2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8050436) [Parser.C:180] entered parse_at([804ccd0,80549c4),8050436) [Parser.C:1485] recording block [8050436,8050436) [Parser.C] ==== starting to parse frame 8050436 ==== [Parser.C] parsing block 8050436 [Parser.C:1274] curAddr 0x8050436: push EBP, ESP [Parser.C:1280] leaf 1 funcname func20_3 hasCFT called [Parser.C:1274] curAddr 0x8050437: mov EBP, ESP [Parser.C:1280] leaf 1 funcname func20_3 hasCFT called [Parser.C:1274] curAddr 0x8050439: call ffffd747 + EIP + 5 [Parser.C:1280] leaf 1 funcname func20_3 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd747 + EIP + 5 to 0x8050439...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x805043e: add ECX, bbc2 [Parser.C:1280] leaf 1 funcname func20_3 hasCFT called [Parser.C:1274] curAddr 0x8050444: mov EAX, [ECX + 538] [Parser.C:1280] leaf 1 funcname func20_3 hasCFT called [Parser.C:1274] curAddr 0x805044a: lea EDX, EAX + 1 [Parser.C:1280] leaf 1 funcname func20_3 hasCFT called [Parser.C:1274] curAddr 0x805044d: mov [ECX + 538], EDX [Parser.C:1280] leaf 1 funcname func20_3 hasCFT called [Parser.C:1274] curAddr 0x8050453: pop EBP, ESP [Parser.C:1280] leaf 1 funcname func20_3 hasCFT called [Parser.C:1274] curAddr 0x8050454: ret near [ESP] [Parser.C:1280] leaf 1 funcname func20_3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050436,8050455) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8050454 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8050454...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8050436 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] func20_3 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8051db8) [Parser.C:180] entered parse_at([804ccd0,80549c4),8051db8) [Parser.C:1485] recording block [8051db8,8051db8) [Parser.C] ==== starting to parse frame 8051db8 ==== [Parser.C] parsing block 8051db8 [Parser.C:1274] curAddr 0x8051db8: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051db9: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051dbb: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051dbc: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051dbf: call ffffaf3c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffaf3c + EIP + 5 to 0x8051dbf...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8051dc4: add EBX, a23c [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051dca: mov [EBX + 934], 0 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051dd4: mov [EBX + 938], 0 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051dde: mov [EBX + 93c], 0 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051de8: mov [EBX + 940], 0 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051df2: call 128 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 128 + EIP + 5 to 0x8051df2...SUCCESS (CFT=0x8051f1f) [Parser.C:1485] recording block [8051db8,8051df7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051df2->8051f1f resolveable_edge: 1, tailcall: 0, target: 8051f1f [ParserDetails.C:588] pushing 8051f1f onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051df2->8051df7 resolveable_edge: 1, tailcall: 0, target: 8051df7 [ParserDetails.C:588] pushing 8051df7 onto worklist [Parser.C] binding call 8051df2->8051f1f [Parser.C] block 8051f1f exists Checking non-returning for test1_31_func2 Checking non-returning for test1_31_func2 [Parser.C:1485] recording block [8051df7,8051df7) [Parser.C] parsing block 8051df7 [Parser.C:1274] curAddr 0x8051df7: mov EAX, [EBX + 93c] [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051dfd: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e00: setz AL [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e03: movzx EAX, AL [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e06: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e09: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e0d: jnz 30 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051df7,8051e0f) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 30 + EIP + 2 to 0x8051e0d...SUCCESS (CFT=0x8051e3f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051e0d->8051e3f resolveable_edge: 1, tailcall: 0, target: 8051e3f [ParserDetails.C:588] pushing 8051e3f onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051e0d->8051e0f resolveable_edge: 1, tailcall: 0, target: 8051e0f [ParserDetails.C:588] pushing 8051e0f onto worklist [Parser.C:1485] recording block [8051e3f,8051e3f) [Parser.C] parsing block 8051e3f [Parser.C:1274] curAddr 0x8051e3f: mov EAX, [EBX + 940] [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e45: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e47: setz AL [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e4a: movzx EAX, AL [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e4d: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e50: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e54: jnz 9e + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051e3f,8051e5a) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 9e + EIP + 6 to 0x8051e54...SUCCESS (CFT=0x8051ef8) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051e54->8051ef8 resolveable_edge: 1, tailcall: 0, target: 8051ef8 [ParserDetails.C:588] pushing 8051ef8 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051e54->8051e5a resolveable_edge: 1, tailcall: 0, target: 8051e5a [ParserDetails.C:588] pushing 8051e5a onto worklist [Parser.C:1485] recording block [8051ef8,8051ef8) [Parser.C] parsing block 8051ef8 [Parser.C:1274] curAddr 0x8051ef8: mov EAX, [EBX + 6e0] [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051efe: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051f01: call 249f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 249f + EIP + 5 to 0x8051f01...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8051ef8,8051f06) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051f01->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051f01->8051f06 resolveable_edge: 1, tailcall: 0, target: 8051f06 [ParserDetails.C:588] pushing 8051f06 onto worklist [Parser.C] binding call 8051f01->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8051f06,8051f06) [Parser.C] parsing block 8051f06 [Parser.C:1274] curAddr 0x8051f06: lea EAX, EBX + ffffb46c [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051f0c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051f0f: call 1aa9 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1aa9 + EIP + 5 to 0x8051f0f...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051f06,8051f14) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051f0f->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051f0f->8051f14 resolveable_edge: 1, tailcall: 0, target: 8051f14 [ParserDetails.C:588] pushing 8051f14 onto worklist [Parser.C] binding call 8051f0f->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051f14,8051f14) [Parser.C] parsing block 8051f14 [Parser.C:1274] curAddr 0x8051f14: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051f19: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051f1c: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051f1d: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051f1e: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051f14,8051f1f) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8051f1e Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8051f1e...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8051e0f,8051e0f) [Parser.C] parsing block 8051e0f [Parser.C:1274] curAddr 0x8051e0f: lea EAX, EBX + ffffb2ec [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e15: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e18: call 1ba0 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1ba0 + EIP + 5 to 0x8051e18...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051e0f,8051e1d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051e18->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051e18->8051e1d resolveable_edge: 1, tailcall: 0, target: 8051e1d [ParserDetails.C:588] pushing 8051e1d onto worklist [Parser.C] binding call 8051e18->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051e1d,8051e1d) [Parser.C] parsing block 8051e1d [Parser.C:1274] curAddr 0x8051e1d: mov EAX, [EBX + 93c] [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e23: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e27: lea EAX, EBX + ffffb324 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e2d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e30: call 1b88 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1b88 + EIP + 5 to 0x8051e30...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051e1d,8051e35) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051e30->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051e30->8051e35 resolveable_edge: 1, tailcall: 0, target: 8051e35 [ParserDetails.C:588] pushing 8051e35 onto worklist [Parser.C] binding call 8051e30->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051e35,8051e35) [Parser.C] parsing block 8051e35 [Parser.C:1274] curAddr 0x8051e35: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e3a: jmp da + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp da + EIP + 5 to 0x8051e3a...SUCCESS (CFT=0x8051f19) [Parser.C:1485] recording block [8051e35,8051e3f) Getting edges Checking for Tail Call jump to 0x8051f19 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8051e3a->8051f19 resolveable_edge: 1, tailcall: 0, target: 8051f19 [ParserDetails.C:588] pushing 8051f19 onto worklist [Parser.C:1485] recording block [8051e5a,8051e5a) [Parser.C] parsing block 8051e5a [Parser.C:1274] curAddr 0x8051e5a: lea EAX, EBX + ffffb2ec [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e60: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e63: call 1b55 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1b55 + EIP + 5 to 0x8051e63...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051e5a,8051e68) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051e63->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051e63->8051e68 resolveable_edge: 1, tailcall: 0, target: 8051e68 [ParserDetails.C:588] pushing 8051e68 onto worklist [Parser.C] binding call 8051e63->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051e68,8051e68) [Parser.C] parsing block 8051e68 [Parser.C:1274] curAddr 0x8051e68: mov EAX, [EBX + 940] [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e6e: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e72: lea EAX, EBX + ffffb374 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e78: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e7b: call 1b3d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1b3d + EIP + 5 to 0x8051e7b...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051e68,8051e80) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051e7b->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051e7b->8051e80 resolveable_edge: 1, tailcall: 0, target: 8051e80 [ParserDetails.C:588] pushing 8051e80 onto worklist [Parser.C] binding call 8051e7b->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051e80,8051e80) [Parser.C] parsing block 8051e80 [Parser.C:1274] curAddr 0x8051e80: mov EAX, [EBX + 940] [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e86: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e89: jz 27 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051e80,8051e8b) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 27 + EIP + 2 to 0x8051e89...SUCCESS (CFT=0x8051eb2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051e89->8051eb2 resolveable_edge: 1, tailcall: 0, target: 8051eb2 [ParserDetails.C:588] pushing 8051eb2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051e89->8051e8b resolveable_edge: 1, tailcall: 0, target: 8051e8b [ParserDetails.C:588] pushing 8051e8b onto worklist [Parser.C:1485] recording block [8051eb2,8051eb2) [Parser.C] parsing block 8051eb2 [Parser.C:1274] curAddr 0x8051eb2: lea EAX, EBX + ffffb3c4 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051eb8: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051ebb: call 1afd + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1afd + EIP + 5 to 0x8051ebb...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051eb2,8051ec0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051ebb->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051ebb->8051ec0 resolveable_edge: 1, tailcall: 0, target: 8051ec0 [ParserDetails.C:588] pushing 8051ec0 onto worklist [Parser.C] binding call 8051ebb->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051ec0,8051ec0) [Parser.C] parsing block 8051ec0 [Parser.C:1274] curAddr 0x8051ec0: jmp 2f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 2f + EIP + 2 to 0x8051ec0...SUCCESS (CFT=0x8051ef1) [Parser.C:1485] recording block [8051ec0,8051ec2) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8051ec0->8051ef1 resolveable_edge: 1, tailcall: 0, target: 8051ef1 [ParserDetails.C:588] pushing 8051ef1 onto worklist [Parser.C:1485] recording block [8051e8b,8051e8b) [Parser.C] parsing block 8051e8b [Parser.C:1274] curAddr 0x8051e8b: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e8e: jnle 6 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051e8b,8051e90) Getting edges IA_IAPI.C[847]: binding PC EIP in jnle 6 + EIP + 2 to 0x8051e8e...SUCCESS (CFT=0x8051e96) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051e8e->8051e96 resolveable_edge: 1, tailcall: 0, target: 8051e96 [ParserDetails.C:588] pushing 8051e96 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051e8e->8051e90 resolveable_edge: 1, tailcall: 0, target: 8051e90 [ParserDetails.C:588] pushing 8051e90 onto worklist [Parser.C:1485] recording block [8051e96,8051e96) [Parser.C] parsing block 8051e96 [Parser.C:1274] curAddr 0x8051e96: cmp EAX, 2 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e99: jz 27 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051e96,8051e9b) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 27 + EIP + 2 to 0x8051e99...SUCCESS (CFT=0x8051ec2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051e99->8051ec2 resolveable_edge: 1, tailcall: 0, target: 8051ec2 [ParserDetails.C:588] pushing 8051ec2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051e99->8051e9b resolveable_edge: 1, tailcall: 0, target: 8051e9b [ParserDetails.C:588] pushing 8051e9b onto worklist [Parser.C:1485] recording block [8051ec2,8051ec2) [Parser.C] parsing block 8051ec2 [Parser.C:1274] curAddr 0x8051ec2: lea EAX, EBX + ffffb3f4 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051ec8: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051ecb: call 1aed + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1aed + EIP + 5 to 0x8051ecb...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051ec2,8051ed0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051ecb->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051ecb->8051ed0 resolveable_edge: 1, tailcall: 0, target: 8051ed0 [ParserDetails.C:588] pushing 8051ed0 onto worklist [Parser.C] binding call 8051ecb->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051ed0,8051ed0) [Parser.C] parsing block 8051ed0 [Parser.C:1274] curAddr 0x8051ed0: jmp 1f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 1f + EIP + 2 to 0x8051ed0...SUCCESS (CFT=0x8051ef1) [Parser.C:1485] recording block [8051ed0,8051ed2) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8051ed0->8051ef1 resolveable_edge: 1, tailcall: 0, target: 8051ef1 [ParserDetails.C:588] pushing 8051ef1 onto worklist [Parser.C:1485] recording block [8051e90,8051e90) [Parser.C] parsing block 8051e90 [Parser.C:1274] curAddr 0x8051e90: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e92: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051e90,8051e94) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x8051e92...SUCCESS (CFT=0x8051ea2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051e92->8051ea2 resolveable_edge: 1, tailcall: 0, target: 8051ea2 [ParserDetails.C:588] pushing 8051ea2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051e92->8051e94 resolveable_edge: 1, tailcall: 0, target: 8051e94 [ParserDetails.C:588] pushing 8051e94 onto worklist [Parser.C:1485] recording block [8051ea2,8051ea2) [Parser.C] parsing block 8051ea2 [Parser.C:1274] curAddr 0x8051ea2: lea EAX, EBX + ffffb3a0 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051ea8: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051eab: call 1b0d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1b0d + EIP + 5 to 0x8051eab...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051ea2,8051eb0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051eab->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051eab->8051eb0 resolveable_edge: 1, tailcall: 0, target: 8051eb0 [ParserDetails.C:588] pushing 8051eb0 onto worklist [Parser.C] binding call 8051eab->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051eb0,8051eb0) [Parser.C] parsing block 8051eb0 [Parser.C:1274] curAddr 0x8051eb0: jmp 3f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 3f + EIP + 2 to 0x8051eb0...SUCCESS (CFT=0x8051ef1) [Parser.C:1485] recording block [8051eb0,8051eb2) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8051eb0->8051ef1 resolveable_edge: 1, tailcall: 0, target: 8051ef1 [ParserDetails.C:588] pushing 8051ef1 onto worklist [Parser.C:1485] recording block [8051e94,8051e94) [Parser.C] parsing block 8051e94 [Parser.C:1274] curAddr 0x8051e94: jmp 4c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 4c + EIP + 2 to 0x8051e94...SUCCESS (CFT=0x8051ee2) [Parser.C:1485] recording block [8051e94,8051e96) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8051e94->8051ee2 resolveable_edge: 1, tailcall: 0, target: 8051ee2 [ParserDetails.C:588] pushing 8051ee2 onto worklist [Parser.C:1485] recording block [8051e9b,8051e9b) [Parser.C] parsing block 8051e9b [Parser.C:1274] curAddr 0x8051e9b: cmp EAX, 3 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051e9e: jz 32 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051e9b,8051ea0) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 32 + EIP + 2 to 0x8051e9e...SUCCESS (CFT=0x8051ed2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051e9e->8051ed2 resolveable_edge: 1, tailcall: 0, target: 8051ed2 [ParserDetails.C:588] pushing 8051ed2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051e9e->8051ea0 resolveable_edge: 1, tailcall: 0, target: 8051ea0 [ParserDetails.C:588] pushing 8051ea0 onto worklist [Parser.C:1485] recording block [8051ed2,8051ed2) [Parser.C] parsing block 8051ed2 [Parser.C:1274] curAddr 0x8051ed2: lea EAX, EBX + ffffb424 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051ed8: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051edb: call 1add + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1add + EIP + 5 to 0x8051edb...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051ed2,8051ee0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051edb->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051edb->8051ee0 resolveable_edge: 1, tailcall: 0, target: 8051ee0 [ParserDetails.C:588] pushing 8051ee0 onto worklist [Parser.C] binding call 8051edb->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051ee0,8051ee0) [Parser.C] parsing block 8051ee0 [Parser.C:1274] curAddr 0x8051ee0: jmp f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp f + EIP + 2 to 0x8051ee0...SUCCESS (CFT=0x8051ef1) [Parser.C:1485] recording block [8051ee0,8051ee2) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8051ee0->8051ef1 resolveable_edge: 1, tailcall: 0, target: 8051ef1 [ParserDetails.C:588] pushing 8051ef1 onto worklist [Parser.C:1485] recording block [8051ea0,8051ea0) [Parser.C] parsing block 8051ea0 [Parser.C:1274] curAddr 0x8051ea0: jmp 40 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 40 + EIP + 2 to 0x8051ea0...SUCCESS (CFT=0x8051ee2) [Parser.C:1485] recording block [8051ea0,8051ea2) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8051ea0->8051ee2 resolveable_edge: 1, tailcall: 0, target: 8051ee2 [ParserDetails.C:588] pushing 8051ee2 onto worklist [Parser.C:1485] recording block [8051ee2,8051ee2) [Parser.C] parsing block 8051ee2 [Parser.C:1274] curAddr 0x8051ee2: lea EAX, EBX + ffffb44c [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051ee8: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051eeb: call 1acd + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1acd + EIP + 5 to 0x8051eeb...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051ee2,8051ef0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051eeb->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051eeb->8051ef0 resolveable_edge: 1, tailcall: 0, target: 8051ef0 [ParserDetails.C:588] pushing 8051ef0 onto worklist [Parser.C] binding call 8051eeb->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051ef0,8051ef0) [Parser.C] parsing block 8051ef0 [Parser.C:1274] curAddr 0x8051ef0: nop [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051ef1: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_31_mutatee [Parser.C:1485] recording block [8051ef0,8051ef1) [Parser.C:1485] recording block [8051ef1,8051ef1) [Parser.C:1295] nop-block ended at 8051ef1 [Parser.C:1298] pushing 8051ef1 onto worklist [Parser.C] block 8051ef1 exists [Parser.C] parsing block 8051ef1 [Parser.C:1274] curAddr 0x8051ef1: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051ef6: jmp 21 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_31_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 21 + EIP + 2 to 0x8051ef6...SUCCESS (CFT=0x8051f19) [Parser.C:1485] recording block [8051ef1,8051ef8) Getting edges Checking for Tail Call jump to 0x8051f19 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8051ef6->8051f19 resolveable_edge: 1, tailcall: 0, target: 8051f19 [ParserDetails.C:588] pushing 8051f19 onto worklist [Parser.C] block 8051ee2 exists [Parser.C] skipping locally parsed target at 8051ee2 [Parser.C] block 8051ef1 exists [Parser.C] skipping locally parsed target at 8051ef1 [Parser.C] block 8051ef1 exists [Parser.C] skipping locally parsed target at 8051ef1 [Parser.C] block 8051ef1 exists [Parser.C] skipping locally parsed target at 8051ef1 [Parser.C] block 8051ef1 exists [Parser.C] skipping locally parsed target at 8051ef1 [Parser.C] address 8051f19 splits [8051f14,8051f1f) (0x1d65690) [Parser.C:1485] recording block [8051f19,8051f1f) [Parser.C] skipping locally parsed target at 8051f19 [Parser.C] block 8051f19 exists [Parser.C] skipping locally parsed target at 8051f19 [Parser.C] frame 8051db8 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_31_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804dd6e) [Parser.C:180] entered parse_at([804ccd0,80549c4),804dd6e) [Parser.C:1485] recording block [804dd6e,804dd6e) [Parser.C] ==== starting to parse frame 804dd6e ==== [Parser.C] parsing block 804dd6e [Parser.C:1274] curAddr 0x804dd6e: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd6f: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd71: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd72: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd75: call ffffef86 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffef86 + EIP + 5 to 0x804dd75...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804dd7a: add EBX, e286 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd80: mov [EBP + fffffffffffffff4], 1234face [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd87: mov [EBX + 7d8], 1 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd91: cmp [EBP + 8], 1 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd95: jnz 46 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dd6e,804dd97) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 46 + EIP + 2 to 0x804dd95...SUCCESS (CFT=0x804dddd) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804dd95->804dddd resolveable_edge: 1, tailcall: 0, target: 804dddd [ParserDetails.C:588] pushing 804dddd onto worklist ParserDetails.C[80]: adding conditional not taken edge 804dd95->804dd97 resolveable_edge: 1, tailcall: 0, target: 804dd97 [ParserDetails.C:588] pushing 804dd97 onto worklist [Parser.C:1485] recording block [804dddd,804dddd) [Parser.C] parsing block 804dddd [Parser.C:1274] curAddr 0x804dddd: lea EAX, EBX + ffff9074 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804dde3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804dde6: call 5bd2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5bd2 + EIP + 5 to 0x804dde6...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804dddd,804ddeb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dde6->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dde6->804ddeb resolveable_edge: 1, tailcall: 0, target: 804ddeb [ParserDetails.C:588] pushing 804ddeb onto worklist [Parser.C] binding call 804dde6->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804ddeb,804ddeb) [Parser.C] parsing block 804ddeb [Parser.C:1274] curAddr 0x804ddeb: cmp [EBP + 8], 1 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804ddef: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ddeb,804ddf1) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804ddef...SUCCESS (CFT=0x804de06) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ddef->804de06 resolveable_edge: 1, tailcall: 0, target: 804de06 [ParserDetails.C:588] pushing 804de06 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ddef->804ddf1 resolveable_edge: 1, tailcall: 0, target: 804ddf1 [ParserDetails.C:588] pushing 804ddf1 onto worklist [Parser.C:1485] recording block [804de06,804de06) [Parser.C] parsing block 804de06 [Parser.C:1274] curAddr 0x804de06: cmp [EBP + c], 2 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de0a: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804de06,804de0c) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804de0a...SUCCESS (CFT=0x804de21) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804de0a->804de21 resolveable_edge: 1, tailcall: 0, target: 804de21 [ParserDetails.C:588] pushing 804de21 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804de0a->804de0c resolveable_edge: 1, tailcall: 0, target: 804de0c [ParserDetails.C:588] pushing 804de0c onto worklist [Parser.C:1485] recording block [804de21,804de21) [Parser.C] parsing block 804de21 [Parser.C:1274] curAddr 0x804de21: lea EAX, EBX + ffff903a [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de27: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de2b: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de2e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de31: call ffffec0a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffec0a + EIP + 5 to 0x804de31...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804de21,804de36) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804de31->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804de31->804de36 resolveable_edge: 1, tailcall: 0, target: 804de36 [ParserDetails.C:588] pushing 804de36 onto worklist [Parser.C] binding call 804de31->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804de36,804de36) [Parser.C] parsing block 804de36 [Parser.C:1274] curAddr 0x804de36: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de38: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804de36,804de3a) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804de38...SUCCESS (CFT=0x804de4f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804de38->804de4f resolveable_edge: 1, tailcall: 0, target: 804de4f [ParserDetails.C:588] pushing 804de4f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804de38->804de3a resolveable_edge: 1, tailcall: 0, target: 804de3a [ParserDetails.C:588] pushing 804de3a onto worklist [Parser.C:1485] recording block [804de4f,804de4f) [Parser.C] parsing block 804de4f [Parser.C:1274] curAddr 0x804de4f: cmp [EBP + 14], 1234face [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de56: jz 1d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804de4f,804de58) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1d + EIP + 2 to 0x804de56...SUCCESS (CFT=0x804de75) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804de56->804de75 resolveable_edge: 1, tailcall: 0, target: 804de75 [ParserDetails.C:588] pushing 804de75 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804de56->804de58 resolveable_edge: 1, tailcall: 0, target: 804de58 [ParserDetails.C:588] pushing 804de58 onto worklist [Parser.C:1485] recording block [804de75,804de75) [Parser.C] parsing block 804de75 [Parser.C:1274] curAddr 0x804de75: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de78: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de79: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de7a: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804de75,804de7b) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804de7a Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804de7a...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804dd97,804dd97) [Parser.C] parsing block 804dd97 [Parser.C:1274] curAddr 0x804dd97: cmp [EBP + c], 2 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804dd9b: jnz 40 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dd97,804dd9d) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 40 + EIP + 2 to 0x804dd9b...SUCCESS (CFT=0x804dddd) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804dddd is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804dd9b->804dddd resolveable_edge: 1, tailcall: 0, target: 804dddd [ParserDetails.C:588] pushing 804dddd onto worklist ParserDetails.C[80]: adding conditional not taken edge 804dd9b->804dd9d resolveable_edge: 1, tailcall: 0, target: 804dd9d [ParserDetails.C:588] pushing 804dd9d onto worklist [Parser.C] block 804dddd exists [Parser.C] skipping locally parsed target at 804dddd [Parser.C:1485] recording block [804dd9d,804dd9d) [Parser.C] parsing block 804dd9d [Parser.C:1274] curAddr 0x804dd9d: lea EAX, EBX + ffff903a [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804dda3: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804dda7: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804ddaa: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804ddad: call ffffec8e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffec8e + EIP + 5 to 0x804ddad...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804dd9d,804ddb2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ddad->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ddad->804ddb2 resolveable_edge: 1, tailcall: 0, target: 804ddb2 [ParserDetails.C:588] pushing 804ddb2 onto worklist [Parser.C] binding call 804ddad->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804ddb2,804ddb2) [Parser.C] parsing block 804ddb2 [Parser.C:1274] curAddr 0x804ddb2: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804ddb4: jnz 27 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ddb2,804ddb6) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 27 + EIP + 2 to 0x804ddb4...SUCCESS (CFT=0x804dddd) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804dddd is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804ddb4->804dddd resolveable_edge: 1, tailcall: 0, target: 804dddd [ParserDetails.C:588] pushing 804dddd onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ddb4->804ddb6 resolveable_edge: 1, tailcall: 0, target: 804ddb6 [ParserDetails.C:588] pushing 804ddb6 onto worklist [Parser.C] block 804dddd exists [Parser.C] skipping locally parsed target at 804dddd [Parser.C:1485] recording block [804ddb6,804ddb6) [Parser.C] parsing block 804ddb6 [Parser.C:1274] curAddr 0x804ddb6: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804ddb9: cmp EAX, [EBP + 14] [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804ddbc: jnz 1f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ddb6,804ddbe) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1f + EIP + 2 to 0x804ddbc...SUCCESS (CFT=0x804dddd) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804dddd is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804ddbc->804dddd resolveable_edge: 1, tailcall: 0, target: 804dddd [ParserDetails.C:588] pushing 804dddd onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ddbc->804ddbe resolveable_edge: 1, tailcall: 0, target: 804ddbe [ParserDetails.C:588] pushing 804ddbe onto worklist [Parser.C] block 804dddd exists [Parser.C] skipping locally parsed target at 804dddd [Parser.C:1485] recording block [804ddbe,804ddbe) [Parser.C] parsing block 804ddbe [Parser.C:1274] curAddr 0x804ddbe: lea EAX, EBX + ffff9048 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804ddc4: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804ddc7: call 5bf1 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5bf1 + EIP + 5 to 0x804ddc7...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ddbe,804ddcc) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ddc7->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ddc7->804ddcc resolveable_edge: 1, tailcall: 0, target: 804ddcc [ParserDetails.C:588] pushing 804ddcc onto worklist [Parser.C] binding call 804ddc7->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804ddcc,804ddcc) [Parser.C] parsing block 804ddcc [Parser.C:1274] curAddr 0x804ddcc: lea EAX, EBX + 7d0 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804ddd2: mov [EAX], 1 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804ddd8: jmp 98 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 98 + EIP + 5 to 0x804ddd8...SUCCESS (CFT=0x804de75) [Parser.C:1485] recording block [804ddcc,804dddd) Getting edges Checking for Tail Call jump to 0x804de75 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804ddd8->804de75 resolveable_edge: 1, tailcall: 0, target: 804de75 [ParserDetails.C:588] pushing 804de75 onto worklist [Parser.C:1485] recording block [804ddf1,804ddf1) [Parser.C] parsing block 804ddf1 [Parser.C:1274] curAddr 0x804ddf1: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804ddf4: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804ddf8: lea EAX, EBX + ffff90a2 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804ddfe: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de01: call 5bb7 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5bb7 + EIP + 5 to 0x804de01...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804ddf1,804de06) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804de01->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804de01->804de06 resolveable_edge: 1, tailcall: 0, target: 804de06 [ParserDetails.C:588] pushing 804de06 onto worklist [Parser.C] binding call 804de01->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804de06 exists [Parser.C] skipping locally parsed target at 804de06 [Parser.C:1485] recording block [804de0c,804de0c) [Parser.C] parsing block 804de0c [Parser.C:1274] curAddr 0x804de0c: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de0f: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de13: lea EAX, EBX + ffff90be [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de19: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de1c: call 5b9c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5b9c + EIP + 5 to 0x804de1c...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804de0c,804de21) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804de1c->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804de1c->804de21 resolveable_edge: 1, tailcall: 0, target: 804de21 [ParserDetails.C:588] pushing 804de21 onto worklist [Parser.C] binding call 804de1c->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804de21 exists [Parser.C] skipping locally parsed target at 804de21 [Parser.C:1485] recording block [804de3a,804de3a) [Parser.C] parsing block 804de3a [Parser.C:1274] curAddr 0x804de3a: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de3d: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de41: lea EAX, EBX + ffff90dc [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de47: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de4a: call 5b6e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5b6e + EIP + 5 to 0x804de4a...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804de3a,804de4f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804de4a->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804de4a->804de4f resolveable_edge: 1, tailcall: 0, target: 804de4f [ParserDetails.C:588] pushing 804de4f onto worklist [Parser.C] binding call 804de4a->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804de4f exists [Parser.C] skipping locally parsed target at 804de4f [Parser.C:1485] recording block [804de58,804de58) [Parser.C] parsing block 804de58 [Parser.C:1274] curAddr 0x804de58: mov [ESP + 8], 1234face [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de60: mov EAX, [EBP + 14] [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de63: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de67: lea EAX, EBX + ffff9106 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de6d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called [Parser.C:1274] curAddr 0x804de70: call 5b48 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_call2_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5b48 + EIP + 5 to 0x804de70...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804de58,804de75) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804de70->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804de70->804de75 resolveable_edge: 1, tailcall: 0, target: 804de75 [ParserDetails.C:588] pushing 804de75 onto worklist [Parser.C] binding call 804de70->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804de75 exists [Parser.C] skipping locally parsed target at 804de75 [Parser.C] block 804de75 exists [Parser.C] skipping locally parsed target at 804de75 [Parser.C] frame 804dd6e complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_2_call2_1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8050e98) [Parser.C:180] entered parse_at([804ccd0,80549c4),8050e98) [Parser.C:1485] recording block [8050e98,8050e98) [Parser.C] ==== starting to parse frame 8050e98 ==== [Parser.C] parsing block 8050e98 [Parser.C:1274] curAddr 0x8050e98: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050e99: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050e9b: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050e9c: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050e9f: call ffffbe5c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffbe5c + EIP + 5 to 0x8050e9f...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8050ea4: add EBX, b15c [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050eaa: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050eb1: jmp 14 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 14 + EIP + 2 to 0x8050eb1...SUCCESS (CFT=0x8050ec7) [Parser.C:1485] recording block [8050e98,8050eb3) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8050eb1->8050ec7 resolveable_edge: 1, tailcall: 0, target: 8050ec7 [ParserDetails.C:588] pushing 8050ec7 onto worklist [Parser.C:1485] recording block [8050ec7,8050ec7) [Parser.C] parsing block 8050ec7 [Parser.C:1274] curAddr 0x8050ec7: cmp [EBP + fffffffffffffff4], 63 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050ecb: jle ffffffffffffffe6 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050ec7,8050ecd) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffe6 + EIP + 2 to 0x8050ecb...SUCCESS (CFT=0x8050eb3) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050ecb->8050eb3 resolveable_edge: 1, tailcall: 0, target: 8050eb3 [ParserDetails.C:588] pushing 8050eb3 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050ecb->8050ecd resolveable_edge: 1, tailcall: 0, target: 8050ecd [ParserDetails.C:588] pushing 8050ecd onto worklist [Parser.C:1485] recording block [8050eb3,8050eb3) [Parser.C] parsing block 8050eb3 [Parser.C:1274] curAddr 0x8050eb3: lea EAX, EBX + e20 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050eb9: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050ebc: mov [EAX + EDX * 4], 249f00 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050ec3: add [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C] straight-line parse into block at 8050ec7 [Parser.C:1485] recording block [8050eb3,8050ec7) [Parser.C] block 8050ec7 exists [Parser.C:1485] recording block [8050ecd,8050ecd) [Parser.C] parsing block 8050ecd [Parser.C:1274] curAddr 0x8050ecd: lea EAX, EBX + e20 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050ed3: mov [EAX + 13c], 249f03 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050edd: lea EAX, EBX + e20 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050ee3: mov [EAX + 14c], 249f04 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050eed: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050ef4: jmp 33 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 33 + EIP + 2 to 0x8050ef4...SUCCESS (CFT=0x8050f29) [Parser.C:1485] recording block [8050ecd,8050ef6) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8050ef4->8050f29 resolveable_edge: 1, tailcall: 0, target: 8050f29 [ParserDetails.C:588] pushing 8050f29 onto worklist [Parser.C:1485] recording block [8050f29,8050f29) [Parser.C] parsing block 8050f29 [Parser.C:1274] curAddr 0x8050f29: cmp [EBP + fffffffffffffff4], 9 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f2d: jle ffffffffffffffc7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050f29,8050f2f) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffc7 + EIP + 2 to 0x8050f2d...SUCCESS (CFT=0x8050ef6) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050f2d->8050ef6 resolveable_edge: 1, tailcall: 0, target: 8050ef6 [ParserDetails.C:588] pushing 8050ef6 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050f2d->8050f2f resolveable_edge: 1, tailcall: 0, target: 8050f2f [ParserDetails.C:588] pushing 8050f2f onto worklist [Parser.C:1485] recording block [8050ef6,8050ef6) [Parser.C] parsing block 8050ef6 [Parser.C:1274] curAddr 0x8050ef6: mov [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050efd: jmp 20 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 20 + EIP + 2 to 0x8050efd...SUCCESS (CFT=0x8050f1f) [Parser.C:1485] recording block [8050ef6,8050eff) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8050efd->8050f1f resolveable_edge: 1, tailcall: 0, target: 8050f1f [ParserDetails.C:588] pushing 8050f1f onto worklist [Parser.C:1485] recording block [8050f2f,8050f2f) [Parser.C] parsing block 8050f2f [Parser.C:1274] curAddr 0x8050f2f: lea EAX, EBX + ba0 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f35: mov [EAX + 1c8], 249f0c [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f3f: call 373 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 373 + EIP + 5 to 0x8050f3f...SUCCESS (CFT=0x80512b7) [Parser.C:1485] recording block [8050f2f,8050f44) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050f3f->80512b7 resolveable_edge: 1, tailcall: 0, target: 80512b7 [ParserDetails.C:588] pushing 80512b7 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050f3f->8050f44 resolveable_edge: 1, tailcall: 0, target: 8050f44 [ParserDetails.C:588] pushing 8050f44 onto worklist [Parser.C] binding call 8050f3f->80512b7 [Parser.C:1485] recording block [80512b7,80512b7) [suspend frame 8050e98] [Parser.C] frame 8050e98 blocked at 8050f3f call target 80512b7 [Parser.C] block 80512b7 exists [Parser.C] ==== starting to parse frame 80512b7 ==== [Parser.C] parsing block 80512b7 [Parser.C:1274] curAddr 0x80512b7: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x80512b8: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x80512ba: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x80512bb: sub ESP, 1b4 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x80512c1: call ffffba3a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffba3a + EIP + 5 to 0x80512c1...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x80512c6: add EBX, ad3a [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x80512cc: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x80512d3: jmp 12 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 12 + EIP + 2 to 0x80512d3...SUCCESS (CFT=0x80512e7) [Parser.C:1485] recording block [80512b7,80512d5) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 80512d3->80512e7 resolveable_edge: 1, tailcall: 0, target: 80512e7 [ParserDetails.C:588] pushing 80512e7 onto worklist [Parser.C:1485] recording block [80512e7,80512e7) [Parser.C] parsing block 80512e7 [Parser.C:1274] curAddr 0x80512e7: cmp [EBP + fffffffffffffff4], 63 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x80512eb: jbe ffffffffffffffe8 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80512e7,80512ed) Getting edges IA_IAPI.C[847]: binding PC EIP in jbe ffffffffffffffe8 + EIP + 2 to 0x80512eb...SUCCESS (CFT=0x80512d5) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80512eb->80512d5 resolveable_edge: 1, tailcall: 0, target: 80512d5 [ParserDetails.C:588] pushing 80512d5 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80512eb->80512ed resolveable_edge: 1, tailcall: 0, target: 80512ed [ParserDetails.C:588] pushing 80512ed onto worklist [Parser.C:1485] recording block [80512d5,80512d5) [Parser.C] parsing block 80512d5 [Parser.C:1274] curAddr 0x80512d5: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x80512d8: mov [EBP + EAX * 4 + fffffe64], 249f00 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x80512e3: add [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C] straight-line parse into block at 80512e7 [Parser.C:1485] recording block [80512d5,80512e7) [Parser.C] block 80512e7 exists [Parser.C:1485] recording block [80512ed,80512ed) [Parser.C] parsing block 80512ed [Parser.C:1274] curAddr 0x80512ed: mov [EBP + ffffffffffffffa0], 249f07 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x80512f4: mov [EBP + ffffffffffffffb0], 249f08 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x80512fb: call ffffffb2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffffb2 + EIP + 5 to 0x80512fb...SUCCESS (CFT=0x80512b2) [Parser.C:1485] recording block [80512ed,8051300) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80512fb->80512b2 resolveable_edge: 1, tailcall: 0, target: 80512b2 [ParserDetails.C:588] pushing 80512b2 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80512fb->8051300 resolveable_edge: 1, tailcall: 0, target: 8051300 [ParserDetails.C:588] pushing 8051300 onto worklist [Parser.C] binding call 80512fb->80512b2 [Parser.C] block 80512b2 exists Checking non-returning for call24_2 [Parser.C:1485] recording block [8051300,8051300) [Parser.C] parsing block 8051300 [Parser.C:1274] curAddr 0x8051300: mov [ESP + c], 249f05 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x8051308: mov [ESP + 8], 1 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x8051310: lea EAX, EBP + fffffe64 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x8051316: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x805131a: lea EAX, EBX + ffffae0f [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x8051320: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x8051323: call fffffe45 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffe45 + EIP + 5 to 0x8051323...SUCCESS (CFT=0x805116d) [Parser.C:1485] recording block [8051300,8051328) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051323->805116d resolveable_edge: 1, tailcall: 0, target: 805116d [ParserDetails.C:588] pushing 805116d onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051323->8051328 resolveable_edge: 1, tailcall: 0, target: 8051328 [ParserDetails.C:588] pushing 8051328 onto worklist [Parser.C] binding call 8051323->805116d [Parser.C] block 805116d exists Checking non-returning for verifyValue24 [Parser.C:1485] recording block [8051328,8051328) [Parser.C] parsing block 8051328 [Parser.C:1274] curAddr 0x8051328: mov [ESP + c], 249f06 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x8051330: mov [ESP + 8], 35 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x8051338: lea EAX, EBP + fffffe64 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x805133e: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x8051342: lea EAX, EBX + ffffae0f [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x8051348: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x805134b: call fffffe1d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffe1d + EIP + 5 to 0x805134b...SUCCESS (CFT=0x805116d) [Parser.C:1485] recording block [8051328,8051350) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805134b->805116d resolveable_edge: 1, tailcall: 0, target: 805116d [ParserDetails.C:588] pushing 805116d onto worklist ParserDetails.C[68]: adding function fallthrough edge 805134b->8051350 resolveable_edge: 1, tailcall: 0, target: 8051350 [ParserDetails.C:588] pushing 8051350 onto worklist [Parser.C] binding call 805134b->805116d [Parser.C] block 805116d exists Checking non-returning for verifyValue24 [Parser.C:1485] recording block [8051350,8051350) [Parser.C] parsing block 8051350 [Parser.C:1274] curAddr 0x8051350: add ESP, 1b4 [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x8051356: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x8051357: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called [Parser.C:1274] curAddr 0x8051358: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_24_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051350,8051359) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8051358 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8051358...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 80512b7 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_24_call1 return status 3, no waiters [Parser.C] ==== resuming parse of frame 8050e98 ==== Checking non-returning for test1_24_call1 Checking non-returning for test1_24_call1 [Parser.C:1485] recording block [8050f44,8050f44) [Parser.C] parsing block 8050f44 [Parser.C:1274] curAddr 0x8050f44: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f4b: jmp 104 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 104 + EIP + 5 to 0x8050f4b...SUCCESS (CFT=0x8051054) [Parser.C:1485] recording block [8050f44,8050f50) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8050f4b->8051054 resolveable_edge: 1, tailcall: 0, target: 8051054 [ParserDetails.C:588] pushing 8051054 onto worklist [Parser.C:1485] recording block [8050f1f,8050f1f) [Parser.C] parsing block 8050f1f [Parser.C:1274] curAddr 0x8050f1f: cmp [EBP + fffffffffffffff0], e [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f23: jle ffffffffffffffda + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050f1f,8050f25) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffda + EIP + 2 to 0x8050f23...SUCCESS (CFT=0x8050eff) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050f23->8050eff resolveable_edge: 1, tailcall: 0, target: 8050eff [ParserDetails.C:588] pushing 8050eff onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050f23->8050f25 resolveable_edge: 1, tailcall: 0, target: 8050f25 [ParserDetails.C:588] pushing 8050f25 onto worklist [Parser.C:1485] recording block [8050eff,8050eff) [Parser.C] parsing block 8050eff [Parser.C:1274] curAddr 0x8050eff: lea ECX, EBX + ba0 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f05: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f08: mov EAX, EDX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f0a: shl/sal EAX, 4 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f0d: sub EAX, EDX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f0f: mov EDX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f12: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f14: mov [ECX + EAX * 4], 249f0a [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f1b: add [EBP + fffffffffffffff0], 1 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C] straight-line parse into block at 8050f1f [Parser.C:1485] recording block [8050eff,8050f1f) [Parser.C] block 8050f1f exists [Parser.C:1485] recording block [8050f25,8050f25) [Parser.C] parsing block 8050f25 [Parser.C:1274] curAddr 0x8050f25: add [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C] straight-line parse into block at 8050f29 [Parser.C:1485] recording block [8050f25,8050f29) [Parser.C] block 8050f29 exists [Parser.C:1485] recording block [8051054,8051054) [Parser.C] parsing block 8051054 [Parser.C:1274] curAddr 0x8051054: cmp [EBP + fffffffffffffff4], 63 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051058: jle fffffef2 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051054,805105e) Getting edges IA_IAPI.C[847]: binding PC EIP in jle fffffef2 + EIP + 6 to 0x8051058...SUCCESS (CFT=0x8050f50) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051058->8050f50 resolveable_edge: 1, tailcall: 0, target: 8050f50 [ParserDetails.C:588] pushing 8050f50 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051058->805105e resolveable_edge: 1, tailcall: 0, target: 805105e [ParserDetails.C:588] pushing 805105e onto worklist [Parser.C:1485] recording block [8050f50,8050f50) [Parser.C] parsing block 8050f50 [Parser.C:1274] curAddr 0x8050f50: cmp [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f54: jnz 2d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050f50,8050f56) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 2d + EIP + 2 to 0x8050f54...SUCCESS (CFT=0x8050f83) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050f54->8050f83 resolveable_edge: 1, tailcall: 0, target: 8050f83 [ParserDetails.C:588] pushing 8050f83 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050f54->8050f56 resolveable_edge: 1, tailcall: 0, target: 8050f56 [ParserDetails.C:588] pushing 8050f56 onto worklist [Parser.C:1485] recording block [8050f83,8050f83) [Parser.C] parsing block 8050f83 [Parser.C:1274] curAddr 0x8050f83: cmp [EBP + fffffffffffffff4], 35 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f87: jnz 2d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050f83,8050f89) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 2d + EIP + 2 to 0x8050f87...SUCCESS (CFT=0x8050fb6) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050f87->8050fb6 resolveable_edge: 1, tailcall: 0, target: 8050fb6 [ParserDetails.C:588] pushing 8050fb6 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050f87->8050f89 resolveable_edge: 1, tailcall: 0, target: 8050f89 [ParserDetails.C:588] pushing 8050f89 onto worklist [Parser.C:1485] recording block [8050fb6,8050fb6) [Parser.C] parsing block 8050fb6 [Parser.C:1274] curAddr 0x8050fb6: cmp [EBP + fffffffffffffff4], 4f [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050fba: jnz 2a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050fb6,8050fbc) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 2a + EIP + 2 to 0x8050fba...SUCCESS (CFT=0x8050fe6) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050fba->8050fe6 resolveable_edge: 1, tailcall: 0, target: 8050fe6 [ParserDetails.C:588] pushing 8050fe6 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050fba->8050fbc resolveable_edge: 1, tailcall: 0, target: 8050fbc [ParserDetails.C:588] pushing 8050fbc onto worklist [Parser.C:1485] recording block [8050fe6,8050fe6) [Parser.C] parsing block 8050fe6 [Parser.C:1274] curAddr 0x8050fe6: cmp [EBP + fffffffffffffff4], 53 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050fea: jnz 2a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050fe6,8050fec) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 2a + EIP + 2 to 0x8050fea...SUCCESS (CFT=0x8051016) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050fea->8051016 resolveable_edge: 1, tailcall: 0, target: 8051016 [ParserDetails.C:588] pushing 8051016 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050fea->8050fec resolveable_edge: 1, tailcall: 0, target: 8050fec [ParserDetails.C:588] pushing 8050fec onto worklist [Parser.C:1485] recording block [8051016,8051016) [Parser.C] parsing block 8051016 [Parser.C:1274] curAddr 0x8051016: lea EAX, EBX + e20 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805101c: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805101f: mov EAX, [EAX + EDX * 4] [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051022: cmp EAX, 249f00 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051027: jz 27 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051016,8051029) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 27 + EIP + 2 to 0x8051027...SUCCESS (CFT=0x8051050) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051027->8051050 resolveable_edge: 1, tailcall: 0, target: 8051050 [ParserDetails.C:588] pushing 8051050 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051027->8051029 resolveable_edge: 1, tailcall: 0, target: 8051029 [ParserDetails.C:588] pushing 8051029 onto worklist [Parser.C:1485] recording block [8051050,8051050) [Parser.C] parsing block 8051050 [Parser.C:1274] curAddr 0x8051050: add [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C] straight-line parse into block at 8051054 [Parser.C:1485] recording block [8051050,8051054) [Parser.C] block 8051054 exists [Parser.C:1485] recording block [8050f56,8050f56) [Parser.C] parsing block 8050f56 [Parser.C:1274] curAddr 0x8050f56: mov [ESP + c], 249f01 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f5e: mov [ESP + 8], 1 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f66: lea EAX, EBX + e20 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f6c: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f70: lea EAX, EBX + ffffacf5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f76: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f79: call 1ef + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1ef + EIP + 5 to 0x8050f79...SUCCESS (CFT=0x805116d) [Parser.C:1485] recording block [8050f56,8050f7e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050f79->805116d resolveable_edge: 1, tailcall: 0, target: 805116d [ParserDetails.C:588] pushing 805116d onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050f79->8050f7e resolveable_edge: 1, tailcall: 0, target: 8050f7e [ParserDetails.C:588] pushing 8050f7e onto worklist [Parser.C] binding call 8050f79->805116d [Parser.C] block 805116d exists Checking non-returning for verifyValue24 [Parser.C:1485] recording block [8050f7e,8050f7e) [Parser.C] parsing block 8050f7e [Parser.C:1274] curAddr 0x8050f7e: jmp cd + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp cd + EIP + 5 to 0x8050f7e...SUCCESS (CFT=0x8051050) [Parser.C:1485] recording block [8050f7e,8050f83) Getting edges Checking for Tail Call jump to 0x8051050 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8050f7e->8051050 resolveable_edge: 1, tailcall: 0, target: 8051050 [ParserDetails.C:588] pushing 8051050 onto worklist [Parser.C:1485] recording block [8050f89,8050f89) [Parser.C] parsing block 8050f89 [Parser.C:1274] curAddr 0x8050f89: mov [ESP + c], 249f02 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f91: mov [ESP + 8], 35 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f99: lea EAX, EBX + e20 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050f9f: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050fa3: lea EAX, EBX + ffffacf5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050fa9: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050fac: call 1bc + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1bc + EIP + 5 to 0x8050fac...SUCCESS (CFT=0x805116d) [Parser.C:1485] recording block [8050f89,8050fb1) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050fac->805116d resolveable_edge: 1, tailcall: 0, target: 805116d [ParserDetails.C:588] pushing 805116d onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050fac->8050fb1 resolveable_edge: 1, tailcall: 0, target: 8050fb1 [ParserDetails.C:588] pushing 8050fb1 onto worklist [Parser.C] binding call 8050fac->805116d [Parser.C] block 805116d exists Checking non-returning for verifyValue24 [Parser.C:1485] recording block [8050fb1,8050fb1) [Parser.C] parsing block 8050fb1 [Parser.C:1274] curAddr 0x8050fb1: jmp 9a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 9a + EIP + 5 to 0x8050fb1...SUCCESS (CFT=0x8051050) [Parser.C:1485] recording block [8050fb1,8050fb6) Getting edges Checking for Tail Call jump to 0x8051050 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8050fb1->8051050 resolveable_edge: 1, tailcall: 0, target: 8051050 [ParserDetails.C:588] pushing 8051050 onto worklist [Parser.C:1485] recording block [8050fbc,8050fbc) [Parser.C] parsing block 8050fbc [Parser.C:1274] curAddr 0x8050fbc: mov [ESP + c], 249f03 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050fc4: mov [ESP + 8], 4f [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050fcc: lea EAX, EBX + e20 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050fd2: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050fd6: lea EAX, EBX + ffffacf5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050fdc: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050fdf: call 189 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 189 + EIP + 5 to 0x8050fdf...SUCCESS (CFT=0x805116d) [Parser.C:1485] recording block [8050fbc,8050fe4) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050fdf->805116d resolveable_edge: 1, tailcall: 0, target: 805116d [ParserDetails.C:588] pushing 805116d onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050fdf->8050fe4 resolveable_edge: 1, tailcall: 0, target: 8050fe4 [ParserDetails.C:588] pushing 8050fe4 onto worklist [Parser.C] binding call 8050fdf->805116d [Parser.C] block 805116d exists Checking non-returning for verifyValue24 [Parser.C:1485] recording block [8050fe4,8050fe4) [Parser.C] parsing block 8050fe4 [Parser.C:1274] curAddr 0x8050fe4: jmp 6a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 6a + EIP + 2 to 0x8050fe4...SUCCESS (CFT=0x8051050) [Parser.C:1485] recording block [8050fe4,8050fe6) Getting edges Checking for Tail Call jump to 0x8051050 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8050fe4->8051050 resolveable_edge: 1, tailcall: 0, target: 8051050 [ParserDetails.C:588] pushing 8051050 onto worklist [Parser.C:1485] recording block [8050fec,8050fec) [Parser.C] parsing block 8050fec [Parser.C:1274] curAddr 0x8050fec: mov [ESP + c], 249f04 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050ff4: mov [ESP + 8], 53 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050ffc: lea EAX, EBX + e20 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051002: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051006: lea EAX, EBX + ffffacf5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805100c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805100f: call 159 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 159 + EIP + 5 to 0x805100f...SUCCESS (CFT=0x805116d) [Parser.C:1485] recording block [8050fec,8051014) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805100f->805116d resolveable_edge: 1, tailcall: 0, target: 805116d [ParserDetails.C:588] pushing 805116d onto worklist ParserDetails.C[68]: adding function fallthrough edge 805100f->8051014 resolveable_edge: 1, tailcall: 0, target: 8051014 [ParserDetails.C:588] pushing 8051014 onto worklist [Parser.C] binding call 805100f->805116d [Parser.C] block 805116d exists Checking non-returning for verifyValue24 [Parser.C:1485] recording block [8051014,8051014) [Parser.C] parsing block 8051014 [Parser.C:1274] curAddr 0x8051014: jmp 3a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 3a + EIP + 2 to 0x8051014...SUCCESS (CFT=0x8051050) [Parser.C:1485] recording block [8051014,8051016) Getting edges Checking for Tail Call jump to 0x8051050 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8051014->8051050 resolveable_edge: 1, tailcall: 0, target: 8051050 [ParserDetails.C:588] pushing 8051050 onto worklist [Parser.C:1485] recording block [8051029,8051029) [Parser.C] parsing block 8051029 [Parser.C:1274] curAddr 0x8051029: mov [ESP + c], 249f00 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051031: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051034: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051038: lea EAX, EBX + e20 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805103e: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051042: lea EAX, EBX + ffffacf5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051048: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805104b: call 11d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 11d + EIP + 5 to 0x805104b...SUCCESS (CFT=0x805116d) [Parser.C:1485] recording block [8051029,8051050) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805104b->805116d resolveable_edge: 1, tailcall: 0, target: 805116d [ParserDetails.C:588] pushing 805116d onto worklist ParserDetails.C[68]: adding function fallthrough edge 805104b->8051050 resolveable_edge: 1, tailcall: 0, target: 8051050 [ParserDetails.C:588] pushing 8051050 onto worklist [Parser.C] binding call 805104b->805116d [Parser.C] block 805116d exists Checking non-returning for verifyValue24 [Parser.C] block 8051050 exists [Parser.C] skipping locally parsed target at 8051050 [Parser.C:1485] recording block [805105e,805105e) [Parser.C] parsing block 805105e [Parser.C:1274] curAddr 0x805105e: lea EAX, EBX + e08 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051064: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051066: mov [ESP + 8], 249f03 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805106e: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051072: lea EAX, EBX + ffffad0e [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051078: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805107b: call 147 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 147 + EIP + 5 to 0x805107b...SUCCESS (CFT=0x80511c7) [Parser.C:1485] recording block [805105e,8051080) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805107b->80511c7 resolveable_edge: 1, tailcall: 0, target: 80511c7 [ParserDetails.C:588] pushing 80511c7 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805107b->8051080 resolveable_edge: 1, tailcall: 0, target: 8051080 [ParserDetails.C:588] pushing 8051080 onto worklist [Parser.C] binding call 805107b->80511c7 [Parser.C] block 80511c7 exists Checking non-returning for verifyScalarValue24 [Parser.C:1485] recording block [8051080,8051080) [Parser.C] parsing block 8051080 [Parser.C:1274] curAddr 0x8051080: lea EAX, EBX + e04 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051086: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051088: mov [ESP + 8], 249f04 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051090: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051094: lea EAX, EBX + ffffad27 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805109a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805109d: call 125 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 125 + EIP + 5 to 0x805109d...SUCCESS (CFT=0x80511c7) [Parser.C:1485] recording block [8051080,80510a2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805109d->80511c7 resolveable_edge: 1, tailcall: 0, target: 80511c7 [ParserDetails.C:588] pushing 80511c7 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805109d->80510a2 resolveable_edge: 1, tailcall: 0, target: 80510a2 [ParserDetails.C:588] pushing 80510a2 onto worklist [Parser.C] binding call 805109d->80511c7 [Parser.C] block 80511c7 exists Checking non-returning for verifyScalarValue24 [Parser.C:1485] recording block [80510a2,80510a2) [Parser.C] parsing block 80510a2 [Parser.C:1274] curAddr 0x80510a2: lea EAX, EBX + df8 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x80510a8: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x80510aa: mov [ESP + 8], 249f07 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x80510b2: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x80510b6: lea EAX, EBX + ffffad40 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x80510bc: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x80510bf: call 103 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 103 + EIP + 5 to 0x80510bf...SUCCESS (CFT=0x80511c7) [Parser.C:1485] recording block [80510a2,80510c4) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80510bf->80511c7 resolveable_edge: 1, tailcall: 0, target: 80511c7 [ParserDetails.C:588] pushing 80511c7 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80510bf->80510c4 resolveable_edge: 1, tailcall: 0, target: 80510c4 [ParserDetails.C:588] pushing 80510c4 onto worklist [Parser.C] binding call 80510bf->80511c7 [Parser.C] block 80511c7 exists Checking non-returning for verifyScalarValue24 [Parser.C:1485] recording block [80510c4,80510c4) [Parser.C] parsing block 80510c4 [Parser.C:1274] curAddr 0x80510c4: lea EAX, EBX + e00 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x80510ca: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x80510cc: mov [ESP + 8], 249f08 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x80510d4: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x80510d8: lea EAX, EBX + ffffad59 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x80510de: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x80510e1: call e1 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call e1 + EIP + 5 to 0x80510e1...SUCCESS (CFT=0x80511c7) [Parser.C:1485] recording block [80510c4,80510e6) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80510e1->80511c7 resolveable_edge: 1, tailcall: 0, target: 80511c7 [ParserDetails.C:588] pushing 80511c7 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80510e1->80510e6 resolveable_edge: 1, tailcall: 0, target: 80510e6 [ParserDetails.C:588] pushing 80510e6 onto worklist [Parser.C] binding call 80510e1->80511c7 [Parser.C] block 80511c7 exists Checking non-returning for verifyScalarValue24 [Parser.C:1485] recording block [80510e6,80510e6) [Parser.C] parsing block 80510e6 [Parser.C:1274] curAddr 0x80510e6: lea EAX, EBX + ba0 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x80510ec: mov EAX, [EAX + 84] [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x80510f2: mov [ESP + 8], 249f0b [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x80510fa: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x80510fe: lea EAX, EBX + ffffad74 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051104: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051107: call bb + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call bb + EIP + 5 to 0x8051107...SUCCESS (CFT=0x80511c7) [Parser.C:1485] recording block [80510e6,805110c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051107->80511c7 resolveable_edge: 1, tailcall: 0, target: 80511c7 [ParserDetails.C:588] pushing 80511c7 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051107->805110c resolveable_edge: 1, tailcall: 0, target: 805110c [ParserDetails.C:588] pushing 805110c onto worklist [Parser.C] binding call 8051107->80511c7 [Parser.C] block 80511c7 exists Checking non-returning for verifyScalarValue24 [Parser.C:1485] recording block [805110c,805110c) [Parser.C] parsing block 805110c [Parser.C:1274] curAddr 0x805110c: lea EAX, EBX + dfc [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051112: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051114: mov [ESP + 8], 249f0c [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805111c: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051120: lea EAX, EBX + ffffad93 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051126: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051129: call 99 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 99 + EIP + 5 to 0x8051129...SUCCESS (CFT=0x80511c7) [Parser.C:1485] recording block [805110c,805112e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051129->80511c7 resolveable_edge: 1, tailcall: 0, target: 80511c7 [ParserDetails.C:588] pushing 80511c7 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051129->805112e resolveable_edge: 1, tailcall: 0, target: 805112e [ParserDetails.C:588] pushing 805112e onto worklist [Parser.C] binding call 8051129->80511c7 [Parser.C] block 80511c7 exists Checking non-returning for verifyScalarValue24 [Parser.C:1485] recording block [805112e,805112e) [Parser.C] parsing block 805112e [Parser.C:1274] curAddr 0x805112e: mov EAX, [EBX + 8ec] [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051134: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051136: jnz 25 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [805112e,8051138) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 25 + EIP + 2 to 0x8051136...SUCCESS (CFT=0x805115d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051136->805115d resolveable_edge: 1, tailcall: 0, target: 805115d [ParserDetails.C:588] pushing 805115d onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051136->8051138 resolveable_edge: 1, tailcall: 0, target: 8051138 [ParserDetails.C:588] pushing 8051138 onto worklist [Parser.C:1485] recording block [805115d,805115d) [Parser.C] parsing block 805115d [Parser.C:1274] curAddr 0x805115d: mov [EBP + ffffffffffffffec], ffffffff [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051164: mov EAX, [EBP + ffffffffffffffec] [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051167: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805116a: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805116b: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805116c: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [805115d,805116d) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x805116c Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x805116c...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8051138,8051138) [Parser.C] parsing block 8051138 [Parser.C:1274] curAddr 0x8051138: lea EAX, EBX + ffffadac [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805113e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051141: call 2877 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2877 + EIP + 5 to 0x8051141...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051138,8051146) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051141->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051141->8051146 resolveable_edge: 1, tailcall: 0, target: 8051146 [ParserDetails.C:588] pushing 8051146 onto worklist [Parser.C] binding call 8051141->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051146,8051146) [Parser.C] parsing block 8051146 [Parser.C:1274] curAddr 0x8051146: mov EAX, [EBX + 58c] [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805114c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805114f: call 3251 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3251 + EIP + 5 to 0x805114f...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8051146,8051154) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805114f->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805114f->8051154 resolveable_edge: 1, tailcall: 0, target: 8051154 [ParserDetails.C:588] pushing 8051154 onto worklist [Parser.C] binding call 805114f->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8051154,8051154) [Parser.C] parsing block 8051154 [Parser.C:1274] curAddr 0x8051154: mov [EBP + ffffffffffffffec], 0 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called [Parser.C:1274] curAddr 0x805115b: jmp 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_24_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 7 + EIP + 2 to 0x805115b...SUCCESS (CFT=0x8051164) [Parser.C:1485] recording block [8051154,805115d) Getting edges Checking for Tail Call jump to 0x8051164 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 805115b->8051164 resolveable_edge: 1, tailcall: 0, target: 8051164 [ParserDetails.C:588] pushing 8051164 onto worklist [Parser.C] block 8051050 exists [Parser.C] skipping locally parsed target at 8051050 [Parser.C] block 8051050 exists [Parser.C] skipping locally parsed target at 8051050 [Parser.C] block 8051050 exists [Parser.C] skipping locally parsed target at 8051050 [Parser.C] block 8051050 exists [Parser.C] skipping locally parsed target at 8051050 [Parser.C] address 8051164 splits [805115d,805116d) (0x1d76440) [Parser.C:1485] recording block [8051164,805116d) [Parser.C] skipping locally parsed target at 8051164 [Parser.C] frame 8050e98 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_24_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80549c4) [Parser.C:180] entered parse_at([80549c4,80549d8),80549c4) [Parser.C:1485] recording block [80549c4,80549c4) [Parser.C] ==== starting to parse frame 80549c4 ==== [Parser.C] parsing block 80549c4 [Parser.C:1274] curAddr 0x80549c4: push EBX, ESP [Parser.C:1280] leaf 1 funcname _fini hasCFT called [Parser.C:1274] curAddr 0x80549c5: sub ESP, 8 [Parser.C:1280] leaf 1 funcname _fini hasCFT called [Parser.C:1274] curAddr 0x80549c8: call ffff8333 + EIP + 5 [Parser.C:1280] leaf 1 funcname _fini hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8333 + EIP + 5 to 0x80549c8...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x80549cd: add EBX, 7633 [Parser.C:1280] leaf 1 funcname _fini hasCFT called [Parser.C:1274] curAddr 0x80549d3: add ESP, 8 [Parser.C:1280] leaf 1 funcname _fini hasCFT called [Parser.C:1274] curAddr 0x80549d6: pop EBX, ESP [Parser.C:1280] leaf 1 funcname _fini hasCFT called [Parser.C:1274] curAddr 0x80549d7: ret near [ESP] [Parser.C:1280] leaf 1 funcname _fini hasCFT called branch or return, ret true [Parser.C:1485] recording block [80549c4,80549d8) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80549d7 ......WARNING: after advance at 0x80549d8, curInsn() NULL Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80549d7...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 80549c4 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] _fini return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(805373a) [Parser.C:180] entered parse_at([804ccd0,80549c4),805373a) [Parser.C:1485] recording block [805373a,805373a) [Parser.C] ==== starting to parse frame 805373a ==== [Parser.C] parsing block 805373a [Parser.C:1274] curAddr 0x805373a: push EBP, ESP [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called [Parser.C:1274] curAddr 0x805373b: mov EBP, ESP [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called [Parser.C:1274] curAddr 0x805373d: push EBX, ESP [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called [Parser.C:1274] curAddr 0x805373e: sub ESP, 24 [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053741: call ffff95ba + EIP + 5 [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff95ba + EIP + 5 to 0x8053741...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053746: add EBX, 88ba [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called [Parser.C:1274] curAddr 0x805374c: lea EAX, EBP + 10 [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called [Parser.C:1274] curAddr 0x805374f: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053752: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053755: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053759: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called [Parser.C:1274] curAddr 0x805375c: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053760: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053763: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053766: call 6 + EIP + 5 [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call 6 + EIP + 5 to 0x8053766...SUCCESS (CFT=0x8053771) [Parser.C:1485] recording block [805373a,805376b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053766->8053771 resolveable_edge: 1, tailcall: 0, target: 8053771 [ParserDetails.C:588] pushing 8053771 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053766->805376b resolveable_edge: 1, tailcall: 0, target: 805376b [ParserDetails.C:588] pushing 805376b onto worklist [Parser.C] binding call 8053766->8053771 [Parser.C] block 8053771 exists Checking non-returning for stdOutputVLog Checking non-returning for stdOutputVLog [Parser.C:1485] recording block [805376b,805376b) [Parser.C] parsing block 805376b [Parser.C:1274] curAddr 0x805376b: add ESP, 24 [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called [Parser.C:1274] curAddr 0x805376e: pop EBX, ESP [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called [Parser.C:1274] curAddr 0x805376f: pop EBP, ESP [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called [Parser.C:1274] curAddr 0x8053770: ret near [ESP] [Parser.C:1280] leaf 1 funcname stdOutputLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [805376b,8053771) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053770 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053770...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 805373a complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] stdOutputLog return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8053fb7) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053fb7) [Parser.C:1485] recording block [8053fb7,8053fb7) [Parser.C] ==== starting to parse frame 8053fb7 ==== [Parser.C] parsing block 8053fb7 [Parser.C:1274] curAddr 0x8053fb7: push EBP, ESP [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8053fb8: mov EBP, ESP [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8053fba: push EBX, ESP [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8053fbb: sub ESP, 24 [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8053fbe: call ffff8d3d + EIP + 5 [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8d3d + EIP + 5 to 0x8053fbe...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053fc3: add EBX, 803d [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8053fc9: lea EAX, EBX + 9e4 [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8053fcf: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8053fd1: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8053fd4: call ffff8c37 + EIP + 5 [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8c37 + EIP + 5 to 0x8053fd4...SUCCESS (CFT=0x804cc10) [Parser.C:1485] recording block [8053fb7,8053fd9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053fd4->804cc10 resolveable_edge: 1, tailcall: 0, target: 804cc10 [ParserDetails.C:588] pushing 804cc10 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053fd4->8053fd9 resolveable_edge: 1, tailcall: 0, target: 8053fd9 [ParserDetails.C:588] pushing 8053fd9 onto worklist [Parser.C] binding call 8053fd4->804cc10 [ParseData.C] new function for target 804cc10 [Parser.C:1485] recording block [804cc10,804cc10) [suspend frame 8053fb7] [Parser.C] frame 8053fb7 blocked at 8053fd4 call target 804cc10 [Parser.C] block 804cc10 exists [Parser.C] ==== starting to parse frame 804cc10 ==== [Parser.C] parsing block 804cc10 [Parser.C:1274] curAddr 0x804cc10: jmp [805c088] [Parser.C:1280] leaf 1 funcname targ804cc10 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c088] to 0x804cc10...FAIL (CFT=0x0), callTarget exp: [805c088] ... indirect jump at 0x804cc10, delay parsing it [Parser.C:1485] recording block [804cc10,804cc16) ... continue parse indirect jump at 804cc10 [Parser.C:1485] recording block [804cc10,804cc16) Getting edges ... indirect jump at 0x804cc10 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c088] at 0x804cc10 Apply indirect control flow analysis at 804cc10 Looking for thunk Looking for thunk in block [804cc10,804cc16).......WARNING: after advance at 0x804cc16, curInsn() NULL Expanding instruction @ 804cc10: jmp [805c088] Original expand: (<134594696:32>,) Adding assignment (@804cc10<[x86::eip]>[_805c088]) in instruction jmp [805c088] at 804cc10, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cc10, insn: jmp [805c088] Old fact for 804cc10: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cc10 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cc10<[x86::eip]>[_805c088]) Instruction: jmp [805c088] AST: (<134594696:64>,) Generate bound fact for Interval 0[134594696,134594696] 0[805c088,805c088], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594696:64>,) Apply relations2 to (<134594696:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594696,134594696] 0[805c088,805c088], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594696:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cc10 The fact from 804cc10 before applying transfer function Do not track predicate Var: , Interval 0[134594696,134594696] 0[805c088,805c088], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594696:64>,) No known value at the top of the stack Fact from 804cc10 after applying transfer function Do not track predicate Var: , Interval 0[134594696,134594696] 0[805c088,805c088], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594696:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594696,134594696] 0[805c088,805c088], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594696:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594696,134594696] 0[805c088,805c088], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c088 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cc10 (804cc10) No targets, exits func Adding block 0x804cc10 as exit 804cc10 extent [804cc10,804cc16) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c088] at 0x804cc10 in function targ804cc10 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cc10->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for fileno [Parser.C] frame 804cc10 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] fileno return status 2, no waiters [Parser.C] ==== resuming parse of frame 8053fb7 ==== Checking non-returning for fileno [Parser.C:1485] recording block [8053fd9,8053fd9) [Parser.C] parsing block 8053fd9 [Parser.C:1274] curAddr 0x8053fd9: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8053fdc: cmp [EBP + fffffffffffffff4], ff [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8053fe0: jnz 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053fd9,8053fe2) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 7 + EIP + 2 to 0x8053fe0...SUCCESS (CFT=0x8053fe9) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053fe0->8053fe9 resolveable_edge: 1, tailcall: 0, target: 8053fe9 [ParserDetails.C:588] pushing 8053fe9 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053fe0->8053fe2 resolveable_edge: 1, tailcall: 0, target: 8053fe2 [ParserDetails.C:588] pushing 8053fe2 onto worklist [Parser.C:1485] recording block [8053fe9,8053fe9) [Parser.C] parsing block 8053fe9 [Parser.C:1274] curAddr 0x8053fe9: mov EAX, [EBX + fffffffc] [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8053fef: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8053ff1: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8053ff4: call ffff8c17 + EIP + 5 [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8c17 + EIP + 5 to 0x8053ff4...SUCCESS (CFT=0x804cc10) [Parser.C:1485] recording block [8053fe9,8053ff9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053ff4->804cc10 resolveable_edge: 1, tailcall: 0, target: 804cc10 [ParserDetails.C:588] pushing 804cc10 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053ff4->8053ff9 resolveable_edge: 1, tailcall: 0, target: 8053ff9 [ParserDetails.C:588] pushing 8053ff9 onto worklist [Parser.C] binding call 8053ff4->804cc10 [Parser.C] block 804cc10 exists Checking non-returning for fileno [Parser.C:1485] recording block [8053ff9,8053ff9) [Parser.C] parsing block 8053ff9 [Parser.C:1274] curAddr 0x8053ff9: mov [EBX + 76c], EAX [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8053fff: mov EAX, [EBX + 76c] [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054005: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054008: call ffff8a63 + EIP + 5 [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8a63 + EIP + 5 to 0x8054008...SUCCESS (CFT=0x804ca70) [Parser.C:1485] recording block [8053ff9,805400d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8054008->804ca70 resolveable_edge: 1, tailcall: 0, target: 804ca70 [ParserDetails.C:588] pushing 804ca70 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8054008->805400d resolveable_edge: 1, tailcall: 0, target: 805400d [ParserDetails.C:588] pushing 805400d onto worklist [Parser.C] binding call 8054008->804ca70 [ParseData.C] new function for target 804ca70 [Parser.C:1485] recording block [804ca70,804ca70) [suspend frame 8053fb7] [Parser.C] frame 8053fb7 blocked at 8054008 call target 804ca70 [Parser.C] block 804ca70 exists [Parser.C] ==== starting to parse frame 804ca70 ==== [Parser.C] parsing block 804ca70 [Parser.C:1274] curAddr 0x804ca70: jmp [805c020] [Parser.C:1280] leaf 1 funcname targ804ca70 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c020] to 0x804ca70...FAIL (CFT=0x0), callTarget exp: [805c020] ... indirect jump at 0x804ca70, delay parsing it [Parser.C:1485] recording block [804ca70,804ca76) ... continue parse indirect jump at 804ca70 [Parser.C:1485] recording block [804ca70,804ca76) Getting edges ... indirect jump at 0x804ca70 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c020] at 0x804ca70 Apply indirect control flow analysis at 804ca70 Looking for thunk Looking for thunk in block [804ca70,804ca76).......WARNING: after advance at 0x804ca76, curInsn() NULL Expanding instruction @ 804ca70: jmp [805c020] Original expand: (<134594592:32>,) Adding assignment (@804ca70<[x86::eip]>[_805c020]) in instruction jmp [805c020] at 804ca70, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804ca70, insn: jmp [805c020] Old fact for 804ca70: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804ca70 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804ca70<[x86::eip]>[_805c020]) Instruction: jmp [805c020] AST: (<134594592:64>,) Generate bound fact for Interval 0[134594592,134594592] 0[805c020,805c020], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594592:64>,) Apply relations2 to (<134594592:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594592,134594592] 0[805c020,805c020], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594592:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804ca70 The fact from 804ca70 before applying transfer function Do not track predicate Var: , Interval 0[134594592,134594592] 0[805c020,805c020], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594592:64>,) No known value at the top of the stack Fact from 804ca70 after applying transfer function Do not track predicate Var: , Interval 0[134594592,134594592] 0[805c020,805c020], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594592:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594592,134594592] 0[805c020,805c020], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594592:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594592,134594592] 0[805c020,805c020], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c020 not read only, returning false Not jump table format! [Parser.C] finalizing targ804ca70 (804ca70) No targets, exits func Adding block 0x804ca70 as exit 804ca70 extent [804ca70,804ca76) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c020] at 0x804ca70 in function targ804ca70 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804ca70->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for dup [Parser.C] frame 804ca70 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] dup return status 2, no waiters [Parser.C] ==== resuming parse of frame 8053fb7 ==== Checking non-returning for dup [Parser.C:1485] recording block [805400d,805400d) [Parser.C] parsing block 805400d [Parser.C:1274] curAddr 0x805400d: mov [EBX + 768], EAX [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054013: mov EAX, [EBX + 768] [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054019: cmp EAX, ff [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x805401c: jnz 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called branch or return, ret true [Parser.C:1485] recording block [805400d,805401e) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 7 + EIP + 2 to 0x805401c...SUCCESS (CFT=0x8054025) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805401c->8054025 resolveable_edge: 1, tailcall: 0, target: 8054025 [ParserDetails.C:588] pushing 8054025 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805401c->805401e resolveable_edge: 1, tailcall: 0, target: 805401e [ParserDetails.C:588] pushing 805401e onto worklist [Parser.C:1485] recording block [8054025,8054025) [Parser.C] parsing block 8054025 [Parser.C:1274] curAddr 0x8054025: mov EAX, [EBX + 76c] [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x805402b: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x805402f: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054032: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054035: call ffff89e6 + EIP + 5 [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff89e6 + EIP + 5 to 0x8054035...SUCCESS (CFT=0x804ca20) [Parser.C:1485] recording block [8054025,805403a) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8054035->804ca20 resolveable_edge: 1, tailcall: 0, target: 804ca20 [ParserDetails.C:588] pushing 804ca20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8054035->805403a resolveable_edge: 1, tailcall: 0, target: 805403a [ParserDetails.C:588] pushing 805403a onto worklist [Parser.C] binding call 8054035->804ca20 [Parser.C] block 804ca20 exists Checking non-returning for dup2 [Parser.C:1485] recording block [805403a,805403a) [Parser.C] parsing block 805403a [Parser.C:1274] curAddr 0x805403a: cmp EAX, ff [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x805403d: jnz 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called branch or return, ret true [Parser.C:1485] recording block [805403a,805403f) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 7 + EIP + 2 to 0x805403d...SUCCESS (CFT=0x8054046) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805403d->8054046 resolveable_edge: 1, tailcall: 0, target: 8054046 [ParserDetails.C:588] pushing 8054046 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805403d->805403f resolveable_edge: 1, tailcall: 0, target: 805403f [ParserDetails.C:588] pushing 805403f onto worklist [Parser.C:1485] recording block [8054046,8054046) [Parser.C] parsing block 8054046 [Parser.C:1274] curAddr 0x8054046: mov EAX, 0 [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x805404b: add ESP, 24 [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x805404e: pop EBX, ESP [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x805404f: pop EBP, ESP [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054050: ret near [ESP] [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054046,8054051) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8054050 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8054050...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8053fe2,8053fe2) [Parser.C] parsing block 8053fe2 [Parser.C:1274] curAddr 0x8053fe2: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8053fe7: jmp 62 + EIP + 2 [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 62 + EIP + 2 to 0x8053fe7...SUCCESS (CFT=0x805404b) [Parser.C:1485] recording block [8053fe2,8053fe9) Getting edges Checking for Tail Call jump to 0x805404b is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8053fe7->805404b resolveable_edge: 1, tailcall: 0, target: 805404b [ParserDetails.C:588] pushing 805404b onto worklist [Parser.C:1485] recording block [805401e,805401e) [Parser.C] parsing block 805401e [Parser.C:1274] curAddr 0x805401e: mov EAX, fffffffe [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054023: jmp 26 + EIP + 2 [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 26 + EIP + 2 to 0x8054023...SUCCESS (CFT=0x805404b) [Parser.C:1485] recording block [805401e,8054025) Getting edges Checking for Tail Call jump to 0x805404b is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8054023->805404b resolveable_edge: 1, tailcall: 0, target: 805404b [ParserDetails.C:588] pushing 805404b onto worklist [Parser.C:1485] recording block [805403f,805403f) [Parser.C] parsing block 805403f [Parser.C:1274] curAddr 0x805403f: mov EAX, fffffffd [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called [Parser.C:1274] curAddr 0x8054044: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname setupFortranOutput hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x8054044...SUCCESS (CFT=0x805404b) [Parser.C:1485] recording block [805403f,8054046) Getting edges Checking for Tail Call jump to 0x805404b is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8054044->805404b resolveable_edge: 1, tailcall: 0, target: 805404b [ParserDetails.C:588] pushing 805404b onto worklist [Parser.C] address 805404b splits [8054046,8054051) (0x1d781f0) [Parser.C:1485] recording block [805404b,8054051) [Parser.C] skipping locally parsed target at 805404b [Parser.C] block 805404b exists [Parser.C] skipping locally parsed target at 805404b [Parser.C] block 805404b exists [Parser.C] skipping locally parsed target at 805404b [Parser.C] frame 8053fb7 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] setupFortranOutput return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8054782) [Parser.C:180] entered parse_at([804ccd0,80549c4),8054782) [Parser.C:1485] recording block [8054782,8054782) [Parser.C] ==== starting to parse frame 8054782 ==== [Parser.C] parsing block 8054782 [Parser.C:1274] curAddr 0x8054782: push EBP, ESP [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054783: mov EBP, ESP [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054785: push EBX, ESP [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054786: sub ESP, 24 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054789: call ffff8572 + EIP + 5 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8572 + EIP + 5 to 0x8054789...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x805478e: add EBX, 7872 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054794: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x805479b: mov [ESP], 128 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547a2: call ffff8369 + EIP + 5 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8369 + EIP + 5 to 0x80547a2...SUCCESS (CFT=0x804cb10) [Parser.C:1485] recording block [8054782,80547a7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80547a2->804cb10 resolveable_edge: 1, tailcall: 0, target: 804cb10 [ParserDetails.C:588] pushing 804cb10 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80547a2->80547a7 resolveable_edge: 1, tailcall: 0, target: 80547a7 [ParserDetails.C:588] pushing 80547a7 onto worklist [Parser.C] binding call 80547a2->804cb10 [ParseData.C] new function for target 804cb10 [Parser.C:1485] recording block [804cb10,804cb10) [suspend frame 8054782] [Parser.C] frame 8054782 blocked at 80547a2 call target 804cb10 [Parser.C] block 804cb10 exists [Parser.C] ==== starting to parse frame 804cb10 ==== [Parser.C] parsing block 804cb10 [Parser.C:1274] curAddr 0x804cb10: jmp [805c048] [Parser.C:1280] leaf 1 funcname targ804cb10 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c048] to 0x804cb10...FAIL (CFT=0x0), callTarget exp: [805c048] ... indirect jump at 0x804cb10, delay parsing it [Parser.C:1485] recording block [804cb10,804cb16) ... continue parse indirect jump at 804cb10 [Parser.C:1485] recording block [804cb10,804cb16) Getting edges ... indirect jump at 0x804cb10 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c048] at 0x804cb10 Apply indirect control flow analysis at 804cb10 Looking for thunk Looking for thunk in block [804cb10,804cb16).......WARNING: after advance at 0x804cb16, curInsn() NULL Expanding instruction @ 804cb10: jmp [805c048] Original expand: (<134594632:32>,) Adding assignment (@804cb10<[x86::eip]>[_805c048]) in instruction jmp [805c048] at 804cb10, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cb10, insn: jmp [805c048] Old fact for 804cb10: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cb10 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cb10<[x86::eip]>[_805c048]) Instruction: jmp [805c048] AST: (<134594632:64>,) Generate bound fact for Interval 0[134594632,134594632] 0[805c048,805c048], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594632:64>,) Apply relations2 to (<134594632:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594632,134594632] 0[805c048,805c048], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594632:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cb10 The fact from 804cb10 before applying transfer function Do not track predicate Var: , Interval 0[134594632,134594632] 0[805c048,805c048], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594632:64>,) No known value at the top of the stack Fact from 804cb10 after applying transfer function Do not track predicate Var: , Interval 0[134594632,134594632] 0[805c048,805c048], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594632:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594632,134594632] 0[805c048,805c048], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594632:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594632,134594632] 0[805c048,805c048], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c048 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cb10 (804cb10) No targets, exits func Adding block 0x804cb10 as exit 804cb10 extent [804cb10,804cb16) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c048] at 0x804cb10 in function targ804cb10 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cb10->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for malloc [Parser.C] frame 804cb10 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] malloc return status 2, no waiters [Parser.C] ==== resuming parse of frame 8054782 ==== Checking non-returning for malloc [Parser.C:1485] recording block [80547a7,80547a7) [Parser.C] parsing block 80547a7 [Parser.C:1274] curAddr 0x80547a7: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547aa: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547ad: add EAX, 10 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547b0: mov [ESP + 8], 8c [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547b8: mov [ESP + 4], 0 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547c0: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547c3: call ffff8408 + EIP + 5 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8408 + EIP + 5 to 0x80547c3...SUCCESS (CFT=0x804cbd0) [Parser.C:1485] recording block [80547a7,80547c8) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80547c3->804cbd0 resolveable_edge: 1, tailcall: 0, target: 804cbd0 [ParserDetails.C:588] pushing 804cbd0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80547c3->80547c8 resolveable_edge: 1, tailcall: 0, target: 80547c8 [ParserDetails.C:588] pushing 80547c8 onto worklist [Parser.C] binding call 80547c3->804cbd0 [ParseData.C] new function for target 804cbd0 [Parser.C:1485] recording block [804cbd0,804cbd0) [suspend frame 8054782] [Parser.C] frame 8054782 blocked at 80547c3 call target 804cbd0 [Parser.C] block 804cbd0 exists [Parser.C] ==== starting to parse frame 804cbd0 ==== [Parser.C] parsing block 804cbd0 [Parser.C:1274] curAddr 0x804cbd0: jmp [805c078] [Parser.C:1280] leaf 1 funcname targ804cbd0 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c078] to 0x804cbd0...FAIL (CFT=0x0), callTarget exp: [805c078] ... indirect jump at 0x804cbd0, delay parsing it [Parser.C:1485] recording block [804cbd0,804cbd6) ... continue parse indirect jump at 804cbd0 [Parser.C:1485] recording block [804cbd0,804cbd6) Getting edges ... indirect jump at 0x804cbd0 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c078] at 0x804cbd0 Apply indirect control flow analysis at 804cbd0 Looking for thunk Looking for thunk in block [804cbd0,804cbd6).......WARNING: after advance at 0x804cbd6, curInsn() NULL Expanding instruction @ 804cbd0: jmp [805c078] Original expand: (<134594680:32>,) Adding assignment (@804cbd0<[x86::eip]>[_805c078]) in instruction jmp [805c078] at 804cbd0, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cbd0, insn: jmp [805c078] Old fact for 804cbd0: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cbd0 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cbd0<[x86::eip]>[_805c078]) Instruction: jmp [805c078] AST: (<134594680:64>,) Generate bound fact for Interval 0[134594680,134594680] 0[805c078,805c078], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594680:64>,) Apply relations2 to (<134594680:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594680,134594680] 0[805c078,805c078], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594680:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cbd0 The fact from 804cbd0 before applying transfer function Do not track predicate Var: , Interval 0[134594680,134594680] 0[805c078,805c078], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594680:64>,) No known value at the top of the stack Fact from 804cbd0 after applying transfer function Do not track predicate Var: , Interval 0[134594680,134594680] 0[805c078,805c078], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594680:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594680,134594680] 0[805c078,805c078], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594680:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594680,134594680] 0[805c078,805c078], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c078 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cbd0 (804cbd0) No targets, exits func Adding block 0x804cbd0 as exit 804cbd0 extent [804cbd0,804cbd6) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c078] at 0x804cbd0 in function targ804cbd0 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cbd0->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for memset [Parser.C] frame 804cbd0 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] memset return status 2, no waiters [Parser.C] ==== resuming parse of frame 8054782 ==== Checking non-returning for memset [Parser.C:1485] recording block [80547c8,80547c8) [Parser.C] parsing block 80547c8 [Parser.C:1274] curAddr 0x80547c8: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547cb: lea EDX, EBX + ffff8754 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547d1: mov [EAX + 10], EDX [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547d4: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547d7: mov [EAX + 94], 4 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547e1: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547e4: lea EDX, EAX + 9c [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547ea: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547ed: add EAX, 10 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547f0: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547f4: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547f8: mov [ESP], e [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x80547ff: call ffff848c + EIP + 5 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff848c + EIP + 5 to 0x80547ff...SUCCESS (CFT=0x804cc90) [Parser.C:1485] recording block [80547c8,8054804) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80547ff->804cc90 resolveable_edge: 1, tailcall: 0, target: 804cc90 [ParserDetails.C:588] pushing 804cc90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80547ff->8054804 resolveable_edge: 1, tailcall: 0, target: 8054804 [ParserDetails.C:588] pushing 8054804 onto worklist [Parser.C] binding call 80547ff->804cc90 [Parser.C] block 804cc90 exists Checking non-returning for sigaction [Parser.C:1485] recording block [8054804,8054804) [Parser.C] parsing block 8054804 [Parser.C:1274] curAddr 0x8054804: test EAX, EAX [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054806: jz 12 + EIP + 2 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054804,8054808) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 12 + EIP + 2 to 0x8054806...SUCCESS (CFT=0x805481a) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054806->805481a resolveable_edge: 1, tailcall: 0, target: 805481a [ParserDetails.C:588] pushing 805481a onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054806->8054808 resolveable_edge: 1, tailcall: 0, target: 8054808 [ParserDetails.C:588] pushing 8054808 onto worklist [Parser.C:1485] recording block [805481a,805481a) [Parser.C] parsing block 805481a [Parser.C:1274] curAddr 0x805481a: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x805481d: mov [EAX], 0 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054823: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054826: mov [EAX + 4], 2710 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x805482d: mov ECX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054830: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054833: mov EDX, [EAX + 4] [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054836: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054838: mov [ECX + 8], EAX [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x805483b: mov [ECX + c], EDX [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x805483e: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054841: mov [ESP + 8], 0 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054849: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x805484d: mov [ESP], 0 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054854: call ffff81d7 + EIP + 5 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff81d7 + EIP + 5 to 0x8054854...SUCCESS (CFT=0x804ca30) [Parser.C:1485] recording block [805481a,8054859) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8054854->804ca30 resolveable_edge: 1, tailcall: 0, target: 804ca30 [ParserDetails.C:588] pushing 804ca30 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8054854->8054859 resolveable_edge: 1, tailcall: 0, target: 8054859 [ParserDetails.C:588] pushing 8054859 onto worklist [Parser.C] binding call 8054854->804ca30 [Parser.C] block 804ca30 exists Checking non-returning for setitimer [Parser.C:1485] recording block [8054859,8054859) [Parser.C] parsing block 8054859 [Parser.C:1274] curAddr 0x8054859: cmp EAX, ff [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x805485c: jnz 12 + EIP + 2 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054859,805485e) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 12 + EIP + 2 to 0x805485c...SUCCESS (CFT=0x8054870) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805485c->8054870 resolveable_edge: 1, tailcall: 0, target: 8054870 [ParserDetails.C:588] pushing 8054870 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805485c->805485e resolveable_edge: 1, tailcall: 0, target: 805485e [ParserDetails.C:588] pushing 805485e onto worklist [Parser.C:1485] recording block [8054870,8054870) [Parser.C] parsing block 8054870 [Parser.C:1274] curAddr 0x8054870: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054873: add ESP, 24 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054876: pop EBX, ESP [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054877: pop EBP, ESP [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054878: ret near [ESP] [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054870,8054879) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8054878 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8054878...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8054808,8054808) [Parser.C] parsing block 8054808 [Parser.C:1274] curAddr 0x8054808: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x805480b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x805480e: call ffff826d + EIP + 5 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff826d + EIP + 5 to 0x805480e...SUCCESS (CFT=0x804ca80) [Parser.C:1485] recording block [8054808,8054813) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805480e->804ca80 resolveable_edge: 1, tailcall: 0, target: 804ca80 [ParserDetails.C:588] pushing 804ca80 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805480e->8054813 resolveable_edge: 1, tailcall: 0, target: 8054813 [ParserDetails.C:588] pushing 8054813 onto worklist [Parser.C] binding call 805480e->804ca80 [Parser.C] block 804ca80 exists Checking non-returning for free [Parser.C:1485] recording block [8054813,8054813) [Parser.C] parsing block 8054813 [Parser.C:1274] curAddr 0x8054813: mov EAX, 0 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054818: jmp 59 + EIP + 2 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 59 + EIP + 2 to 0x8054818...SUCCESS (CFT=0x8054873) [Parser.C:1485] recording block [8054813,805481a) Getting edges Checking for Tail Call jump to 0x8054873 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8054818->8054873 resolveable_edge: 1, tailcall: 0, target: 8054873 [ParserDetails.C:588] pushing 8054873 onto worklist [Parser.C:1485] recording block [805485e,805485e) [Parser.C] parsing block 805485e [Parser.C:1274] curAddr 0x805485e: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054861: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x8054864: call ffff8217 + EIP + 5 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8217 + EIP + 5 to 0x8054864...SUCCESS (CFT=0x804ca80) [Parser.C:1485] recording block [805485e,8054869) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8054864->804ca80 resolveable_edge: 1, tailcall: 0, target: 804ca80 [ParserDetails.C:588] pushing 804ca80 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8054864->8054869 resolveable_edge: 1, tailcall: 0, target: 8054869 [ParserDetails.C:588] pushing 8054869 onto worklist [Parser.C] binding call 8054864->804ca80 [Parser.C] block 804ca80 exists Checking non-returning for free [Parser.C:1485] recording block [8054869,8054869) [Parser.C] parsing block 8054869 [Parser.C:1274] curAddr 0x8054869: mov EAX, 0 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called [Parser.C:1274] curAddr 0x805486e: jmp 3 + EIP + 2 [Parser.C:1280] leaf 1 funcname startEventSource hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 3 + EIP + 2 to 0x805486e...SUCCESS (CFT=0x8054873) [Parser.C:1485] recording block [8054869,8054870) Getting edges Checking for Tail Call jump to 0x8054873 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 805486e->8054873 resolveable_edge: 1, tailcall: 0, target: 8054873 [ParserDetails.C:588] pushing 8054873 onto worklist [Parser.C] address 8054873 splits [8054870,8054879) (0x1d7b870) [Parser.C:1485] recording block [8054873,8054879) [Parser.C] skipping locally parsed target at 8054873 [Parser.C] block 8054873 exists [Parser.C] skipping locally parsed target at 8054873 [Parser.C] frame 8054782 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] startEventSource return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8053218) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053218) [Parser.C:1485] recording block [8053218,8053218) [Parser.C] ==== starting to parse frame 8053218 ==== [Parser.C] parsing block 8053218 [Parser.C:1274] curAddr 0x8053218: push EBP, ESP [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called [Parser.C:1274] curAddr 0x8053219: mov EBP, ESP [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called [Parser.C:1274] curAddr 0x805321b: push EBX, ESP [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called [Parser.C:1274] curAddr 0x805321c: sub ESP, 14 [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called [Parser.C:1274] curAddr 0x805321f: call ffff9adc + EIP + 5 [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9adc + EIP + 5 to 0x805321f...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053224: add EBX, 8ddc [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called [Parser.C:1274] curAddr 0x805322a: mov EAX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called [Parser.C:1274] curAddr 0x8053230: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called [Parser.C:1274] curAddr 0x8053232: mov [ESP + c], 56 [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called [Parser.C:1274] curAddr 0x805323a: lea EDX, EBX + ffffbedc [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called [Parser.C:1274] curAddr 0x8053240: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called [Parser.C:1274] curAddr 0x8053244: lea EDX, EBX + ffffbf38 [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called [Parser.C:1274] curAddr 0x805324a: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called [Parser.C:1274] curAddr 0x805324e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called [Parser.C:1274] curAddr 0x8053251: call ffff993a + EIP + 5 [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff993a + EIP + 5 to 0x8053251...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [8053218,8053256) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053251->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053251->8053256 resolveable_edge: 1, tailcall: 0, target: 8053256 [ParserDetails.C:588] pushing 8053256 onto worklist [Parser.C] binding call 8053251->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C:1485] recording block [8053256,8053256) [Parser.C] parsing block 8053256 [Parser.C:1274] curAddr 0x8053256: add ESP, 14 [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called [Parser.C:1274] curAddr 0x8053259: pop EBX, ESP [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called [Parser.C:1274] curAddr 0x805325a: pop EBP, ESP [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called [Parser.C:1274] curAddr 0x805325b: ret near [ESP] [Parser.C:1280] leaf 1 funcname warningLogResult hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053256,805325c) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x805325b Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x805325b...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8053218 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] warningLogResult return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804e55f) [Parser.C:180] entered parse_at([804ccd0,80549c4),804e55f) [Parser.C:1485] recording block [804e55f,804e55f) [Parser.C] ==== starting to parse frame 804e55f ==== [Parser.C] parsing block 804e55f [Parser.C:1274] curAddr 0x804e55f: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e560: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e562: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e563: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e566: call ffffe795 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe795 + EIP + 5 to 0x804e566...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804e56b: add EBX, da95 [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e571: call fffffcaa + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffcaa + EIP + 5 to 0x804e571...SUCCESS (CFT=0x804e220) [Parser.C:1485] recording block [804e55f,804e576) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e571->804e220 resolveable_edge: 1, tailcall: 0, target: 804e220 [ParserDetails.C:588] pushing 804e220 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e571->804e576 resolveable_edge: 1, tailcall: 0, target: 804e576 [ParserDetails.C:588] pushing 804e576 onto worklist [Parser.C] binding call 804e571->804e220 [Parser.C:1485] recording block [804e220,804e220) [suspend frame 804e55f] [Parser.C] frame 804e55f blocked at 804e571 call target 804e220 [Parser.C] block 804e220 exists [Parser.C] ==== starting to parse frame 804e220 ==== [Parser.C] parsing block 804e220 [Parser.C:1274] curAddr 0x804e220: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e221: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e223: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e224: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e227: call ffffead4 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffead4 + EIP + 5 to 0x804e227...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804e22c: add EBX, ddd4 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e232: call 363 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 363 + EIP + 5 to 0x804e232...SUCCESS (CFT=0x804e59a) [Parser.C:1485] recording block [804e220,804e237) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e232->804e59a resolveable_edge: 1, tailcall: 0, target: 804e59a [ParserDetails.C:588] pushing 804e59a onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e232->804e237 resolveable_edge: 1, tailcall: 0, target: 804e237 [ParserDetails.C:588] pushing 804e237 onto worklist [Parser.C] binding call 804e232->804e59a [Parser.C] block 804e59a exists Checking non-returning for test1_6_func2 Checking non-returning for test1_6_func2 [Parser.C:1485] recording block [804e237,804e237) [Parser.C] parsing block 804e237 [Parser.C:1274] curAddr 0x804e237: lea EAX, EBX + 3ac [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e23d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e23f: cmp EAX, 3e [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e242: jnz d7 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e237,804e248) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz d7 + EIP + 6 to 0x804e242...SUCCESS (CFT=0x804e31f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e242->804e31f resolveable_edge: 1, tailcall: 0, target: 804e31f [ParserDetails.C:588] pushing 804e31f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e242->804e248 resolveable_edge: 1, tailcall: 0, target: 804e248 [ParserDetails.C:588] pushing 804e248 onto worklist [Parser.C:1485] recording block [804e31f,804e31f) [Parser.C] parsing block 804e31f [Parser.C:1274] curAddr 0x804e31f: lea EAX, EBX + ffff93b4 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e325: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e328: call 5690 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5690 + EIP + 5 to 0x804e328...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e31f,804e32d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e328->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e328->804e32d resolveable_edge: 1, tailcall: 0, target: 804e32d [ParserDetails.C:588] pushing 804e32d onto worklist [Parser.C] binding call 804e328->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804e32d,804e32d) [Parser.C] parsing block 804e32d [Parser.C:1274] curAddr 0x804e32d: lea EAX, EBX + 3ac [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e333: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e335: cmp EAX, 3e [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e338: jz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e32d,804e33a) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1a + EIP + 2 to 0x804e338...SUCCESS (CFT=0x804e354) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e338->804e354 resolveable_edge: 1, tailcall: 0, target: 804e354 [ParserDetails.C:588] pushing 804e354 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e338->804e33a resolveable_edge: 1, tailcall: 0, target: 804e33a [ParserDetails.C:588] pushing 804e33a onto worklist [Parser.C:1485] recording block [804e354,804e354) [Parser.C] parsing block 804e354 [Parser.C:1274] curAddr 0x804e354: lea EAX, EBX + 3b0 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e35a: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e35c: cmp EAX, 3f [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e35f: jz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e354,804e361) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1a + EIP + 2 to 0x804e35f...SUCCESS (CFT=0x804e37b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e35f->804e37b resolveable_edge: 1, tailcall: 0, target: 804e37b [ParserDetails.C:588] pushing 804e37b onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e35f->804e361 resolveable_edge: 1, tailcall: 0, target: 804e361 [ParserDetails.C:588] pushing 804e361 onto worklist [Parser.C:1485] recording block [804e37b,804e37b) [Parser.C] parsing block 804e37b [Parser.C:1274] curAddr 0x804e37b: lea EAX, EBX + 3b4 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e381: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e383: cmp EAX, 16 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e386: jz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e37b,804e388) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1a + EIP + 2 to 0x804e386...SUCCESS (CFT=0x804e3a2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e386->804e3a2 resolveable_edge: 1, tailcall: 0, target: 804e3a2 [ParserDetails.C:588] pushing 804e3a2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e386->804e388 resolveable_edge: 1, tailcall: 0, target: 804e388 [ParserDetails.C:588] pushing 804e388 onto worklist [Parser.C:1485] recording block [804e3a2,804e3a2) [Parser.C] parsing block 804e3a2 [Parser.C:1274] curAddr 0x804e3a2: lea EAX, EBX + 3b8 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3a8: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3aa: cmp EAX, 16 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3ad: jz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e3a2,804e3af) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1a + EIP + 2 to 0x804e3ad...SUCCESS (CFT=0x804e3c9) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e3ad->804e3c9 resolveable_edge: 1, tailcall: 0, target: 804e3c9 [ParserDetails.C:588] pushing 804e3c9 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e3ad->804e3af resolveable_edge: 1, tailcall: 0, target: 804e3af [ParserDetails.C:588] pushing 804e3af onto worklist [Parser.C:1485] recording block [804e3c9,804e3c9) [Parser.C] parsing block 804e3c9 [Parser.C:1274] curAddr 0x804e3c9: lea EAX, EBX + 3bc [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3cf: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3d1: cmp EAX, 1e [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3d4: jz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e3c9,804e3d6) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1a + EIP + 2 to 0x804e3d4...SUCCESS (CFT=0x804e3f0) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e3d4->804e3f0 resolveable_edge: 1, tailcall: 0, target: 804e3f0 [ParserDetails.C:588] pushing 804e3f0 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e3d4->804e3d6 resolveable_edge: 1, tailcall: 0, target: 804e3d6 [ParserDetails.C:588] pushing 804e3d6 onto worklist [Parser.C:1485] recording block [804e3f0,804e3f0) [Parser.C] parsing block 804e3f0 [Parser.C:1274] curAddr 0x804e3f0: lea EAX, EBX + 3c0 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3f6: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3f8: cmp EAX, 3 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3fb: jz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e3f0,804e3fd) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1a + EIP + 2 to 0x804e3fb...SUCCESS (CFT=0x804e417) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e3fb->804e417 resolveable_edge: 1, tailcall: 0, target: 804e417 [ParserDetails.C:588] pushing 804e417 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e3fb->804e3fd resolveable_edge: 1, tailcall: 0, target: 804e3fd [ParserDetails.C:588] pushing 804e3fd onto worklist [Parser.C:1485] recording block [804e417,804e417) [Parser.C] parsing block 804e417 [Parser.C:1274] curAddr 0x804e417: lea EAX, EBX + 3c4 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e41d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e41f: cmp EAX, 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e422: jz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e417,804e424) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1a + EIP + 2 to 0x804e422...SUCCESS (CFT=0x804e43e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e422->804e43e resolveable_edge: 1, tailcall: 0, target: 804e43e [ParserDetails.C:588] pushing 804e43e onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e422->804e424 resolveable_edge: 1, tailcall: 0, target: 804e424 [ParserDetails.C:588] pushing 804e424 onto worklist [Parser.C:1485] recording block [804e43e,804e43e) [Parser.C] parsing block 804e43e [Parser.C:1274] curAddr 0x804e43e: lea EAX, EBX + 3c8 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e444: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e446: cmp EAX, 3e [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e449: jz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e43e,804e44b) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1a + EIP + 2 to 0x804e449...SUCCESS (CFT=0x804e465) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e449->804e465 resolveable_edge: 1, tailcall: 0, target: 804e465 [ParserDetails.C:588] pushing 804e465 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e449->804e44b resolveable_edge: 1, tailcall: 0, target: 804e44b [ParserDetails.C:588] pushing 804e44b onto worklist [Parser.C:1485] recording block [804e465,804e465) [Parser.C] parsing block 804e465 [Parser.C:1274] curAddr 0x804e465: lea EAX, EBX + 3cc [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e46b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e46d: cmp EAX, 3f [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e470: jz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e465,804e472) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1a + EIP + 2 to 0x804e470...SUCCESS (CFT=0x804e48c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e470->804e48c resolveable_edge: 1, tailcall: 0, target: 804e48c [ParserDetails.C:588] pushing 804e48c onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e470->804e472 resolveable_edge: 1, tailcall: 0, target: 804e472 [ParserDetails.C:588] pushing 804e472 onto worklist [Parser.C:1485] recording block [804e48c,804e48c) [Parser.C] parsing block 804e48c [Parser.C:1274] curAddr 0x804e48c: lea EAX, EBX + 3d0 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e492: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e494: cmp EAX, 16 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e497: jz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e48c,804e499) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1a + EIP + 2 to 0x804e497...SUCCESS (CFT=0x804e4b3) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e497->804e4b3 resolveable_edge: 1, tailcall: 0, target: 804e4b3 [ParserDetails.C:588] pushing 804e4b3 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e497->804e499 resolveable_edge: 1, tailcall: 0, target: 804e499 [ParserDetails.C:588] pushing 804e499 onto worklist [Parser.C:1485] recording block [804e4b3,804e4b3) [Parser.C] parsing block 804e4b3 [Parser.C:1274] curAddr 0x804e4b3: lea EAX, EBX + 3d4 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4b9: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4bb: cmp EAX, 16 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4be: jz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e4b3,804e4c0) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1a + EIP + 2 to 0x804e4be...SUCCESS (CFT=0x804e4da) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e4be->804e4da resolveable_edge: 1, tailcall: 0, target: 804e4da [ParserDetails.C:588] pushing 804e4da onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e4be->804e4c0 resolveable_edge: 1, tailcall: 0, target: 804e4c0 [ParserDetails.C:588] pushing 804e4c0 onto worklist [Parser.C:1485] recording block [804e4da,804e4da) [Parser.C] parsing block 804e4da [Parser.C:1274] curAddr 0x804e4da: lea EAX, EBX + 3d8 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4e0: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4e2: cmp EAX, 1e [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4e5: jz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e4da,804e4e7) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1a + EIP + 2 to 0x804e4e5...SUCCESS (CFT=0x804e501) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e4e5->804e501 resolveable_edge: 1, tailcall: 0, target: 804e501 [ParserDetails.C:588] pushing 804e501 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e4e5->804e4e7 resolveable_edge: 1, tailcall: 0, target: 804e4e7 [ParserDetails.C:588] pushing 804e4e7 onto worklist [Parser.C:1485] recording block [804e501,804e501) [Parser.C] parsing block 804e501 [Parser.C:1274] curAddr 0x804e501: lea EAX, EBX + 3dc [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e507: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e509: cmp EAX, 3 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e50c: jz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e501,804e50e) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1a + EIP + 2 to 0x804e50c...SUCCESS (CFT=0x804e528) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e50c->804e528 resolveable_edge: 1, tailcall: 0, target: 804e528 [ParserDetails.C:588] pushing 804e528 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e50c->804e50e resolveable_edge: 1, tailcall: 0, target: 804e50e [ParserDetails.C:588] pushing 804e50e onto worklist [Parser.C:1485] recording block [804e528,804e528) [Parser.C] parsing block 804e528 [Parser.C:1274] curAddr 0x804e528: lea EAX, EBX + 3e0 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e52e: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e530: cmp EAX, 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e533: jz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e528,804e535) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1a + EIP + 2 to 0x804e533...SUCCESS (CFT=0x804e54f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e533->804e54f resolveable_edge: 1, tailcall: 0, target: 804e54f [ParserDetails.C:588] pushing 804e54f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e533->804e535 resolveable_edge: 1, tailcall: 0, target: 804e535 [ParserDetails.C:588] pushing 804e535 onto worklist [Parser.C:1485] recording block [804e54f,804e54f) [Parser.C] parsing block 804e54f [Parser.C:1274] curAddr 0x804e54f: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e556: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e559: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e55c: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e55d: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e55e: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e54f,804e55f) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804e55e Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804e55e...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804e248,804e248) [Parser.C] parsing block 804e248 [Parser.C:1274] curAddr 0x804e248: lea EAX, EBX + 3b0 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e24e: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e250: cmp EAX, 3f [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e253: jnz c6 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e248,804e259) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz c6 + EIP + 6 to 0x804e253...SUCCESS (CFT=0x804e31f) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e31f is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e253->804e31f resolveable_edge: 1, tailcall: 0, target: 804e31f [ParserDetails.C:588] pushing 804e31f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e253->804e259 resolveable_edge: 1, tailcall: 0, target: 804e259 [ParserDetails.C:588] pushing 804e259 onto worklist [Parser.C] block 804e31f exists [Parser.C] skipping locally parsed target at 804e31f [Parser.C:1485] recording block [804e259,804e259) [Parser.C] parsing block 804e259 [Parser.C:1274] curAddr 0x804e259: lea EAX, EBX + 3b4 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e25f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e261: cmp EAX, 16 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e264: jnz b5 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e259,804e26a) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz b5 + EIP + 6 to 0x804e264...SUCCESS (CFT=0x804e31f) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e31f is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e264->804e31f resolveable_edge: 1, tailcall: 0, target: 804e31f [ParserDetails.C:588] pushing 804e31f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e264->804e26a resolveable_edge: 1, tailcall: 0, target: 804e26a [ParserDetails.C:588] pushing 804e26a onto worklist [Parser.C] block 804e31f exists [Parser.C] skipping locally parsed target at 804e31f [Parser.C:1485] recording block [804e26a,804e26a) [Parser.C] parsing block 804e26a [Parser.C:1274] curAddr 0x804e26a: lea EAX, EBX + 3b8 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e270: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e272: cmp EAX, 16 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e275: jnz a4 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e26a,804e27b) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz a4 + EIP + 6 to 0x804e275...SUCCESS (CFT=0x804e31f) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e31f is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e275->804e31f resolveable_edge: 1, tailcall: 0, target: 804e31f [ParserDetails.C:588] pushing 804e31f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e275->804e27b resolveable_edge: 1, tailcall: 0, target: 804e27b [ParserDetails.C:588] pushing 804e27b onto worklist [Parser.C] block 804e31f exists [Parser.C] skipping locally parsed target at 804e31f [Parser.C:1485] recording block [804e27b,804e27b) [Parser.C] parsing block 804e27b [Parser.C:1274] curAddr 0x804e27b: lea EAX, EBX + 3bc [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e281: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e283: cmp EAX, 1e [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e286: jnz 93 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e27b,804e28c) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 93 + EIP + 6 to 0x804e286...SUCCESS (CFT=0x804e31f) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e31f is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e286->804e31f resolveable_edge: 1, tailcall: 0, target: 804e31f [ParserDetails.C:588] pushing 804e31f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e286->804e28c resolveable_edge: 1, tailcall: 0, target: 804e28c [ParserDetails.C:588] pushing 804e28c onto worklist [Parser.C] block 804e31f exists [Parser.C] skipping locally parsed target at 804e31f [Parser.C:1485] recording block [804e28c,804e28c) [Parser.C] parsing block 804e28c [Parser.C:1274] curAddr 0x804e28c: lea EAX, EBX + 3c0 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e292: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e294: cmp EAX, 3 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e297: jnz 82 + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e28c,804e29d) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 82 + EIP + 6 to 0x804e297...SUCCESS (CFT=0x804e31f) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e31f is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e297->804e31f resolveable_edge: 1, tailcall: 0, target: 804e31f [ParserDetails.C:588] pushing 804e31f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e297->804e29d resolveable_edge: 1, tailcall: 0, target: 804e29d [ParserDetails.C:588] pushing 804e29d onto worklist [Parser.C] block 804e31f exists [Parser.C] skipping locally parsed target at 804e31f [Parser.C:1485] recording block [804e29d,804e29d) [Parser.C] parsing block 804e29d [Parser.C:1274] curAddr 0x804e29d: lea EAX, EBX + 3c4 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2a3: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2a5: cmp EAX, 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2a8: jnz 75 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e29d,804e2aa) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 75 + EIP + 2 to 0x804e2a8...SUCCESS (CFT=0x804e31f) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e31f is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e2a8->804e31f resolveable_edge: 1, tailcall: 0, target: 804e31f [ParserDetails.C:588] pushing 804e31f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e2a8->804e2aa resolveable_edge: 1, tailcall: 0, target: 804e2aa [ParserDetails.C:588] pushing 804e2aa onto worklist [Parser.C] block 804e31f exists [Parser.C] skipping locally parsed target at 804e31f [Parser.C:1485] recording block [804e2aa,804e2aa) [Parser.C] parsing block 804e2aa [Parser.C:1274] curAddr 0x804e2aa: lea EAX, EBX + 3c8 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2b0: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2b2: cmp EAX, 3e [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2b5: jnz 68 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e2aa,804e2b7) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 68 + EIP + 2 to 0x804e2b5...SUCCESS (CFT=0x804e31f) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e31f is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e2b5->804e31f resolveable_edge: 1, tailcall: 0, target: 804e31f [ParserDetails.C:588] pushing 804e31f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e2b5->804e2b7 resolveable_edge: 1, tailcall: 0, target: 804e2b7 [ParserDetails.C:588] pushing 804e2b7 onto worklist [Parser.C] block 804e31f exists [Parser.C] skipping locally parsed target at 804e31f [Parser.C:1485] recording block [804e2b7,804e2b7) [Parser.C] parsing block 804e2b7 [Parser.C:1274] curAddr 0x804e2b7: lea EAX, EBX + 3cc [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2bd: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2bf: cmp EAX, 3f [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2c2: jnz 5b + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e2b7,804e2c4) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 5b + EIP + 2 to 0x804e2c2...SUCCESS (CFT=0x804e31f) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e31f is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e2c2->804e31f resolveable_edge: 1, tailcall: 0, target: 804e31f [ParserDetails.C:588] pushing 804e31f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e2c2->804e2c4 resolveable_edge: 1, tailcall: 0, target: 804e2c4 [ParserDetails.C:588] pushing 804e2c4 onto worklist [Parser.C] block 804e31f exists [Parser.C] skipping locally parsed target at 804e31f [Parser.C:1485] recording block [804e2c4,804e2c4) [Parser.C] parsing block 804e2c4 [Parser.C:1274] curAddr 0x804e2c4: lea EAX, EBX + 3d0 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2ca: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2cc: cmp EAX, 16 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2cf: jnz 4e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e2c4,804e2d1) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 4e + EIP + 2 to 0x804e2cf...SUCCESS (CFT=0x804e31f) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e31f is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e2cf->804e31f resolveable_edge: 1, tailcall: 0, target: 804e31f [ParserDetails.C:588] pushing 804e31f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e2cf->804e2d1 resolveable_edge: 1, tailcall: 0, target: 804e2d1 [ParserDetails.C:588] pushing 804e2d1 onto worklist [Parser.C] block 804e31f exists [Parser.C] skipping locally parsed target at 804e31f [Parser.C:1485] recording block [804e2d1,804e2d1) [Parser.C] parsing block 804e2d1 [Parser.C:1274] curAddr 0x804e2d1: lea EAX, EBX + 3d4 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2d7: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2d9: cmp EAX, 16 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2dc: jnz 41 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e2d1,804e2de) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 41 + EIP + 2 to 0x804e2dc...SUCCESS (CFT=0x804e31f) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e31f is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e2dc->804e31f resolveable_edge: 1, tailcall: 0, target: 804e31f [ParserDetails.C:588] pushing 804e31f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e2dc->804e2de resolveable_edge: 1, tailcall: 0, target: 804e2de [ParserDetails.C:588] pushing 804e2de onto worklist [Parser.C] block 804e31f exists [Parser.C] skipping locally parsed target at 804e31f [Parser.C:1485] recording block [804e2de,804e2de) [Parser.C] parsing block 804e2de [Parser.C:1274] curAddr 0x804e2de: lea EAX, EBX + 3d8 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2e4: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2e6: cmp EAX, 1e [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2e9: jnz 34 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e2de,804e2eb) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 34 + EIP + 2 to 0x804e2e9...SUCCESS (CFT=0x804e31f) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e31f is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e2e9->804e31f resolveable_edge: 1, tailcall: 0, target: 804e31f [ParserDetails.C:588] pushing 804e31f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e2e9->804e2eb resolveable_edge: 1, tailcall: 0, target: 804e2eb [ParserDetails.C:588] pushing 804e2eb onto worklist [Parser.C] block 804e31f exists [Parser.C] skipping locally parsed target at 804e31f [Parser.C:1485] recording block [804e2eb,804e2eb) [Parser.C] parsing block 804e2eb [Parser.C:1274] curAddr 0x804e2eb: lea EAX, EBX + 3dc [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2f1: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2f3: cmp EAX, 3 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2f6: jnz 27 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e2eb,804e2f8) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 27 + EIP + 2 to 0x804e2f6...SUCCESS (CFT=0x804e31f) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e31f is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e2f6->804e31f resolveable_edge: 1, tailcall: 0, target: 804e31f [ParserDetails.C:588] pushing 804e31f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e2f6->804e2f8 resolveable_edge: 1, tailcall: 0, target: 804e2f8 [ParserDetails.C:588] pushing 804e2f8 onto worklist [Parser.C] block 804e31f exists [Parser.C] skipping locally parsed target at 804e31f [Parser.C:1485] recording block [804e2f8,804e2f8) [Parser.C] parsing block 804e2f8 [Parser.C:1274] curAddr 0x804e2f8: lea EAX, EBX + 3e0 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e2fe: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e300: cmp EAX, 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e303: jnz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e2f8,804e305) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1a + EIP + 2 to 0x804e303...SUCCESS (CFT=0x804e31f) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e31f is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e303->804e31f resolveable_edge: 1, tailcall: 0, target: 804e31f [ParserDetails.C:588] pushing 804e31f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e303->804e305 resolveable_edge: 1, tailcall: 0, target: 804e305 [ParserDetails.C:588] pushing 804e305 onto worklist [Parser.C] block 804e31f exists [Parser.C] skipping locally parsed target at 804e31f [Parser.C:1485] recording block [804e305,804e305) [Parser.C] parsing block 804e305 [Parser.C:1274] curAddr 0x804e305: lea EAX, EBX + ffff938c [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e30b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e30e: call 56aa + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 56aa + EIP + 5 to 0x804e30e...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e305,804e313) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e30e->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e30e->804e313 resolveable_edge: 1, tailcall: 0, target: 804e313 [ParserDetails.C:588] pushing 804e313 onto worklist [Parser.C] binding call 804e30e->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804e313,804e313) [Parser.C] parsing block 804e313 [Parser.C:1274] curAddr 0x804e313: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e31a: jmp 237 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 237 + EIP + 5 to 0x804e31a...SUCCESS (CFT=0x804e556) [Parser.C:1485] recording block [804e313,804e31f) Getting edges Checking for Tail Call jump to 0x804e556 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804e31a->804e556 resolveable_edge: 1, tailcall: 0, target: 804e556 [ParserDetails.C:588] pushing 804e556 onto worklist [Parser.C:1485] recording block [804e33a,804e33a) [Parser.C] parsing block 804e33a [Parser.C:1274] curAddr 0x804e33a: lea EAX, EBX + 3ac [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e340: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e342: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e346: lea EAX, EBX + ffff93e0 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e34c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e34f: call 5669 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5669 + EIP + 5 to 0x804e34f...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e33a,804e354) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e34f->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e34f->804e354 resolveable_edge: 1, tailcall: 0, target: 804e354 [ParserDetails.C:588] pushing 804e354 onto worklist [Parser.C] binding call 804e34f->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804e354 exists [Parser.C] skipping locally parsed target at 804e354 [Parser.C:1485] recording block [804e361,804e361) [Parser.C] parsing block 804e361 [Parser.C:1274] curAddr 0x804e361: lea EAX, EBX + 3b0 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e367: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e369: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e36d: lea EAX, EBX + ffff9408 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e373: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e376: call 5642 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5642 + EIP + 5 to 0x804e376...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e361,804e37b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e376->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e376->804e37b resolveable_edge: 1, tailcall: 0, target: 804e37b [ParserDetails.C:588] pushing 804e37b onto worklist [Parser.C] binding call 804e376->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804e37b exists [Parser.C] skipping locally parsed target at 804e37b [Parser.C:1485] recording block [804e388,804e388) [Parser.C] parsing block 804e388 [Parser.C:1274] curAddr 0x804e388: lea EAX, EBX + 3b4 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e38e: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e390: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e394: lea EAX, EBX + ffff9434 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e39a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e39d: call 561b + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 561b + EIP + 5 to 0x804e39d...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e388,804e3a2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e39d->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e39d->804e3a2 resolveable_edge: 1, tailcall: 0, target: 804e3a2 [ParserDetails.C:588] pushing 804e3a2 onto worklist [Parser.C] binding call 804e39d->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804e3a2 exists [Parser.C] skipping locally parsed target at 804e3a2 [Parser.C:1485] recording block [804e3af,804e3af) [Parser.C] parsing block 804e3af [Parser.C:1274] curAddr 0x804e3af: lea EAX, EBX + 3b8 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3b5: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3b7: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3bb: lea EAX, EBX + ffff945c [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3c1: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3c4: call 55f4 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 55f4 + EIP + 5 to 0x804e3c4...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e3af,804e3c9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e3c4->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e3c4->804e3c9 resolveable_edge: 1, tailcall: 0, target: 804e3c9 [ParserDetails.C:588] pushing 804e3c9 onto worklist [Parser.C] binding call 804e3c4->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804e3c9 exists [Parser.C] skipping locally parsed target at 804e3c9 [Parser.C:1485] recording block [804e3d6,804e3d6) [Parser.C] parsing block 804e3d6 [Parser.C:1274] curAddr 0x804e3d6: lea EAX, EBX + 3bc [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3dc: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3de: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3e2: lea EAX, EBX + ffff9484 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3e8: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e3eb: call 55cd + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 55cd + EIP + 5 to 0x804e3eb...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e3d6,804e3f0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e3eb->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e3eb->804e3f0 resolveable_edge: 1, tailcall: 0, target: 804e3f0 [ParserDetails.C:588] pushing 804e3f0 onto worklist [Parser.C] binding call 804e3eb->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804e3f0 exists [Parser.C] skipping locally parsed target at 804e3f0 [Parser.C:1485] recording block [804e3fd,804e3fd) [Parser.C] parsing block 804e3fd [Parser.C:1274] curAddr 0x804e3fd: lea EAX, EBX + 3c0 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e403: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e405: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e409: lea EAX, EBX + ffff94a8 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e40f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e412: call 55a6 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 55a6 + EIP + 5 to 0x804e412...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e3fd,804e417) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e412->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e412->804e417 resolveable_edge: 1, tailcall: 0, target: 804e417 [ParserDetails.C:588] pushing 804e417 onto worklist [Parser.C] binding call 804e412->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804e417 exists [Parser.C] skipping locally parsed target at 804e417 [Parser.C:1485] recording block [804e424,804e424) [Parser.C] parsing block 804e424 [Parser.C:1274] curAddr 0x804e424: lea EAX, EBX + 3c4 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e42a: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e42c: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e430: lea EAX, EBX + ffff94d0 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e436: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e439: call 557f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 557f + EIP + 5 to 0x804e439...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e424,804e43e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e439->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e439->804e43e resolveable_edge: 1, tailcall: 0, target: 804e43e [ParserDetails.C:588] pushing 804e43e onto worklist [Parser.C] binding call 804e439->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804e43e exists [Parser.C] skipping locally parsed target at 804e43e [Parser.C:1485] recording block [804e44b,804e44b) [Parser.C] parsing block 804e44b [Parser.C:1274] curAddr 0x804e44b: lea EAX, EBX + 3c8 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e451: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e453: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e457: lea EAX, EBX + ffff94f8 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e45d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e460: call 5558 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5558 + EIP + 5 to 0x804e460...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e44b,804e465) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e460->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e460->804e465 resolveable_edge: 1, tailcall: 0, target: 804e465 [ParserDetails.C:588] pushing 804e465 onto worklist [Parser.C] binding call 804e460->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804e465 exists [Parser.C] skipping locally parsed target at 804e465 [Parser.C:1485] recording block [804e472,804e472) [Parser.C] parsing block 804e472 [Parser.C:1274] curAddr 0x804e472: lea EAX, EBX + 3cc [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e478: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e47a: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e47e: lea EAX, EBX + ffff9520 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e484: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e487: call 5531 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5531 + EIP + 5 to 0x804e487...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e472,804e48c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e487->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e487->804e48c resolveable_edge: 1, tailcall: 0, target: 804e48c [ParserDetails.C:588] pushing 804e48c onto worklist [Parser.C] binding call 804e487->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804e48c exists [Parser.C] skipping locally parsed target at 804e48c [Parser.C:1485] recording block [804e499,804e499) [Parser.C] parsing block 804e499 [Parser.C:1274] curAddr 0x804e499: lea EAX, EBX + 3d0 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e49f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4a1: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4a5: lea EAX, EBX + ffff954c [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4ab: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4ae: call 550a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 550a + EIP + 5 to 0x804e4ae...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e499,804e4b3) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e4ae->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e4ae->804e4b3 resolveable_edge: 1, tailcall: 0, target: 804e4b3 [ParserDetails.C:588] pushing 804e4b3 onto worklist [Parser.C] binding call 804e4ae->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804e4b3 exists [Parser.C] skipping locally parsed target at 804e4b3 [Parser.C:1485] recording block [804e4c0,804e4c0) [Parser.C] parsing block 804e4c0 [Parser.C:1274] curAddr 0x804e4c0: lea EAX, EBX + 3d4 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4c6: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4c8: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4cc: lea EAX, EBX + ffff9574 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4d2: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4d5: call 54e3 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 54e3 + EIP + 5 to 0x804e4d5...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e4c0,804e4da) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e4d5->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e4d5->804e4da resolveable_edge: 1, tailcall: 0, target: 804e4da [ParserDetails.C:588] pushing 804e4da onto worklist [Parser.C] binding call 804e4d5->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804e4da exists [Parser.C] skipping locally parsed target at 804e4da [Parser.C:1485] recording block [804e4e7,804e4e7) [Parser.C] parsing block 804e4e7 [Parser.C:1274] curAddr 0x804e4e7: lea EAX, EBX + 3d8 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4ed: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4ef: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4f3: lea EAX, EBX + ffff959c [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4f9: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e4fc: call 54bc + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 54bc + EIP + 5 to 0x804e4fc...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e4e7,804e501) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e4fc->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e4fc->804e501 resolveable_edge: 1, tailcall: 0, target: 804e501 [ParserDetails.C:588] pushing 804e501 onto worklist [Parser.C] binding call 804e4fc->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804e501 exists [Parser.C] skipping locally parsed target at 804e501 [Parser.C:1485] recording block [804e50e,804e50e) [Parser.C] parsing block 804e50e [Parser.C:1274] curAddr 0x804e50e: lea EAX, EBX + 3dc [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e514: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e516: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e51a: lea EAX, EBX + ffff95c0 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e520: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e523: call 5495 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5495 + EIP + 5 to 0x804e523...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e50e,804e528) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e523->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e523->804e528 resolveable_edge: 1, tailcall: 0, target: 804e528 [ParserDetails.C:588] pushing 804e528 onto worklist [Parser.C] binding call 804e523->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804e528 exists [Parser.C] skipping locally parsed target at 804e528 [Parser.C:1485] recording block [804e535,804e535) [Parser.C] parsing block 804e535 [Parser.C:1274] curAddr 0x804e535: lea EAX, EBX + 3e0 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e53b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e53d: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e541: lea EAX, EBX + ffff95e4 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e547: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called [Parser.C:1274] curAddr 0x804e54a: call 546e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 546e + EIP + 5 to 0x804e54a...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e535,804e54f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e54a->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e54a->804e54f resolveable_edge: 1, tailcall: 0, target: 804e54f [ParserDetails.C:588] pushing 804e54f onto worklist [Parser.C] binding call 804e54a->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804e54f exists [Parser.C] skipping locally parsed target at 804e54f [Parser.C] address 804e556 splits [804e54f,804e55f) (0x1d7e390) [Parser.C:1485] recording block [804e556,804e55f) [Parser.C] skipping locally parsed target at 804e556 [Parser.C] frame 804e220 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_6_func1 return status 3, no waiters [Parser.C] ==== resuming parse of frame 804e55f ==== Checking non-returning for test1_6_func1 Checking non-returning for test1_6_func1 [Parser.C:1485] recording block [804e576,804e576) [Parser.C] parsing block 804e576 [Parser.C:1274] curAddr 0x804e576: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e578: jz 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e576,804e57a) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 7 + EIP + 2 to 0x804e578...SUCCESS (CFT=0x804e581) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e578->804e581 resolveable_edge: 1, tailcall: 0, target: 804e581 [ParserDetails.C:588] pushing 804e581 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e578->804e57a resolveable_edge: 1, tailcall: 0, target: 804e57a [ParserDetails.C:588] pushing 804e57a onto worklist [Parser.C:1485] recording block [804e581,804e581) [Parser.C] parsing block 804e581 [Parser.C:1274] curAddr 0x804e581: mov EAX, [EBX + 418] [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e587: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e58a: call 5e16 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5e16 + EIP + 5 to 0x804e58a...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [804e581,804e58f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e58a->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e58a->804e58f resolveable_edge: 1, tailcall: 0, target: 804e58f [ParserDetails.C:588] pushing 804e58f onto worklist [Parser.C] binding call 804e58a->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [804e58f,804e58f) [Parser.C] parsing block 804e58f [Parser.C:1274] curAddr 0x804e58f: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e594: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e597: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e598: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e599: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e58f,804e59a) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804e599 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804e599...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804e57a,804e57a) [Parser.C] parsing block 804e57a [Parser.C:1274] curAddr 0x804e57a: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e57f: jmp 13 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_6_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 13 + EIP + 2 to 0x804e57f...SUCCESS (CFT=0x804e594) [Parser.C:1485] recording block [804e57a,804e581) Getting edges Checking for Tail Call jump to 0x804e594 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804e57f->804e594 resolveable_edge: 1, tailcall: 0, target: 804e594 [ParserDetails.C:588] pushing 804e594 onto worklist [Parser.C] address 804e594 splits [804e58f,804e59a) (0x1d7f2a0) [Parser.C:1485] recording block [804e594,804e59a) [Parser.C] skipping locally parsed target at 804e594 [Parser.C] frame 804e55f complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_6_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80528b2) [Parser.C:180] entered parse_at([804ccd0,80549c4),80528b2) [Parser.C:1485] recording block [80528b2,80528b2) [Parser.C] ==== starting to parse frame 80528b2 ==== [Parser.C] parsing block 80528b2 [Parser.C:1274] curAddr 0x80528b2: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_inc1 hasCFT called [Parser.C:1274] curAddr 0x80528b3: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_inc1 hasCFT called [Parser.C:1274] curAddr 0x80528b5: call ffffb2cb + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_inc1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffb2cb + EIP + 5 to 0x80528b5...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x80528ba: add ECX, 9746 [Parser.C:1280] leaf 1 funcname test1_37_inc1 hasCFT called [Parser.C:1274] curAddr 0x80528c0: lea EAX, ECX + 990 [Parser.C:1280] leaf 1 funcname test1_37_inc1 hasCFT called [Parser.C:1274] curAddr 0x80528c6: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_37_inc1 hasCFT called [Parser.C:1274] curAddr 0x80528c8: lea EDX, EAX + 1 [Parser.C:1280] leaf 1 funcname test1_37_inc1 hasCFT called [Parser.C:1274] curAddr 0x80528cb: lea EAX, ECX + 990 [Parser.C:1280] leaf 1 funcname test1_37_inc1 hasCFT called [Parser.C:1274] curAddr 0x80528d1: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname test1_37_inc1 hasCFT called [Parser.C:1274] curAddr 0x80528d3: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_inc1 hasCFT called [Parser.C:1274] curAddr 0x80528d4: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_37_inc1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80528b2,80528d5) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80528d4 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80528d4...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 80528b2 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_37_inc1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804dcd3) [Parser.C:180] entered parse_at([804ccd0,80549c4),804dcd3) [Parser.C:1485] recording block [804dcd3,804dcd3) [Parser.C] ==== starting to parse frame 804dcd3 ==== [Parser.C] parsing block 804dcd3 [Parser.C:1274] curAddr 0x804dcd3: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dcd4: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dcd6: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dcd7: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dcda: call fffff021 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff021 + EIP + 5 to 0x804dcda...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804dcdf: add EBX, e321 [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dce5: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dceb: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dced: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dcef: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dcd3,804dcf1) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x804dcef...SUCCESS (CFT=0x804dd09) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804dcef->804dd09 resolveable_edge: 1, tailcall: 0, target: 804dd09 [ParserDetails.C:588] pushing 804dd09 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804dcef->804dcf1 resolveable_edge: 1, tailcall: 0, target: 804dcf1 [ParserDetails.C:588] pushing 804dcf1 onto worklist [Parser.C:1485] recording block [804dd09,804dd09) [Parser.C] parsing block 804dd09 [Parser.C:1274] curAddr 0x804dd09: call fffffef6 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffef6 + EIP + 5 to 0x804dd09...SUCCESS (CFT=0x804dc04) [Parser.C:1485] recording block [804dd09,804dd0e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dd09->804dc04 resolveable_edge: 1, tailcall: 0, target: 804dc04 [ParserDetails.C:588] pushing 804dc04 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dd09->804dd0e resolveable_edge: 1, tailcall: 0, target: 804dd0e [ParserDetails.C:588] pushing 804dd0e onto worklist [Parser.C] binding call 804dd09->804dc04 [Parser.C] block 804dc04 exists Checking non-returning for test1_1_func1_1 Checking non-returning for test1_1_func1_1 [Parser.C:1485] recording block [804dd0e,804dd0e) [Parser.C] parsing block 804dd0e [Parser.C:1274] curAddr 0x804dd0e: mov EAX, [EBX + 7cc] [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dd14: cmp EAX, b [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dd17: jnz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dd0e,804dd19) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 15 + EIP + 2 to 0x804dd17...SUCCESS (CFT=0x804dd2e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804dd17->804dd2e resolveable_edge: 1, tailcall: 0, target: 804dd2e [ParserDetails.C:588] pushing 804dd2e onto worklist ParserDetails.C[80]: adding conditional not taken edge 804dd17->804dd19 resolveable_edge: 1, tailcall: 0, target: 804dd19 [ParserDetails.C:588] pushing 804dd19 onto worklist [Parser.C:1485] recording block [804dd2e,804dd2e) [Parser.C] parsing block 804dd2e [Parser.C:1274] curAddr 0x804dd2e: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dd33: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dd36: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dd37: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dd38: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dd2e,804dd39) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804dd38 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804dd38...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804dcf1,804dcf1) [Parser.C] parsing block 804dcf1 [Parser.C:1274] curAddr 0x804dcf1: lea EAX, EBX + ffff1c04 [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dcf7: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dcfb: lea EAX, EBX + ffff8ff4 [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dd01: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dd04: call ffffed47 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffed47 + EIP + 5 to 0x804dd04...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [804dcf1,804dd09) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dd04->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dd04->804dd09 resolveable_edge: 1, tailcall: 0, target: 804dd09 [ParserDetails.C:588] pushing 804dd09 onto worklist [Parser.C] binding call 804dd04->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 804dd09 exists [Parser.C] skipping locally parsed target at 804dd09 [Parser.C:1485] recording block [804dd19,804dd19) [Parser.C] parsing block 804dd19 [Parser.C:1274] curAddr 0x804dd19: mov EAX, [EBX + 374] [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dd1f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dd22: call 667e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 667e + EIP + 5 to 0x804dd22...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [804dd19,804dd27) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dd22->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dd22->804dd27 resolveable_edge: 1, tailcall: 0, target: 804dd27 [ParserDetails.C:588] pushing 804dd27 onto worklist [Parser.C] binding call 804dd22->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [804dd27,804dd27) [Parser.C] parsing block 804dd27 [Parser.C:1274] curAddr 0x804dd27: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dd2c: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_1_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x804dd2c...SUCCESS (CFT=0x804dd33) [Parser.C:1485] recording block [804dd27,804dd2e) Getting edges Checking for Tail Call jump to 0x804dd33 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804dd2c->804dd33 resolveable_edge: 1, tailcall: 0, target: 804dd33 [ParserDetails.C:588] pushing 804dd33 onto worklist [Parser.C] address 804dd33 splits [804dd2e,804dd39) (0x1d78a30) [Parser.C:1485] recording block [804dd33,804dd39) [Parser.C] skipping locally parsed target at 804dd33 [Parser.C] frame 804dcd3 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_1_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80540a4) [Parser.C:180] entered parse_at([804ccd0,80549c4),80540a4) [Parser.C:1485] recording block [80540a4,80540a4) [Parser.C] ==== starting to parse frame 80540a4 ==== [Parser.C] parsing block 80540a4 [Parser.C:1274] curAddr 0x80540a4: push EBP, ESP [Parser.C:1280] leaf 1 funcname setExecutableName hasCFT called [Parser.C:1274] curAddr 0x80540a5: mov EBP, ESP [Parser.C:1280] leaf 1 funcname setExecutableName hasCFT called [Parser.C:1274] curAddr 0x80540a7: call ffff9ad9 + EIP + 5 [Parser.C:1280] leaf 1 funcname setExecutableName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9ad9 + EIP + 5 to 0x80540a7...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x80540ac: add ECX, 7f54 [Parser.C:1280] leaf 1 funcname setExecutableName hasCFT called [Parser.C:1274] curAddr 0x80540b2: lea EAX, ECX + 9ec [Parser.C:1280] leaf 1 funcname setExecutableName hasCFT called [Parser.C:1274] curAddr 0x80540b8: mov EDX, [EBP + 8] [Parser.C:1280] leaf 1 funcname setExecutableName hasCFT called [Parser.C:1274] curAddr 0x80540bb: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname setExecutableName hasCFT called [Parser.C:1274] curAddr 0x80540bd: pop EBP, ESP [Parser.C:1280] leaf 1 funcname setExecutableName hasCFT called [Parser.C:1274] curAddr 0x80540be: ret near [ESP] [Parser.C:1280] leaf 1 funcname setExecutableName hasCFT called branch or return, ret true [Parser.C:1485] recording block [80540a4,80540bf) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80540be Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80540be...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 80540a4 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] setExecutableName return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052a1a) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052a1a) [Parser.C:1485] recording block [8052a1a,8052a1a) [Parser.C] ==== starting to parse frame 8052a1a ==== [Parser.C] parsing block 8052a1a [Parser.C:1274] curAddr 0x8052a1a: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_inc3 hasCFT called [Parser.C:1274] curAddr 0x8052a1b: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_inc3 hasCFT called [Parser.C:1274] curAddr 0x8052a1d: call ffffb163 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_inc3 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffb163 + EIP + 5 to 0x8052a1d...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8052a22: add ECX, 95de [Parser.C:1280] leaf 1 funcname test1_37_inc3 hasCFT called [Parser.C:1274] curAddr 0x8052a28: lea EAX, ECX + 998 [Parser.C:1280] leaf 1 funcname test1_37_inc3 hasCFT called [Parser.C:1274] curAddr 0x8052a2e: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_37_inc3 hasCFT called [Parser.C:1274] curAddr 0x8052a30: lea EDX, EAX + 1 [Parser.C:1280] leaf 1 funcname test1_37_inc3 hasCFT called [Parser.C:1274] curAddr 0x8052a33: lea EAX, ECX + 998 [Parser.C:1280] leaf 1 funcname test1_37_inc3 hasCFT called [Parser.C:1274] curAddr 0x8052a39: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname test1_37_inc3 hasCFT called [Parser.C:1274] curAddr 0x8052a3b: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_inc3 hasCFT called [Parser.C:1274] curAddr 0x8052a3c: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_37_inc3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052a1a,8052a3d) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052a3c Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052a3c...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052a1a complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_37_inc3 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80521cb) [Parser.C:180] entered parse_at([804ccd0,80549c4),80521cb) [Parser.C:1485] recording block [80521cb,80521cb) [Parser.C] ==== starting to parse frame 80521cb ==== [Parser.C] parsing block 80521cb [Parser.C:1274] curAddr 0x80521cb: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_33_func2 hasCFT called [Parser.C:1274] curAddr 0x80521cc: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_33_func2 hasCFT called [Parser.C:1274] curAddr 0x80521ce: call ffffb9b2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_33_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffb9b2 + EIP + 5 to 0x80521ce...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x80521d3: add ECX, 9e2d [Parser.C:1280] leaf 1 funcname test1_33_func2 hasCFT called [Parser.C:1274] curAddr 0x80521d9: cmp [EBP + 8], 1 [Parser.C:1280] leaf 1 funcname test1_33_func2 hasCFT called [Parser.C:1274] curAddr 0x80521dd: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_33_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80521cb,80521df) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x80521dd...SUCCESS (CFT=0x80521ed) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80521dd->80521ed resolveable_edge: 1, tailcall: 0, target: 80521ed [ParserDetails.C:588] pushing 80521ed onto worklist ParserDetails.C[80]: adding conditional not taken edge 80521dd->80521df resolveable_edge: 1, tailcall: 0, target: 80521df [ParserDetails.C:588] pushing 80521df onto worklist [Parser.C:1485] recording block [80521ed,80521ed) [Parser.C] parsing block 80521ed [Parser.C:1274] curAddr 0x80521ed: lea EAX, ECX + 958 [Parser.C:1280] leaf 1 funcname test1_33_func2 hasCFT called [Parser.C:1274] curAddr 0x80521f3: mov [EAX], 2 [Parser.C:1280] leaf 1 funcname test1_33_func2 hasCFT called [Parser.C:1274] curAddr 0x80521f9: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_33_func2 hasCFT called [Parser.C:1274] curAddr 0x80521fa: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_33_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80521ed,80521fb) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80521fa Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80521fa...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [80521df,80521df) [Parser.C] parsing block 80521df [Parser.C:1274] curAddr 0x80521df: lea EAX, ECX + 958 [Parser.C:1280] leaf 1 funcname test1_33_func2 hasCFT called [Parser.C:1274] curAddr 0x80521e5: mov [EAX], 1 [Parser.C:1280] leaf 1 funcname test1_33_func2 hasCFT called [Parser.C:1274] curAddr 0x80521eb: jmp c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_33_func2 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp c + EIP + 2 to 0x80521eb...SUCCESS (CFT=0x80521f9) [Parser.C:1485] recording block [80521df,80521ed) Getting edges Checking for Tail Call jump to 0x80521f9 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 80521eb->80521f9 resolveable_edge: 1, tailcall: 0, target: 80521f9 [ParserDetails.C:588] pushing 80521f9 onto worklist [Parser.C] address 80521f9 splits [80521ed,80521fb) (0x1d81240) [Parser.C:1485] recording block [80521f9,80521fb) [Parser.C] skipping locally parsed target at 80521f9 [Parser.C] frame 80521cb complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_33_func2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80544f0) [Parser.C:180] entered parse_at([804ccd0,80549c4),80544f0) function at 80544f0 already parsed, status 3 [Parser.C:224] entered parse_at(80530bc) [Parser.C:180] entered parse_at([804ccd0,80549c4),80530bc) function at 80530bc already parsed, status 3 [Parser.C:224] entered parse_at(804f265) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f265) [Parser.C:1485] recording block [804f265,804f265) [Parser.C] ==== starting to parse frame 804f265 ==== [Parser.C] parsing block 804f265 [Parser.C:1274] curAddr 0x804f265: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_10_call2 hasCFT called [Parser.C:1274] curAddr 0x804f266: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_10_call2 hasCFT called [Parser.C:1274] curAddr 0x804f268: call ffffe918 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_10_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe918 + EIP + 5 to 0x804f268...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x804f26d: add ECX, cd93 [Parser.C:1280] leaf 1 funcname test1_10_call2 hasCFT called [Parser.C:1274] curAddr 0x804f273: mov EAX, [ECX + 820] [Parser.C:1280] leaf 1 funcname test1_10_call2 hasCFT called [Parser.C:1274] curAddr 0x804f279: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_10_call2 hasCFT called [Parser.C:1274] curAddr 0x804f27c: jnz 14 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_10_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f265,804f27e) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 14 + EIP + 2 to 0x804f27c...SUCCESS (CFT=0x804f292) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f27c->804f292 resolveable_edge: 1, tailcall: 0, target: 804f292 [ParserDetails.C:588] pushing 804f292 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f27c->804f27e resolveable_edge: 1, tailcall: 0, target: 804f27e [ParserDetails.C:588] pushing 804f27e onto worklist [Parser.C:1485] recording block [804f292,804f292) [Parser.C] parsing block 804f292 [Parser.C:1274] curAddr 0x804f292: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_10_call2 hasCFT called [Parser.C:1274] curAddr 0x804f293: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_10_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f292,804f294) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f293 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f293...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804f27e,804f27e) [Parser.C] parsing block 804f27e [Parser.C:1274] curAddr 0x804f27e: mov [ECX + 820], 2 [Parser.C:1280] leaf 1 funcname test1_10_call2 hasCFT called [Parser.C:1274] curAddr 0x804f288: mov [ECX + 818], 1 [Parser.C:1280] leaf 1 funcname test1_10_call2 hasCFT called [Parser.C] straight-line parse into block at 804f292 [Parser.C:1485] recording block [804f27e,804f292) [Parser.C] block 804f292 exists [Parser.C] frame 804f265 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_10_call2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804e032) [Parser.C:180] entered parse_at([804ccd0,80549c4),804e032) [Parser.C:1485] recording block [804e032,804e032) [Parser.C] ==== starting to parse frame 804e032 ==== [Parser.C] parsing block 804e032 [Parser.C:1274] curAddr 0x804e032: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e033: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e035: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e036: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e039: call ffffecc2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffecc2 + EIP + 5 to 0x804e039...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804e03e: add EBX, dfc2 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e044: call ffffffb7 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffffb7 + EIP + 5 to 0x804e044...SUCCESS (CFT=0x804e000) [Parser.C:1485] recording block [804e032,804e049) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e044->804e000 resolveable_edge: 1, tailcall: 0, target: 804e000 [ParserDetails.C:588] pushing 804e000 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e044->804e049 resolveable_edge: 1, tailcall: 0, target: 804e049 [ParserDetails.C:588] pushing 804e049 onto worklist [Parser.C] binding call 804e044->804e000 [Parser.C] block 804e000 exists Checking non-returning for func4_2 [Parser.C:1485] recording block [804e049,804e049) [Parser.C] parsing block 804e049 [Parser.C:1274] curAddr 0x804e049: lea EAX, EBX + 390 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e04f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e051: cmp EAX, 29 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e054: jnz 25 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e049,804e056) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 25 + EIP + 2 to 0x804e054...SUCCESS (CFT=0x804e07b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e054->804e07b resolveable_edge: 1, tailcall: 0, target: 804e07b [ParserDetails.C:588] pushing 804e07b onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e054->804e056 resolveable_edge: 1, tailcall: 0, target: 804e056 [ParserDetails.C:588] pushing 804e056 onto worklist [Parser.C:1485] recording block [804e07b,804e07b) [Parser.C] parsing block 804e07b [Parser.C:1274] curAddr 0x804e07b: lea EAX, EBX + 390 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e081: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e083: cmp EAX, 2a [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e086: jnz 25 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e07b,804e088) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 25 + EIP + 2 to 0x804e086...SUCCESS (CFT=0x804e0ad) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e086->804e0ad resolveable_edge: 1, tailcall: 0, target: 804e0ad [ParserDetails.C:588] pushing 804e0ad onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e086->804e088 resolveable_edge: 1, tailcall: 0, target: 804e088 [ParserDetails.C:588] pushing 804e088 onto worklist [Parser.C:1485] recording block [804e0ad,804e0ad) [Parser.C] parsing block 804e0ad [Parser.C:1274] curAddr 0x804e0ad: lea EAX, EBX + 390 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e0b3: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e0b5: cmp EAX, 2b [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e0b8: jnz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e0ad,804e0ba) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 15 + EIP + 2 to 0x804e0b8...SUCCESS (CFT=0x804e0cf) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e0b8->804e0cf resolveable_edge: 1, tailcall: 0, target: 804e0cf [ParserDetails.C:588] pushing 804e0cf onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e0b8->804e0ba resolveable_edge: 1, tailcall: 0, target: 804e0ba [ParserDetails.C:588] pushing 804e0ba onto worklist [Parser.C:1485] recording block [804e0cf,804e0cf) [Parser.C] parsing block 804e0cf [Parser.C:1274] curAddr 0x804e0cf: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e0d2: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e0d5: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e0d6: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e0d7: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e0cf,804e0d8) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804e0d7 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804e0d7...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804e056,804e056) [Parser.C] parsing block 804e056 [Parser.C:1274] curAddr 0x804e056: lea EAX, EBX + ffff9240 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e05c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e05f: call 5959 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5959 + EIP + 5 to 0x804e05f...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e056,804e064) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e05f->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e05f->804e064 resolveable_edge: 1, tailcall: 0, target: 804e064 [ParserDetails.C:588] pushing 804e064 onto worklist [Parser.C] binding call 804e05f->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804e064,804e064) [Parser.C] parsing block 804e064 [Parser.C:1274] curAddr 0x804e064: lea EAX, EBX + ffff9260 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e06a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e06d: call 594b + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 594b + EIP + 5 to 0x804e06d...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e064,804e072) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e06d->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e06d->804e072 resolveable_edge: 1, tailcall: 0, target: 804e072 [ParserDetails.C:588] pushing 804e072 onto worklist [Parser.C] binding call 804e06d->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804e072,804e072) [Parser.C] parsing block 804e072 [Parser.C:1274] curAddr 0x804e072: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e079: jmp 54 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 54 + EIP + 2 to 0x804e079...SUCCESS (CFT=0x804e0cf) [Parser.C:1485] recording block [804e072,804e07b) Getting edges Checking for Tail Call jump to 0x804e0cf is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804e079->804e0cf resolveable_edge: 1, tailcall: 0, target: 804e0cf [ParserDetails.C:588] pushing 804e0cf onto worklist [Parser.C:1485] recording block [804e088,804e088) [Parser.C] parsing block 804e088 [Parser.C:1274] curAddr 0x804e088: lea EAX, EBX + ffff9240 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e08e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e091: call 5927 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5927 + EIP + 5 to 0x804e091...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e088,804e096) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e091->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e091->804e096 resolveable_edge: 1, tailcall: 0, target: 804e096 [ParserDetails.C:588] pushing 804e096 onto worklist [Parser.C] binding call 804e091->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804e096,804e096) [Parser.C] parsing block 804e096 [Parser.C:1274] curAddr 0x804e096: lea EAX, EBX + ffff9288 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e09c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e09f: call 5919 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5919 + EIP + 5 to 0x804e09f...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e096,804e0a4) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e09f->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e09f->804e0a4 resolveable_edge: 1, tailcall: 0, target: 804e0a4 [ParserDetails.C:588] pushing 804e0a4 onto worklist [Parser.C] binding call 804e09f->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804e0a4,804e0a4) [Parser.C] parsing block 804e0a4 [Parser.C:1274] curAddr 0x804e0a4: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e0ab: jmp 22 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 22 + EIP + 2 to 0x804e0ab...SUCCESS (CFT=0x804e0cf) [Parser.C:1485] recording block [804e0a4,804e0ad) Getting edges Checking for Tail Call jump to 0x804e0cf is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804e0ab->804e0cf resolveable_edge: 1, tailcall: 0, target: 804e0cf [ParserDetails.C:588] pushing 804e0cf onto worklist [Parser.C:1485] recording block [804e0ba,804e0ba) [Parser.C] parsing block 804e0ba [Parser.C:1274] curAddr 0x804e0ba: lea EAX, EBX + ffff92be [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e0c0: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C:1274] curAddr 0x804e0c3: call 58f5 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 58f5 + EIP + 5 to 0x804e0c3...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e0ba,804e0c8) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e0c3->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e0c3->804e0c8 resolveable_edge: 1, tailcall: 0, target: 804e0c8 [ParserDetails.C:588] pushing 804e0c8 onto worklist [Parser.C] binding call 804e0c3->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804e0c8,804e0c8) [Parser.C] parsing block 804e0c8 [Parser.C:1274] curAddr 0x804e0c8: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_4_func1 hasCFT called [Parser.C] straight-line parse into block at 804e0cf [Parser.C:1485] recording block [804e0c8,804e0cf) [Parser.C] block 804e0cf exists [Parser.C] block 804e0cf exists [Parser.C] skipping locally parsed target at 804e0cf [Parser.C] block 804e0cf exists [Parser.C] skipping locally parsed target at 804e0cf [Parser.C] frame 804e032 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_4_func1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804de7b) [Parser.C:180] entered parse_at([804ccd0,80549c4),804de7b) [Parser.C:1485] recording block [804de7b,804de7b) [Parser.C] ==== starting to parse frame 804de7b ==== [Parser.C] parsing block 804de7b [Parser.C:1274] curAddr 0x804de7b: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804de7c: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804de7e: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804de7f: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804de82: call ffffee79 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffee79 + EIP + 5 to 0x804de82...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804de87: add EBX, e179 [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804de8d: call fffffeaa + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffeaa + EIP + 5 to 0x804de8d...SUCCESS (CFT=0x804dd3c) [Parser.C:1485] recording block [804de7b,804de92) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804de8d->804dd3c resolveable_edge: 1, tailcall: 0, target: 804dd3c [ParserDetails.C:588] pushing 804dd3c onto worklist ParserDetails.C[68]: adding function fallthrough edge 804de8d->804de92 resolveable_edge: 1, tailcall: 0, target: 804de92 [ParserDetails.C:588] pushing 804de92 onto worklist [Parser.C] binding call 804de8d->804dd3c [Parser.C] block 804dd3c exists Checking non-returning for test1_2_func2_1 Checking non-returning for test1_2_func2_1 [Parser.C:1485] recording block [804de92,804de92) [Parser.C] parsing block 804de92 [Parser.C:1274] curAddr 0x804de92: lea EAX, EBX + 7d0 [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804de98: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804de9a: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804de9c: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804de92,804de9e) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804de9c...SUCCESS (CFT=0x804deb3) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804de9c->804deb3 resolveable_edge: 1, tailcall: 0, target: 804deb3 [ParserDetails.C:588] pushing 804deb3 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804de9c->804de9e resolveable_edge: 1, tailcall: 0, target: 804de9e [ParserDetails.C:588] pushing 804de9e onto worklist [Parser.C:1485] recording block [804deb3,804deb3) [Parser.C] parsing block 804deb3 [Parser.C:1274] curAddr 0x804deb3: mov EAX, [EBX + 7d8] [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804deb9: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804debb: jnz 1c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804deb3,804debd) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1c + EIP + 2 to 0x804debb...SUCCESS (CFT=0x804ded9) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804debb->804ded9 resolveable_edge: 1, tailcall: 0, target: 804ded9 [ParserDetails.C:588] pushing 804ded9 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804debb->804debd resolveable_edge: 1, tailcall: 0, target: 804debd [ParserDetails.C:588] pushing 804debd onto worklist [Parser.C:1485] recording block [804ded9,804ded9) [Parser.C] parsing block 804ded9 [Parser.C:1274] curAddr 0x804ded9: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dede: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dee1: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dee2: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dee3: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ded9,804dee4) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804dee3 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804dee3...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804de9e,804de9e) [Parser.C] parsing block 804de9e [Parser.C:1274] curAddr 0x804de9e: mov EAX, [EBX + 37c] [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dea4: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dea7: call 64f9 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 64f9 + EIP + 5 to 0x804dea7...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [804de9e,804deac) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dea7->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dea7->804deac resolveable_edge: 1, tailcall: 0, target: 804deac [ParserDetails.C:588] pushing 804deac onto worklist [Parser.C] binding call 804dea7->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [804deac,804deac) [Parser.C] parsing block 804deac [Parser.C:1274] curAddr 0x804deac: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804deb1: jmp 2b + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 2b + EIP + 2 to 0x804deb1...SUCCESS (CFT=0x804dede) [Parser.C:1485] recording block [804deac,804deb3) Getting edges Checking for Tail Call jump to 0x804dede is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804deb1->804dede resolveable_edge: 1, tailcall: 0, target: 804dede [ParserDetails.C:588] pushing 804dede onto worklist [Parser.C:1485] recording block [804debd,804debd) [Parser.C] parsing block 804debd [Parser.C:1274] curAddr 0x804debd: lea EAX, EBX + ffff9074 [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dec3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dec6: call 5af2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5af2 + EIP + 5 to 0x804dec6...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804debd,804decb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dec6->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dec6->804decb resolveable_edge: 1, tailcall: 0, target: 804decb [ParserDetails.C:588] pushing 804decb onto worklist [Parser.C] binding call 804dec6->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804decb,804decb) [Parser.C] parsing block 804decb [Parser.C:1274] curAddr 0x804decb: lea EAX, EBX + ffff9124 [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ded1: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ded4: call 5ae4 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_2_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5ae4 + EIP + 5 to 0x804ded4...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804decb,804ded9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ded4->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ded4->804ded9 resolveable_edge: 1, tailcall: 0, target: 804ded9 [ParserDetails.C:588] pushing 804ded9 onto worklist [Parser.C] binding call 804ded4->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804ded9 exists [Parser.C] skipping locally parsed target at 804ded9 [Parser.C] address 804dede splits [804ded9,804dee4) (0x1d86160) [Parser.C:1485] recording block [804dede,804dee4) [Parser.C] skipping locally parsed target at 804dede [Parser.C] frame 804de7b complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_2_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052eac) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052eac) function at 8052eac already parsed, status 3 [Parser.C:224] entered parse_at(80520f8) [Parser.C:180] entered parse_at([804ccd0,80549c4),80520f8) [Parser.C:1485] recording block [80520f8,80520f8) [Parser.C] ==== starting to parse frame 80520f8 ==== [Parser.C] parsing block 80520f8 [Parser.C:1274] curAddr 0x80520f8: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_32_func2 hasCFT called [Parser.C:1274] curAddr 0x80520f9: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_32_func2 hasCFT called [Parser.C:1274] curAddr 0x80520fb: call ffffba85 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffba85 + EIP + 5 to 0x80520fb...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8052100: add ECX, 9f00 [Parser.C:1280] leaf 1 funcname test1_32_func2 hasCFT called [Parser.C:1274] curAddr 0x8052106: mov [ECX + 94c], 1 [Parser.C:1280] leaf 1 funcname test1_32_func2 hasCFT called [Parser.C:1274] curAddr 0x8052110: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_32_func2 hasCFT called [Parser.C:1274] curAddr 0x8052111: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_32_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80520f8,8052112) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052111 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052111...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 80520f8 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_32_func2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(805212c) [Parser.C:180] entered parse_at([804ccd0,80549c4),805212c) [Parser.C:1485] recording block [805212c,805212c) [Parser.C] ==== starting to parse frame 805212c ==== [Parser.C] parsing block 805212c [Parser.C:1274] curAddr 0x805212c: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called [Parser.C:1274] curAddr 0x805212d: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called [Parser.C:1274] curAddr 0x805212f: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called [Parser.C:1274] curAddr 0x8052130: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called [Parser.C:1274] curAddr 0x8052133: call ffffabc8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffabc8 + EIP + 5 to 0x8052133...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052138: add EBX, 9ec8 [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called [Parser.C:1274] curAddr 0x805213e: cmp [EBP + 8], 0 [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called [Parser.C:1274] curAddr 0x8052142: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [805212c,8052144) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x8052142...SUCCESS (CFT=0x8052152) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052142->8052152 resolveable_edge: 1, tailcall: 0, target: 8052152 [ParserDetails.C:588] pushing 8052152 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052142->8052144 resolveable_edge: 1, tailcall: 0, target: 8052144 [ParserDetails.C:588] pushing 8052144 onto worklist [Parser.C:1485] recording block [8052152,8052152) [Parser.C] parsing block 8052152 [Parser.C:1274] curAddr 0x8052152: mov EDX, [EBX + 954] [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called [Parser.C:1274] curAddr 0x8052158: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called [Parser.C:1274] curAddr 0x805215b: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called [Parser.C:1274] curAddr 0x805215d: mov [EBX + 954], EAX [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called [Parser.C:1274] curAddr 0x8052163: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called [Parser.C:1274] curAddr 0x8052166: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called [Parser.C:1274] curAddr 0x8052167: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called [Parser.C:1274] curAddr 0x8052168: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052152,8052169) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052168 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052168...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8052144,8052144) [Parser.C] parsing block 8052144 [Parser.C:1274] curAddr 0x8052144: lea EAX, EBX + ffffb680 [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called [Parser.C:1274] curAddr 0x805214a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called [Parser.C:1274] curAddr 0x805214d: call 186b + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_func4 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 186b + EIP + 5 to 0x805214d...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052144,8052152) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805214d->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805214d->8052152 resolveable_edge: 1, tailcall: 0, target: 8052152 [ParserDetails.C:588] pushing 8052152 onto worklist [Parser.C] binding call 805214d->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 8052152 exists [Parser.C] skipping locally parsed target at 8052152 [Parser.C] frame 805212c complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_32_func4 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804f30c) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f30c) function at 804f30c already parsed, status 3 [Parser.C:224] entered parse_at(8052df8) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052df8) [Parser.C:1485] recording block [8052df8,8052df8) [Parser.C] ==== starting to parse frame 8052df8 ==== [Parser.C] parsing block 8052df8 [Parser.C:1274] curAddr 0x8052df8: push EBP, ESP [Parser.C:1280] leaf 1 funcname test2_12_func1 hasCFT called [Parser.C:1274] curAddr 0x8052df9: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test2_12_func1 hasCFT called [Parser.C:1274] curAddr 0x8052dfb: sub ESP, 10 [Parser.C:1280] leaf 1 funcname test2_12_func1 hasCFT called [Parser.C:1274] curAddr 0x8052dfe: call ffffad82 + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_12_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffad82 + EIP + 5 to 0x8052dfe...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8052e03: add ECX, 91fd [Parser.C:1280] leaf 1 funcname test2_12_func1 hasCFT called [Parser.C:1274] curAddr 0x8052e09: mov [EBP + fffffffffffffffc], 1 [Parser.C:1280] leaf 1 funcname test2_12_func1 hasCFT called [Parser.C:1274] curAddr 0x8052e10: mov [EBP + fffffffffffffff8], 2 [Parser.C:1280] leaf 1 funcname test2_12_func1 hasCFT called [Parser.C:1274] curAddr 0x8052e17: mov EAX, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname test2_12_func1 hasCFT called [Parser.C:1274] curAddr 0x8052e1a: mov EDX, [EBP + fffffffffffffffc] [Parser.C:1280] leaf 1 funcname test2_12_func1 hasCFT called [Parser.C:1274] curAddr 0x8052e1d: add EAX, EDX [Parser.C:1280] leaf 1 funcname test2_12_func1 hasCFT called [Parser.C:1274] curAddr 0x8052e1f: mov [ECX + 9cc], EAX [Parser.C:1280] leaf 1 funcname test2_12_func1 hasCFT called [Parser.C:1274] curAddr 0x8052e25: leave [Parser.C:1280] leaf 1 funcname test2_12_func1 hasCFT called [Parser.C:1274] curAddr 0x8052e26: ret near [ESP] [Parser.C:1280] leaf 1 funcname test2_12_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052df8,8052e27) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052e26 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052e26...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052df8 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test2_12_func1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804edfc) [Parser.C:180] entered parse_at([804ccd0,80549c4),804edfc) [Parser.C:1485] recording block [804edfc,804edfc) [Parser.C] ==== starting to parse frame 804edfc ==== [Parser.C] parsing block 804edfc [Parser.C:1274] curAddr 0x804edfc: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804edfd: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804edff: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ee00: sub ESP, 34 [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ee03: call ffffdef8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffdef8 + EIP + 5 to 0x804ee03...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804ee08: add EBX, d1f8 [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ee0e: mov [ESP + 24], a [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ee16: mov [ESP + 20], 9 [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ee1e: mov [ESP + 1c], 8 [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ee26: mov [ESP + 18], 7 [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ee2e: mov [ESP + 14], 6 [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ee36: mov [ESP + 10], 5 [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ee3e: mov [ESP + c], 4 [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ee46: mov [ESP + 8], 3 [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ee4e: mov [ESP + 4], 2 [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ee56: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ee5d: call 103 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 103 + EIP + 5 to 0x804ee5d...SUCCESS (CFT=0x804ef65) [Parser.C:1485] recording block [804edfc,804ee62) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ee5d->804ef65 resolveable_edge: 1, tailcall: 0, target: 804ef65 [ParserDetails.C:588] pushing 804ef65 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ee5d->804ee62 resolveable_edge: 1, tailcall: 0, target: 804ee62 [ParserDetails.C:588] pushing 804ee62 onto worklist [Parser.C] binding call 804ee5d->804ef65 [Parser.C:1485] recording block [804ef65,804ef65) [suspend frame 804edfc] [Parser.C] frame 804edfc blocked at 804ee5d call target 804ef65 [Parser.C] block 804ef65 exists [Parser.C] ==== starting to parse frame 804ef65 ==== [Parser.C] parsing block 804ef65 [Parser.C:1274] curAddr 0x804ef65: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804ef66: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804ef68: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804ef69: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804ef6c: call ffffdd8f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffdd8f + EIP + 5 to 0x804ef6c...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804ef71: add EBX, d08f [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804ef77: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804ef7d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804ef7f: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804ef81: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ef65,804ef83) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804ef81...SUCCESS (CFT=0x804ef91) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ef81->804ef91 resolveable_edge: 1, tailcall: 0, target: 804ef91 [ParserDetails.C:588] pushing 804ef91 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ef81->804ef83 resolveable_edge: 1, tailcall: 0, target: 804ef83 [ParserDetails.C:588] pushing 804ef83 onto worklist [Parser.C:1485] recording block [804ef91,804ef91) [Parser.C] parsing block 804ef91 [Parser.C:1274] curAddr 0x804ef91: mov EAX, [EBX + 80c] [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804ef97: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804ef99: jz c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ef91,804ef9b) Getting edges IA_IAPI.C[847]: binding PC EIP in jz c + EIP + 2 to 0x804ef99...SUCCESS (CFT=0x804efa7) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ef99->804efa7 resolveable_edge: 1, tailcall: 0, target: 804efa7 [ParserDetails.C:588] pushing 804efa7 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ef99->804ef9b resolveable_edge: 1, tailcall: 0, target: 804ef9b [ParserDetails.C:588] pushing 804ef9b onto worklist [Parser.C:1485] recording block [804efa7,804efa7) [Parser.C] parsing block 804efa7 [Parser.C:1274] curAddr 0x804efa7: cmp [EBP + 8], 1 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804efab: jnz 5e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804efa7,804efad) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 5e + EIP + 2 to 0x804efab...SUCCESS (CFT=0x804f00b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804efab->804f00b resolveable_edge: 1, tailcall: 0, target: 804f00b [ParserDetails.C:588] pushing 804f00b onto worklist ParserDetails.C[80]: adding conditional not taken edge 804efab->804efad resolveable_edge: 1, tailcall: 0, target: 804efad [ParserDetails.C:588] pushing 804efad onto worklist [Parser.C:1485] recording block [804f00b,804f00b) [Parser.C] parsing block 804f00b [Parser.C:1274] curAddr 0x804f00b: lea EAX, EBX + ffff9b74 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f011: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f014: call 49a4 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 49a4 + EIP + 5 to 0x804f014...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f00b,804f019) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f014->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f014->804f019 resolveable_edge: 1, tailcall: 0, target: 804f019 [ParserDetails.C:588] pushing 804f019 onto worklist [Parser.C] binding call 804f014->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804f019,804f019) [Parser.C] parsing block 804f019 [Parser.C:1274] curAddr 0x804f019: cmp [EBP + 8], 1 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f01d: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f019,804f01f) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f01d...SUCCESS (CFT=0x804f034) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f01d->804f034 resolveable_edge: 1, tailcall: 0, target: 804f034 [ParserDetails.C:588] pushing 804f034 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f01d->804f01f resolveable_edge: 1, tailcall: 0, target: 804f01f [ParserDetails.C:588] pushing 804f01f onto worklist [Parser.C:1485] recording block [804f034,804f034) [Parser.C] parsing block 804f034 [Parser.C:1274] curAddr 0x804f034: cmp [EBP + c], 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f038: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f034,804f03a) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f038...SUCCESS (CFT=0x804f04f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f038->804f04f resolveable_edge: 1, tailcall: 0, target: 804f04f [ParserDetails.C:588] pushing 804f04f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f038->804f03a resolveable_edge: 1, tailcall: 0, target: 804f03a [ParserDetails.C:588] pushing 804f03a onto worklist [Parser.C:1485] recording block [804f04f,804f04f) [Parser.C] parsing block 804f04f [Parser.C:1274] curAddr 0x804f04f: cmp [EBP + 10], 3 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f053: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f04f,804f055) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f053...SUCCESS (CFT=0x804f06a) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f053->804f06a resolveable_edge: 1, tailcall: 0, target: 804f06a [ParserDetails.C:588] pushing 804f06a onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f053->804f055 resolveable_edge: 1, tailcall: 0, target: 804f055 [ParserDetails.C:588] pushing 804f055 onto worklist [Parser.C:1485] recording block [804f06a,804f06a) [Parser.C] parsing block 804f06a [Parser.C:1274] curAddr 0x804f06a: cmp [EBP + 14], 4 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f06e: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f06a,804f070) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f06e...SUCCESS (CFT=0x804f085) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f06e->804f085 resolveable_edge: 1, tailcall: 0, target: 804f085 [ParserDetails.C:588] pushing 804f085 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f06e->804f070 resolveable_edge: 1, tailcall: 0, target: 804f070 [ParserDetails.C:588] pushing 804f070 onto worklist [Parser.C:1485] recording block [804f085,804f085) [Parser.C] parsing block 804f085 [Parser.C:1274] curAddr 0x804f085: cmp [EBP + 18], 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f089: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f085,804f08b) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f089...SUCCESS (CFT=0x804f0a0) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f089->804f0a0 resolveable_edge: 1, tailcall: 0, target: 804f0a0 [ParserDetails.C:588] pushing 804f0a0 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f089->804f08b resolveable_edge: 1, tailcall: 0, target: 804f08b [ParserDetails.C:588] pushing 804f08b onto worklist [Parser.C:1485] recording block [804f0a0,804f0a0) [Parser.C] parsing block 804f0a0 [Parser.C:1274] curAddr 0x804f0a0: cmp [EBP + 1c], 6 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0a4: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f0a0,804f0a6) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f0a4...SUCCESS (CFT=0x804f0bb) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f0a4->804f0bb resolveable_edge: 1, tailcall: 0, target: 804f0bb [ParserDetails.C:588] pushing 804f0bb onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f0a4->804f0a6 resolveable_edge: 1, tailcall: 0, target: 804f0a6 [ParserDetails.C:588] pushing 804f0a6 onto worklist [Parser.C:1485] recording block [804f0bb,804f0bb) [Parser.C] parsing block 804f0bb [Parser.C:1274] curAddr 0x804f0bb: cmp [EBP + 20], 7 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0bf: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f0bb,804f0c1) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f0bf...SUCCESS (CFT=0x804f0d6) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f0bf->804f0d6 resolveable_edge: 1, tailcall: 0, target: 804f0d6 [ParserDetails.C:588] pushing 804f0d6 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f0bf->804f0c1 resolveable_edge: 1, tailcall: 0, target: 804f0c1 [ParserDetails.C:588] pushing 804f0c1 onto worklist [Parser.C:1485] recording block [804f0d6,804f0d6) [Parser.C] parsing block 804f0d6 [Parser.C:1274] curAddr 0x804f0d6: cmp [EBP + 24], 8 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0da: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f0d6,804f0dc) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f0da...SUCCESS (CFT=0x804f0f1) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f0da->804f0f1 resolveable_edge: 1, tailcall: 0, target: 804f0f1 [ParserDetails.C:588] pushing 804f0f1 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f0da->804f0dc resolveable_edge: 1, tailcall: 0, target: 804f0dc [ParserDetails.C:588] pushing 804f0dc onto worklist [Parser.C:1485] recording block [804f0f1,804f0f1) [Parser.C] parsing block 804f0f1 [Parser.C:1274] curAddr 0x804f0f1: cmp [EBP + 28], 9 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0f5: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f0f1,804f0f7) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f0f5...SUCCESS (CFT=0x804f10c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f0f5->804f10c resolveable_edge: 1, tailcall: 0, target: 804f10c [ParserDetails.C:588] pushing 804f10c onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f0f5->804f0f7 resolveable_edge: 1, tailcall: 0, target: 804f0f7 [ParserDetails.C:588] pushing 804f0f7 onto worklist [Parser.C:1485] recording block [804f10c,804f10c) [Parser.C] parsing block 804f10c [Parser.C:1274] curAddr 0x804f10c: cmp [EBP + 2c], a [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f110: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f10c,804f112) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f110...SUCCESS (CFT=0x804f127) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f110->804f127 resolveable_edge: 1, tailcall: 0, target: 804f127 [ParserDetails.C:588] pushing 804f127 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f110->804f112 resolveable_edge: 1, tailcall: 0, target: 804f112 [ParserDetails.C:588] pushing 804f112 onto worklist [Parser.C:1485] recording block [804f127,804f127) [Parser.C] parsing block 804f127 [Parser.C:1274] curAddr 0x804f127: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f12e: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f131: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f134: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f135: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f136: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f127,804f137) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f136 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f136...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804ef83,804ef83) [Parser.C] parsing block 804ef83 [Parser.C:1274] curAddr 0x804ef83: lea EAX, EBX + ffff9b2d [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804ef89: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804ef8c: call ffffdb8f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffdb8f + EIP + 5 to 0x804ef8c...SUCCESS (CFT=0x804cb20) [Parser.C:1485] recording block [804ef83,804ef91) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ef8c->804cb20 resolveable_edge: 1, tailcall: 0, target: 804cb20 [ParserDetails.C:588] pushing 804cb20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ef8c->804ef91 resolveable_edge: 1, tailcall: 0, target: 804ef91 [ParserDetails.C:588] pushing 804ef91 onto worklist [Parser.C] binding call 804ef8c->804cb20 [Parser.C] block 804cb20 exists Checking non-returning for puts [Parser.C] block 804ef91 exists [Parser.C] skipping locally parsed target at 804ef91 [Parser.C:1485] recording block [804ef9b,804ef9b) [Parser.C] parsing block 804ef9b [Parser.C:1274] curAddr 0x804ef9b: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804efa2: jmp 187 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 187 + EIP + 5 to 0x804efa2...SUCCESS (CFT=0x804f12e) [Parser.C:1485] recording block [804ef9b,804efa7) Getting edges Checking for Tail Call jump to 0x804f12e is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804efa2->804f12e resolveable_edge: 1, tailcall: 0, target: 804f12e [ParserDetails.C:588] pushing 804f12e onto worklist [Parser.C:1485] recording block [804efad,804efad) [Parser.C] parsing block 804efad [Parser.C:1274] curAddr 0x804efad: cmp [EBP + c], 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804efb1: jnz 58 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804efad,804efb3) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 58 + EIP + 2 to 0x804efb1...SUCCESS (CFT=0x804f00b) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f00b is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804efb1->804f00b resolveable_edge: 1, tailcall: 0, target: 804f00b [ParserDetails.C:588] pushing 804f00b onto worklist ParserDetails.C[80]: adding conditional not taken edge 804efb1->804efb3 resolveable_edge: 1, tailcall: 0, target: 804efb3 [ParserDetails.C:588] pushing 804efb3 onto worklist [Parser.C] block 804f00b exists [Parser.C] skipping locally parsed target at 804f00b [Parser.C:1485] recording block [804efb3,804efb3) [Parser.C] parsing block 804efb3 [Parser.C:1274] curAddr 0x804efb3: cmp [EBP + 10], 3 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804efb7: jnz 52 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804efb3,804efb9) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 52 + EIP + 2 to 0x804efb7...SUCCESS (CFT=0x804f00b) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f00b is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804efb7->804f00b resolveable_edge: 1, tailcall: 0, target: 804f00b [ParserDetails.C:588] pushing 804f00b onto worklist ParserDetails.C[80]: adding conditional not taken edge 804efb7->804efb9 resolveable_edge: 1, tailcall: 0, target: 804efb9 [ParserDetails.C:588] pushing 804efb9 onto worklist [Parser.C] block 804f00b exists [Parser.C] skipping locally parsed target at 804f00b [Parser.C:1485] recording block [804efb9,804efb9) [Parser.C] parsing block 804efb9 [Parser.C:1274] curAddr 0x804efb9: cmp [EBP + 14], 4 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804efbd: jnz 4c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804efb9,804efbf) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 4c + EIP + 2 to 0x804efbd...SUCCESS (CFT=0x804f00b) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f00b is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804efbd->804f00b resolveable_edge: 1, tailcall: 0, target: 804f00b [ParserDetails.C:588] pushing 804f00b onto worklist ParserDetails.C[80]: adding conditional not taken edge 804efbd->804efbf resolveable_edge: 1, tailcall: 0, target: 804efbf [ParserDetails.C:588] pushing 804efbf onto worklist [Parser.C] block 804f00b exists [Parser.C] skipping locally parsed target at 804f00b [Parser.C:1485] recording block [804efbf,804efbf) [Parser.C] parsing block 804efbf [Parser.C:1274] curAddr 0x804efbf: cmp [EBP + 18], 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804efc3: jnz 46 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804efbf,804efc5) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 46 + EIP + 2 to 0x804efc3...SUCCESS (CFT=0x804f00b) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f00b is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804efc3->804f00b resolveable_edge: 1, tailcall: 0, target: 804f00b [ParserDetails.C:588] pushing 804f00b onto worklist ParserDetails.C[80]: adding conditional not taken edge 804efc3->804efc5 resolveable_edge: 1, tailcall: 0, target: 804efc5 [ParserDetails.C:588] pushing 804efc5 onto worklist [Parser.C] block 804f00b exists [Parser.C] skipping locally parsed target at 804f00b [Parser.C:1485] recording block [804efc5,804efc5) [Parser.C] parsing block 804efc5 [Parser.C:1274] curAddr 0x804efc5: cmp [EBP + 1c], 6 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804efc9: jnz 40 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804efc5,804efcb) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 40 + EIP + 2 to 0x804efc9...SUCCESS (CFT=0x804f00b) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f00b is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804efc9->804f00b resolveable_edge: 1, tailcall: 0, target: 804f00b [ParserDetails.C:588] pushing 804f00b onto worklist ParserDetails.C[80]: adding conditional not taken edge 804efc9->804efcb resolveable_edge: 1, tailcall: 0, target: 804efcb [ParserDetails.C:588] pushing 804efcb onto worklist [Parser.C] block 804f00b exists [Parser.C] skipping locally parsed target at 804f00b [Parser.C:1485] recording block [804efcb,804efcb) [Parser.C] parsing block 804efcb [Parser.C:1274] curAddr 0x804efcb: cmp [EBP + 20], 7 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804efcf: jnz 3a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804efcb,804efd1) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 3a + EIP + 2 to 0x804efcf...SUCCESS (CFT=0x804f00b) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f00b is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804efcf->804f00b resolveable_edge: 1, tailcall: 0, target: 804f00b [ParserDetails.C:588] pushing 804f00b onto worklist ParserDetails.C[80]: adding conditional not taken edge 804efcf->804efd1 resolveable_edge: 1, tailcall: 0, target: 804efd1 [ParserDetails.C:588] pushing 804efd1 onto worklist [Parser.C] block 804f00b exists [Parser.C] skipping locally parsed target at 804f00b [Parser.C:1485] recording block [804efd1,804efd1) [Parser.C] parsing block 804efd1 [Parser.C:1274] curAddr 0x804efd1: cmp [EBP + 24], 8 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804efd5: jnz 34 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804efd1,804efd7) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 34 + EIP + 2 to 0x804efd5...SUCCESS (CFT=0x804f00b) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f00b is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804efd5->804f00b resolveable_edge: 1, tailcall: 0, target: 804f00b [ParserDetails.C:588] pushing 804f00b onto worklist ParserDetails.C[80]: adding conditional not taken edge 804efd5->804efd7 resolveable_edge: 1, tailcall: 0, target: 804efd7 [ParserDetails.C:588] pushing 804efd7 onto worklist [Parser.C] block 804f00b exists [Parser.C] skipping locally parsed target at 804f00b [Parser.C:1485] recording block [804efd7,804efd7) [Parser.C] parsing block 804efd7 [Parser.C:1274] curAddr 0x804efd7: cmp [EBP + 28], 9 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804efdb: jnz 2e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804efd7,804efdd) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 2e + EIP + 2 to 0x804efdb...SUCCESS (CFT=0x804f00b) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f00b is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804efdb->804f00b resolveable_edge: 1, tailcall: 0, target: 804f00b [ParserDetails.C:588] pushing 804f00b onto worklist ParserDetails.C[80]: adding conditional not taken edge 804efdb->804efdd resolveable_edge: 1, tailcall: 0, target: 804efdd [ParserDetails.C:588] pushing 804efdd onto worklist [Parser.C] block 804f00b exists [Parser.C] skipping locally parsed target at 804f00b [Parser.C:1485] recording block [804efdd,804efdd) [Parser.C] parsing block 804efdd [Parser.C:1274] curAddr 0x804efdd: cmp [EBP + 2c], a [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804efe1: jnz 28 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804efdd,804efe3) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 28 + EIP + 2 to 0x804efe1...SUCCESS (CFT=0x804f00b) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f00b is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804efe1->804f00b resolveable_edge: 1, tailcall: 0, target: 804f00b [ParserDetails.C:588] pushing 804f00b onto worklist ParserDetails.C[80]: adding conditional not taken edge 804efe1->804efe3 resolveable_edge: 1, tailcall: 0, target: 804efe3 [ParserDetails.C:588] pushing 804efe3 onto worklist [Parser.C] block 804f00b exists [Parser.C] skipping locally parsed target at 804f00b [Parser.C:1485] recording block [804efe3,804efe3) [Parser.C] parsing block 804efe3 [Parser.C:1274] curAddr 0x804efe3: lea EAX, EBX + ffff9b44 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804efe9: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804efec: call 49cc + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 49cc + EIP + 5 to 0x804efec...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804efe3,804eff1) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804efec->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804efec->804eff1 resolveable_edge: 1, tailcall: 0, target: 804eff1 [ParserDetails.C:588] pushing 804eff1 onto worklist [Parser.C] binding call 804efec->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804eff1,804eff1) [Parser.C] parsing block 804eff1 [Parser.C:1274] curAddr 0x804eff1: mov EAX, [EBX + 4d4] [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804eff7: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804effa: call 53a6 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 53a6 + EIP + 5 to 0x804effa...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [804eff1,804efff) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804effa->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804effa->804efff resolveable_edge: 1, tailcall: 0, target: 804efff [ParserDetails.C:588] pushing 804efff onto worklist [Parser.C] binding call 804effa->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [804efff,804efff) [Parser.C] parsing block 804efff [Parser.C:1274] curAddr 0x804efff: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f006: jmp 123 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 123 + EIP + 5 to 0x804f006...SUCCESS (CFT=0x804f12e) [Parser.C:1485] recording block [804efff,804f00b) Getting edges Checking for Tail Call jump to 0x804f12e is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804f006->804f12e resolveable_edge: 1, tailcall: 0, target: 804f12e [ParserDetails.C:588] pushing 804f12e onto worklist [Parser.C:1485] recording block [804f01f,804f01f) [Parser.C] parsing block 804f01f [Parser.C:1274] curAddr 0x804f01f: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f022: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f026: lea EAX, EBX + ffff9ba9 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f02c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f02f: call 4989 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4989 + EIP + 5 to 0x804f02f...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f01f,804f034) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f02f->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f02f->804f034 resolveable_edge: 1, tailcall: 0, target: 804f034 [ParserDetails.C:588] pushing 804f034 onto worklist [Parser.C] binding call 804f02f->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f034 exists [Parser.C] skipping locally parsed target at 804f034 [Parser.C:1485] recording block [804f03a,804f03a) [Parser.C] parsing block 804f03a [Parser.C:1274] curAddr 0x804f03a: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f03d: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f041: lea EAX, EBX + ffff9bc7 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f047: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f04a: call 496e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 496e + EIP + 5 to 0x804f04a...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f03a,804f04f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f04a->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f04a->804f04f resolveable_edge: 1, tailcall: 0, target: 804f04f [ParserDetails.C:588] pushing 804f04f onto worklist [Parser.C] binding call 804f04a->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f04f exists [Parser.C] skipping locally parsed target at 804f04f [Parser.C:1485] recording block [804f055,804f055) [Parser.C] parsing block 804f055 [Parser.C:1274] curAddr 0x804f055: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f058: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f05c: lea EAX, EBX + ffff9be5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f062: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f065: call 4953 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4953 + EIP + 5 to 0x804f065...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f055,804f06a) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f065->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f065->804f06a resolveable_edge: 1, tailcall: 0, target: 804f06a [ParserDetails.C:588] pushing 804f06a onto worklist [Parser.C] binding call 804f065->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f06a exists [Parser.C] skipping locally parsed target at 804f06a [Parser.C:1485] recording block [804f070,804f070) [Parser.C] parsing block 804f070 [Parser.C:1274] curAddr 0x804f070: mov EAX, [EBP + 14] [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f073: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f077: lea EAX, EBX + ffff9c03 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f07d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f080: call 4938 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4938 + EIP + 5 to 0x804f080...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f070,804f085) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f080->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f080->804f085 resolveable_edge: 1, tailcall: 0, target: 804f085 [ParserDetails.C:588] pushing 804f085 onto worklist [Parser.C] binding call 804f080->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f085 exists [Parser.C] skipping locally parsed target at 804f085 [Parser.C:1485] recording block [804f08b,804f08b) [Parser.C] parsing block 804f08b [Parser.C:1274] curAddr 0x804f08b: mov EAX, [EBP + 18] [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f08e: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f092: lea EAX, EBX + ffff9c21 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f098: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f09b: call 491d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 491d + EIP + 5 to 0x804f09b...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f08b,804f0a0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f09b->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f09b->804f0a0 resolveable_edge: 1, tailcall: 0, target: 804f0a0 [ParserDetails.C:588] pushing 804f0a0 onto worklist [Parser.C] binding call 804f09b->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f0a0 exists [Parser.C] skipping locally parsed target at 804f0a0 [Parser.C:1485] recording block [804f0a6,804f0a6) [Parser.C] parsing block 804f0a6 [Parser.C:1274] curAddr 0x804f0a6: mov EAX, [EBP + 1c] [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0a9: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0ad: lea EAX, EBX + ffff9c3f [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0b3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0b6: call 4902 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4902 + EIP + 5 to 0x804f0b6...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f0a6,804f0bb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f0b6->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f0b6->804f0bb resolveable_edge: 1, tailcall: 0, target: 804f0bb [ParserDetails.C:588] pushing 804f0bb onto worklist [Parser.C] binding call 804f0b6->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f0bb exists [Parser.C] skipping locally parsed target at 804f0bb [Parser.C:1485] recording block [804f0c1,804f0c1) [Parser.C] parsing block 804f0c1 [Parser.C:1274] curAddr 0x804f0c1: mov EAX, [EBP + 20] [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0c4: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0c8: lea EAX, EBX + ffff9c5d [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0ce: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0d1: call 48e7 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 48e7 + EIP + 5 to 0x804f0d1...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f0c1,804f0d6) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f0d1->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f0d1->804f0d6 resolveable_edge: 1, tailcall: 0, target: 804f0d6 [ParserDetails.C:588] pushing 804f0d6 onto worklist [Parser.C] binding call 804f0d1->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f0d6 exists [Parser.C] skipping locally parsed target at 804f0d6 [Parser.C:1485] recording block [804f0dc,804f0dc) [Parser.C] parsing block 804f0dc [Parser.C:1274] curAddr 0x804f0dc: mov EAX, [EBP + 24] [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0df: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0e3: lea EAX, EBX + ffff9c7b [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0e9: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0ec: call 48cc + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 48cc + EIP + 5 to 0x804f0ec...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f0dc,804f0f1) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f0ec->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f0ec->804f0f1 resolveable_edge: 1, tailcall: 0, target: 804f0f1 [ParserDetails.C:588] pushing 804f0f1 onto worklist [Parser.C] binding call 804f0ec->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f0f1 exists [Parser.C] skipping locally parsed target at 804f0f1 [Parser.C:1485] recording block [804f0f7,804f0f7) [Parser.C] parsing block 804f0f7 [Parser.C:1274] curAddr 0x804f0f7: mov EAX, [EBP + 28] [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0fa: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f0fe: lea EAX, EBX + ffff9c99 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f104: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f107: call 48b1 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 48b1 + EIP + 5 to 0x804f107...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f0f7,804f10c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f107->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f107->804f10c resolveable_edge: 1, tailcall: 0, target: 804f10c [ParserDetails.C:588] pushing 804f10c onto worklist [Parser.C] binding call 804f107->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f10c exists [Parser.C] skipping locally parsed target at 804f10c [Parser.C:1485] recording block [804f112,804f112) [Parser.C] parsing block 804f112 [Parser.C:1274] curAddr 0x804f112: mov EAX, [EBP + 2c] [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f115: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f119: lea EAX, EBX + ffff9cb8 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f11f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called [Parser.C:1274] curAddr 0x804f122: call 4896 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_9_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4896 + EIP + 5 to 0x804f122...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f112,804f127) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f122->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f122->804f127 resolveable_edge: 1, tailcall: 0, target: 804f127 [ParserDetails.C:588] pushing 804f127 onto worklist [Parser.C] binding call 804f122->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f127 exists [Parser.C] skipping locally parsed target at 804f127 [Parser.C] address 804f12e splits [804f127,804f137) (0x1d89780) [Parser.C:1485] recording block [804f12e,804f137) [Parser.C] skipping locally parsed target at 804f12e [Parser.C] block 804f12e exists [Parser.C] skipping locally parsed target at 804f12e [Parser.C] frame 804ef65 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_9_func1 return status 3, no waiters [Parser.C] ==== resuming parse of frame 804edfc ==== Checking non-returning for test1_9_func1 Checking non-returning for test1_9_func1 [Parser.C:1485] recording block [804ee62,804ee62) [Parser.C] parsing block 804ee62 [Parser.C:1274] curAddr 0x804ee62: add ESP, 34 [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ee65: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ee66: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ee67: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_9_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ee62,804ee68) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804ee67 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804ee67...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 804edfc complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_9_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8051908) [Parser.C:180] entered parse_at([804ccd0,80549c4),8051908) [Parser.C:1485] recording block [8051908,8051908) [Parser.C] ==== starting to parse frame 8051908 ==== [Parser.C] parsing block 8051908 [Parser.C:1274] curAddr 0x8051908: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051909: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x805190b: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x805190c: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x805190f: call ffffb3ec + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffb3ec + EIP + 5 to 0x805190f...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8051914: add EBX, a6ec [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x805191a: lea EAX, EBX + 1160 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051920: lea EDX, EBX + 1180 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051926: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051928: lea EAX, EBX + 1160 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x805192e: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051930: mov [EAX], 1ab42e9 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051936: lea EAX, EBX + 1160 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x805193c: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x805193e: mov [EAX + 4], 1ab42ea [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051945: mov [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x805194c: jmp 1c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 1c + EIP + 2 to 0x805194c...SUCCESS (CFT=0x805196a) [Parser.C:1485] recording block [8051908,805194e) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 805194c->805196a resolveable_edge: 1, tailcall: 0, target: 805196a [ParserDetails.C:588] pushing 805196a onto worklist [Parser.C:1485] recording block [805196a,805196a) [Parser.C] parsing block 805196a [Parser.C:1274] curAddr 0x805196a: cmp [EBP + fffffffffffffff0], 9 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x805196e: jle ffffffffffffffde + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [805196a,8051970) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffde + EIP + 2 to 0x805196e...SUCCESS (CFT=0x805194e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805196e->805194e resolveable_edge: 1, tailcall: 0, target: 805194e [ParserDetails.C:588] pushing 805194e onto worklist ParserDetails.C[80]: adding conditional not taken edge 805196e->8051970 resolveable_edge: 1, tailcall: 0, target: 8051970 [ParserDetails.C:588] pushing 8051970 onto worklist [Parser.C:1485] recording block [805194e,805194e) [Parser.C] parsing block 805194e [Parser.C:1274] curAddr 0x805194e: lea EAX, EBX + 1160 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051954: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051956: mov EDX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051959: lea ECX, EDX + 1ab42eb [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x805195f: mov EDX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051962: mov [EAX + EDX * 4 + 8], ECX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051966: add [EBP + fffffffffffffff0], 1 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C] straight-line parse into block at 805196a [Parser.C:1485] recording block [805194e,805196a) [Parser.C] block 805196a exists [Parser.C:1485] recording block [8051970,8051970) [Parser.C] parsing block 8051970 [Parser.C:1274] curAddr 0x8051970: lea EAX, EBX + 1160 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051976: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051978: mov [EAX + 30], 1ab3f0d [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x805197f: lea EAX, EBX + 1160 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051985: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051987: mov [EAX + 34], 1ab3f0e [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x805198e: call 15e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 15e + EIP + 5 to 0x805198e...SUCCESS (CFT=0x8051af1) [Parser.C:1485] recording block [8051970,8051993) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805198e->8051af1 resolveable_edge: 1, tailcall: 0, target: 8051af1 [ParserDetails.C:588] pushing 8051af1 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805198e->8051993 resolveable_edge: 1, tailcall: 0, target: 8051993 [ParserDetails.C:588] pushing 8051993 onto worklist [Parser.C] binding call 805198e->8051af1 [Parser.C:1485] recording block [8051af1,8051af1) [suspend frame 8051908] [Parser.C] frame 8051908 blocked at 805198e call target 8051af1 [Parser.C] block 8051af1 exists [Parser.C] ==== starting to parse frame 8051af1 ==== [Parser.C] parsing block 8051af1 [Parser.C:1274] curAddr 0x8051af1: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_28_call1 hasCFT called [Parser.C:1274] curAddr 0x8051af2: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_28_call1 hasCFT called [Parser.C:1274] curAddr 0x8051af4: sub ESP, 10 [Parser.C:1280] leaf 1 funcname test1_28_call1 hasCFT called [Parser.C:1274] curAddr 0x8051af7: mov [EBP + fffffffffffffff8], 2a [Parser.C:1280] leaf 1 funcname test1_28_call1 hasCFT called [Parser.C:1274] curAddr 0x8051afe: mov EAX, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname test1_28_call1 hasCFT called [Parser.C:1274] curAddr 0x8051b01: mov [EBP + fffffffffffffffc], EAX [Parser.C:1280] leaf 1 funcname test1_28_call1 hasCFT called [Parser.C:1274] curAddr 0x8051b04: mov [EBP + fffffffffffffffc], 0 [Parser.C:1280] leaf 1 funcname test1_28_call1 hasCFT called [Parser.C:1274] curAddr 0x8051b0b: jmp 4 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_28_call1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 4 + EIP + 2 to 0x8051b0b...SUCCESS (CFT=0x8051b11) [Parser.C:1485] recording block [8051af1,8051b0d) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8051b0b->8051b11 resolveable_edge: 1, tailcall: 0, target: 8051b11 [ParserDetails.C:588] pushing 8051b11 onto worklist [Parser.C:1485] recording block [8051b11,8051b11) [Parser.C] parsing block 8051b11 [Parser.C:1274] curAddr 0x8051b11: cmp [EBP + fffffffffffffffc], 18f [Parser.C:1280] leaf 1 funcname test1_28_call1 hasCFT called [Parser.C:1274] curAddr 0x8051b18: jle fffffffffffffff3 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_28_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051b11,8051b1a) Getting edges IA_IAPI.C[847]: binding PC EIP in jle fffffffffffffff3 + EIP + 2 to 0x8051b18...SUCCESS (CFT=0x8051b0d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051b18->8051b0d resolveable_edge: 1, tailcall: 0, target: 8051b0d [ParserDetails.C:588] pushing 8051b0d onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051b18->8051b1a resolveable_edge: 1, tailcall: 0, target: 8051b1a [ParserDetails.C:588] pushing 8051b1a onto worklist [Parser.C:1485] recording block [8051b0d,8051b0d) [Parser.C] parsing block 8051b0d [Parser.C:1274] curAddr 0x8051b0d: add [EBP + fffffffffffffffc], 1 [Parser.C:1280] leaf 1 funcname test1_28_call1 hasCFT called [Parser.C] straight-line parse into block at 8051b11 [Parser.C:1485] recording block [8051b0d,8051b11) [Parser.C] block 8051b11 exists [Parser.C:1485] recording block [8051b1a,8051b1a) [Parser.C] parsing block 8051b1a [Parser.C:1274] curAddr 0x8051b1a: leave [Parser.C:1280] leaf 1 funcname test1_28_call1 hasCFT called [Parser.C:1274] curAddr 0x8051b1b: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_28_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051b1a,8051b1c) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8051b1b Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8051b1b...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8051af1 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_28_call1 return status 3, no waiters [Parser.C] ==== resuming parse of frame 8051908 ==== Checking non-returning for test1_28_call1 Checking non-returning for test1_28_call1 [Parser.C:1485] recording block [8051993,8051993) [Parser.C] parsing block 8051993 [Parser.C:1274] curAddr 0x8051993: lea EAX, EBX + 6b0 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051999: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x805199b: mov [ESP + 8], 1ab42e9 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519a3: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519a7: lea EAX, EBX + ffffb0d9 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519ad: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519b0: call e9 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call e9 + EIP + 5 to 0x80519b0...SUCCESS (CFT=0x8051a9e) [Parser.C:1485] recording block [8051993,80519b5) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80519b0->8051a9e resolveable_edge: 1, tailcall: 0, target: 8051a9e [ParserDetails.C:588] pushing 8051a9e onto worklist ParserDetails.C[68]: adding function fallthrough edge 80519b0->80519b5 resolveable_edge: 1, tailcall: 0, target: 80519b5 [ParserDetails.C:588] pushing 80519b5 onto worklist [Parser.C] binding call 80519b0->8051a9e [Parser.C] block 8051a9e exists Checking non-returning for verifyScalarValue28 [Parser.C:1485] recording block [80519b5,80519b5) [Parser.C] parsing block 80519b5 [Parser.C:1274] curAddr 0x80519b5: lea EAX, EBX + 6b4 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519bb: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519bd: mov [ESP + 8], 1ab42ea [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519c5: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519c9: lea EAX, EBX + ffffb0f2 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519cf: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519d2: call c7 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call c7 + EIP + 5 to 0x80519d2...SUCCESS (CFT=0x8051a9e) [Parser.C:1485] recording block [80519b5,80519d7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80519d2->8051a9e resolveable_edge: 1, tailcall: 0, target: 8051a9e [ParserDetails.C:588] pushing 8051a9e onto worklist ParserDetails.C[68]: adding function fallthrough edge 80519d2->80519d7 resolveable_edge: 1, tailcall: 0, target: 80519d7 [ParserDetails.C:588] pushing 80519d7 onto worklist [Parser.C] binding call 80519d2->8051a9e [Parser.C] block 8051a9e exists Checking non-returning for verifyScalarValue28 [Parser.C:1485] recording block [80519d7,80519d7) [Parser.C] parsing block 80519d7 [Parser.C:1274] curAddr 0x80519d7: lea EAX, EBX + 6b8 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519dd: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519df: mov [ESP + 8], 1ab42eb [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519e7: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519eb: lea EAX, EBX + ffffb10b [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519f1: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519f4: call a5 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call a5 + EIP + 5 to 0x80519f4...SUCCESS (CFT=0x8051a9e) [Parser.C:1485] recording block [80519d7,80519f9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80519f4->8051a9e resolveable_edge: 1, tailcall: 0, target: 8051a9e [ParserDetails.C:588] pushing 8051a9e onto worklist ParserDetails.C[68]: adding function fallthrough edge 80519f4->80519f9 resolveable_edge: 1, tailcall: 0, target: 80519f9 [ParserDetails.C:588] pushing 80519f9 onto worklist [Parser.C] binding call 80519f4->8051a9e [Parser.C] block 8051a9e exists Checking non-returning for verifyScalarValue28 [Parser.C:1485] recording block [80519f9,80519f9) [Parser.C] parsing block 80519f9 [Parser.C:1274] curAddr 0x80519f9: lea EAX, EBX + 6bc [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x80519ff: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a01: mov [ESP + 8], 1ab42f0 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a09: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a0d: lea EAX, EBX + ffffb124 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a13: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a16: call 83 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 83 + EIP + 5 to 0x8051a16...SUCCESS (CFT=0x8051a9e) [Parser.C:1485] recording block [80519f9,8051a1b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051a16->8051a9e resolveable_edge: 1, tailcall: 0, target: 8051a9e [ParserDetails.C:588] pushing 8051a9e onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051a16->8051a1b resolveable_edge: 1, tailcall: 0, target: 8051a1b [ParserDetails.C:588] pushing 8051a1b onto worklist [Parser.C] binding call 8051a16->8051a9e [Parser.C] block 8051a9e exists Checking non-returning for verifyScalarValue28 [Parser.C:1485] recording block [8051a1b,8051a1b) [Parser.C] parsing block 8051a1b [Parser.C:1274] curAddr 0x8051a1b: lea EAX, EBX + 6c0 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a21: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a23: mov [ESP + 8], 1ab3f0d [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a2b: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a2f: lea EAX, EBX + ffffb13d [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a35: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a38: call 61 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 61 + EIP + 5 to 0x8051a38...SUCCESS (CFT=0x8051a9e) [Parser.C:1485] recording block [8051a1b,8051a3d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051a38->8051a9e resolveable_edge: 1, tailcall: 0, target: 8051a9e [ParserDetails.C:588] pushing 8051a9e onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051a38->8051a3d resolveable_edge: 1, tailcall: 0, target: 8051a3d [ParserDetails.C:588] pushing 8051a3d onto worklist [Parser.C] binding call 8051a38->8051a9e [Parser.C] block 8051a9e exists Checking non-returning for verifyScalarValue28 [Parser.C:1485] recording block [8051a3d,8051a3d) [Parser.C] parsing block 8051a3d [Parser.C:1274] curAddr 0x8051a3d: lea EAX, EBX + 6c4 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a43: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a45: mov [ESP + 8], 1ab3f0e [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a4d: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a51: lea EAX, EBX + ffffb156 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a57: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a5a: call 3f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3f + EIP + 5 to 0x8051a5a...SUCCESS (CFT=0x8051a9e) [Parser.C:1485] recording block [8051a3d,8051a5f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051a5a->8051a9e resolveable_edge: 1, tailcall: 0, target: 8051a9e [ParserDetails.C:588] pushing 8051a9e onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051a5a->8051a5f resolveable_edge: 1, tailcall: 0, target: 8051a5f [ParserDetails.C:588] pushing 8051a5f onto worklist [Parser.C] binding call 8051a5a->8051a9e [Parser.C] block 8051a9e exists Checking non-returning for verifyScalarValue28 [Parser.C:1485] recording block [8051a5f,8051a5f) [Parser.C] parsing block 8051a5f [Parser.C:1274] curAddr 0x8051a5f: mov EAX, [EBX + 908] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a65: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a67: jnz 25 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051a5f,8051a69) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 25 + EIP + 2 to 0x8051a67...SUCCESS (CFT=0x8051a8e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051a67->8051a8e resolveable_edge: 1, tailcall: 0, target: 8051a8e [ParserDetails.C:588] pushing 8051a8e onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051a67->8051a69 resolveable_edge: 1, tailcall: 0, target: 8051a69 [ParserDetails.C:588] pushing 8051a69 onto worklist [Parser.C:1485] recording block [8051a8e,8051a8e) [Parser.C] parsing block 8051a8e [Parser.C:1274] curAddr 0x8051a8e: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a95: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a98: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a9b: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a9c: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a9d: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051a8e,8051a9e) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8051a9d Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8051a9d...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8051a69,8051a69) [Parser.C] parsing block 8051a69 [Parser.C:1274] curAddr 0x8051a69: lea EAX, EBX + ffffb170 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a6f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a72: call 1f46 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1f46 + EIP + 5 to 0x8051a72...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051a69,8051a77) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051a72->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051a72->8051a77 resolveable_edge: 1, tailcall: 0, target: 8051a77 [ParserDetails.C:588] pushing 8051a77 onto worklist [Parser.C] binding call 8051a72->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051a77,8051a77) [Parser.C] parsing block 8051a77 [Parser.C:1274] curAddr 0x8051a77: mov EAX, [EBX + 6cc] [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a7d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a80: call 2920 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2920 + EIP + 5 to 0x8051a80...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8051a77,8051a85) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051a80->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051a80->8051a85 resolveable_edge: 1, tailcall: 0, target: 8051a85 [ParserDetails.C:588] pushing 8051a85 onto worklist [Parser.C] binding call 8051a80->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8051a85,8051a85) [Parser.C] parsing block 8051a85 [Parser.C:1274] curAddr 0x8051a85: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051a8c: jmp 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_28_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 7 + EIP + 2 to 0x8051a8c...SUCCESS (CFT=0x8051a95) [Parser.C:1485] recording block [8051a85,8051a8e) Getting edges Checking for Tail Call jump to 0x8051a95 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8051a8c->8051a95 resolveable_edge: 1, tailcall: 0, target: 8051a95 [ParserDetails.C:588] pushing 8051a95 onto worklist [Parser.C] address 8051a95 splits [8051a8e,8051a9e) (0x1d8c9d0) [Parser.C:1485] recording block [8051a95,8051a9e) [Parser.C] skipping locally parsed target at 8051a95 [Parser.C] frame 8051908 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_28_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052d08) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052d08) [Parser.C:1485] recording block [8052d08,8052d08) [Parser.C] ==== starting to parse frame 8052d08 ==== [Parser.C] parsing block 8052d08 [Parser.C:1274] curAddr 0x8052d08: push EBP, ESP [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d09: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d0b: push EBX, ESP [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d0c: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d0f: call ffff9fec + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9fec + EIP + 5 to 0x8052d0f...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052d14: add EBX, 92ec [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d1a: lea EAX, EBX + 9b0 [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d20: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d22: test EAX, EAX [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d24: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052d08,8052d26) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x8052d24...SUCCESS (CFT=0x8052d3b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052d24->8052d3b resolveable_edge: 1, tailcall: 0, target: 8052d3b [ParserDetails.C:588] pushing 8052d3b onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052d24->8052d26 resolveable_edge: 1, tailcall: 0, target: 8052d26 [ParserDetails.C:588] pushing 8052d26 onto worklist [Parser.C:1485] recording block [8052d3b,8052d3b) [Parser.C] parsing block 8052d3b [Parser.C:1274] curAddr 0x8052d3b: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d40: add ESP, 14 [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d43: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d44: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d45: ret near [ESP] [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052d3b,8052d46) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052d45 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052d45...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8052d26,8052d26) [Parser.C] parsing block 8052d26 [Parser.C:1274] curAddr 0x8052d26: lea EAX, EBX + ffffbbbd [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d2c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d2f: call 1671 + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1671 + EIP + 5 to 0x8052d2f...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8052d26,8052d34) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052d2f->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052d2f->8052d34 resolveable_edge: 1, tailcall: 0, target: 8052d34 [ParserDetails.C:588] pushing 8052d34 onto worklist [Parser.C] binding call 8052d2f->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8052d34,8052d34) [Parser.C] parsing block 8052d34 [Parser.C:1274] curAddr 0x8052d34: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d39: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test2_7_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x8052d39...SUCCESS (CFT=0x8052d40) [Parser.C:1485] recording block [8052d34,8052d3b) Getting edges Checking for Tail Call jump to 0x8052d40 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8052d39->8052d40 resolveable_edge: 1, tailcall: 0, target: 8052d40 [ParserDetails.C:588] pushing 8052d40 onto worklist [Parser.C] address 8052d40 splits [8052d3b,8052d46) (0x1d87f60) [Parser.C:1485] recording block [8052d40,8052d46) [Parser.C] skipping locally parsed target at 8052d40 [Parser.C] frame 8052d08 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test2_7_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804e1b0) [Parser.C:180] entered parse_at([804ccd0,80549c4),804e1b0) [Parser.C:1485] recording block [804e1b0,804e1b0) [Parser.C] ==== starting to parse frame 804e1b0 ==== [Parser.C] parsing block 804e1b0 [Parser.C:1274] curAddr 0x804e1b0: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e1b1: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e1b3: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e1b4: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e1b7: call ffffeb44 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffeb44 + EIP + 5 to 0x804e1b7...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804e1bc: add EBX, de44 [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e1c2: call ffffff4d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffff4d + EIP + 5 to 0x804e1c2...SUCCESS (CFT=0x804e114) [Parser.C:1485] recording block [804e1b0,804e1c7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e1c2->804e114 resolveable_edge: 1, tailcall: 0, target: 804e114 [ParserDetails.C:588] pushing 804e114 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e1c2->804e1c7 resolveable_edge: 1, tailcall: 0, target: 804e1c7 [ParserDetails.C:588] pushing 804e1c7 onto worklist [Parser.C] binding call 804e1c2->804e114 [Parser.C:1485] recording block [804e114,804e114) [suspend frame 804e1b0] [Parser.C] frame 804e1b0 blocked at 804e1c2 call target 804e114 [Parser.C] block 804e114 exists [Parser.C] ==== starting to parse frame 804e114 ==== [Parser.C] parsing block 804e114 [Parser.C:1274] curAddr 0x804e114: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e115: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e117: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e118: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e11b: call ffffebe0 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffebe0 + EIP + 5 to 0x804e11b...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804e120: add EBX, dee0 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e126: call c0 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call c0 + EIP + 5 to 0x804e126...SUCCESS (CFT=0x804e1eb) [Parser.C:1485] recording block [804e114,804e12b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e126->804e1eb resolveable_edge: 1, tailcall: 0, target: 804e1eb [ParserDetails.C:588] pushing 804e1eb onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e126->804e12b resolveable_edge: 1, tailcall: 0, target: 804e12b [ParserDetails.C:588] pushing 804e12b onto worklist [Parser.C] binding call 804e126->804e1eb [Parser.C] block 804e1eb exists Checking non-returning for test1_5_func2 Checking non-returning for test1_5_func2 [Parser.C:1485] recording block [804e12b,804e12b) [Parser.C] parsing block 804e12b [Parser.C:1274] curAddr 0x804e12b: lea EAX, EBX + 39c [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e131: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e133: cmp EAX, 33 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e136: jnz 24 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e12b,804e138) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 24 + EIP + 2 to 0x804e136...SUCCESS (CFT=0x804e15c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e136->804e15c resolveable_edge: 1, tailcall: 0, target: 804e15c [ParserDetails.C:588] pushing 804e15c onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e136->804e138 resolveable_edge: 1, tailcall: 0, target: 804e138 [ParserDetails.C:588] pushing 804e138 onto worklist [Parser.C:1485] recording block [804e15c,804e15c) [Parser.C] parsing block 804e15c [Parser.C:1274] curAddr 0x804e15c: lea EAX, EBX + ffff9304 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e162: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e165: call 5853 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5853 + EIP + 5 to 0x804e165...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e15c,804e16a) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e165->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e165->804e16a resolveable_edge: 1, tailcall: 0, target: 804e16a [ParserDetails.C:588] pushing 804e16a onto worklist [Parser.C] binding call 804e165->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804e16a,804e16a) [Parser.C] parsing block 804e16a [Parser.C:1274] curAddr 0x804e16a: lea EAX, EBX + 39c [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e170: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e172: cmp EAX, 33 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e175: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e16a,804e177) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804e175...SUCCESS (CFT=0x804e185) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e175->804e185 resolveable_edge: 1, tailcall: 0, target: 804e185 [ParserDetails.C:588] pushing 804e185 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e175->804e177 resolveable_edge: 1, tailcall: 0, target: 804e177 [ParserDetails.C:588] pushing 804e177 onto worklist [Parser.C:1485] recording block [804e185,804e185) [Parser.C] parsing block 804e185 [Parser.C:1274] curAddr 0x804e185: lea EAX, EBX + 3a0 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e18b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e18d: cmp EAX, 35 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e190: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e185,804e192) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804e190...SUCCESS (CFT=0x804e1a0) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e190->804e1a0 resolveable_edge: 1, tailcall: 0, target: 804e1a0 [ParserDetails.C:588] pushing 804e1a0 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e190->804e192 resolveable_edge: 1, tailcall: 0, target: 804e192 [ParserDetails.C:588] pushing 804e192 onto worklist [Parser.C:1485] recording block [804e1a0,804e1a0) [Parser.C] parsing block 804e1a0 [Parser.C:1274] curAddr 0x804e1a0: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e1a7: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e1aa: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e1ad: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e1ae: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e1af: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e1a0,804e1b0) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804e1af Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804e1af...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804e138,804e138) [Parser.C] parsing block 804e138 [Parser.C:1274] curAddr 0x804e138: lea EAX, EBX + 3a0 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e13e: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e140: cmp EAX, 35 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e143: jnz 17 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e138,804e145) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 17 + EIP + 2 to 0x804e143...SUCCESS (CFT=0x804e15c) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804e15c is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804e143->804e15c resolveable_edge: 1, tailcall: 0, target: 804e15c [ParserDetails.C:588] pushing 804e15c onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e143->804e145 resolveable_edge: 1, tailcall: 0, target: 804e145 [ParserDetails.C:588] pushing 804e145 onto worklist [Parser.C] block 804e15c exists [Parser.C] skipping locally parsed target at 804e15c [Parser.C:1485] recording block [804e145,804e145) [Parser.C] parsing block 804e145 [Parser.C:1274] curAddr 0x804e145: lea EAX, EBX + ffff92e4 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e14b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e14e: call 586a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 586a + EIP + 5 to 0x804e14e...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e145,804e153) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e14e->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e14e->804e153 resolveable_edge: 1, tailcall: 0, target: 804e153 [ParserDetails.C:588] pushing 804e153 onto worklist [Parser.C] binding call 804e14e->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804e153,804e153) [Parser.C] parsing block 804e153 [Parser.C:1274] curAddr 0x804e153: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e15a: jmp 4b + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 4b + EIP + 2 to 0x804e15a...SUCCESS (CFT=0x804e1a7) [Parser.C:1485] recording block [804e153,804e15c) Getting edges Checking for Tail Call jump to 0x804e1a7 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804e15a->804e1a7 resolveable_edge: 1, tailcall: 0, target: 804e1a7 [ParserDetails.C:588] pushing 804e1a7 onto worklist [Parser.C:1485] recording block [804e177,804e177) [Parser.C] parsing block 804e177 [Parser.C:1274] curAddr 0x804e177: lea EAX, EBX + ffff9328 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e17d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e180: call 5838 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5838 + EIP + 5 to 0x804e180...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e177,804e185) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e180->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e180->804e185 resolveable_edge: 1, tailcall: 0, target: 804e185 [ParserDetails.C:588] pushing 804e185 onto worklist [Parser.C] binding call 804e180->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804e185 exists [Parser.C] skipping locally parsed target at 804e185 [Parser.C:1485] recording block [804e192,804e192) [Parser.C] parsing block 804e192 [Parser.C:1274] curAddr 0x804e192: lea EAX, EBX + ffff934c [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e198: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called [Parser.C:1274] curAddr 0x804e19b: call 581d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_5_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 581d + EIP + 5 to 0x804e19b...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804e192,804e1a0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e19b->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e19b->804e1a0 resolveable_edge: 1, tailcall: 0, target: 804e1a0 [ParserDetails.C:588] pushing 804e1a0 onto worklist [Parser.C] binding call 804e19b->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804e1a0 exists [Parser.C] skipping locally parsed target at 804e1a0 [Parser.C] address 804e1a7 splits [804e1a0,804e1b0) (0x1d90840) [Parser.C:1485] recording block [804e1a7,804e1b0) [Parser.C] skipping locally parsed target at 804e1a7 [Parser.C] frame 804e114 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_5_func1 return status 3, no waiters [Parser.C] ==== resuming parse of frame 804e1b0 ==== Checking non-returning for test1_5_func1 Checking non-returning for test1_5_func1 [Parser.C:1485] recording block [804e1c7,804e1c7) [Parser.C] parsing block 804e1c7 [Parser.C:1274] curAddr 0x804e1c7: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e1c9: jz 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e1c7,804e1cb) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 7 + EIP + 2 to 0x804e1c9...SUCCESS (CFT=0x804e1d2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e1c9->804e1d2 resolveable_edge: 1, tailcall: 0, target: 804e1d2 [ParserDetails.C:588] pushing 804e1d2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e1c9->804e1cb resolveable_edge: 1, tailcall: 0, target: 804e1cb [ParserDetails.C:588] pushing 804e1cb onto worklist [Parser.C:1485] recording block [804e1d2,804e1d2) [Parser.C] parsing block 804e1d2 [Parser.C:1274] curAddr 0x804e1d2: mov EAX, [EBX + 3a4] [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e1d8: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e1db: call 61c5 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 61c5 + EIP + 5 to 0x804e1db...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [804e1d2,804e1e0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e1db->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e1db->804e1e0 resolveable_edge: 1, tailcall: 0, target: 804e1e0 [ParserDetails.C:588] pushing 804e1e0 onto worklist [Parser.C] binding call 804e1db->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [804e1e0,804e1e0) [Parser.C] parsing block 804e1e0 [Parser.C:1274] curAddr 0x804e1e0: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e1e5: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e1e8: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e1e9: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e1ea: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e1e0,804e1eb) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804e1ea Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804e1ea...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804e1cb,804e1cb) [Parser.C] parsing block 804e1cb [Parser.C:1274] curAddr 0x804e1cb: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e1d0: jmp 13 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_5_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 13 + EIP + 2 to 0x804e1d0...SUCCESS (CFT=0x804e1e5) [Parser.C:1485] recording block [804e1cb,804e1d2) Getting edges Checking for Tail Call jump to 0x804e1e5 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804e1d0->804e1e5 resolveable_edge: 1, tailcall: 0, target: 804e1e5 [ParserDetails.C:588] pushing 804e1e5 onto worklist [Parser.C] address 804e1e5 splits [804e1e0,804e1eb) (0x1d90ea0) [Parser.C:1485] recording block [804e1e5,804e1eb) [Parser.C] skipping locally parsed target at 804e1e5 [Parser.C] frame 804e1b0 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_5_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804f4a4) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f4a4) [Parser.C:1485] recording block [804f4a4,804f4a4) [Parser.C] ==== starting to parse frame 804f4a4 ==== [Parser.C] parsing block 804f4a4 [Parser.C:1274] curAddr 0x804f4a4: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f4a5: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f4a7: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f4a8: sub ESP, 34 [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f4ab: call ffffd850 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd850 + EIP + 5 to 0x804f4ab...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804f4b0: add EBX, cb50 [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f4b6: mov [ESP + 10], 87 [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f4be: mov [ESP + c], 86 [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f4c6: mov [ESP + 8], 85 [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f4ce: mov [ESP + 4], 84 [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f4d6: mov [ESP], 83 [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f4dd: call 4e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4e + EIP + 5 to 0x804f4dd...SUCCESS (CFT=0x804f530) [Parser.C:1485] recording block [804f4a4,804f4e2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f4dd->804f530 resolveable_edge: 1, tailcall: 0, target: 804f530 [ParserDetails.C:588] pushing 804f530 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f4dd->804f4e2 resolveable_edge: 1, tailcall: 0, target: 804f4e2 [ParserDetails.C:588] pushing 804f4e2 onto worklist [Parser.C] binding call 804f4dd->804f530 [Parser.C:1485] recording block [804f530,804f530) [suspend frame 804f4a4] [Parser.C] frame 804f4a4 blocked at 804f4dd call target 804f530 [Parser.C] block 804f530 exists [Parser.C] ==== starting to parse frame 804f530 ==== [Parser.C] parsing block 804f530 [Parser.C:1274] curAddr 0x804f530: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f531: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f533: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f534: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f537: call ffffd7c4 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd7c4 + EIP + 5 to 0x804f537...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804f53c: add EBX, cac4 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f542: call ffffffc5 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffffc5 + EIP + 5 to 0x804f542...SUCCESS (CFT=0x804f50c) [Parser.C:1485] recording block [804f530,804f547) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f542->804f50c resolveable_edge: 1, tailcall: 0, target: 804f50c [ParserDetails.C:588] pushing 804f50c onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f542->804f547 resolveable_edge: 1, tailcall: 0, target: 804f547 [ParserDetails.C:588] pushing 804f547 onto worklist [Parser.C] binding call 804f542->804f50c [Parser.C] block 804f50c exists Checking non-returning for test1_13_func2 Checking non-returning for test1_13_func2 [Parser.C:1485] recording block [804f547,804f547) [Parser.C] parsing block 804f547 [Parser.C:1274] curAddr 0x804f547: cmp EAX, 13d684 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f54c: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f547,804f54e) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x804f54c...SUCCESS (CFT=0x804f566) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f54c->804f566 resolveable_edge: 1, tailcall: 0, target: 804f566 [ParserDetails.C:588] pushing 804f566 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f54c->804f54e resolveable_edge: 1, tailcall: 0, target: 804f54e [ParserDetails.C:588] pushing 804f54e onto worklist [Parser.C:1485] recording block [804f566,804f566) [Parser.C] parsing block 804f566 [Parser.C:1274] curAddr 0x804f566: cmp [EBP + 8], 83 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f56d: jnz 49 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f566,804f56f) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 49 + EIP + 2 to 0x804f56d...SUCCESS (CFT=0x804f5b8) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f56d->804f5b8 resolveable_edge: 1, tailcall: 0, target: 804f5b8 [ParserDetails.C:588] pushing 804f5b8 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f56d->804f56f resolveable_edge: 1, tailcall: 0, target: 804f56f [ParserDetails.C:588] pushing 804f56f onto worklist [Parser.C:1485] recording block [804f5b8,804f5b8) [Parser.C] parsing block 804f5b8 [Parser.C:1274] curAddr 0x804f5b8: lea EAX, EBX + ffff9f84 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f5be: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f5c1: call 43f7 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 43f7 + EIP + 5 to 0x804f5c1...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f5b8,804f5c6) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f5c1->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f5c1->804f5c6 resolveable_edge: 1, tailcall: 0, target: 804f5c6 [ParserDetails.C:588] pushing 804f5c6 onto worklist [Parser.C] binding call 804f5c1->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804f5c6,804f5c6) [Parser.C] parsing block 804f5c6 [Parser.C:1274] curAddr 0x804f5c6: cmp [EBP + 8], 83 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f5cd: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f5c6,804f5cf) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f5cd...SUCCESS (CFT=0x804f5e4) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f5cd->804f5e4 resolveable_edge: 1, tailcall: 0, target: 804f5e4 [ParserDetails.C:588] pushing 804f5e4 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f5cd->804f5cf resolveable_edge: 1, tailcall: 0, target: 804f5cf [ParserDetails.C:588] pushing 804f5cf onto worklist [Parser.C:1485] recording block [804f5e4,804f5e4) [Parser.C] parsing block 804f5e4 [Parser.C:1274] curAddr 0x804f5e4: cmp [EBP + c], 84 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f5eb: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f5e4,804f5ed) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f5eb...SUCCESS (CFT=0x804f602) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f5eb->804f602 resolveable_edge: 1, tailcall: 0, target: 804f602 [ParserDetails.C:588] pushing 804f602 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f5eb->804f5ed resolveable_edge: 1, tailcall: 0, target: 804f5ed [ParserDetails.C:588] pushing 804f5ed onto worklist [Parser.C:1485] recording block [804f602,804f602) [Parser.C] parsing block 804f602 [Parser.C:1274] curAddr 0x804f602: cmp [EBP + 10], 85 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f609: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f602,804f60b) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f609...SUCCESS (CFT=0x804f620) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f609->804f620 resolveable_edge: 1, tailcall: 0, target: 804f620 [ParserDetails.C:588] pushing 804f620 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f609->804f60b resolveable_edge: 1, tailcall: 0, target: 804f60b [ParserDetails.C:588] pushing 804f60b onto worklist [Parser.C:1485] recording block [804f620,804f620) [Parser.C] parsing block 804f620 [Parser.C:1274] curAddr 0x804f620: cmp [EBP + 14], 86 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f627: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f620,804f629) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f627...SUCCESS (CFT=0x804f63e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f627->804f63e resolveable_edge: 1, tailcall: 0, target: 804f63e [ParserDetails.C:588] pushing 804f63e onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f627->804f629 resolveable_edge: 1, tailcall: 0, target: 804f629 [ParserDetails.C:588] pushing 804f629 onto worklist [Parser.C:1485] recording block [804f63e,804f63e) [Parser.C] parsing block 804f63e [Parser.C:1274] curAddr 0x804f63e: cmp [EBP + 18], 87 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f645: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f63e,804f647) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804f645...SUCCESS (CFT=0x804f65c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f645->804f65c resolveable_edge: 1, tailcall: 0, target: 804f65c [ParserDetails.C:588] pushing 804f65c onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f645->804f647 resolveable_edge: 1, tailcall: 0, target: 804f647 [ParserDetails.C:588] pushing 804f647 onto worklist [Parser.C:1485] recording block [804f65c,804f65c) [Parser.C] parsing block 804f65c [Parser.C:1274] curAddr 0x804f65c: mov EAX, [EBX + 848] [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f662: and EAX, 1 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f665: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f667: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f65c,804f669) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x804f667...SUCCESS (CFT=0x804f677) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f667->804f677 resolveable_edge: 1, tailcall: 0, target: 804f677 [ParserDetails.C:588] pushing 804f677 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f667->804f669 resolveable_edge: 1, tailcall: 0, target: 804f669 [ParserDetails.C:588] pushing 804f669 onto worklist [Parser.C:1485] recording block [804f677,804f677) [Parser.C] parsing block 804f677 [Parser.C:1274] curAddr 0x804f677: mov EAX, [EBX + 848] [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f67d: and EAX, 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f680: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f682: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f677,804f684) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x804f682...SUCCESS (CFT=0x804f692) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f682->804f692 resolveable_edge: 1, tailcall: 0, target: 804f692 [ParserDetails.C:588] pushing 804f692 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f682->804f684 resolveable_edge: 1, tailcall: 0, target: 804f684 [ParserDetails.C:588] pushing 804f684 onto worklist [Parser.C:1485] recording block [804f692,804f692) [Parser.C] parsing block 804f692 [Parser.C:1274] curAddr 0x804f692: mov EAX, [EBX + 848] [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f698: and EAX, 4 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f69b: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f69d: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f692,804f69f) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x804f69d...SUCCESS (CFT=0x804f6ad) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f69d->804f6ad resolveable_edge: 1, tailcall: 0, target: 804f6ad [ParserDetails.C:588] pushing 804f6ad onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f69d->804f69f resolveable_edge: 1, tailcall: 0, target: 804f69f [ParserDetails.C:588] pushing 804f69f onto worklist [Parser.C:1485] recording block [804f6ad,804f6ad) [Parser.C] parsing block 804f6ad [Parser.C:1274] curAddr 0x804f6ad: mov EAX, [EBX + 848] [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6b3: and EAX, 8 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6b6: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6b8: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f6ad,804f6ba) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x804f6b8...SUCCESS (CFT=0x804f6c8) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f6b8->804f6c8 resolveable_edge: 1, tailcall: 0, target: 804f6c8 [ParserDetails.C:588] pushing 804f6c8 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f6b8->804f6ba resolveable_edge: 1, tailcall: 0, target: 804f6ba [ParserDetails.C:588] pushing 804f6ba onto worklist [Parser.C:1485] recording block [804f6c8,804f6c8) [Parser.C] parsing block 804f6c8 [Parser.C:1274] curAddr 0x804f6c8: mov EAX, [EBX + 848] [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6ce: and EAX, 10 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6d1: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6d3: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f6c8,804f6d5) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x804f6d3...SUCCESS (CFT=0x804f6e3) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f6d3->804f6e3 resolveable_edge: 1, tailcall: 0, target: 804f6e3 [ParserDetails.C:588] pushing 804f6e3 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f6d3->804f6d5 resolveable_edge: 1, tailcall: 0, target: 804f6d5 [ParserDetails.C:588] pushing 804f6d5 onto worklist [Parser.C:1485] recording block [804f6e3,804f6e3) [Parser.C] parsing block 804f6e3 [Parser.C:1274] curAddr 0x804f6e3: mov EAX, [EBX + 848] [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6e9: and EAX, 20 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6ec: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6ee: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f6e3,804f6f0) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x804f6ee...SUCCESS (CFT=0x804f6fe) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f6ee->804f6fe resolveable_edge: 1, tailcall: 0, target: 804f6fe [ParserDetails.C:588] pushing 804f6fe onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f6ee->804f6f0 resolveable_edge: 1, tailcall: 0, target: 804f6f0 [ParserDetails.C:588] pushing 804f6f0 onto worklist [Parser.C:1485] recording block [804f6fe,804f6fe) [Parser.C] parsing block 804f6fe [Parser.C:1274] curAddr 0x804f6fe: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f705: call fffffe0c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffe0c + EIP + 5 to 0x804f705...SUCCESS (CFT=0x804f516) [Parser.C:1485] recording block [804f6fe,804f70a) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f705->804f516 resolveable_edge: 1, tailcall: 0, target: 804f516 [ParserDetails.C:588] pushing 804f516 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f705->804f70a resolveable_edge: 1, tailcall: 0, target: 804f70a [ParserDetails.C:588] pushing 804f70a onto worklist [Parser.C] binding call 804f705->804f516 [Parser.C:1485] recording block [804f516,804f516) [suspend frame 804f530] [Parser.C] frame 804f530 blocked at 804f705 call target 804f516 [Parser.C] block 804f516 exists [Parser.C] ==== starting to parse frame 804f516 ==== [Parser.C] parsing block 804f516 [Parser.C:1274] curAddr 0x804f516: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_func3 hasCFT called [Parser.C:1274] curAddr 0x804f517: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_func3 hasCFT called [Parser.C:1274] curAddr 0x804f519: call ffffe667 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func3 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe667 + EIP + 5 to 0x804f519...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x804f51e: add ECX, cae2 [Parser.C:1280] leaf 1 funcname test1_13_func3 hasCFT called [Parser.C:1274] curAddr 0x804f524: mov [ECX + 84c], 1 [Parser.C:1280] leaf 1 funcname test1_13_func3 hasCFT called [Parser.C:1274] curAddr 0x804f52e: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_func3 hasCFT called [Parser.C:1274] curAddr 0x804f52f: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_13_func3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f516,804f530) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f52f Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f52f...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 804f516 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_13_func3 return status 3, no waiters [Parser.C] ==== resuming parse of frame 804f530 ==== Checking non-returning for test1_13_func3 Checking non-returning for test1_13_func3 [Parser.C:1485] recording block [804f70a,804f70a) [Parser.C] parsing block 804f70a [Parser.C:1274] curAddr 0x804f70a: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f70d: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f710: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f711: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f712: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f70a,804f713) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f712 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f712...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804f54e,804f54e) [Parser.C] parsing block 804f54e [Parser.C:1274] curAddr 0x804f54e: lea EAX, EBX + ffff9f10 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f554: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f557: call 4461 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4461 + EIP + 5 to 0x804f557...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f54e,804f55c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f557->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f557->804f55c resolveable_edge: 1, tailcall: 0, target: 804f55c [ParserDetails.C:588] pushing 804f55c onto worklist [Parser.C] binding call 804f557->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804f55c,804f55c) [Parser.C] parsing block 804f55c [Parser.C:1274] curAddr 0x804f55c: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f561: jmp 1a7 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 1a7 + EIP + 5 to 0x804f561...SUCCESS (CFT=0x804f70d) [Parser.C:1485] recording block [804f55c,804f566) Getting edges Checking for Tail Call jump to 0x804f70d is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804f561->804f70d resolveable_edge: 1, tailcall: 0, target: 804f70d [ParserDetails.C:588] pushing 804f70d onto worklist [Parser.C:1485] recording block [804f56f,804f56f) [Parser.C] parsing block 804f56f [Parser.C:1274] curAddr 0x804f56f: cmp [EBP + c], 84 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f576: jnz 40 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f56f,804f578) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 40 + EIP + 2 to 0x804f576...SUCCESS (CFT=0x804f5b8) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f5b8 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f576->804f5b8 resolveable_edge: 1, tailcall: 0, target: 804f5b8 [ParserDetails.C:588] pushing 804f5b8 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f576->804f578 resolveable_edge: 1, tailcall: 0, target: 804f578 [ParserDetails.C:588] pushing 804f578 onto worklist [Parser.C] block 804f5b8 exists [Parser.C] skipping locally parsed target at 804f5b8 [Parser.C:1485] recording block [804f578,804f578) [Parser.C] parsing block 804f578 [Parser.C:1274] curAddr 0x804f578: cmp [EBP + 10], 85 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f57f: jnz 37 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f578,804f581) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 37 + EIP + 2 to 0x804f57f...SUCCESS (CFT=0x804f5b8) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f5b8 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f57f->804f5b8 resolveable_edge: 1, tailcall: 0, target: 804f5b8 [ParserDetails.C:588] pushing 804f5b8 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f57f->804f581 resolveable_edge: 1, tailcall: 0, target: 804f581 [ParserDetails.C:588] pushing 804f581 onto worklist [Parser.C] block 804f5b8 exists [Parser.C] skipping locally parsed target at 804f5b8 [Parser.C:1485] recording block [804f581,804f581) [Parser.C] parsing block 804f581 [Parser.C:1274] curAddr 0x804f581: cmp [EBP + 14], 86 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f588: jnz 2e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f581,804f58a) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 2e + EIP + 2 to 0x804f588...SUCCESS (CFT=0x804f5b8) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f5b8 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f588->804f5b8 resolveable_edge: 1, tailcall: 0, target: 804f5b8 [ParserDetails.C:588] pushing 804f5b8 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f588->804f58a resolveable_edge: 1, tailcall: 0, target: 804f58a [ParserDetails.C:588] pushing 804f58a onto worklist [Parser.C] block 804f5b8 exists [Parser.C] skipping locally parsed target at 804f5b8 [Parser.C:1485] recording block [804f58a,804f58a) [Parser.C] parsing block 804f58a [Parser.C:1274] curAddr 0x804f58a: cmp [EBP + 18], 87 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f591: jnz 25 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f58a,804f593) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 25 + EIP + 2 to 0x804f591...SUCCESS (CFT=0x804f5b8) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f5b8 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f591->804f5b8 resolveable_edge: 1, tailcall: 0, target: 804f5b8 [ParserDetails.C:588] pushing 804f5b8 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f591->804f593 resolveable_edge: 1, tailcall: 0, target: 804f593 [ParserDetails.C:588] pushing 804f593 onto worklist [Parser.C] block 804f5b8 exists [Parser.C] skipping locally parsed target at 804f5b8 [Parser.C:1485] recording block [804f593,804f593) [Parser.C] parsing block 804f593 [Parser.C:1274] curAddr 0x804f593: mov EAX, [EBX + 848] [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f599: cmp EAX, 3f [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f59c: jnz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f593,804f59e) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1a + EIP + 2 to 0x804f59c...SUCCESS (CFT=0x804f5b8) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f5b8 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f59c->804f5b8 resolveable_edge: 1, tailcall: 0, target: 804f5b8 [ParserDetails.C:588] pushing 804f5b8 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f59c->804f59e resolveable_edge: 1, tailcall: 0, target: 804f59e [ParserDetails.C:588] pushing 804f59e onto worklist [Parser.C] block 804f5b8 exists [Parser.C] skipping locally parsed target at 804f5b8 [Parser.C:1485] recording block [804f59e,804f59e) [Parser.C] parsing block 804f59e [Parser.C:1274] curAddr 0x804f59e: lea EAX, EBX + ffff9f54 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f5a4: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f5a7: call 4411 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4411 + EIP + 5 to 0x804f5a7...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f59e,804f5ac) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f5a7->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f5a7->804f5ac resolveable_edge: 1, tailcall: 0, target: 804f5ac [ParserDetails.C:588] pushing 804f5ac onto worklist [Parser.C] binding call 804f5a7->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804f5ac,804f5ac) [Parser.C] parsing block 804f5ac [Parser.C:1274] curAddr 0x804f5ac: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f5b3: jmp 14d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 14d + EIP + 5 to 0x804f5b3...SUCCESS (CFT=0x804f705) [Parser.C:1485] recording block [804f5ac,804f5b8) Getting edges Checking for Tail Call jump to 0x804f705 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804f5b3->804f705 resolveable_edge: 1, tailcall: 0, target: 804f705 [ParserDetails.C:588] pushing 804f705 onto worklist [Parser.C:1485] recording block [804f5cf,804f5cf) [Parser.C] parsing block 804f5cf [Parser.C:1274] curAddr 0x804f5cf: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f5d2: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f5d6: lea EAX, EBX + ffff9fb4 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f5dc: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f5df: call 43d9 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 43d9 + EIP + 5 to 0x804f5df...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f5cf,804f5e4) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f5df->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f5df->804f5e4 resolveable_edge: 1, tailcall: 0, target: 804f5e4 [ParserDetails.C:588] pushing 804f5e4 onto worklist [Parser.C] binding call 804f5df->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f5e4 exists [Parser.C] skipping locally parsed target at 804f5e4 [Parser.C:1485] recording block [804f5ed,804f5ed) [Parser.C] parsing block 804f5ed [Parser.C:1274] curAddr 0x804f5ed: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f5f0: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f5f4: lea EAX, EBX + ffff9fd2 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f5fa: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f5fd: call 43bb + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 43bb + EIP + 5 to 0x804f5fd...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f5ed,804f602) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f5fd->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f5fd->804f602 resolveable_edge: 1, tailcall: 0, target: 804f602 [ParserDetails.C:588] pushing 804f602 onto worklist [Parser.C] binding call 804f5fd->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f602 exists [Parser.C] skipping locally parsed target at 804f602 [Parser.C:1485] recording block [804f60b,804f60b) [Parser.C] parsing block 804f60b [Parser.C:1274] curAddr 0x804f60b: mov EAX, [EBP + 10] [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f60e: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f612: lea EAX, EBX + ffff9ff0 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f618: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f61b: call 439d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 439d + EIP + 5 to 0x804f61b...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f60b,804f620) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f61b->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f61b->804f620 resolveable_edge: 1, tailcall: 0, target: 804f620 [ParserDetails.C:588] pushing 804f620 onto worklist [Parser.C] binding call 804f61b->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f620 exists [Parser.C] skipping locally parsed target at 804f620 [Parser.C:1485] recording block [804f629,804f629) [Parser.C] parsing block 804f629 [Parser.C:1274] curAddr 0x804f629: mov EAX, [EBP + 14] [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f62c: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f630: lea EAX, EBX + ffffa00e [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f636: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f639: call 437f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 437f + EIP + 5 to 0x804f639...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f629,804f63e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f639->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f639->804f63e resolveable_edge: 1, tailcall: 0, target: 804f63e [ParserDetails.C:588] pushing 804f63e onto worklist [Parser.C] binding call 804f639->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f63e exists [Parser.C] skipping locally parsed target at 804f63e [Parser.C:1485] recording block [804f647,804f647) [Parser.C] parsing block 804f647 [Parser.C:1274] curAddr 0x804f647: mov EAX, [EBP + 18] [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f64a: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f64e: lea EAX, EBX + ffffa02c [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f654: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f657: call 4361 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4361 + EIP + 5 to 0x804f657...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f647,804f65c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f657->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f657->804f65c resolveable_edge: 1, tailcall: 0, target: 804f65c [ParserDetails.C:588] pushing 804f65c onto worklist [Parser.C] binding call 804f657->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f65c exists [Parser.C] skipping locally parsed target at 804f65c [Parser.C:1485] recording block [804f669,804f669) [Parser.C] parsing block 804f669 [Parser.C:1274] curAddr 0x804f669: lea EAX, EBX + ffffa04a [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f66f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f672: call 4346 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4346 + EIP + 5 to 0x804f672...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f669,804f677) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f672->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f672->804f677 resolveable_edge: 1, tailcall: 0, target: 804f677 [ParserDetails.C:588] pushing 804f677 onto worklist [Parser.C] binding call 804f672->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f677 exists [Parser.C] skipping locally parsed target at 804f677 [Parser.C:1485] recording block [804f684,804f684) [Parser.C] parsing block 804f684 [Parser.C:1274] curAddr 0x804f684: lea EAX, EBX + ffffa065 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f68a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f68d: call 432b + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 432b + EIP + 5 to 0x804f68d...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f684,804f692) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f68d->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f68d->804f692 resolveable_edge: 1, tailcall: 0, target: 804f692 [ParserDetails.C:588] pushing 804f692 onto worklist [Parser.C] binding call 804f68d->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f692 exists [Parser.C] skipping locally parsed target at 804f692 [Parser.C:1485] recording block [804f69f,804f69f) [Parser.C] parsing block 804f69f [Parser.C:1274] curAddr 0x804f69f: lea EAX, EBX + ffffa080 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6a5: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6a8: call 4310 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4310 + EIP + 5 to 0x804f6a8...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f69f,804f6ad) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f6a8->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f6a8->804f6ad resolveable_edge: 1, tailcall: 0, target: 804f6ad [ParserDetails.C:588] pushing 804f6ad onto worklist [Parser.C] binding call 804f6a8->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f6ad exists [Parser.C] skipping locally parsed target at 804f6ad [Parser.C:1485] recording block [804f6ba,804f6ba) [Parser.C] parsing block 804f6ba [Parser.C:1274] curAddr 0x804f6ba: lea EAX, EBX + ffffa09b [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6c0: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6c3: call 42f5 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 42f5 + EIP + 5 to 0x804f6c3...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f6ba,804f6c8) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f6c3->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f6c3->804f6c8 resolveable_edge: 1, tailcall: 0, target: 804f6c8 [ParserDetails.C:588] pushing 804f6c8 onto worklist [Parser.C] binding call 804f6c3->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f6c8 exists [Parser.C] skipping locally parsed target at 804f6c8 [Parser.C:1485] recording block [804f6d5,804f6d5) [Parser.C] parsing block 804f6d5 [Parser.C:1274] curAddr 0x804f6d5: lea EAX, EBX + ffffa0b6 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6db: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6de: call 42da + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 42da + EIP + 5 to 0x804f6de...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f6d5,804f6e3) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f6de->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f6de->804f6e3 resolveable_edge: 1, tailcall: 0, target: 804f6e3 [ParserDetails.C:588] pushing 804f6e3 onto worklist [Parser.C] binding call 804f6de->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f6e3 exists [Parser.C] skipping locally parsed target at 804f6e3 [Parser.C:1485] recording block [804f6f0,804f6f0) [Parser.C] parsing block 804f6f0 [Parser.C:1274] curAddr 0x804f6f0: lea EAX, EBX + ffffa0d1 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6f6: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called [Parser.C:1274] curAddr 0x804f6f9: call 42bf + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 42bf + EIP + 5 to 0x804f6f9...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f6f0,804f6fe) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f6f9->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f6f9->804f6fe resolveable_edge: 1, tailcall: 0, target: 804f6fe [ParserDetails.C:588] pushing 804f6fe onto worklist [Parser.C] binding call 804f6f9->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f6fe exists [Parser.C] skipping locally parsed target at 804f6fe [Parser.C] address 804f705 splits [804f6fe,804f70a) (0x1d94f20) [Parser.C:1485] recording block [804f705,804f70a) [Parser.C] skipping locally parsed target at 804f705 [Parser.C] address 804f70d splits [804f70a,804f713) (0x1d95560) [Parser.C:1485] recording block [804f70d,804f713) [Parser.C] skipping locally parsed target at 804f70d [Parser.C] frame 804f530 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_13_func1 return status 3, no waiters [Parser.C] ==== resuming parse of frame 804f4a4 ==== Checking non-returning for test1_13_func1 Checking non-returning for test1_13_func1 [Parser.C:1485] recording block [804f4e2,804f4e2) [Parser.C] parsing block 804f4e2 [Parser.C:1274] curAddr 0x804f4e2: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f4e5: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f4e9: jnz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f4e2,804f4eb) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 18 + EIP + 2 to 0x804f4e9...SUCCESS (CFT=0x804f503) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f4e9->804f503 resolveable_edge: 1, tailcall: 0, target: 804f503 [ParserDetails.C:588] pushing 804f503 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f4e9->804f4eb resolveable_edge: 1, tailcall: 0, target: 804f4eb [ParserDetails.C:588] pushing 804f4eb onto worklist [Parser.C:1485] recording block [804f503,804f503) [Parser.C] parsing block 804f503 [Parser.C:1274] curAddr 0x804f503: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f506: add ESP, 34 [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f509: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f50a: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f50b: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f503,804f50c) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f50b Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f50b...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804f4eb,804f4eb) [Parser.C] parsing block 804f4eb [Parser.C:1274] curAddr 0x804f4eb: mov EAX, [EBX + 84c] [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f4f1: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f4f3: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f4eb,804f4f5) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804f4f3...SUCCESS (CFT=0x804f503) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f503 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f4f3->804f503 resolveable_edge: 1, tailcall: 0, target: 804f503 [ParserDetails.C:588] pushing 804f503 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f4f3->804f4f5 resolveable_edge: 1, tailcall: 0, target: 804f4f5 [ParserDetails.C:588] pushing 804f4f5 onto worklist [Parser.C] block 804f503 exists [Parser.C] skipping locally parsed target at 804f503 [Parser.C:1485] recording block [804f4f5,804f4f5) [Parser.C] parsing block 804f4f5 [Parser.C:1274] curAddr 0x804f4f5: mov EAX, [EBX + 4ec] [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f4fb: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called [Parser.C:1274] curAddr 0x804f4fe: call 4ea2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4ea2 + EIP + 5 to 0x804f4fe...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [804f4f5,804f503) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f4fe->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f4fe->804f503 resolveable_edge: 1, tailcall: 0, target: 804f503 [ParserDetails.C:588] pushing 804f503 onto worklist [Parser.C] binding call 804f4fe->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C] block 804f503 exists [Parser.C] skipping locally parsed target at 804f503 [Parser.C] frame 804f4a4 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_13_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80529a8) [Parser.C:180] entered parse_at([804ccd0,80549c4),80529a8) [Parser.C:1485] recording block [80529a8,80529a8) [Parser.C] ==== starting to parse frame 80529a8 ==== [Parser.C] parsing block 80529a8 [Parser.C:1274] curAddr 0x80529a8: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529a9: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529ab: sub ESP, 10 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529ae: call ffffb1d2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffb1d2 + EIP + 5 to 0x80529ae...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x80529b3: add ECX, 964d [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529b9: mov [EBP + fffffffffffffffc], 0 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529c0: mov [EBP + fffffffffffffff8], 0 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529c7: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529ce: jmp 40 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 40 + EIP + 2 to 0x80529ce...SUCCESS (CFT=0x8052a10) [Parser.C:1485] recording block [80529a8,80529d0) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 80529ce->8052a10 resolveable_edge: 1, tailcall: 0, target: 8052a10 [ParserDetails.C:588] pushing 8052a10 onto worklist [Parser.C:1485] recording block [8052a10,8052a10) [Parser.C] parsing block 8052a10 [Parser.C:1274] curAddr 0x8052a10: mov EAX, [EBP + fffffffffffffffc] [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x8052a13: cmp EAX, 4 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x8052a16: jle ffffffffffffffb8 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052a10,8052a18) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffb8 + EIP + 2 to 0x8052a16...SUCCESS (CFT=0x80529d0) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052a16->80529d0 resolveable_edge: 1, tailcall: 0, target: 80529d0 [ParserDetails.C:588] pushing 80529d0 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052a16->8052a18 resolveable_edge: 1, tailcall: 0, target: 8052a18 [ParserDetails.C:588] pushing 8052a18 onto worklist [Parser.C:1485] recording block [80529d0,80529d0) [Parser.C] parsing block 80529d0 [Parser.C:1274] curAddr 0x80529d0: jmp 36 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 36 + EIP + 2 to 0x80529d0...SUCCESS (CFT=0x8052a08) [Parser.C:1485] recording block [80529d0,80529d2) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 80529d0->8052a08 resolveable_edge: 1, tailcall: 0, target: 8052a08 [ParserDetails.C:588] pushing 8052a08 onto worklist [Parser.C:1485] recording block [8052a18,8052a18) [Parser.C] parsing block 8052a18 [Parser.C:1274] curAddr 0x8052a18: leave [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x8052a19: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052a18,8052a1a) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052a19 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052a19...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8052a08,8052a08) [Parser.C] parsing block 8052a08 [Parser.C:1274] curAddr 0x8052a08: mov EAX, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x8052a0b: cmp EAX, 9 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x8052a0e: jle ffffffffffffffc2 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052a08,8052a10) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffc2 + EIP + 2 to 0x8052a0e...SUCCESS (CFT=0x80529d2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052a0e->80529d2 resolveable_edge: 1, tailcall: 0, target: 80529d2 [ParserDetails.C:588] pushing 80529d2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052a0e->8052a10 resolveable_edge: 1, tailcall: 0, target: 8052a10 [ParserDetails.C:588] pushing 8052a10 onto worklist [Parser.C:1485] recording block [80529d2,80529d2) [Parser.C] parsing block 80529d2 [Parser.C:1274] curAddr 0x80529d2: lea EAX, ECX + 994 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529d8: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529da: lea EDX, EAX + 1 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529dd: lea EAX, ECX + 994 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529e3: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529e5: mov EAX, [EBP + fffffffffffffffc] [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529e8: add EAX, 1 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529eb: mov [EBP + fffffffffffffffc], EAX [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529ee: mov EAX, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529f1: add EAX, 1 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529f4: mov [EBP + fffffffffffffff8], EAX [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529f7: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529fa: add EAX, 1 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x80529fd: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x8052a00: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x8052a03: cmp EAX, 13 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called [Parser.C:1274] curAddr 0x8052a06: jle ffffffffffffffca + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80529d2,8052a08) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffca + EIP + 2 to 0x8052a06...SUCCESS (CFT=0x80529d2) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x80529d2 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 8052a06->80529d2 resolveable_edge: 1, tailcall: 0, target: 80529d2 [ParserDetails.C:588] pushing 80529d2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052a06->8052a08 resolveable_edge: 1, tailcall: 0, target: 8052a08 [ParserDetails.C:588] pushing 8052a08 onto worklist [Parser.C] block 80529d2 exists [Parser.C] skipping locally parsed target at 80529d2 [Parser.C] block 8052a08 exists [Parser.C] skipping locally parsed target at 8052a08 [Parser.C] block 8052a10 exists [Parser.C] skipping locally parsed target at 8052a10 [Parser.C] frame 80529a8 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_37_call2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804d020) [Parser.C:180] entered parse_at([804ccd0,80549c4),804d020) [Parser.C:1485] recording block [804d020,804d020) [Parser.C] ==== starting to parse frame 804d020 ==== [Parser.C] parsing block 804d020 [Parser.C:1274] curAddr 0x804d020: push EBP, ESP [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d021: mov EBP, ESP [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d023: push EBX, ESP [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d024: sub ESP, 34 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d027: call fffffcd4 + EIP + 5 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffcd4 + EIP + 5 to 0x804d027...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804d02c: add EBX, efd4 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d032: mov [EBP + fffffffffffffff7], 54 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d036: mov EAX, [EBX + 7c4] [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d03c: test EAX, EAX [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d03e: jz 100 + EIP + 6 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d020,804d044) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 100 + EIP + 6 to 0x804d03e...SUCCESS (CFT=0x804d144) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d03e->804d144 resolveable_edge: 1, tailcall: 0, target: 804d144 [ParserDetails.C:588] pushing 804d144 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d03e->804d044 resolveable_edge: 1, tailcall: 0, target: 804d044 [ParserDetails.C:588] pushing 804d044 onto worklist [Parser.C:1485] recording block [804d144,804d144) [Parser.C] parsing block 804d144 [Parser.C:1274] curAddr 0x804d144: add ESP, 34 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d147: pop EBX, ESP [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d148: pop EBP, ESP [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d149: ret near [ESP] [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d144,804d14a) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804d149 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804d149...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804d044,804d044) [Parser.C] parsing block 804d044 [Parser.C:1274] curAddr 0x804d044: mov EAX, [EBX + 7b8] [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d04a: mov [ESP + 8], 1 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d052: lea EDX, EBP + fffffffffffffff7 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d055: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d059: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d05c: call fffffb3f + EIP + 5 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffb3f + EIP + 5 to 0x804d05c...SUCCESS (CFT=0x804cba0) [Parser.C:1485] recording block [804d044,804d061) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d05c->804cba0 resolveable_edge: 1, tailcall: 0, target: 804cba0 [ParserDetails.C:588] pushing 804cba0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d05c->804d061 resolveable_edge: 1, tailcall: 0, target: 804d061 [ParserDetails.C:588] pushing 804d061 onto worklist [Parser.C] binding call 804d05c->804cba0 [ParseData.C] new function for target 804cba0 [Parser.C:1485] recording block [804cba0,804cba0) [suspend frame 804d020] [Parser.C] frame 804d020 blocked at 804d05c call target 804cba0 [Parser.C] block 804cba0 exists [Parser.C] ==== starting to parse frame 804cba0 ==== [Parser.C] parsing block 804cba0 [Parser.C:1274] curAddr 0x804cba0: jmp [805c06c] [Parser.C:1280] leaf 1 funcname targ804cba0 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c06c] to 0x804cba0...FAIL (CFT=0x0), callTarget exp: [805c06c] ... indirect jump at 0x804cba0, delay parsing it [Parser.C:1485] recording block [804cba0,804cba6) ... continue parse indirect jump at 804cba0 [Parser.C:1485] recording block [804cba0,804cba6) Getting edges ... indirect jump at 0x804cba0 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c06c] at 0x804cba0 Apply indirect control flow analysis at 804cba0 Looking for thunk Looking for thunk in block [804cba0,804cba6).......WARNING: after advance at 0x804cba6, curInsn() NULL Expanding instruction @ 804cba0: jmp [805c06c] Original expand: (<134594668:32>,) Adding assignment (@804cba0<[x86::eip]>[_805c06c]) in instruction jmp [805c06c] at 804cba0, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cba0, insn: jmp [805c06c] Old fact for 804cba0: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cba0 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cba0<[x86::eip]>[_805c06c]) Instruction: jmp [805c06c] AST: (<134594668:64>,) Generate bound fact for Interval 0[134594668,134594668] 0[805c06c,805c06c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594668:64>,) Apply relations2 to (<134594668:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594668,134594668] 0[805c06c,805c06c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594668:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cba0 The fact from 804cba0 before applying transfer function Do not track predicate Var: , Interval 0[134594668,134594668] 0[805c06c,805c06c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594668:64>,) No known value at the top of the stack Fact from 804cba0 after applying transfer function Do not track predicate Var: , Interval 0[134594668,134594668] 0[805c06c,805c06c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594668:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594668,134594668] 0[805c06c,805c06c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594668:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594668,134594668] 0[805c06c,805c06c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c06c not read only, returning false Not jump table format! [Parser.C] finalizing targ804cba0 (804cba0) No targets, exits func Adding block 0x804cba0 as exit 804cba0 extent [804cba0,804cba6) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c06c] at 0x804cba0 in function targ804cba0 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cba0->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for write [Parser.C] frame 804cba0 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] write return status 2, no waiters [Parser.C] ==== resuming parse of frame 804d020 ==== Checking non-returning for write [Parser.C:1485] recording block [804d061,804d061) [Parser.C] parsing block 804d061 [Parser.C:1274] curAddr 0x804d061: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d064: jz 29 + EIP + 2 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d061,804d066) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 29 + EIP + 2 to 0x804d064...SUCCESS (CFT=0x804d08f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d064->804d08f resolveable_edge: 1, tailcall: 0, target: 804d08f [ParserDetails.C:588] pushing 804d08f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d064->804d066 resolveable_edge: 1, tailcall: 0, target: 804d066 [ParserDetails.C:588] pushing 804d066 onto worklist [Parser.C:1485] recording block [804d08f,804d08f) [Parser.C] parsing block 804d08f [Parser.C:1274] curAddr 0x804d08f: mov EAX, [EBX + 7b8] [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d095: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d098: call fffffc13 + EIP + 5 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffc13 + EIP + 5 to 0x804d098...SUCCESS (CFT=0x804ccb0) [Parser.C:1485] recording block [804d08f,804d09d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d098->804ccb0 resolveable_edge: 1, tailcall: 0, target: 804ccb0 [ParserDetails.C:588] pushing 804ccb0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d098->804d09d resolveable_edge: 1, tailcall: 0, target: 804d09d [ParserDetails.C:588] pushing 804d09d onto worklist [Parser.C] binding call 804d098->804ccb0 [ParseData.C] new function for target 804ccb0 [Parser.C:1485] recording block [804ccb0,804ccb0) [suspend frame 804d020] [Parser.C] frame 804d020 blocked at 804d098 call target 804ccb0 [Parser.C] block 804ccb0 exists [Parser.C] ==== starting to parse frame 804ccb0 ==== [Parser.C] parsing block 804ccb0 [Parser.C:1274] curAddr 0x804ccb0: jmp [805c0b0] [Parser.C:1280] leaf 1 funcname targ804ccb0 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c0b0] to 0x804ccb0...FAIL (CFT=0x0), callTarget exp: [805c0b0] ... indirect jump at 0x804ccb0, delay parsing it [Parser.C:1485] recording block [804ccb0,804ccb6) ... continue parse indirect jump at 804ccb0 [Parser.C:1485] recording block [804ccb0,804ccb6) Getting edges ... indirect jump at 0x804ccb0 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c0b0] at 0x804ccb0 Apply indirect control flow analysis at 804ccb0 Looking for thunk Looking for thunk in block [804ccb0,804ccb6).......WARNING: after advance at 0x804ccb6, curInsn() NULL Expanding instruction @ 804ccb0: jmp [805c0b0] Original expand: (<134594736:32>,) Adding assignment (@804ccb0<[x86::eip]>[_805c0b0]) in instruction jmp [805c0b0] at 804ccb0, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804ccb0, insn: jmp [805c0b0] Old fact for 804ccb0: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804ccb0 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804ccb0<[x86::eip]>[_805c0b0]) Instruction: jmp [805c0b0] AST: (<134594736:64>,) Generate bound fact for Interval 0[134594736,134594736] 0[805c0b0,805c0b0], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594736:64>,) Apply relations2 to (<134594736:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594736,134594736] 0[805c0b0,805c0b0], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594736:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804ccb0 The fact from 804ccb0 before applying transfer function Do not track predicate Var: , Interval 0[134594736,134594736] 0[805c0b0,805c0b0], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594736:64>,) No known value at the top of the stack Fact from 804ccb0 after applying transfer function Do not track predicate Var: , Interval 0[134594736,134594736] 0[805c0b0,805c0b0], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594736:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594736,134594736] 0[805c0b0,805c0b0], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594736:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594736,134594736] 0[805c0b0,805c0b0], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c0b0 not read only, returning false Not jump table format! [Parser.C] finalizing targ804ccb0 (804ccb0) No targets, exits func Adding block 0x804ccb0 as exit 804ccb0 extent [804ccb0,804ccb6) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c0b0] at 0x804ccb0 in function targ804ccb0 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804ccb0->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for close [Parser.C] frame 804ccb0 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] close return status 2, no waiters [Parser.C] ==== resuming parse of frame 804d020 ==== Checking non-returning for close [Parser.C:1485] recording block [804d09d,804d09d) [Parser.C] parsing block 804d09d [Parser.C:1274] curAddr 0x804d09d: call fffffa4e + EIP + 5 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffa4e + EIP + 5 to 0x804d09d...SUCCESS (CFT=0x804caf0) [Parser.C:1485] recording block [804d09d,804d0a2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d09d->804caf0 resolveable_edge: 1, tailcall: 0, target: 804caf0 [ParserDetails.C:588] pushing 804caf0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d09d->804d0a2 resolveable_edge: 1, tailcall: 0, target: 804d0a2 [ParserDetails.C:588] pushing 804d0a2 onto worklist [Parser.C] binding call 804d09d->804caf0 [ParseData.C] new function for target 804caf0 [Parser.C:1485] recording block [804caf0,804caf0) [suspend frame 804d020] [Parser.C] frame 804d020 blocked at 804d09d call target 804caf0 [Parser.C] block 804caf0 exists [Parser.C] ==== starting to parse frame 804caf0 ==== [Parser.C] parsing block 804caf0 [Parser.C:1274] curAddr 0x804caf0: jmp [805c040] [Parser.C:1280] leaf 1 funcname targ804caf0 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c040] to 0x804caf0...FAIL (CFT=0x0), callTarget exp: [805c040] ... indirect jump at 0x804caf0, delay parsing it [Parser.C:1485] recording block [804caf0,804caf6) ... continue parse indirect jump at 804caf0 [Parser.C:1485] recording block [804caf0,804caf6) Getting edges ... indirect jump at 0x804caf0 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c040] at 0x804caf0 Apply indirect control flow analysis at 804caf0 Looking for thunk Looking for thunk in block [804caf0,804caf6).......WARNING: after advance at 0x804caf6, curInsn() NULL Expanding instruction @ 804caf0: jmp [805c040] Original expand: (<134594624:32>,) Adding assignment (@804caf0<[x86::eip]>[_805c040]) in instruction jmp [805c040] at 804caf0, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804caf0, insn: jmp [805c040] Old fact for 804caf0: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804caf0 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804caf0<[x86::eip]>[_805c040]) Instruction: jmp [805c040] AST: (<134594624:64>,) Generate bound fact for Interval 0[134594624,134594624] 0[805c040,805c040], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594624:64>,) Apply relations2 to (<134594624:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594624,134594624] 0[805c040,805c040], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594624:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804caf0 The fact from 804caf0 before applying transfer function Do not track predicate Var: , Interval 0[134594624,134594624] 0[805c040,805c040], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594624:64>,) No known value at the top of the stack Fact from 804caf0 after applying transfer function Do not track predicate Var: , Interval 0[134594624,134594624] 0[805c040,805c040], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594624:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594624,134594624] 0[805c040,805c040], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594624:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594624,134594624] 0[805c040,805c040], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c040 not read only, returning false Not jump table format! [Parser.C] finalizing targ804caf0 (804caf0) No targets, exits func Adding block 0x804caf0 as exit 804caf0 extent [804caf0,804caf6) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c040] at 0x804caf0 in function targ804caf0 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804caf0->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for getpid [Parser.C] frame 804caf0 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] getpid return status 2, no waiters [Parser.C] ==== resuming parse of frame 804d020 ==== Checking non-returning for getpid [Parser.C:1485] recording block [804d0a2,804d0a2) [Parser.C] parsing block 804d0a2 [Parser.C:1274] curAddr 0x804d0a2: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d0a6: lea EAX, EBX + ffff8a94 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d0ac: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d0af: call 68d1 + EIP + 5 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call 68d1 + EIP + 5 to 0x804d0af...SUCCESS (CFT=0x8053985) [Parser.C:1485] recording block [804d0a2,804d0b4) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d0af->8053985 resolveable_edge: 1, tailcall: 0, target: 8053985 [ParserDetails.C:588] pushing 8053985 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d0af->804d0b4 resolveable_edge: 1, tailcall: 0, target: 804d0b4 [ParserDetails.C:588] pushing 804d0b4 onto worklist [Parser.C] binding call 804d0af->8053985 [Parser.C:1485] recording block [8053985,8053985) [suspend frame 804d020] [Parser.C] frame 804d020 blocked at 804d0af call target 8053985 [Parser.C] block 8053985 exists [Parser.C] ==== starting to parse frame 8053985 ==== [Parser.C] parsing block 8053985 [Parser.C:1274] curAddr 0x8053985: push EBP, ESP [Parser.C:1280] leaf 1 funcname logstatus hasCFT called [Parser.C:1274] curAddr 0x8053986: mov EBP, ESP [Parser.C:1280] leaf 1 funcname logstatus hasCFT called [Parser.C:1274] curAddr 0x8053988: push EBX, ESP [Parser.C:1280] leaf 1 funcname logstatus hasCFT called [Parser.C:1274] curAddr 0x8053989: sub ESP, 24 [Parser.C:1280] leaf 1 funcname logstatus hasCFT called [Parser.C:1274] curAddr 0x805398c: call ffff936f + EIP + 5 [Parser.C:1280] leaf 1 funcname logstatus hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff936f + EIP + 5 to 0x805398c...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053991: add EBX, 866f [Parser.C:1280] leaf 1 funcname logstatus hasCFT called [Parser.C:1274] curAddr 0x8053997: lea EAX, EBP + c [Parser.C:1280] leaf 1 funcname logstatus hasCFT called [Parser.C:1274] curAddr 0x805399a: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname logstatus hasCFT called [Parser.C:1274] curAddr 0x805399d: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname logstatus hasCFT called [Parser.C:1274] curAddr 0x80539a0: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname logstatus hasCFT called [Parser.C:1274] curAddr 0x80539a4: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname logstatus hasCFT called [Parser.C:1274] curAddr 0x80539a7: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname logstatus hasCFT called [Parser.C:1274] curAddr 0x80539ab: mov [ESP], 2 [Parser.C:1280] leaf 1 funcname logstatus hasCFT called [Parser.C:1274] curAddr 0x80539b2: call fffffdba + EIP + 5 [Parser.C:1280] leaf 1 funcname logstatus hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffdba + EIP + 5 to 0x80539b2...SUCCESS (CFT=0x8053771) [Parser.C:1485] recording block [8053985,80539b7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80539b2->8053771 resolveable_edge: 1, tailcall: 0, target: 8053771 [ParserDetails.C:588] pushing 8053771 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80539b2->80539b7 resolveable_edge: 1, tailcall: 0, target: 80539b7 [ParserDetails.C:588] pushing 80539b7 onto worklist [Parser.C] binding call 80539b2->8053771 [Parser.C] block 8053771 exists Checking non-returning for stdOutputVLog Checking non-returning for stdOutputVLog [Parser.C:1485] recording block [80539b7,80539b7) [Parser.C] parsing block 80539b7 [Parser.C:1274] curAddr 0x80539b7: add ESP, 24 [Parser.C:1280] leaf 1 funcname logstatus hasCFT called [Parser.C:1274] curAddr 0x80539ba: pop EBX, ESP [Parser.C:1280] leaf 1 funcname logstatus hasCFT called [Parser.C:1274] curAddr 0x80539bb: pop EBP, ESP [Parser.C:1280] leaf 1 funcname logstatus hasCFT called [Parser.C:1274] curAddr 0x80539bc: ret near [ESP] [Parser.C:1280] leaf 1 funcname logstatus hasCFT called branch or return, ret true [Parser.C:1485] recording block [80539b7,80539bd) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80539bc Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80539bc...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8053985 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] logstatus return status 3, no waiters [Parser.C] ==== resuming parse of frame 804d020 ==== Checking non-returning for logstatus Checking non-returning for logstatus [Parser.C:1485] recording block [804d0b4,804d0b4) [Parser.C] parsing block 804d0b4 [Parser.C:1274] curAddr 0x804d0b4: mov [ESP + 4], 0 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d0bc: lea EAX, EBP + ffffffffffffffec [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d0bf: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d0c2: call fffff9e9 + EIP + 5 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff9e9 + EIP + 5 to 0x804d0c2...SUCCESS (CFT=0x804cab0) [Parser.C:1485] recording block [804d0b4,804d0c7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d0c2->804cab0 resolveable_edge: 1, tailcall: 0, target: 804cab0 [ParserDetails.C:588] pushing 804cab0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d0c2->804d0c7 resolveable_edge: 1, tailcall: 0, target: 804d0c7 [ParserDetails.C:588] pushing 804d0c7 onto worklist [Parser.C] binding call 804d0c2->804cab0 [ParseData.C] new function for target 804cab0 [Parser.C:1485] recording block [804cab0,804cab0) [suspend frame 804d020] [Parser.C] frame 804d020 blocked at 804d0c2 call target 804cab0 [Parser.C] block 804cab0 exists [Parser.C] ==== starting to parse frame 804cab0 ==== [Parser.C] parsing block 804cab0 [Parser.C:1274] curAddr 0x804cab0: jmp [805c030] [Parser.C:1280] leaf 1 funcname targ804cab0 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c030] to 0x804cab0...FAIL (CFT=0x0), callTarget exp: [805c030] ... indirect jump at 0x804cab0, delay parsing it [Parser.C:1485] recording block [804cab0,804cab6) ... continue parse indirect jump at 804cab0 [Parser.C:1485] recording block [804cab0,804cab6) Getting edges ... indirect jump at 0x804cab0 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c030] at 0x804cab0 Apply indirect control flow analysis at 804cab0 Looking for thunk Looking for thunk in block [804cab0,804cab6).......WARNING: after advance at 0x804cab6, curInsn() NULL Expanding instruction @ 804cab0: jmp [805c030] Original expand: (<134594608:32>,) Adding assignment (@804cab0<[x86::eip]>[_805c030]) in instruction jmp [805c030] at 804cab0, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cab0, insn: jmp [805c030] Old fact for 804cab0: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cab0 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cab0<[x86::eip]>[_805c030]) Instruction: jmp [805c030] AST: (<134594608:64>,) Generate bound fact for Interval 0[134594608,134594608] 0[805c030,805c030], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594608:64>,) Apply relations2 to (<134594608:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594608,134594608] 0[805c030,805c030], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594608:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cab0 The fact from 804cab0 before applying transfer function Do not track predicate Var: , Interval 0[134594608,134594608] 0[805c030,805c030], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594608:64>,) No known value at the top of the stack Fact from 804cab0 after applying transfer function Do not track predicate Var: , Interval 0[134594608,134594608] 0[805c030,805c030], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594608:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594608,134594608] 0[805c030,805c030], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594608:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594608,134594608] 0[805c030,805c030], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c030 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cab0 (804cab0) No targets, exits func Adding block 0x804cab0 as exit 804cab0 extent [804cab0,804cab6) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c030] at 0x804cab0 in function targ804cab0 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cab0->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for gettimeofday [Parser.C] frame 804cab0 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] gettimeofday return status 2, no waiters [Parser.C] ==== resuming parse of frame 804d020 ==== Checking non-returning for gettimeofday [Parser.C:1485] recording block [804d0c7,804d0c7) [Parser.C] parsing block 804d0c7 [Parser.C:1274] curAddr 0x804d0c7: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d0ce: call 6fec + EIP + 5 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call 6fec + EIP + 5 to 0x804d0ce...SUCCESS (CFT=0x80540bf) [Parser.C:1485] recording block [804d0c7,804d0d3) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d0ce->80540bf resolveable_edge: 1, tailcall: 0, target: 80540bf [ParserDetails.C:588] pushing 80540bf onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d0ce->804d0d3 resolveable_edge: 1, tailcall: 0, target: 804d0d3 [ParserDetails.C:588] pushing 804d0d3 onto worklist [Parser.C] binding call 804d0ce->80540bf [Parser.C] block 80540bf exists Checking non-returning for setUseAttach Checking non-returning for setUseAttach [Parser.C:1485] recording block [804d0d3,804d0d3) [Parser.C] parsing block 804d0d3 [Parser.C:1274] curAddr 0x804d0d3: call 691d + EIP + 5 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call 691d + EIP + 5 to 0x804d0d3...SUCCESS (CFT=0x80539f5) [Parser.C:1485] recording block [804d0d3,804d0d8) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d0d3->80539f5 resolveable_edge: 1, tailcall: 0, target: 80539f5 [ParserDetails.C:588] pushing 80539f5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d0d3->804d0d8 resolveable_edge: 1, tailcall: 0, target: 804d0d8 [ParserDetails.C:588] pushing 804d0d8 onto worklist [Parser.C] binding call 804d0d3->80539f5 [Parser.C] block 80539f5 exists Checking non-returning for flushOutputLog Checking non-returning for flushOutputLog [Parser.C:1485] recording block [804d0d8,804d0d8) [Parser.C] parsing block 804d0d8 [Parser.C:1274] curAddr 0x804d0d8: jmp 43 + EIP + 2 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 43 + EIP + 2 to 0x804d0d8...SUCCESS (CFT=0x804d11d) [Parser.C:1485] recording block [804d0d8,804d0da) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 804d0d8->804d11d resolveable_edge: 1, tailcall: 0, target: 804d11d [ParserDetails.C:588] pushing 804d11d onto worklist [Parser.C:1485] recording block [804d066,804d066) [Parser.C] parsing block 804d066 [Parser.C:1274] curAddr 0x804d066: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d06c: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d06e: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d070: lea EDX, EBX + ffff8a78 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d076: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d07a: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d081: call EAX [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x804d081...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804d066,804d083) Getting edges Returned 2 edges ... Call 0x804d081 is indirect ... Call 0x804d081 is indirect ... Call 0x804d081 is indirect 2 edges: ParserDetails.C[64]: adding call edge 804d081->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804d081->804d083 resolveable_edge: 1, tailcall: 0, target: 804d083 [ParserDetails.C:588] pushing 804d083 onto worklist [Parser.C:1485] recording block [804d083,804d083) [Parser.C] parsing block 804d083 [Parser.C:1274] curAddr 0x804d083: mov [ESP], ffffffff [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d08a: call fffffac1 + EIP + 5 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffac1 + EIP + 5 to 0x804d08a...SUCCESS (CFT=0x804cb50) [Parser.C:1485] recording block [804d083,804d08f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d08a->804cb50 resolveable_edge: 1, tailcall: 0, target: 804cb50 [ParserDetails.C:588] pushing 804cb50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d08a->804d08f resolveable_edge: 1, tailcall: 0, target: 804d08f [ParserDetails.C:588] pushing 804d08f onto worklist [Parser.C] binding call 804d08a->804cb50 [ParseData.C] new function for target 804cb50 [Parser.C:1485] recording block [804cb50,804cb50) [suspend frame 804d020] [Parser.C] frame 804d020 blocked at 804d08a call target 804cb50 [Parser.C] block 804cb50 exists [Parser.C] ==== starting to parse frame 804cb50 ==== [Parser.C] parsing block 804cb50 [Parser.C:1274] curAddr 0x804cb50: jmp [805c058] [Parser.C:1280] leaf 1 funcname targ804cb50 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c058] to 0x804cb50...FAIL (CFT=0x0), callTarget exp: [805c058] ... indirect jump at 0x804cb50, delay parsing it [Parser.C:1485] recording block [804cb50,804cb56) ... continue parse indirect jump at 804cb50 [Parser.C:1485] recording block [804cb50,804cb56) Getting edges ... indirect jump at 0x804cb50 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c058] at 0x804cb50 Apply indirect control flow analysis at 804cb50 Looking for thunk Looking for thunk in block [804cb50,804cb56).......WARNING: after advance at 0x804cb56, curInsn() NULL Expanding instruction @ 804cb50: jmp [805c058] Original expand: (<134594648:32>,) Adding assignment (@804cb50<[x86::eip]>[_805c058]) in instruction jmp [805c058] at 804cb50, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cb50, insn: jmp [805c058] Old fact for 804cb50: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cb50 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cb50<[x86::eip]>[_805c058]) Instruction: jmp [805c058] AST: (<134594648:64>,) Generate bound fact for Interval 0[134594648,134594648] 0[805c058,805c058], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594648:64>,) Apply relations2 to (<134594648:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594648,134594648] 0[805c058,805c058], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594648:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cb50 The fact from 804cb50 before applying transfer function Do not track predicate Var: , Interval 0[134594648,134594648] 0[805c058,805c058], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594648:64>,) No known value at the top of the stack Fact from 804cb50 after applying transfer function Do not track predicate Var: , Interval 0[134594648,134594648] 0[805c058,805c058], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594648:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594648,134594648] 0[805c058,805c058], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594648:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594648,134594648] 0[805c058,805c058], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c058 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cb50 (804cb50) No targets, exits func Adding block 0x804cb50 as exit 804cb50 extent [804cb50,804cb56) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c058] at 0x804cb50 in function targ804cb50 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cb50->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for exit [Parser.C] frame 804cb50 complete, return status: 1 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] exit return status 1, no waiters [Parser.C] ==== resuming parse of frame 804d020 ==== Checking non-returning for exit Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804cb50 at 804d08a [Parser.C:1485] recording block [804d11d,804d11d) [Parser.C] parsing block 804d11d [Parser.C:1274] curAddr 0x804d11d: call fffffd6b + EIP + 5 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffd6b + EIP + 5 to 0x804d11d...SUCCESS (CFT=0x804ce8d) [Parser.C:1485] recording block [804d11d,804d122) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d11d->804ce8d resolveable_edge: 1, tailcall: 0, target: 804ce8d [ParserDetails.C:588] pushing 804ce8d onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d11d->804d122 resolveable_edge: 1, tailcall: 0, target: 804d122 [ParserDetails.C:588] pushing 804d122 onto worklist [Parser.C] binding call 804d11d->804ce8d [Parser.C:1485] recording block [804ce8d,804ce8d) [suspend frame 804d020] [Parser.C] frame 804d020 blocked at 804d11d call target 804ce8d [Parser.C] block 804ce8d exists [Parser.C] ==== starting to parse frame 804ce8d ==== [Parser.C] parsing block 804ce8d [Parser.C:1274] curAddr 0x804ce8d: push EBP, ESP [Parser.C:1280] leaf 1 funcname checkIfAttached hasCFT called [Parser.C:1274] curAddr 0x804ce8e: mov EBP, ESP [Parser.C:1280] leaf 1 funcname checkIfAttached hasCFT called [Parser.C:1274] curAddr 0x804ce90: call cf0 + EIP + 5 [Parser.C:1280] leaf 1 funcname checkIfAttached hasCFT called IA_IAPI.C[847]: binding PC EIP in call cf0 + EIP + 5 to 0x804ce90...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x804ce95: add ECX, f16b [Parser.C:1280] leaf 1 funcname checkIfAttached hasCFT called [Parser.C:1274] curAddr 0x804ce9b: lea EAX, ECX + 7a8 [Parser.C:1280] leaf 1 funcname checkIfAttached hasCFT called [Parser.C:1274] curAddr 0x804cea1: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname checkIfAttached hasCFT called [Parser.C:1274] curAddr 0x804cea3: pop EBP, ESP [Parser.C:1280] leaf 1 funcname checkIfAttached hasCFT called [Parser.C:1274] curAddr 0x804cea4: ret near [ESP] [Parser.C:1280] leaf 1 funcname checkIfAttached hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ce8d,804cea5) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804cea4 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804cea4...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 804ce8d complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] checkIfAttached return status 3, no waiters [Parser.C] ==== resuming parse of frame 804d020 ==== Checking non-returning for checkIfAttached Checking non-returning for checkIfAttached [Parser.C:1485] recording block [804d122,804d122) [Parser.C] parsing block 804d122 [Parser.C:1274] curAddr 0x804d122: test EAX, EAX [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d124: jz ffffffffffffffb4 + EIP + 2 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d122,804d126) Getting edges IA_IAPI.C[847]: binding PC EIP in jz ffffffffffffffb4 + EIP + 2 to 0x804d124...SUCCESS (CFT=0x804d0da) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d124->804d0da resolveable_edge: 1, tailcall: 0, target: 804d0da [ParserDetails.C:588] pushing 804d0da onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d124->804d126 resolveable_edge: 1, tailcall: 0, target: 804d126 [ParserDetails.C:588] pushing 804d126 onto worklist [Parser.C:1485] recording block [804d0da,804d0da) [Parser.C] parsing block 804d0da [Parser.C:1274] curAddr 0x804d0da: mov [ESP + 4], 0 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d0e2: lea EAX, EBP + ffffffffffffffe4 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d0e5: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d0e8: call fffff9c3 + EIP + 5 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff9c3 + EIP + 5 to 0x804d0e8...SUCCESS (CFT=0x804cab0) [Parser.C:1485] recording block [804d0da,804d0ed) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d0e8->804cab0 resolveable_edge: 1, tailcall: 0, target: 804cab0 [ParserDetails.C:588] pushing 804cab0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d0e8->804d0ed resolveable_edge: 1, tailcall: 0, target: 804d0ed [ParserDetails.C:588] pushing 804d0ed onto worklist [Parser.C] binding call 804d0e8->804cab0 [Parser.C] block 804cab0 exists Checking non-returning for gettimeofday [Parser.C:1485] recording block [804d0ed,804d0ed) [Parser.C] parsing block 804d0ed [Parser.C:1274] curAddr 0x804d0ed: mov EAX, [EBP + ffffffffffffffe4] [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d0f0: mov EDX, [EBP + ffffffffffffffec] [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d0f3: add EDX, 1e [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d0f6: cmp EAX, EDX [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d0f8: jle 23 + EIP + 2 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d0ed,804d0fa) Getting edges IA_IAPI.C[847]: binding PC EIP in jle 23 + EIP + 2 to 0x804d0f8...SUCCESS (CFT=0x804d11d) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804d11d is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804d0f8->804d11d resolveable_edge: 1, tailcall: 0, target: 804d11d [ParserDetails.C:588] pushing 804d11d onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d0f8->804d0fa resolveable_edge: 1, tailcall: 0, target: 804d0fa [ParserDetails.C:588] pushing 804d0fa onto worklist [Parser.C] block 804d11d exists [Parser.C] skipping locally parsed target at 804d11d [Parser.C:1485] recording block [804d0fa,804d0fa) [Parser.C] parsing block 804d0fa [Parser.C:1274] curAddr 0x804d0fa: call fffffd8e + EIP + 5 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffd8e + EIP + 5 to 0x804d0fa...SUCCESS (CFT=0x804ce8d) [Parser.C:1485] recording block [804d0fa,804d0ff) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d0fa->804ce8d resolveable_edge: 1, tailcall: 0, target: 804ce8d [ParserDetails.C:588] pushing 804ce8d onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d0fa->804d0ff resolveable_edge: 1, tailcall: 0, target: 804d0ff [ParserDetails.C:588] pushing 804d0ff onto worklist [Parser.C] binding call 804d0fa->804ce8d [Parser.C] block 804ce8d exists Checking non-returning for checkIfAttached Checking non-returning for checkIfAttached [Parser.C:1485] recording block [804d0ff,804d0ff) [Parser.C] parsing block 804d0ff [Parser.C:1274] curAddr 0x804d0ff: test EAX, EAX [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d101: jnz 23 + EIP + 2 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d0ff,804d103) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 23 + EIP + 2 to 0x804d101...SUCCESS (CFT=0x804d126) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d101->804d126 resolveable_edge: 1, tailcall: 0, target: 804d126 [ParserDetails.C:588] pushing 804d126 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d101->804d103 resolveable_edge: 1, tailcall: 0, target: 804d103 [ParserDetails.C:588] pushing 804d103 onto worklist [Parser.C:1485] recording block [804d126,804d126) [Parser.C] parsing block 804d126 [Parser.C:1274] curAddr 0x804d126: mov EAX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d12c: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d12e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d131: call fffff92a + EIP + 5 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff92a + EIP + 5 to 0x804d131...SUCCESS (CFT=0x804ca60) [Parser.C:1485] recording block [804d126,804d136) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d131->804ca60 resolveable_edge: 1, tailcall: 0, target: 804ca60 [ParserDetails.C:588] pushing 804ca60 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d131->804d136 resolveable_edge: 1, tailcall: 0, target: 804d136 [ParserDetails.C:588] pushing 804d136 onto worklist [Parser.C] binding call 804d131->804ca60 [Parser.C] block 804ca60 exists Checking non-returning for fflush [Parser.C:1485] recording block [804d136,804d136) [Parser.C] parsing block 804d136 [Parser.C:1274] curAddr 0x804d136: lea EAX, EBX + ffff8af4 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d13c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d13f: call 6841 + EIP + 5 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call 6841 + EIP + 5 to 0x804d13f...SUCCESS (CFT=0x8053985) [Parser.C:1485] recording block [804d136,804d144) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d13f->8053985 resolveable_edge: 1, tailcall: 0, target: 8053985 [ParserDetails.C:588] pushing 8053985 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d13f->804d144 resolveable_edge: 1, tailcall: 0, target: 804d144 [ParserDetails.C:588] pushing 804d144 onto worklist [Parser.C] binding call 804d13f->8053985 [Parser.C] block 8053985 exists Checking non-returning for logstatus Checking non-returning for logstatus [Parser.C] block 804d144 exists [Parser.C] skipping locally parsed target at 804d144 [Parser.C:1485] recording block [804d103,804d103) [Parser.C] parsing block 804d103 [Parser.C:1274] curAddr 0x804d103: lea EAX, EBX + ffff8ac4 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d109: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d10c: call 6874 + EIP + 5 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call 6874 + EIP + 5 to 0x804d10c...SUCCESS (CFT=0x8053985) [Parser.C:1485] recording block [804d103,804d111) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d10c->8053985 resolveable_edge: 1, tailcall: 0, target: 8053985 [ParserDetails.C:588] pushing 8053985 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d10c->804d111 resolveable_edge: 1, tailcall: 0, target: 804d111 [ParserDetails.C:588] pushing 804d111 onto worklist [Parser.C] binding call 804d10c->8053985 [Parser.C] block 8053985 exists Checking non-returning for logstatus Checking non-returning for logstatus [Parser.C:1485] recording block [804d111,804d111) [Parser.C] parsing block 804d111 [Parser.C:1274] curAddr 0x804d111: mov [ESP], ffffffff [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called [Parser.C:1274] curAddr 0x804d118: call fffffa33 + EIP + 5 [Parser.C:1280] leaf 1 funcname handleAttach hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffa33 + EIP + 5 to 0x804d118...SUCCESS (CFT=0x804cb50) [Parser.C:1485] recording block [804d111,804d11d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d118->804cb50 resolveable_edge: 1, tailcall: 0, target: 804cb50 [ParserDetails.C:588] pushing 804cb50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d118->804d11d resolveable_edge: 1, tailcall: 0, target: 804d11d [ParserDetails.C:588] pushing 804d11d onto worklist [Parser.C] binding call 804d118->804cb50 [Parser.C] block 804cb50 exists Checking non-returning for exit Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804cb50 at 804d118 [Parser.C] block 804d126 exists [Parser.C] skipping locally parsed target at 804d126 [Parser.C] frame 804d020 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] handleAttach return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8053dcf) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053dcf) [Parser.C:1485] recording block [8053dcf,8053dcf) [Parser.C] ==== starting to parse frame 8053dcf ==== [Parser.C] parsing block 8053dcf [Parser.C:1274] curAddr 0x8053dcf: push EBP, ESP [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053dd0: mov EBP, ESP [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053dd2: push EBX, ESP [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053dd3: sub ESP, 14 [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053dd6: call ffff8f25 + EIP + 5 [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8f25 + EIP + 5 to 0x8053dd6...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053ddb: add EBX, 8225 [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053de1: mov EAX, [EBX + 9fc] [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053de7: test EAX, EAX [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053de9: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053dcf,8053deb) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x8053de9...SUCCESS (CFT=0x8053df9) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053de9->8053df9 resolveable_edge: 1, tailcall: 0, target: 8053df9 [ParserDetails.C:588] pushing 8053df9 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053de9->8053deb resolveable_edge: 1, tailcall: 0, target: 8053deb [ParserDetails.C:588] pushing 8053deb onto worklist [Parser.C:1485] recording block [8053df9,8053df9) [Parser.C] parsing block 8053df9 [Parser.C:1274] curAddr 0x8053df9: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053dff: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e01: lea EDX, EBX + ffff7d47 [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e07: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e09: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e0f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e11: lea EDX, EBX + ffff7d03 [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e17: mov [EAX + 4], EDX [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e1a: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e20: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e22: lea EDX, EBX + ffff7cbf [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e28: mov [EAX + 8], EDX [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e2b: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e31: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e33: lea EDX, EBX + ffff7218 [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e39: mov [EAX + c], EDX [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e3c: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e42: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e44: lea EDX, EBX + ffff7d8b [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e4a: mov [EAX + 10], EDX [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e4d: add ESP, 14 [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e50: pop EBX, ESP [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e51: pop EBP, ESP [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053e52: ret near [ESP] [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053df9,8053e53) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053e52 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053e52...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8053deb,8053deb) [Parser.C] parsing block 8053deb [Parser.C:1274] curAddr 0x8053deb: mov EAX, [EBX + 9fc] [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053df1: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053df4: call ffff8c87 + EIP + 5 [Parser.C:1280] leaf 1 funcname closeDatabaseOutputDriver hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8c87 + EIP + 5 to 0x8053df4...SUCCESS (CFT=0x804ca80) [Parser.C:1485] recording block [8053deb,8053df9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053df4->804ca80 resolveable_edge: 1, tailcall: 0, target: 804ca80 [ParserDetails.C:588] pushing 804ca80 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053df4->8053df9 resolveable_edge: 1, tailcall: 0, target: 8053df9 [ParserDetails.C:588] pushing 8053df9 onto worklist [Parser.C] binding call 8053df4->804ca80 [Parser.C] block 804ca80 exists Checking non-returning for free [Parser.C] block 8053df9 exists [Parser.C] skipping locally parsed target at 8053df9 [Parser.C] frame 8053dcf complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] closeDatabaseOutputDriver return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052c60) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052c60) [Parser.C:1485] recording block [8052c60,8052c60) [Parser.C] ==== starting to parse frame 8052c60 ==== [Parser.C] parsing block 8052c60 [Parser.C:1274] curAddr 0x8052c60: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052c61: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052c63: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052c64: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052c67: call ffffa094 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffa094 + EIP + 5 to 0x8052c67...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052c6c: add EBX, 9394 [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052c72: lea EAX, EBX + 720 [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052c78: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052c7a: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052c7d: jnz 23 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052c60,8052c7f) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 23 + EIP + 2 to 0x8052c7d...SUCCESS (CFT=0x8052ca2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052c7d->8052ca2 resolveable_edge: 1, tailcall: 0, target: 8052ca2 [ParserDetails.C:588] pushing 8052ca2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052c7d->8052c7f resolveable_edge: 1, tailcall: 0, target: 8052c7f [ParserDetails.C:588] pushing 8052c7f onto worklist [Parser.C:1485] recording block [8052ca2,8052ca2) [Parser.C] parsing block 8052ca2 [Parser.C:1274] curAddr 0x8052ca2: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ca7: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052caa: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052cab: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052cac: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052ca2,8052cad) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052cac Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052cac...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8052c7f,8052c7f) [Parser.C] parsing block 8052c7f [Parser.C:1274] curAddr 0x8052c7f: lea EAX, EBX + ffffbb8c [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052c85: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052c88: call d30 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call d30 + EIP + 5 to 0x8052c88...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052c7f,8052c8d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052c88->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052c88->8052c8d resolveable_edge: 1, tailcall: 0, target: 8052c8d [ParserDetails.C:588] pushing 8052c8d onto worklist [Parser.C] binding call 8052c88->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052c8d,8052c8d) [Parser.C] parsing block 8052c8d [Parser.C:1274] curAddr 0x8052c8d: mov EAX, [EBX + 724] [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052c93: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052c96: call 170a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 170a + EIP + 5 to 0x8052c96...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8052c8d,8052c9b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052c96->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052c96->8052c9b resolveable_edge: 1, tailcall: 0, target: 8052c9b [ParserDetails.C:588] pushing 8052c9b onto worklist [Parser.C] binding call 8052c96->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8052c9b,8052c9b) [Parser.C] parsing block 8052c9b [Parser.C:1274] curAddr 0x8052c9b: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ca0: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_39_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x8052ca0...SUCCESS (CFT=0x8052ca7) [Parser.C:1485] recording block [8052c9b,8052ca2) Getting edges Checking for Tail Call jump to 0x8052ca7 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8052ca0->8052ca7 resolveable_edge: 1, tailcall: 0, target: 8052ca7 [ParserDetails.C:588] pushing 8052ca7 onto worklist [Parser.C] address 8052ca7 splits [8052ca2,8052cad) (0x1da02b0) [Parser.C:1485] recording block [8052ca7,8052cad) [Parser.C] skipping locally parsed target at 8052ca7 [Parser.C] frame 8052c60 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_39_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8053d03) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053d03) [Parser.C:1485] recording block [8053d03,8053d03) [Parser.C] ==== starting to parse frame 8053d03 ==== [Parser.C] parsing block 8053d03 [Parser.C:1274] curAddr 0x8053d03: push EBP, ESP [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called [Parser.C:1274] curAddr 0x8053d04: mov EBP, ESP [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called [Parser.C:1274] curAddr 0x8053d06: push EBX, ESP [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called [Parser.C:1274] curAddr 0x8053d07: sub ESP, 14 [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called [Parser.C:1274] curAddr 0x8053d0a: call ffff8ff1 + EIP + 5 [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8ff1 + EIP + 5 to 0x8053d0a...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053d0f: add EBX, 82f1 [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called [Parser.C:1274] curAddr 0x8053d15: mov EAX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called [Parser.C:1274] curAddr 0x8053d1b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called [Parser.C:1274] curAddr 0x8053d1d: mov [ESP + c], 17a [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called [Parser.C:1274] curAddr 0x8053d25: lea EDX, EBX + ffffbedc [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called [Parser.C:1274] curAddr 0x8053d2b: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called [Parser.C:1274] curAddr 0x8053d2f: lea EDX, EBX + ffffbf38 [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called [Parser.C:1274] curAddr 0x8053d35: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called [Parser.C:1274] curAddr 0x8053d39: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called [Parser.C:1274] curAddr 0x8053d3c: call ffff8e4f + EIP + 5 [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8e4f + EIP + 5 to 0x8053d3c...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [8053d03,8053d41) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053d3c->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053d3c->8053d41 resolveable_edge: 1, tailcall: 0, target: 8053d41 [ParserDetails.C:588] pushing 8053d41 onto worklist [Parser.C] binding call 8053d3c->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C:1485] recording block [8053d41,8053d41) [Parser.C] parsing block 8053d41 [Parser.C:1274] curAddr 0x8053d41: add ESP, 14 [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called [Parser.C:1274] curAddr 0x8053d44: pop EBX, ESP [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called [Parser.C:1274] curAddr 0x8053d45: pop EBP, ESP [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called [Parser.C:1274] curAddr 0x8053d46: ret near [ESP] [Parser.C:1280] leaf 1 funcname warningVLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053d41,8053d47) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053d46 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053d46...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8053d03 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] warningVLog return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8051b42) [Parser.C:180] entered parse_at([804ccd0,80549c4),8051b42) [Parser.C:1485] recording block [8051b42,8051b42) [Parser.C] ==== starting to parse frame 8051b42 ==== [Parser.C] parsing block 8051b42 [Parser.C:1274] curAddr 0x8051b42: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b43: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b45: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b46: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b49: call ffffb1b2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffb1b2 + EIP + 5 to 0x8051b49...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8051b4e: add EBX, a4b2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b54: call 22d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 22d + EIP + 5 to 0x8051b54...SUCCESS (CFT=0x8051d86) [Parser.C:1485] recording block [8051b42,8051b59) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051b54->8051d86 resolveable_edge: 1, tailcall: 0, target: 8051d86 [ParserDetails.C:588] pushing 8051d86 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051b54->8051b59 resolveable_edge: 1, tailcall: 0, target: 8051b59 [ParserDetails.C:588] pushing 8051b59 onto worklist [Parser.C] binding call 8051b54->8051d86 [Parser.C] block 8051d86 exists Checking non-returning for func30_2 [Parser.C:1485] recording block [8051b59,8051b59) [Parser.C] parsing block 8051b59 [Parser.C:1274] curAddr 0x8051b59: lea EAX, EBX + 90c [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b5f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b61: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b63: jz 26 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051b59,8051b65) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 26 + EIP + 2 to 0x8051b63...SUCCESS (CFT=0x8051b8b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051b63->8051b8b resolveable_edge: 1, tailcall: 0, target: 8051b8b [ParserDetails.C:588] pushing 8051b8b onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051b63->8051b65 resolveable_edge: 1, tailcall: 0, target: 8051b65 [ParserDetails.C:588] pushing 8051b65 onto worklist [Parser.C:1485] recording block [8051b8b,8051b8b) [Parser.C] parsing block 8051b8b [Parser.C:1274] curAddr 0x8051b8b: mov EAX, 1 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b90: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x8051b90...SUCCESS (CFT=0x8051b97) [Parser.C:1485] recording block [8051b8b,8051b92) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8051b90->8051b97 resolveable_edge: 1, tailcall: 0, target: 8051b97 [ParserDetails.C:588] pushing 8051b97 onto worklist [Parser.C:1485] recording block [8051b65,8051b65) [Parser.C] parsing block 8051b65 [Parser.C:1274] curAddr 0x8051b65: mov EDX, [EBX + 92c] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b6b: lea EAX, EBX + 90c [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b71: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b73: cmp EDX, EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b75: jnbe 1b + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051b65,8051b77) Getting edges IA_IAPI.C[847]: binding PC EIP in jnbe 1b + EIP + 2 to 0x8051b75...SUCCESS (CFT=0x8051b92) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051b75->8051b92 resolveable_edge: 1, tailcall: 0, target: 8051b92 [ParserDetails.C:588] pushing 8051b92 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051b75->8051b77 resolveable_edge: 1, tailcall: 0, target: 8051b77 [ParserDetails.C:588] pushing 8051b77 onto worklist [Parser.C:1485] recording block [8051b92,8051b92) [Parser.C] parsing block 8051b92 [Parser.C:1274] curAddr 0x8051b92: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b97: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b9a: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b9e: jnz 2a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051b92,8051ba0) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 2a + EIP + 2 to 0x8051b9e...SUCCESS (CFT=0x8051bca) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051b9e->8051bca resolveable_edge: 1, tailcall: 0, target: 8051bca [ParserDetails.C:588] pushing 8051bca onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051b9e->8051ba0 resolveable_edge: 1, tailcall: 0, target: 8051ba0 [ParserDetails.C:588] pushing 8051ba0 onto worklist [Parser.C:1485] recording block [8051bca,8051bca) [Parser.C] parsing block 8051bca [Parser.C:1274] curAddr 0x8051bca: lea EAX, EBX + 910 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051bd0: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051bd2: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051bd4: jz 26 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051bca,8051bd6) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 26 + EIP + 2 to 0x8051bd4...SUCCESS (CFT=0x8051bfc) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051bd4->8051bfc resolveable_edge: 1, tailcall: 0, target: 8051bfc [ParserDetails.C:588] pushing 8051bfc onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051bd4->8051bd6 resolveable_edge: 1, tailcall: 0, target: 8051bd6 [ParserDetails.C:588] pushing 8051bd6 onto worklist [Parser.C:1485] recording block [8051bfc,8051bfc) [Parser.C] parsing block 8051bfc [Parser.C:1274] curAddr 0x8051bfc: mov EAX, 1 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c01: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x8051c01...SUCCESS (CFT=0x8051c08) [Parser.C:1485] recording block [8051bfc,8051c03) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8051c01->8051c08 resolveable_edge: 1, tailcall: 0, target: 8051c08 [ParserDetails.C:588] pushing 8051c08 onto worklist [Parser.C:1485] recording block [8051b77,8051b77) [Parser.C] parsing block 8051b77 [Parser.C:1274] curAddr 0x8051b77: lea EAX, EBX + 90c [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b7d: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b7f: lea EAX, EBX + 920 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b85: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b87: cmp EDX, EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051b89: jnbe 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051b77,8051b8b) Getting edges IA_IAPI.C[847]: binding PC EIP in jnbe 7 + EIP + 2 to 0x8051b89...SUCCESS (CFT=0x8051b92) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x8051b92 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 8051b89->8051b92 resolveable_edge: 1, tailcall: 0, target: 8051b92 [ParserDetails.C:588] pushing 8051b92 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051b89->8051b8b resolveable_edge: 1, tailcall: 0, target: 8051b8b [ParserDetails.C:588] pushing 8051b8b onto worklist [Parser.C] block 8051b92 exists [Parser.C] skipping locally parsed target at 8051b92 [Parser.C] block 8051b8b exists [Parser.C] skipping locally parsed target at 8051b8b [Parser.C:1485] recording block [8051ba0,8051ba0) [Parser.C] parsing block 8051ba0 [Parser.C:1274] curAddr 0x8051ba0: mov [ESP + 8], 68 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051ba8: lea EAX, EBX + ffffb1b8 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051bae: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051bb2: lea EAX, EBX + ffffb220 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051bb8: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051bbb: call 1dfd + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1dfd + EIP + 5 to 0x8051bbb...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051ba0,8051bc0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051bbb->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051bbb->8051bc0 resolveable_edge: 1, tailcall: 0, target: 8051bc0 [ParserDetails.C:588] pushing 8051bc0 onto worklist [Parser.C] binding call 8051bbb->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051bc0,8051bc0) [Parser.C] parsing block 8051bc0 [Parser.C:1274] curAddr 0x8051bc0: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051bc5: jmp 1b6 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 1b6 + EIP + 5 to 0x8051bc5...SUCCESS (CFT=0x8051d80) [Parser.C:1485] recording block [8051bc0,8051bca) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8051bc5->8051d80 resolveable_edge: 1, tailcall: 0, target: 8051d80 [ParserDetails.C:588] pushing 8051d80 onto worklist [Parser.C:1485] recording block [8051bd6,8051bd6) [Parser.C] parsing block 8051bd6 [Parser.C:1274] curAddr 0x8051bd6: mov EDX, [EBX + 92c] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051bdc: lea EAX, EBX + 910 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051be2: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051be4: cmp EDX, EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051be6: jnbe 1b + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051bd6,8051be8) Getting edges IA_IAPI.C[847]: binding PC EIP in jnbe 1b + EIP + 2 to 0x8051be6...SUCCESS (CFT=0x8051c03) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051be6->8051c03 resolveable_edge: 1, tailcall: 0, target: 8051c03 [ParserDetails.C:588] pushing 8051c03 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051be6->8051be8 resolveable_edge: 1, tailcall: 0, target: 8051be8 [ParserDetails.C:588] pushing 8051be8 onto worklist [Parser.C:1485] recording block [8051c03,8051c03) [Parser.C] parsing block 8051c03 [Parser.C:1274] curAddr 0x8051c03: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c08: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c0b: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c0f: jnz 2a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051c03,8051c11) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 2a + EIP + 2 to 0x8051c0f...SUCCESS (CFT=0x8051c3b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051c0f->8051c3b resolveable_edge: 1, tailcall: 0, target: 8051c3b [ParserDetails.C:588] pushing 8051c3b onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051c0f->8051c11 resolveable_edge: 1, tailcall: 0, target: 8051c11 [ParserDetails.C:588] pushing 8051c11 onto worklist [Parser.C:1485] recording block [8051c3b,8051c3b) [Parser.C] parsing block 8051c3b [Parser.C:1274] curAddr 0x8051c3b: lea EAX, EBX + 914 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c41: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c43: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c45: jz 26 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051c3b,8051c47) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 26 + EIP + 2 to 0x8051c45...SUCCESS (CFT=0x8051c6d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051c45->8051c6d resolveable_edge: 1, tailcall: 0, target: 8051c6d [ParserDetails.C:588] pushing 8051c6d onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051c45->8051c47 resolveable_edge: 1, tailcall: 0, target: 8051c47 [ParserDetails.C:588] pushing 8051c47 onto worklist [Parser.C:1485] recording block [8051c6d,8051c6d) [Parser.C] parsing block 8051c6d [Parser.C:1274] curAddr 0x8051c6d: mov EAX, 1 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c72: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x8051c72...SUCCESS (CFT=0x8051c79) [Parser.C:1485] recording block [8051c6d,8051c74) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8051c72->8051c79 resolveable_edge: 1, tailcall: 0, target: 8051c79 [ParserDetails.C:588] pushing 8051c79 onto worklist [Parser.C:1485] recording block [8051be8,8051be8) [Parser.C] parsing block 8051be8 [Parser.C:1274] curAddr 0x8051be8: lea EAX, EBX + 910 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051bee: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051bf0: lea EAX, EBX + 920 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051bf6: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051bf8: cmp EDX, EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051bfa: jnbe 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051be8,8051bfc) Getting edges IA_IAPI.C[847]: binding PC EIP in jnbe 7 + EIP + 2 to 0x8051bfa...SUCCESS (CFT=0x8051c03) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x8051c03 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 8051bfa->8051c03 resolveable_edge: 1, tailcall: 0, target: 8051c03 [ParserDetails.C:588] pushing 8051c03 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051bfa->8051bfc resolveable_edge: 1, tailcall: 0, target: 8051bfc [ParserDetails.C:588] pushing 8051bfc onto worklist [Parser.C] block 8051c03 exists [Parser.C] skipping locally parsed target at 8051c03 [Parser.C] block 8051bfc exists [Parser.C] skipping locally parsed target at 8051bfc [Parser.C:1485] recording block [8051c11,8051c11) [Parser.C] parsing block 8051c11 [Parser.C:1274] curAddr 0x8051c11: mov [ESP + 8], 75 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c19: lea EAX, EBX + ffffb1b8 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c1f: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c23: lea EAX, EBX + ffffb220 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c29: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c2c: call 1d8c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1d8c + EIP + 5 to 0x8051c2c...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051c11,8051c31) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051c2c->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051c2c->8051c31 resolveable_edge: 1, tailcall: 0, target: 8051c31 [ParserDetails.C:588] pushing 8051c31 onto worklist [Parser.C] binding call 8051c2c->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051c31,8051c31) [Parser.C] parsing block 8051c31 [Parser.C:1274] curAddr 0x8051c31: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c36: jmp 145 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 145 + EIP + 5 to 0x8051c36...SUCCESS (CFT=0x8051d80) [Parser.C:1485] recording block [8051c31,8051c3b) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8051c36->8051d80 resolveable_edge: 1, tailcall: 0, target: 8051d80 [ParserDetails.C:588] pushing 8051d80 onto worklist [Parser.C:1485] recording block [8051c47,8051c47) [Parser.C] parsing block 8051c47 [Parser.C:1274] curAddr 0x8051c47: mov EDX, [EBX + 92c] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c4d: lea EAX, EBX + 914 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c53: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c55: cmp EDX, EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c57: jnbe 1b + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051c47,8051c59) Getting edges IA_IAPI.C[847]: binding PC EIP in jnbe 1b + EIP + 2 to 0x8051c57...SUCCESS (CFT=0x8051c74) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051c57->8051c74 resolveable_edge: 1, tailcall: 0, target: 8051c74 [ParserDetails.C:588] pushing 8051c74 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051c57->8051c59 resolveable_edge: 1, tailcall: 0, target: 8051c59 [ParserDetails.C:588] pushing 8051c59 onto worklist [Parser.C:1485] recording block [8051c74,8051c74) [Parser.C] parsing block 8051c74 [Parser.C:1274] curAddr 0x8051c74: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c79: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c7c: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c80: jnz 5a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051c74,8051c82) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 5a + EIP + 2 to 0x8051c80...SUCCESS (CFT=0x8051cdc) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051c80->8051cdc resolveable_edge: 1, tailcall: 0, target: 8051cdc [ParserDetails.C:588] pushing 8051cdc onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051c80->8051c82 resolveable_edge: 1, tailcall: 0, target: 8051c82 [ParserDetails.C:588] pushing 8051c82 onto worklist [Parser.C:1485] recording block [8051cdc,8051cdc) [Parser.C] parsing block 8051cdc [Parser.C:1274] curAddr 0x8051cdc: lea EAX, EBX + 918 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051ce2: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051ce4: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051ce6: jz 12 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051cdc,8051ce8) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 12 + EIP + 2 to 0x8051ce6...SUCCESS (CFT=0x8051cfa) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051ce6->8051cfa resolveable_edge: 1, tailcall: 0, target: 8051cfa [ParserDetails.C:588] pushing 8051cfa onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051ce6->8051ce8 resolveable_edge: 1, tailcall: 0, target: 8051ce8 [ParserDetails.C:588] pushing 8051ce8 onto worklist [Parser.C:1485] recording block [8051cfa,8051cfa) [Parser.C] parsing block 8051cfa [Parser.C:1274] curAddr 0x8051cfa: mov EAX, 1 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051cff: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x8051cff...SUCCESS (CFT=0x8051d06) [Parser.C:1485] recording block [8051cfa,8051d01) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8051cff->8051d06 resolveable_edge: 1, tailcall: 0, target: 8051d06 [ParserDetails.C:588] pushing 8051d06 onto worklist [Parser.C:1485] recording block [8051c59,8051c59) [Parser.C] parsing block 8051c59 [Parser.C:1274] curAddr 0x8051c59: lea EAX, EBX + 914 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c5f: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c61: lea EAX, EBX + 920 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c67: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c69: cmp EDX, EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c6b: jnbe 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051c59,8051c6d) Getting edges IA_IAPI.C[847]: binding PC EIP in jnbe 7 + EIP + 2 to 0x8051c6b...SUCCESS (CFT=0x8051c74) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x8051c74 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 8051c6b->8051c74 resolveable_edge: 1, tailcall: 0, target: 8051c74 [ParserDetails.C:588] pushing 8051c74 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051c6b->8051c6d resolveable_edge: 1, tailcall: 0, target: 8051c6d [ParserDetails.C:588] pushing 8051c6d onto worklist [Parser.C] block 8051c74 exists [Parser.C] skipping locally parsed target at 8051c74 [Parser.C] block 8051c6d exists [Parser.C] skipping locally parsed target at 8051c6d [Parser.C:1485] recording block [8051c82,8051c82) [Parser.C] parsing block 8051c82 [Parser.C:1274] curAddr 0x8051c82: mov [ESP + 8], 82 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c8a: lea EAX, EBX + ffffb1b8 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c90: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c94: lea EAX, EBX + ffffb220 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c9a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051c9d: call 1d1b + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1d1b + EIP + 5 to 0x8051c9d...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051c82,8051ca2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051c9d->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051c9d->8051ca2 resolveable_edge: 1, tailcall: 0, target: 8051ca2 [ParserDetails.C:588] pushing 8051ca2 onto worklist [Parser.C] binding call 8051c9d->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051ca2,8051ca2) [Parser.C] parsing block 8051ca2 [Parser.C:1274] curAddr 0x8051ca2: lea EAX, EBX + 920 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051ca8: mov ECX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051caa: mov EDX, [EBX + 92c] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051cb0: lea EAX, EBX + 914 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051cb6: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051cb8: mov [ESP + c], ECX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051cbc: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051cc0: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051cc4: lea EAX, EBX + ffffb254 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051cca: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051ccd: call 1ceb + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1ceb + EIP + 5 to 0x8051ccd...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051ca2,8051cd2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051ccd->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051ccd->8051cd2 resolveable_edge: 1, tailcall: 0, target: 8051cd2 [ParserDetails.C:588] pushing 8051cd2 onto worklist [Parser.C] binding call 8051ccd->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051cd2,8051cd2) [Parser.C] parsing block 8051cd2 [Parser.C:1274] curAddr 0x8051cd2: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051cd7: jmp a4 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp a4 + EIP + 5 to 0x8051cd7...SUCCESS (CFT=0x8051d80) [Parser.C:1485] recording block [8051cd2,8051cdc) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8051cd7->8051d80 resolveable_edge: 1, tailcall: 0, target: 8051d80 [ParserDetails.C:588] pushing 8051d80 onto worklist [Parser.C:1485] recording block [8051ce8,8051ce8) [Parser.C] parsing block 8051ce8 [Parser.C:1274] curAddr 0x8051ce8: mov EDX, [EBX + 928] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051cee: lea EAX, EBX + 918 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051cf4: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051cf6: cmp EDX, EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051cf8: jnz 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051ce8,8051cfa) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 7 + EIP + 2 to 0x8051cf8...SUCCESS (CFT=0x8051d01) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051cf8->8051d01 resolveable_edge: 1, tailcall: 0, target: 8051d01 [ParserDetails.C:588] pushing 8051d01 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051cf8->8051cfa resolveable_edge: 1, tailcall: 0, target: 8051cfa [ParserDetails.C:588] pushing 8051cfa onto worklist [Parser.C:1485] recording block [8051d01,8051d01) [Parser.C] parsing block 8051d01 [Parser.C:1274] curAddr 0x8051d01: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d06: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d09: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d0d: jnz 4b + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051d01,8051d0f) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 4b + EIP + 2 to 0x8051d0d...SUCCESS (CFT=0x8051d5a) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051d0d->8051d5a resolveable_edge: 1, tailcall: 0, target: 8051d5a [ParserDetails.C:588] pushing 8051d5a onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051d0d->8051d0f resolveable_edge: 1, tailcall: 0, target: 8051d0f [ParserDetails.C:588] pushing 8051d0f onto worklist [Parser.C:1485] recording block [8051d5a,8051d5a) [Parser.C] parsing block 8051d5a [Parser.C:1274] curAddr 0x8051d5a: lea EAX, EBX + ffffb2bc [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d60: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d63: call 1c55 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1c55 + EIP + 5 to 0x8051d63...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051d5a,8051d68) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051d63->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051d63->8051d68 resolveable_edge: 1, tailcall: 0, target: 8051d68 [ParserDetails.C:588] pushing 8051d68 onto worklist [Parser.C] binding call 8051d63->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051d68,8051d68) [Parser.C] parsing block 8051d68 [Parser.C:1274] curAddr 0x8051d68: mov [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d6f: mov EAX, [EBX + 6d8] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d75: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d78: call 2628 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2628 + EIP + 5 to 0x8051d78...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8051d68,8051d7d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051d78->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051d78->8051d7d resolveable_edge: 1, tailcall: 0, target: 8051d7d [ParserDetails.C:588] pushing 8051d7d onto worklist [Parser.C] binding call 8051d78->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8051d7d,8051d7d) [Parser.C] parsing block 8051d7d [Parser.C:1274] curAddr 0x8051d7d: mov EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d80: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d83: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d84: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d85: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051d7d,8051d86) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8051d85 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8051d85...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] block 8051cfa exists [Parser.C] skipping locally parsed target at 8051cfa [Parser.C:1485] recording block [8051d0f,8051d0f) [Parser.C] parsing block 8051d0f [Parser.C:1274] curAddr 0x8051d0f: mov [ESP + 8], 8b [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d17: lea EAX, EBX + ffffb1b8 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d1d: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d21: lea EAX, EBX + ffffb220 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d27: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d2a: call 1c8e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1c8e + EIP + 5 to 0x8051d2a...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051d0f,8051d2f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051d2a->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051d2a->8051d2f resolveable_edge: 1, tailcall: 0, target: 8051d2f [ParserDetails.C:588] pushing 8051d2f onto worklist [Parser.C] binding call 8051d2a->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051d2f,8051d2f) [Parser.C] parsing block 8051d2f [Parser.C:1274] curAddr 0x8051d2f: mov EDX, [EBX + 928] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d35: lea EAX, EBX + 918 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d3b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d3d: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d41: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d45: lea EAX, EBX + ffffb280 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d4b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d4e: call 1c6a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1c6a + EIP + 5 to 0x8051d4e...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051d2f,8051d53) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051d4e->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051d4e->8051d53 resolveable_edge: 1, tailcall: 0, target: 8051d53 [ParserDetails.C:588] pushing 8051d53 onto worklist [Parser.C] binding call 8051d4e->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051d53,8051d53) [Parser.C] parsing block 8051d53 [Parser.C:1274] curAddr 0x8051d53: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051d58: jmp 26 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_30_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 26 + EIP + 2 to 0x8051d58...SUCCESS (CFT=0x8051d80) [Parser.C:1485] recording block [8051d53,8051d5a) Getting edges Checking for Tail Call jump to 0x8051d80 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8051d58->8051d80 resolveable_edge: 1, tailcall: 0, target: 8051d80 [ParserDetails.C:588] pushing 8051d80 onto worklist [Parser.C] address 8051b97 splits [8051b92,8051ba0) (0x1da2f20) [Parser.C:1485] recording block [8051b97,8051ba0) [Parser.C] skipping locally parsed target at 8051b97 [Parser.C] address 8051c08 splits [8051c03,8051c11) (0x1da37b0) [Parser.C:1485] recording block [8051c08,8051c11) [Parser.C] skipping locally parsed target at 8051c08 [Parser.C] address 8051c79 splits [8051c74,8051c82) (0x1da4be0) [Parser.C:1485] recording block [8051c79,8051c82) [Parser.C] skipping locally parsed target at 8051c79 [Parser.C] address 8051d06 splits [8051d01,8051d0f) (0x1d9d8c0) [Parser.C:1485] recording block [8051d06,8051d0f) [Parser.C] skipping locally parsed target at 8051d06 [Parser.C] address 8051d80 splits [8051d7d,8051d86) (0x1da6790) [Parser.C:1485] recording block [8051d80,8051d86) [Parser.C] skipping locally parsed target at 8051d80 [Parser.C] block 8051d80 exists [Parser.C] skipping locally parsed target at 8051d80 [Parser.C] block 8051d80 exists [Parser.C] skipping locally parsed target at 8051d80 [Parser.C] block 8051d80 exists [Parser.C] skipping locally parsed target at 8051d80 [Parser.C] frame 8051b42 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_30_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052d84) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052d84) function at 8052d84 already parsed, status 3 [Parser.C:224] entered parse_at(804ce8d) [Parser.C:180] entered parse_at([804ccd0,80549c4),804ce8d) function at 804ce8d already parsed, status 3 [Parser.C:224] entered parse_at(80539bd) [Parser.C:180] entered parse_at([804ccd0,80549c4),80539bd) function at 80539bd already parsed, status 3 [Parser.C:224] entered parse_at(8054687) [Parser.C:180] entered parse_at([804ccd0,80549c4),8054687) [Parser.C:1485] recording block [8054687,8054687) [Parser.C] ==== starting to parse frame 8054687 ==== [Parser.C] parsing block 8054687 [Parser.C:1274] curAddr 0x8054687: push EBP, ESP [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x8054688: mov EBP, ESP [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x805468a: push EBX, ESP [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x805468b: sub ESP, 34 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x805468e: call ffff866d + EIP + 5 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff866d + EIP + 5 to 0x805468e...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8054693: add EBX, 796d [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x8054699: cmp [EBP + 8], 3e7 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546a0: jle a + EIP + 2 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054687,80546a2) Getting edges IA_IAPI.C[847]: binding PC EIP in jle a + EIP + 2 to 0x80546a0...SUCCESS (CFT=0x80546ac) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80546a0->80546ac resolveable_edge: 1, tailcall: 0, target: 80546ac [ParserDetails.C:588] pushing 80546ac onto worklist ParserDetails.C[80]: adding conditional not taken edge 80546a0->80546a2 resolveable_edge: 1, tailcall: 0, target: 80546a2 [ParserDetails.C:588] pushing 80546a2 onto worklist [Parser.C:1485] recording block [80546ac,80546ac) [Parser.C] parsing block 80546ac [Parser.C:1274] curAddr 0x80546ac: mov [ESP + 8], 8 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546b4: mov [ESP + 4], 0 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546bc: lea EAX, EBP + ffffffffffffffdc [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546bf: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546c2: call ffff8509 + EIP + 5 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8509 + EIP + 5 to 0x80546c2...SUCCESS (CFT=0x804cbd0) [Parser.C:1485] recording block [80546ac,80546c7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80546c2->804cbd0 resolveable_edge: 1, tailcall: 0, target: 804cbd0 [ParserDetails.C:588] pushing 804cbd0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80546c2->80546c7 resolveable_edge: 1, tailcall: 0, target: 80546c7 [ParserDetails.C:588] pushing 80546c7 onto worklist [Parser.C] binding call 80546c2->804cbd0 [Parser.C] block 804cbd0 exists Checking non-returning for memset [Parser.C:1485] recording block [80546c7,80546c7) [Parser.C] parsing block 80546c7 [Parser.C:1274] curAddr 0x80546c7: mov [EBP + ffffffffffffffe4], 0 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546ce: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546d1: imul EAX, EAX, f4240 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546d7: mov [EBP + ffffffffffffffe8], EAX [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546da: lea EAX, EBP + ffffffffffffffdc [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546dd: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546e1: lea EAX, EBP + ffffffffffffffe4 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546e4: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546e7: call ffff8594 + EIP + 5 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8594 + EIP + 5 to 0x80546e7...SUCCESS (CFT=0x804cc80) [Parser.C:1485] recording block [80546c7,80546ec) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80546e7->804cc80 resolveable_edge: 1, tailcall: 0, target: 804cc80 [ParserDetails.C:588] pushing 804cc80 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80546e7->80546ec resolveable_edge: 1, tailcall: 0, target: 80546ec [ParserDetails.C:588] pushing 80546ec onto worklist [Parser.C] binding call 80546e7->804cc80 [ParseData.C] new function for target 804cc80 [Parser.C:1485] recording block [804cc80,804cc80) [suspend frame 8054687] [Parser.C] frame 8054687 blocked at 80546e7 call target 804cc80 [Parser.C] block 804cc80 exists [Parser.C] ==== starting to parse frame 804cc80 ==== [Parser.C] parsing block 804cc80 [Parser.C:1274] curAddr 0x804cc80: jmp [805c0a4] [Parser.C:1280] leaf 1 funcname targ804cc80 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c0a4] to 0x804cc80...FAIL (CFT=0x0), callTarget exp: [805c0a4] ... indirect jump at 0x804cc80, delay parsing it [Parser.C:1485] recording block [804cc80,804cc86) ... continue parse indirect jump at 804cc80 [Parser.C:1485] recording block [804cc80,804cc86) Getting edges ... indirect jump at 0x804cc80 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c0a4] at 0x804cc80 Apply indirect control flow analysis at 804cc80 Looking for thunk Looking for thunk in block [804cc80,804cc86).......WARNING: after advance at 0x804cc86, curInsn() NULL Expanding instruction @ 804cc80: jmp [805c0a4] Original expand: (<134594724:32>,) Adding assignment (@804cc80<[x86::eip]>[_805c0a4]) in instruction jmp [805c0a4] at 804cc80, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cc80, insn: jmp [805c0a4] Old fact for 804cc80: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cc80 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cc80<[x86::eip]>[_805c0a4]) Instruction: jmp [805c0a4] AST: (<134594724:64>,) Generate bound fact for Interval 0[134594724,134594724] 0[805c0a4,805c0a4], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594724:64>,) Apply relations2 to (<134594724:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594724,134594724] 0[805c0a4,805c0a4], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594724:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cc80 The fact from 804cc80 before applying transfer function Do not track predicate Var: , Interval 0[134594724,134594724] 0[805c0a4,805c0a4], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594724:64>,) No known value at the top of the stack Fact from 804cc80 after applying transfer function Do not track predicate Var: , Interval 0[134594724,134594724] 0[805c0a4,805c0a4], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594724:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594724,134594724] 0[805c0a4,805c0a4], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594724:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594724,134594724] 0[805c0a4,805c0a4], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c0a4 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cc80 (804cc80) No targets, exits func Adding block 0x804cc80 as exit 804cc80 extent [804cc80,804cc86) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c0a4] at 0x804cc80 in function targ804cc80 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cc80->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for nanosleep [Parser.C] frame 804cc80 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] nanosleep return status 2, no waiters [Parser.C] ==== resuming parse of frame 8054687 ==== Checking non-returning for nanosleep [Parser.C:1485] recording block [80546ec,80546ec) [Parser.C] parsing block 80546ec [Parser.C:1274] curAddr 0x80546ec: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546ef: call ffff84fc + EIP + 5 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff84fc + EIP + 5 to 0x80546ef...SUCCESS (CFT=0x804cbf0) [Parser.C:1485] recording block [80546ec,80546f4) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80546ef->804cbf0 resolveable_edge: 1, tailcall: 0, target: 804cbf0 [ParserDetails.C:588] pushing 804cbf0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80546ef->80546f4 resolveable_edge: 1, tailcall: 0, target: 80546f4 [ParserDetails.C:588] pushing 80546f4 onto worklist [Parser.C] binding call 80546ef->804cbf0 [Parser.C] block 804cbf0 exists Checking non-returning for __errno_location [Parser.C:1485] recording block [80546f4,80546f4) [Parser.C] parsing block 80546f4 [Parser.C:1274] curAddr 0x80546f4: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546f6: mov [EBP + fffffffffffffff0], EAX [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546f9: mov EDX, [EBP + ffffffffffffffe8] [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546fc: mov EAX, [EBP + ffffffffffffffe0] [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546ff: cmp EDX, EAX [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x8054701: jnz 21 + EIP + 2 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called branch or return, ret true [Parser.C:1485] recording block [80546f4,8054703) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 21 + EIP + 2 to 0x8054701...SUCCESS (CFT=0x8054724) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054701->8054724 resolveable_edge: 1, tailcall: 0, target: 8054724 [ParserDetails.C:588] pushing 8054724 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054701->8054703 resolveable_edge: 1, tailcall: 0, target: 8054703 [ParserDetails.C:588] pushing 8054703 onto worklist [Parser.C:1485] recording block [8054724,8054724) [Parser.C] parsing block 8054724 [Parser.C:1274] curAddr 0x8054724: mov EAX, [EBP + ffffffffffffffdc] [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x8054727: mov EDX, [EBP + ffffffffffffffe0] [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x805472a: mov [EBP + ffffffffffffffe4], EAX [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x805472d: mov [EBP + ffffffffffffffe8], EDX [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x8054730: cmp [EBP + fffffffffffffff4], ff [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x8054734: jnz 6 + EIP + 2 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054724,8054736) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 6 + EIP + 2 to 0x8054734...SUCCESS (CFT=0x805473c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054734->805473c resolveable_edge: 1, tailcall: 0, target: 805473c [ParserDetails.C:588] pushing 805473c onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054734->8054736 resolveable_edge: 1, tailcall: 0, target: 8054736 [ParserDetails.C:588] pushing 8054736 onto worklist [Parser.C:1485] recording block [805473c,805473c) [Parser.C] parsing block 805473c [Parser.C:1274] curAddr 0x805473c: cmp [EBP + fffffffffffffff4], ff [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x8054740: jnz 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called branch or return, ret true [Parser.C:1485] recording block [805473c,8054742) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 7 + EIP + 2 to 0x8054740...SUCCESS (CFT=0x8054749) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054740->8054749 resolveable_edge: 1, tailcall: 0, target: 8054749 [ParserDetails.C:588] pushing 8054749 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054740->8054742 resolveable_edge: 1, tailcall: 0, target: 8054742 [ParserDetails.C:588] pushing 8054742 onto worklist [Parser.C:1485] recording block [8054749,8054749) [Parser.C] parsing block 8054749 [Parser.C:1274] curAddr 0x8054749: mov EAX, 1 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x805474e: add ESP, 34 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x8054751: pop EBX, ESP [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x8054752: pop EBP, ESP [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x8054753: ret near [ESP] [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054749,8054754) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8054753 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8054753...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [80546a2,80546a2) [Parser.C] parsing block 80546a2 [Parser.C:1274] curAddr 0x80546a2: mov EAX, 0 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x80546a7: jmp a2 + EIP + 5 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp a2 + EIP + 5 to 0x80546a7...SUCCESS (CFT=0x805474e) [Parser.C:1485] recording block [80546a2,80546ac) Getting edges Checking for Tail Call jump to 0x805474e is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 80546a7->805474e resolveable_edge: 1, tailcall: 0, target: 805474e [ParserDetails.C:588] pushing 805474e onto worklist [Parser.C:1485] recording block [8054703,8054703) [Parser.C] parsing block 8054703 [Parser.C:1274] curAddr 0x8054703: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x8054706: imul EAX, EAX, 186a0 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x805470c: mov [EBP + ffffffffffffffec], EAX [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x805470f: mov EAX, [EBP + ffffffffffffffe8] [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x8054712: cmp EAX, [EBP + ffffffffffffffec] [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x8054715: jnbe 2 + EIP + 2 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054703,8054717) Getting edges IA_IAPI.C[847]: binding PC EIP in jnbe 2 + EIP + 2 to 0x8054715...SUCCESS (CFT=0x8054719) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054715->8054719 resolveable_edge: 1, tailcall: 0, target: 8054719 [ParserDetails.C:588] pushing 8054719 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054715->8054717 resolveable_edge: 1, tailcall: 0, target: 8054717 [ParserDetails.C:588] pushing 8054717 onto worklist [Parser.C:1485] recording block [8054719,8054719) [Parser.C] parsing block 8054719 [Parser.C:1274] curAddr 0x8054719: mov EAX, [EBP + ffffffffffffffe8] [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x805471c: sub EAX, [EBP + ffffffffffffffec] [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x805471f: mov [EBP + ffffffffffffffe8], EAX [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x8054722: jmp c + EIP + 2 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp c + EIP + 2 to 0x8054722...SUCCESS (CFT=0x8054730) [Parser.C:1485] recording block [8054719,8054724) Getting edges Checking for Tail Call jump to 0x8054730 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8054722->8054730 resolveable_edge: 1, tailcall: 0, target: 8054730 [ParserDetails.C:588] pushing 8054730 onto worklist [Parser.C:1485] recording block [8054717,8054717) [Parser.C] parsing block 8054717 [Parser.C:1274] curAddr 0x8054717: jmp 23 + EIP + 2 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 23 + EIP + 2 to 0x8054717...SUCCESS (CFT=0x805473c) [Parser.C:1485] recording block [8054717,8054719) Getting edges Checking for Tail Call jump to 0x805473c is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8054717->805473c resolveable_edge: 1, tailcall: 0, target: 805473c [ParserDetails.C:588] pushing 805473c onto worklist [Parser.C:1485] recording block [8054736,8054736) [Parser.C] parsing block 8054736 [Parser.C:1274] curAddr 0x8054736: cmp [EBP + fffffffffffffff0], 4 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x805473a: jz ffffffffffffff9e + EIP + 2 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054736,805473c) Getting edges IA_IAPI.C[847]: binding PC EIP in jz ffffffffffffff9e + EIP + 2 to 0x805473a...SUCCESS (CFT=0x80546da) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x80546da is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 805473a->80546da resolveable_edge: 1, tailcall: 0, target: 80546da [ParserDetails.C:588] pushing 80546da onto worklist ParserDetails.C[80]: adding conditional not taken edge 805473a->805473c resolveable_edge: 1, tailcall: 0, target: 805473c [ParserDetails.C:588] pushing 805473c onto worklist [Parser.C] address 80546da splits [80546c7,80546ec) (0x1da5d10) [Parser.C:1485] recording block [80546da,80546ec) [Parser.C] skipping locally parsed target at 80546da [Parser.C] block 805473c exists [Parser.C] skipping locally parsed target at 805473c [Parser.C:1485] recording block [8054742,8054742) [Parser.C] parsing block 8054742 [Parser.C:1274] curAddr 0x8054742: mov EAX, 0 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called [Parser.C:1274] curAddr 0x8054747: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname precisionSleep hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x8054747...SUCCESS (CFT=0x805474e) [Parser.C:1485] recording block [8054742,8054749) Getting edges Checking for Tail Call jump to 0x805474e is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8054747->805474e resolveable_edge: 1, tailcall: 0, target: 805474e [ParserDetails.C:588] pushing 805474e onto worklist [Parser.C] address 8054730 splits [8054724,8054736) (0x1da9010) [Parser.C:1485] recording block [8054730,8054736) [Parser.C] skipping locally parsed target at 8054730 [Parser.C] block 805473c exists [Parser.C] skipping locally parsed target at 805473c [Parser.C] address 805474e splits [8054749,8054754) (0x1da9140) [Parser.C:1485] recording block [805474e,8054754) [Parser.C] skipping locally parsed target at 805474e [Parser.C] block 805474e exists [Parser.C] skipping locally parsed target at 805474e [Parser.C] frame 8054687 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] precisionSleep return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8050d91) [Parser.C:180] entered parse_at([804ccd0,80549c4),8050d91) [Parser.C:1485] recording block [8050d91,8050d91) [Parser.C] ==== starting to parse frame 8050d91 ==== [Parser.C] parsing block 8050d91 [Parser.C:1274] curAddr 0x8050d91: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050d92: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050d94: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050d95: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050d98: call ffffbf63 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffbf63 + EIP + 5 to 0x8050d98...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8050d9d: add EBX, b263 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050da3: mov [EBP + fffffffffffffff4], 231873 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050daa: mov [EBP + fffffffffffffff0], 23186b [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050db1: mov [EBP + ffffffffffffffec], 231875 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050db8: call ffffffa8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffffa8 + EIP + 5 to 0x8050db8...SUCCESS (CFT=0x8050d65) [Parser.C:1485] recording block [8050d91,8050dbd) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050db8->8050d65 resolveable_edge: 1, tailcall: 0, target: 8050d65 [ParserDetails.C:588] pushing 8050d65 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050db8->8050dbd resolveable_edge: 1, tailcall: 0, target: 8050dbd [ParserDetails.C:588] pushing 8050dbd onto worklist [Parser.C] binding call 8050db8->8050d65 [Parser.C] block 8050d65 exists Checking non-returning for test1_23_call2 Checking non-returning for test1_23_call2 [Parser.C:1485] recording block [8050dbd,8050dbd) [Parser.C] parsing block 8050dbd [Parser.C:1274] curAddr 0x8050dbd: mov [ESP + 8], 231861 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050dc5: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050dc8: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050dcc: lea EAX, EBX + ffffac43 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050dd2: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050dd5: call ffffff38 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffff38 + EIP + 5 to 0x8050dd5...SUCCESS (CFT=0x8050d12) [Parser.C:1485] recording block [8050dbd,8050dda) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050dd5->8050d12 resolveable_edge: 1, tailcall: 0, target: 8050d12 [ParserDetails.C:588] pushing 8050d12 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050dd5->8050dda resolveable_edge: 1, tailcall: 0, target: 8050dda [ParserDetails.C:588] pushing 8050dda onto worklist [Parser.C] binding call 8050dd5->8050d12 [Parser.C] block 8050d12 exists Checking non-returning for verifyScalarValue23 [Parser.C:1485] recording block [8050dda,8050dda) [Parser.C] parsing block 8050dda [Parser.C:1274] curAddr 0x8050dda: mov EAX, [EBX + 574] [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050de0: mov [ESP + 8], 23186a [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050de8: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050dec: lea EAX, EBX + ffffac55 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050df2: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050df5: call ffffff18 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffff18 + EIP + 5 to 0x8050df5...SUCCESS (CFT=0x8050d12) [Parser.C:1485] recording block [8050dda,8050dfa) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050df5->8050d12 resolveable_edge: 1, tailcall: 0, target: 8050d12 [ParserDetails.C:588] pushing 8050d12 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050df5->8050dfa resolveable_edge: 1, tailcall: 0, target: 8050dfa [ParserDetails.C:588] pushing 8050dfa onto worklist [Parser.C] binding call 8050df5->8050d12 [Parser.C] block 8050d12 exists Checking non-returning for verifyScalarValue23 [Parser.C:1485] recording block [8050dfa,8050dfa) [Parser.C] parsing block 8050dfa [Parser.C:1274] curAddr 0x8050dfa: mov [ESP + 8], 23186c [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e02: mov EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e05: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e09: lea EAX, EBX + ffffac6e [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e0f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e12: call fffffefb + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffefb + EIP + 5 to 0x8050e12...SUCCESS (CFT=0x8050d12) [Parser.C:1485] recording block [8050dfa,8050e17) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050e12->8050d12 resolveable_edge: 1, tailcall: 0, target: 8050d12 [ParserDetails.C:588] pushing 8050d12 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050e12->8050e17 resolveable_edge: 1, tailcall: 0, target: 8050e17 [ParserDetails.C:588] pushing 8050e17 onto worklist [Parser.C] binding call 8050e12->8050d12 [Parser.C] block 8050d12 exists Checking non-returning for verifyScalarValue23 [Parser.C:1485] recording block [8050e17,8050e17) [Parser.C] parsing block 8050e17 [Parser.C:1274] curAddr 0x8050e17: mov [ESP + 8], 231875 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e1f: mov EAX, [EBP + ffffffffffffffec] [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e22: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e26: lea EAX, EBX + ffffac87 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e2c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e2f: call fffffede + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffede + EIP + 5 to 0x8050e2f...SUCCESS (CFT=0x8050d12) [Parser.C:1485] recording block [8050e17,8050e34) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050e2f->8050d12 resolveable_edge: 1, tailcall: 0, target: 8050d12 [ParserDetails.C:588] pushing 8050d12 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050e2f->8050e34 resolveable_edge: 1, tailcall: 0, target: 8050e34 [ParserDetails.C:588] pushing 8050e34 onto worklist [Parser.C] binding call 8050e2f->8050d12 [Parser.C] block 8050d12 exists Checking non-returning for verifyScalarValue23 [Parser.C:1485] recording block [8050e34,8050e34) [Parser.C] parsing block 8050e34 [Parser.C:1274] curAddr 0x8050e34: mov EAX, [EBX + 578] [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e3a: mov [ESP + 8], 231877 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e42: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e46: lea EAX, EBX + ffffaca0 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e4c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e4f: call fffffebe + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffebe + EIP + 5 to 0x8050e4f...SUCCESS (CFT=0x8050d12) [Parser.C:1485] recording block [8050e34,8050e54) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050e4f->8050d12 resolveable_edge: 1, tailcall: 0, target: 8050d12 [ParserDetails.C:588] pushing 8050d12 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050e4f->8050e54 resolveable_edge: 1, tailcall: 0, target: 8050e54 [ParserDetails.C:588] pushing 8050e54 onto worklist [Parser.C] binding call 8050e4f->8050d12 [Parser.C] block 8050d12 exists Checking non-returning for verifyScalarValue23 [Parser.C:1485] recording block [8050e54,8050e54) [Parser.C] parsing block 8050e54 [Parser.C:1274] curAddr 0x8050e54: lea EAX, EBX + 570 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e5a: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e5c: mov [ESP + 8], 231861 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e64: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e68: lea EAX, EBX + ffffacb9 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e6e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e71: call fffffe9c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffe9c + EIP + 5 to 0x8050e71...SUCCESS (CFT=0x8050d12) [Parser.C:1485] recording block [8050e54,8050e76) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050e71->8050d12 resolveable_edge: 1, tailcall: 0, target: 8050d12 [ParserDetails.C:588] pushing 8050d12 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050e71->8050e76 resolveable_edge: 1, tailcall: 0, target: 8050e76 [ParserDetails.C:588] pushing 8050e76 onto worklist [Parser.C] binding call 8050e71->8050d12 [Parser.C] block 8050d12 exists Checking non-returning for verifyScalarValue23 [Parser.C:1485] recording block [8050e76,8050e76) [Parser.C] parsing block 8050e76 [Parser.C:1274] curAddr 0x8050e76: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e7c: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e7e: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e80: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050e76,8050e82) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x8050e80...SUCCESS (CFT=0x8050e90) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050e80->8050e90 resolveable_edge: 1, tailcall: 0, target: 8050e90 [ParserDetails.C:588] pushing 8050e90 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050e80->8050e82 resolveable_edge: 1, tailcall: 0, target: 8050e82 [ParserDetails.C:588] pushing 8050e82 onto worklist [Parser.C:1485] recording block [8050e90,8050e90) [Parser.C] parsing block 8050e90 [Parser.C:1274] curAddr 0x8050e90: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e93: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e94: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e95: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050e90,8050e96) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8050e95 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8050e95...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8050e82,8050e82) [Parser.C] parsing block 8050e82 [Parser.C:1274] curAddr 0x8050e82: lea EAX, EBX + ffffacd2 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e88: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called [Parser.C:1274] curAddr 0x8050e8b: call ffffbc90 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_23_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffbc90 + EIP + 5 to 0x8050e8b...SUCCESS (CFT=0x804cb20) [Parser.C:1485] recording block [8050e82,8050e90) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050e8b->804cb20 resolveable_edge: 1, tailcall: 0, target: 804cb20 [ParserDetails.C:588] pushing 804cb20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050e8b->8050e90 resolveable_edge: 1, tailcall: 0, target: 8050e90 [ParserDetails.C:588] pushing 8050e90 onto worklist [Parser.C] binding call 8050e8b->804cb20 [Parser.C] block 804cb20 exists Checking non-returning for puts [Parser.C] block 8050e90 exists [Parser.C] skipping locally parsed target at 8050e90 [Parser.C] frame 8050d91 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_23_call1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804ef65) [Parser.C:180] entered parse_at([804ccd0,80549c4),804ef65) function at 804ef65 already parsed, status 3 [Parser.C:224] entered parse_at(8054378) [Parser.C:180] entered parse_at([804ccd0,80549c4),8054378) [Parser.C:1485] recording block [8054378,8054378) [Parser.C] ==== starting to parse frame 8054378 ==== [Parser.C] parsing block 8054378 [Parser.C:1274] curAddr 0x8054378: push EBP, ESP [Parser.C:1280] leaf 1 funcname stop_process_ hasCFT called [Parser.C:1274] curAddr 0x8054379: mov EBP, ESP [Parser.C:1280] leaf 1 funcname stop_process_ hasCFT called [Parser.C:1274] curAddr 0x805437b: push EBX, ESP [Parser.C:1280] leaf 1 funcname stop_process_ hasCFT called [Parser.C:1274] curAddr 0x805437c: sub ESP, 14 [Parser.C:1280] leaf 1 funcname stop_process_ hasCFT called [Parser.C:1274] curAddr 0x805437f: call ffff897c + EIP + 5 [Parser.C:1280] leaf 1 funcname stop_process_ hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff897c + EIP + 5 to 0x805437f...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8054384: add EBX, 7c7c [Parser.C:1280] leaf 1 funcname stop_process_ hasCFT called [Parser.C:1274] curAddr 0x805438a: call ffff8761 + EIP + 5 [Parser.C:1280] leaf 1 funcname stop_process_ hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8761 + EIP + 5 to 0x805438a...SUCCESS (CFT=0x804caf0) [Parser.C:1485] recording block [8054378,805438f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805438a->804caf0 resolveable_edge: 1, tailcall: 0, target: 804caf0 [ParserDetails.C:588] pushing 804caf0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805438a->805438f resolveable_edge: 1, tailcall: 0, target: 805438f [ParserDetails.C:588] pushing 805438f onto worklist [Parser.C] binding call 805438a->804caf0 [Parser.C] block 804caf0 exists Checking non-returning for getpid [Parser.C:1485] recording block [805438f,805438f) [Parser.C] parsing block 805438f [Parser.C:1274] curAddr 0x805438f: mov [ESP + 4], 13 [Parser.C:1280] leaf 1 funcname stop_process_ hasCFT called [Parser.C:1274] curAddr 0x8054397: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname stop_process_ hasCFT called [Parser.C:1274] curAddr 0x805439a: call ffff87c1 + EIP + 5 [Parser.C:1280] leaf 1 funcname stop_process_ hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff87c1 + EIP + 5 to 0x805439a...SUCCESS (CFT=0x804cb60) [Parser.C:1485] recording block [805438f,805439f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805439a->804cb60 resolveable_edge: 1, tailcall: 0, target: 804cb60 [ParserDetails.C:588] pushing 804cb60 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805439a->805439f resolveable_edge: 1, tailcall: 0, target: 805439f [ParserDetails.C:588] pushing 805439f onto worklist [Parser.C] binding call 805439a->804cb60 [ParseData.C] new function for target 804cb60 [Parser.C:1485] recording block [804cb60,804cb60) [suspend frame 8054378] [Parser.C] frame 8054378 blocked at 805439a call target 804cb60 [Parser.C] block 804cb60 exists [Parser.C] ==== starting to parse frame 804cb60 ==== [Parser.C] parsing block 804cb60 [Parser.C:1274] curAddr 0x804cb60: jmp [805c05c] [Parser.C:1280] leaf 1 funcname targ804cb60 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c05c] to 0x804cb60...FAIL (CFT=0x0), callTarget exp: [805c05c] ... indirect jump at 0x804cb60, delay parsing it [Parser.C:1485] recording block [804cb60,804cb66) ... continue parse indirect jump at 804cb60 [Parser.C:1485] recording block [804cb60,804cb66) Getting edges ... indirect jump at 0x804cb60 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c05c] at 0x804cb60 Apply indirect control flow analysis at 804cb60 Looking for thunk Looking for thunk in block [804cb60,804cb66).......WARNING: after advance at 0x804cb66, curInsn() NULL Expanding instruction @ 804cb60: jmp [805c05c] Original expand: (<134594652:32>,) Adding assignment (@804cb60<[x86::eip]>[_805c05c]) in instruction jmp [805c05c] at 804cb60, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cb60, insn: jmp [805c05c] Old fact for 804cb60: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cb60 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cb60<[x86::eip]>[_805c05c]) Instruction: jmp [805c05c] AST: (<134594652:64>,) Generate bound fact for Interval 0[134594652,134594652] 0[805c05c,805c05c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594652:64>,) Apply relations2 to (<134594652:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594652,134594652] 0[805c05c,805c05c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594652:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cb60 The fact from 804cb60 before applying transfer function Do not track predicate Var: , Interval 0[134594652,134594652] 0[805c05c,805c05c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594652:64>,) No known value at the top of the stack Fact from 804cb60 after applying transfer function Do not track predicate Var: , Interval 0[134594652,134594652] 0[805c05c,805c05c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594652:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594652,134594652] 0[805c05c,805c05c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594652:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594652,134594652] 0[805c05c,805c05c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c05c not read only, returning false Not jump table format! [Parser.C] finalizing targ804cb60 (804cb60) No targets, exits func Adding block 0x804cb60 as exit 804cb60 extent [804cb60,804cb66) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c05c] at 0x804cb60 in function targ804cb60 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cb60->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for kill [Parser.C] frame 804cb60 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] kill return status 2, no waiters [Parser.C] ==== resuming parse of frame 8054378 ==== Checking non-returning for kill [Parser.C:1485] recording block [805439f,805439f) [Parser.C] parsing block 805439f [Parser.C:1274] curAddr 0x805439f: add ESP, 14 [Parser.C:1280] leaf 1 funcname stop_process_ hasCFT called [Parser.C:1274] curAddr 0x80543a2: pop EBX, ESP [Parser.C:1280] leaf 1 funcname stop_process_ hasCFT called [Parser.C:1274] curAddr 0x80543a3: pop EBP, ESP [Parser.C:1280] leaf 1 funcname stop_process_ hasCFT called [Parser.C:1274] curAddr 0x80543a4: ret near [ESP] [Parser.C:1280] leaf 1 funcname stop_process_ hasCFT called branch or return, ret true [Parser.C:1485] recording block [805439f,80543a5) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80543a4 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80543a4...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8054378 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] stop_process_ return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804cea5) [Parser.C:180] entered parse_at([804ccd0,80549c4),804cea5) [Parser.C:1485] recording block [804cea5,804cea5) [Parser.C] ==== starting to parse frame 804cea5 ==== [Parser.C] parsing block 804cea5 [Parser.C:1274] curAddr 0x804cea5: push EBP, ESP [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cea6: mov EBP, ESP [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cea8: push ESI, ESP [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cea9: push EBX, ESP [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804ceaa: sub ESP, 20 [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cead: call fffffe4e + EIP + 5 [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffe4e + EIP + 5 to 0x804cead...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804ceb2: add EBX, f14e [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804ceb8: lea EAX, EBX + ffff8a25 [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cebe: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cec2: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cec5: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cec8: call fffffcf3 + EIP + 5 [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffcf3 + EIP + 5 to 0x804cec8...SUCCESS (CFT=0x804cbc0) [Parser.C:1485] recording block [804cea5,804cecd) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804cec8->804cbc0 resolveable_edge: 1, tailcall: 0, target: 804cbc0 [ParserDetails.C:588] pushing 804cbc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804cec8->804cecd resolveable_edge: 1, tailcall: 0, target: 804cecd [ParserDetails.C:588] pushing 804cecd onto worklist [Parser.C] binding call 804cec8->804cbc0 [Parser.C] block 804cbc0 exists Checking non-returning for fopen [Parser.C:1485] recording block [804cecd,804cecd) [Parser.C] parsing block 804cecd [Parser.C:1274] curAddr 0x804cecd: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804ced0: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804ced4: jz 29 + EIP + 2 [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cecd,804ced6) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 29 + EIP + 2 to 0x804ced4...SUCCESS (CFT=0x804ceff) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ced4->804ceff resolveable_edge: 1, tailcall: 0, target: 804ceff [ParserDetails.C:588] pushing 804ceff onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ced4->804ced6 resolveable_edge: 1, tailcall: 0, target: 804ced6 [ParserDetails.C:588] pushing 804ced6 onto worklist [Parser.C:1485] recording block [804ceff,804ceff) [Parser.C] parsing block 804ceff [Parser.C:1274] curAddr 0x804ceff: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cf05: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cf07: mov ESI, [EAX] [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cf09: call fffffce2 + EIP + 5 [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffce2 + EIP + 5 to 0x804cf09...SUCCESS (CFT=0x804cbf0) [Parser.C:1485] recording block [804ceff,804cf0e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804cf09->804cbf0 resolveable_edge: 1, tailcall: 0, target: 804cbf0 [ParserDetails.C:588] pushing 804cbf0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804cf09->804cf0e resolveable_edge: 1, tailcall: 0, target: 804cf0e [ParserDetails.C:588] pushing 804cf0e onto worklist [Parser.C] binding call 804cf09->804cbf0 [Parser.C] block 804cbf0 exists Checking non-returning for __errno_location [Parser.C:1485] recording block [804cf0e,804cf0e) [Parser.C] parsing block 804cf0e [Parser.C:1274] curAddr 0x804cf0e: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cf10: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cf13: call fffffc18 + EIP + 5 [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffc18 + EIP + 5 to 0x804cf13...SUCCESS (CFT=0x804cb30) [Parser.C:1485] recording block [804cf0e,804cf18) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804cf13->804cb30 resolveable_edge: 1, tailcall: 0, target: 804cb30 [ParserDetails.C:588] pushing 804cb30 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804cf13->804cf18 resolveable_edge: 1, tailcall: 0, target: 804cf18 [ParserDetails.C:588] pushing 804cf18 onto worklist [Parser.C] binding call 804cf13->804cb30 [Parser.C] block 804cb30 exists Checking non-returning for strerror [Parser.C:1485] recording block [804cf18,804cf18) [Parser.C] parsing block 804cf18 [Parser.C:1274] curAddr 0x804cf18: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cf1c: lea EAX, EBX + ffff8a2c [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cf22: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cf26: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cf2d: call ESI [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ESI to 0x804cf2d...FAIL (CFT=0x0), callTarget exp: ESI ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804cf18,804cf2f) Getting edges Returned 2 edges ... Call 0x804cf2d is indirect ... Call 0x804cf2d is indirect ... Call 0x804cf2d is indirect 2 edges: ParserDetails.C[64]: adding call edge 804cf2d->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804cf2d->804cf2f resolveable_edge: 1, tailcall: 0, target: 804cf2f [ParserDetails.C:588] pushing 804cf2f onto worklist [Parser.C:1485] recording block [804cf2f,804cf2f) [Parser.C] parsing block 804cf2f [Parser.C:1274] curAddr 0x804cf2f: add ESP, 20 [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cf32: pop EBX, ESP [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cf33: pop ESI, ESP [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cf34: pop EBP, ESP [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cf35: ret near [ESP] [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cf2f,804cf36) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804cf35 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804cf35...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804ced6,804ced6) [Parser.C] parsing block 804ced6 [Parser.C:1274] curAddr 0x804ced6: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804ced9: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cedd: lea EAX, EBX + ffff8a27 [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cee3: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cee7: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804ceea: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804ceed: call fffffc9e + EIP + 5 [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffc9e + EIP + 5 to 0x804ceed...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [804ced6,804cef2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ceed->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ceed->804cef2 resolveable_edge: 1, tailcall: 0, target: 804cef2 [ParserDetails.C:588] pushing 804cef2 onto worklist [Parser.C] binding call 804ceed->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C:1485] recording block [804cef2,804cef2) [Parser.C] parsing block 804cef2 [Parser.C:1274] curAddr 0x804cef2: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cef5: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called [Parser.C:1274] curAddr 0x804cef8: call fffffba3 + EIP + 5 [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffba3 + EIP + 5 to 0x804cef8...SUCCESS (CFT=0x804caa0) [Parser.C:1485] recording block [804cef2,804cefd) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804cef8->804caa0 resolveable_edge: 1, tailcall: 0, target: 804caa0 [ParserDetails.C:588] pushing 804caa0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804cef8->804cefd resolveable_edge: 1, tailcall: 0, target: 804cefd [ParserDetails.C:588] pushing 804cefd onto worklist [Parser.C] binding call 804cef8->804caa0 [Parser.C] block 804caa0 exists Checking non-returning for fclose [Parser.C:1485] recording block [804cefd,804cefd) [Parser.C] parsing block 804cefd [Parser.C:1274] curAddr 0x804cefd: jmp 30 + EIP + 2 [Parser.C:1280] leaf 1 funcname updateResumeLog hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 30 + EIP + 2 to 0x804cefd...SUCCESS (CFT=0x804cf2f) [Parser.C:1485] recording block [804cefd,804ceff) Getting edges Checking for Tail Call jump to 0x804cf2f is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804cefd->804cf2f resolveable_edge: 1, tailcall: 0, target: 804cf2f [ParserDetails.C:588] pushing 804cf2f onto worklist [Parser.C] block 804cf2f exists [Parser.C] skipping locally parsed target at 804cf2f [Parser.C] frame 804cea5 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] updateResumeLog return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8053a5d) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053a5d) [Parser.C:1485] recording block [8053a5d,8053a5d) [Parser.C] ==== starting to parse frame 8053a5d ==== [Parser.C] parsing block 8053a5d [Parser.C:1274] curAddr 0x8053a5d: push EBP, ESP [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053a5e: mov EBP, ESP [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053a60: push EBX, ESP [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053a61: sub ESP, 14 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053a64: call ffff9297 + EIP + 5 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9297 + EIP + 5 to 0x8053a64...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053a69: add EBX, 8597 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053a6f: mov [ESP], 14 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053a76: call ffff9095 + EIP + 5 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9095 + EIP + 5 to 0x8053a76...SUCCESS (CFT=0x804cb10) [Parser.C:1485] recording block [8053a5d,8053a7b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053a76->804cb10 resolveable_edge: 1, tailcall: 0, target: 804cb10 [ParserDetails.C:588] pushing 804cb10 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053a76->8053a7b resolveable_edge: 1, tailcall: 0, target: 8053a7b [ParserDetails.C:588] pushing 8053a7b onto worklist [Parser.C] binding call 8053a76->804cb10 [Parser.C] block 804cb10 exists Checking non-returning for malloc [Parser.C:1485] recording block [8053a7b,8053a7b) [Parser.C] parsing block 8053a7b [Parser.C:1274] curAddr 0x8053a7b: mov EDX, EAX [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053a7d: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053a83: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053a85: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053a8b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053a8d: test EAX, EAX [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053a8f: jz 56 + EIP + 2 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053a7b,8053a91) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 56 + EIP + 2 to 0x8053a8f...SUCCESS (CFT=0x8053ae7) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053a8f->8053ae7 resolveable_edge: 1, tailcall: 0, target: 8053ae7 [ParserDetails.C:588] pushing 8053ae7 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053a8f->8053a91 resolveable_edge: 1, tailcall: 0, target: 8053a91 [ParserDetails.C:588] pushing 8053a91 onto worklist [Parser.C:1485] recording block [8053ae7,8053ae7) [Parser.C] parsing block 8053ae7 [Parser.C:1274] curAddr 0x8053ae7: mov EAX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053aed: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053aef: mov [ESP + c], 148 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053af7: lea EDX, EBX + ffffbedc [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053afd: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053b01: lea EDX, EBX + ffffc028 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053b07: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053b0b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053b0e: call ffff907d + EIP + 5 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff907d + EIP + 5 to 0x8053b0e...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [8053ae7,8053b13) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053b0e->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053b0e->8053b13 resolveable_edge: 1, tailcall: 0, target: 8053b13 [ParserDetails.C:588] pushing 8053b13 onto worklist [Parser.C] binding call 8053b0e->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C:1485] recording block [8053b13,8053b13) [Parser.C] parsing block 8053b13 [Parser.C:1274] curAddr 0x8053b13: mov [ESP], ffffffff [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053b1a: call ffff9031 + EIP + 5 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9031 + EIP + 5 to 0x8053b1a...SUCCESS (CFT=0x804cb50) [Parser.C:1485] recording block [8053b13,8053b1f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053b1a->804cb50 resolveable_edge: 1, tailcall: 0, target: 804cb50 [ParserDetails.C:588] pushing 804cb50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053b1a->8053b1f resolveable_edge: 1, tailcall: 0, target: 8053b1f [ParserDetails.C:588] pushing 8053b1f onto worklist [Parser.C] binding call 8053b1a->804cb50 [Parser.C] block 804cb50 exists Checking non-returning for exit Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804cb50 at 8053b1a [Parser.C:1485] recording block [8053a91,8053a91) [Parser.C] parsing block 8053a91 [Parser.C:1274] curAddr 0x8053a91: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053a97: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053a99: lea EDX, EBX + ffff7e53 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053a9f: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053aa1: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053aa7: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053aa9: lea EDX, EBX + ffff7e8a [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053aaf: mov [EAX + 4], EDX [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053ab2: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053ab8: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053aba: lea EDX, EBX + ffff7f58 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053ac0: mov [EAX + 8], EDX [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053ac3: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053ac9: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053acb: lea EDX, EBX + ffff7f5d [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053ad1: mov [EAX + c], EDX [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053ad4: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053ada: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053adc: lea EDX, EBX + ffff7b25 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053ae2: mov [EAX + 10], EDX [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053ae5: jmp 38 + EIP + 2 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 38 + EIP + 2 to 0x8053ae5...SUCCESS (CFT=0x8053b1f) [Parser.C:1485] recording block [8053a91,8053ae7) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8053ae5->8053b1f resolveable_edge: 1, tailcall: 0, target: 8053b1f [ParserDetails.C:588] pushing 8053b1f onto worklist [Parser.C:1485] recording block [8053b1f,8053b1f) [Parser.C] parsing block 8053b1f [Parser.C:1274] curAddr 0x8053b1f: add ESP, 14 [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053b22: pop EBX, ESP [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053b23: pop EBP, ESP [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053b24: ret near [ESP] [Parser.C:1280] leaf 1 funcname initDatabaseOutputDriver hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053b1f,8053b25) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053b24 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053b24...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8053a5d complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] initDatabaseOutputDriver return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(805456a) [Parser.C:180] entered parse_at([804ccd0,80549c4),805456a) [Parser.C:1485] recording block [805456a,805456a) [Parser.C] ==== starting to parse frame 805456a ==== [Parser.C] parsing block 805456a [Parser.C:1274] curAddr 0x805456a: push EBP, ESP [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x805456b: mov EBP, ESP [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x805456d: push EBX, ESP [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x805456e: sub ESP, 24 [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x8054571: call ffff878a + EIP + 5 [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff878a + EIP + 5 to 0x8054571...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8054576: add EBX, 7a8a [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x805457c: lea EAX, EBX + 790 [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x8054582: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x8054584: lea EDX, EBX + ffffbfbc [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x805458a: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x805458e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x8054591: call ffff862a + EIP + 5 [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff862a + EIP + 5 to 0x8054591...SUCCESS (CFT=0x804cbc0) [Parser.C:1485] recording block [805456a,8054596) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8054591->804cbc0 resolveable_edge: 1, tailcall: 0, target: 804cbc0 [ParserDetails.C:588] pushing 804cbc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8054591->8054596 resolveable_edge: 1, tailcall: 0, target: 8054596 [ParserDetails.C:588] pushing 8054596 onto worklist [Parser.C] binding call 8054591->804cbc0 [Parser.C] block 804cbc0 exists Checking non-returning for fopen [Parser.C:1485] recording block [8054596,8054596) [Parser.C] parsing block 8054596 [Parser.C:1274] curAddr 0x8054596: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x8054599: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x805459d: jnz 29 + EIP + 2 [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054596,805459f) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 29 + EIP + 2 to 0x805459d...SUCCESS (CFT=0x80545c8) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805459d->80545c8 resolveable_edge: 1, tailcall: 0, target: 80545c8 [ParserDetails.C:588] pushing 80545c8 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805459d->805459f resolveable_edge: 1, tailcall: 0, target: 805459f [ParserDetails.C:588] pushing 805459f onto worklist [Parser.C:1485] recording block [80545c8,80545c8) [Parser.C] parsing block 80545c8 [Parser.C:1274] curAddr 0x80545c8: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545cb: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545cf: lea EAX, EBX + ffffc20f [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545d5: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545d9: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545dc: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545df: call ffff85ac + EIP + 5 [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff85ac + EIP + 5 to 0x80545df...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [80545c8,80545e4) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80545df->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80545df->80545e4 resolveable_edge: 1, tailcall: 0, target: 80545e4 [ParserDetails.C:588] pushing 80545e4 onto worklist [Parser.C] binding call 80545df->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C:1485] recording block [80545e4,80545e4) [Parser.C] parsing block 80545e4 [Parser.C:1274] curAddr 0x80545e4: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545e7: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545ea: call ffff84b1 + EIP + 5 [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff84b1 + EIP + 5 to 0x80545ea...SUCCESS (CFT=0x804caa0) [Parser.C:1485] recording block [80545e4,80545ef) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80545ea->804caa0 resolveable_edge: 1, tailcall: 0, target: 804caa0 [ParserDetails.C:588] pushing 804caa0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80545ea->80545ef resolveable_edge: 1, tailcall: 0, target: 80545ef [ParserDetails.C:588] pushing 80545ef onto worklist [Parser.C] binding call 80545ea->804caa0 [Parser.C] block 804caa0 exists Checking non-returning for fclose [Parser.C:1485] recording block [80545ef,80545ef) [Parser.C] parsing block 80545ef [Parser.C:1274] curAddr 0x80545ef: add ESP, 24 [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545f2: pop EBX, ESP [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545f3: pop EBP, ESP [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545f4: ret near [ESP] [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called branch or return, ret true [Parser.C:1485] recording block [80545ef,80545f5) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80545f4 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80545f4...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [805459f,805459f) [Parser.C] parsing block 805459f [Parser.C:1274] curAddr 0x805459f: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545a5: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545a7: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545a9: lea EDX, EBX + ffffc1f0 [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545af: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545b3: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545ba: call EAX [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x80545ba...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [805459f,80545bc) Getting edges Returned 2 edges ... Call 0x80545ba is indirect ... Call 0x80545ba is indirect ... Call 0x80545ba is indirect 2 edges: ParserDetails.C[64]: adding call edge 80545ba->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 80545ba->80545bc resolveable_edge: 1, tailcall: 0, target: 80545bc [ParserDetails.C:588] pushing 80545bc onto worklist [Parser.C:1485] recording block [80545bc,80545bc) [Parser.C] parsing block 80545bc [Parser.C:1274] curAddr 0x80545bc: mov [ESP], 0 [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called [Parser.C:1274] curAddr 0x80545c3: call ffff8588 + EIP + 5 [Parser.C:1280] leaf 1 funcname log_testrun hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8588 + EIP + 5 to 0x80545c3...SUCCESS (CFT=0x804cb50) [Parser.C:1485] recording block [80545bc,80545c8) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80545c3->804cb50 resolveable_edge: 1, tailcall: 0, target: 804cb50 [ParserDetails.C:588] pushing 804cb50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80545c3->80545c8 resolveable_edge: 1, tailcall: 0, target: 80545c8 [ParserDetails.C:588] pushing 80545c8 onto worklist [Parser.C] binding call 80545c3->804cb50 [Parser.C] block 804cb50 exists Checking non-returning for exit Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804cb50 at 80545c3 [Parser.C] frame 805456a complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] log_testrun return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8051b1c) [Parser.C:180] entered parse_at([804ccd0,80549c4),8051b1c) [Parser.C:1485] recording block [8051b1c,8051b1c) [Parser.C] ==== starting to parse frame 8051b1c ==== [Parser.C] parsing block 8051b1c [Parser.C:1274] curAddr 0x8051b1c: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_30_call1 hasCFT called [Parser.C:1274] curAddr 0x8051b1d: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_30_call1 hasCFT called [Parser.C:1274] curAddr 0x8051b1f: call ffffc061 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_30_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffc061 + EIP + 5 to 0x8051b1f...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8051b24: add ECX, a4dc [Parser.C:1280] leaf 1 funcname test1_30_call1 hasCFT called [Parser.C:1274] curAddr 0x8051b2a: mov [ECX + 928], 50 [Parser.C:1280] leaf 1 funcname test1_30_call1 hasCFT called [Parser.C:1274] curAddr 0x8051b34: lea EAX, ECX + ffff5b1c [Parser.C:1280] leaf 1 funcname test1_30_call1 hasCFT called [Parser.C:1274] curAddr 0x8051b3a: mov [ECX + 92c], EAX [Parser.C:1280] leaf 1 funcname test1_30_call1 hasCFT called [Parser.C:1274] curAddr 0x8051b40: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_30_call1 hasCFT called [Parser.C:1274] curAddr 0x8051b41: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_30_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051b1c,8051b42) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8051b41 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8051b41...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8051b1c complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_30_call1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804eb5b) [Parser.C:180] entered parse_at([804ccd0,80549c4),804eb5b) function at 804eb5b already parsed, status 3 [Parser.C:224] entered parse_at(8054950) [Parser.C:180] entered parse_at([804ccd0,80549c4),8054950) [Parser.C:1485] recording block [8054950,8054950) [Parser.C] ==== starting to parse frame 8054950 ==== [Parser.C] parsing block 8054950 [Parser.C:1274] curAddr 0x8054950: push EBP, ESP [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x8054951: push EDI, ESP [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x8054952: xor EDI, EDI [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x8054954: push ESI, ESP [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x8054955: push EBX, ESP [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x8054956: call ffff83a5 + EIP + 5 [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff83a5 + EIP + 5 to 0x8054956...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x805495b: add EBX, 76a5 [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x8054961: sub ESP, 1c [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x8054964: mov EBP, [ESP + 30] [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called IA_x86.C[58]: discarding insn mov EBP, [ESP + 30] as stack frame preamble, not a reg-reg move [Parser.C:1274] curAddr 0x8054968: lea ESI, EBX + fffffefc [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x805496e: call ffff8071 + EIP + 5 [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8071 + EIP + 5 to 0x805496e...SUCCESS (CFT=0x804c9e4) [Parser.C:1485] recording block [8054950,8054973) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805496e->804c9e4 resolveable_edge: 1, tailcall: 0, target: 804c9e4 [ParserDetails.C:588] pushing 804c9e4 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805496e->8054973 resolveable_edge: 1, tailcall: 0, target: 8054973 [ParserDetails.C:588] pushing 8054973 onto worklist [Parser.C] binding call 805496e->804c9e4 [Parser.C:1485] recording block [804c9e4,804c9e4) [suspend frame 8054950] [Parser.C] frame 8054950 blocked at 805496e call target 804c9e4 [Parser.C] block 804c9e4 exists [Parser.C] ==== starting to parse frame 804c9e4 ==== [Parser.C] parsing block 804c9e4 [Parser.C:1274] curAddr 0x804c9e4: push EBX, ESP [Parser.C:1280] leaf 1 funcname _init hasCFT called [Parser.C:1274] curAddr 0x804c9e5: sub ESP, 8 [Parser.C:1280] leaf 1 funcname _init hasCFT called [Parser.C:1274] curAddr 0x804c9e8: call 313 + EIP + 5 [Parser.C:1280] leaf 1 funcname _init hasCFT called IA_IAPI.C[847]: binding PC EIP in call 313 + EIP + 5 to 0x804c9e8...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804c9ed: add EBX, f613 [Parser.C:1280] leaf 1 funcname _init hasCFT called [Parser.C:1274] curAddr 0x804c9f3: mov EAX, [EBX + fffffff8] [Parser.C:1280] leaf 1 funcname _init hasCFT called [Parser.C:1274] curAddr 0x804c9f9: test EAX, EAX [Parser.C:1280] leaf 1 funcname _init hasCFT called [Parser.C:1274] curAddr 0x804c9fb: jz 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname _init hasCFT called branch or return, ret true [Parser.C:1485] recording block [804c9e4,804c9fd) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 5 + EIP + 2 to 0x804c9fb...SUCCESS (CFT=0x804ca02) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804c9fb->804ca02 resolveable_edge: 1, tailcall: 0, target: 804ca02 [ParserDetails.C:588] pushing 804ca02 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804c9fb->804c9fd resolveable_edge: 1, tailcall: 0, target: 804c9fd [ParserDetails.C:588] pushing 804c9fd onto worklist [Parser.C:1485] recording block [804ca02,804ca02) [Parser.C] parsing block 804ca02 [Parser.C:1274] curAddr 0x804ca02: add ESP, 8 [Parser.C:1280] leaf 1 funcname _init hasCFT called [Parser.C:1274] curAddr 0x804ca05: pop EBX, ESP [Parser.C:1280] leaf 1 funcname _init hasCFT called [Parser.C:1274] curAddr 0x804ca06: ret near [ESP] [Parser.C:1280] leaf 1 funcname _init hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ca02,804ca07) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804ca06 ......WARNING: after advance at 0x804ca07, curInsn() NULL Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804ca06...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804c9fd,804c9fd) [Parser.C] parsing block 804c9fd [Parser.C:1274] curAddr 0x804c9fd: call 13e + EIP + 5 [Parser.C:1280] leaf 1 funcname _init hasCFT called IA_IAPI.C[847]: binding PC EIP in call 13e + EIP + 5 to 0x804c9fd...SUCCESS (CFT=0x804cb40) [Parser.C:1485] recording block [804c9fd,804ca02) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804c9fd->804cb40 resolveable_edge: 1, tailcall: 0, target: 804cb40 [ParserDetails.C:588] pushing 804cb40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804c9fd->804ca02 resolveable_edge: 1, tailcall: 0, target: 804ca02 [ParserDetails.C:588] pushing 804ca02 onto worklist [Parser.C] binding call 804c9fd->804cb40 [ParseData.C] new function for target 804cb40 [Parser.C:1485] recording block [804cb40,804cb40) [suspend frame 804c9e4] [Parser.C] frame 804c9e4 blocked at 804c9fd call target 804cb40 [Parser.C] block 804cb40 exists [Parser.C] ==== starting to parse frame 804cb40 ==== [Parser.C] parsing block 804cb40 [Parser.C:1274] curAddr 0x804cb40: jmp [805c054] [Parser.C:1280] leaf 1 funcname targ804cb40 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c054] to 0x804cb40...FAIL (CFT=0x0), callTarget exp: [805c054] ... indirect jump at 0x804cb40, delay parsing it [Parser.C:1485] recording block [804cb40,804cb46) ... continue parse indirect jump at 804cb40 [Parser.C:1485] recording block [804cb40,804cb46) Getting edges ... indirect jump at 0x804cb40 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c054] at 0x804cb40 Apply indirect control flow analysis at 804cb40 Looking for thunk Looking for thunk in block [804cb40,804cb46).......WARNING: after advance at 0x804cb46, curInsn() NULL Expanding instruction @ 804cb40: jmp [805c054] Original expand: (<134594644:32>,) Adding assignment (@804cb40<[x86::eip]>[_805c054]) in instruction jmp [805c054] at 804cb40, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cb40, insn: jmp [805c054] Old fact for 804cb40: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cb40 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cb40<[x86::eip]>[_805c054]) Instruction: jmp [805c054] AST: (<134594644:64>,) Generate bound fact for Interval 0[134594644,134594644] 0[805c054,805c054], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594644:64>,) Apply relations2 to (<134594644:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594644,134594644] 0[805c054,805c054], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594644:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cb40 The fact from 804cb40 before applying transfer function Do not track predicate Var: , Interval 0[134594644,134594644] 0[805c054,805c054], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594644:64>,) No known value at the top of the stack Fact from 804cb40 after applying transfer function Do not track predicate Var: , Interval 0[134594644,134594644] 0[805c054,805c054], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594644:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594644,134594644] 0[805c054,805c054], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594644:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594644,134594644] 0[805c054,805c054], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c054 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cb40 (804cb40) No targets, exits func Adding block 0x804cb40 as exit 804cb40 extent [804cb40,804cb46) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c054] at 0x804cb40 in function targ804cb40 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cb40->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for __gmon_start__ [Parser.C] frame 804cb40 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] __gmon_start__ return status 2, no waiters [Parser.C] ==== resuming parse of frame 804c9e4 ==== Checking non-returning for __gmon_start__ [Parser.C] block 804ca02 exists [Parser.C] skipping locally parsed target at 804ca02 [Parser.C] frame 804c9e4 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] _init return status 3, no waiters [Parser.C] ==== resuming parse of frame 8054950 ==== Checking non-returning for _init Checking non-returning for _init [Parser.C:1485] recording block [8054973,8054973) [Parser.C] parsing block 8054973 [Parser.C:1274] curAddr 0x8054973: lea EAX, EBX + fffffef8 [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x8054979: sub ESI, EAX [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x805497b: sar ESI, 2 [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x805497e: test ESI, ESI [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x8054980: jz 27 + EIP + 2 [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054973,8054982) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 27 + EIP + 2 to 0x8054980...SUCCESS (CFT=0x80549a9) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054980->80549a9 resolveable_edge: 1, tailcall: 0, target: 80549a9 [ParserDetails.C:588] pushing 80549a9 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054980->8054982 resolveable_edge: 1, tailcall: 0, target: 8054982 [ParserDetails.C:588] pushing 8054982 onto worklist [Parser.C:1485] recording block [80549a9,80549a9) [Parser.C] parsing block 80549a9 [Parser.C:1274] curAddr 0x80549a9: add ESP, 1c [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x80549ac: pop EBX, ESP [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x80549ad: pop ESI, ESP [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x80549ae: pop EDI, ESP [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x80549af: pop EBP, ESP [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x80549b0: ret near [ESP] [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called branch or return, ret true [Parser.C:1485] recording block [80549a9,80549b1) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80549b0 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80549b0...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8054982,8054982) [Parser.C] parsing block 8054982 [Parser.C:1274] curAddr 0x8054982: lea ESI, ESI + 0 [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x8054988: mov EAX, [ESP + 38] [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x805498c: mov [ESP], EBP [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x805498f: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x8054993: mov EAX, [ESP + 34] [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x8054997: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x805499b: call [EBX + EDI * 4 + fffffef8] [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called IA_IAPI.C[847]: binding PC EIP in call [EBX + EDI * 4 + fffffef8] to 0x805499b...FAIL (CFT=0x0), callTarget exp: [EBX + EDI * 4 + fffffef8] ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [8054982,80549a2) Getting edges Returned 2 edges ... Call 0x805499b is indirect ... Call 0x805499b is indirect ... Call 0x805499b is indirect 2 edges: ParserDetails.C[64]: adding call edge 805499b->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 805499b->80549a2 resolveable_edge: 1, tailcall: 0, target: 80549a2 [ParserDetails.C:588] pushing 80549a2 onto worklist [Parser.C:1485] recording block [80549a2,80549a2) [Parser.C] parsing block 80549a2 [Parser.C:1274] curAddr 0x80549a2: add EDI, 1 [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x80549a5: cmp EDI, ESI [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called [Parser.C:1274] curAddr 0x80549a7: jnz ffffffffffffffdf + EIP + 2 [Parser.C:1280] leaf 1 funcname __libc_csu_init hasCFT called branch or return, ret true [Parser.C:1485] recording block [80549a2,80549a9) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz ffffffffffffffdf + EIP + 2 to 0x80549a7...SUCCESS (CFT=0x8054988) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x8054988 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 80549a7->8054988 resolveable_edge: 1, tailcall: 0, target: 8054988 [ParserDetails.C:588] pushing 8054988 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80549a7->80549a9 resolveable_edge: 1, tailcall: 0, target: 80549a9 [ParserDetails.C:588] pushing 80549a9 onto worklist [Parser.C] address 8054988 splits [8054982,80549a2) (0x1db0060) [Parser.C:1485] recording block [8054988,80549a2) [Parser.C] skipping locally parsed target at 8054988 [Parser.C] block 80549a9 exists [Parser.C] skipping locally parsed target at 80549a9 [Parser.C] frame 8054950 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] __libc_csu_init return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8051856) [Parser.C:180] entered parse_at([804ccd0,80549c4),8051856) [Parser.C:1485] recording block [8051856,8051856) [Parser.C] ==== starting to parse frame 8051856 ==== [Parser.C] parsing block 8051856 [Parser.C:1274] curAddr 0x8051856: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called [Parser.C:1274] curAddr 0x8051857: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called [Parser.C:1274] curAddr 0x8051859: sub ESP, 40 [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called [Parser.C:1274] curAddr 0x805185c: mov [EBP + ffffffffffffffc4], 18cc251 [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called [Parser.C:1274] curAddr 0x8051863: mov [EBP + ffffffffffffffc8], 18cc252 [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called [Parser.C:1274] curAddr 0x805186a: mov [EBP + fffffffffffffffc], 0 [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called [Parser.C:1274] curAddr 0x8051871: jmp 14 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 14 + EIP + 2 to 0x8051871...SUCCESS (CFT=0x8051887) [Parser.C:1485] recording block [8051856,8051873) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8051871->8051887 resolveable_edge: 1, tailcall: 0, target: 8051887 [ParserDetails.C:588] pushing 8051887 onto worklist [Parser.C:1485] recording block [8051887,8051887) [Parser.C] parsing block 8051887 [Parser.C:1274] curAddr 0x8051887: cmp [EBP + fffffffffffffffc], 9 [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called [Parser.C:1274] curAddr 0x805188b: jle ffffffffffffffe6 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051887,805188d) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffe6 + EIP + 2 to 0x805188b...SUCCESS (CFT=0x8051873) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805188b->8051873 resolveable_edge: 1, tailcall: 0, target: 8051873 [ParserDetails.C:588] pushing 8051873 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805188b->805188d resolveable_edge: 1, tailcall: 0, target: 805188d [ParserDetails.C:588] pushing 805188d onto worklist [Parser.C:1485] recording block [8051873,8051873) [Parser.C] parsing block 8051873 [Parser.C:1274] curAddr 0x8051873: mov EAX, [EBP + fffffffffffffffc] [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called [Parser.C:1274] curAddr 0x8051876: lea EDX, EAX + 18cc253 [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called [Parser.C:1274] curAddr 0x805187c: mov EAX, [EBP + fffffffffffffffc] [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called [Parser.C:1274] curAddr 0x805187f: mov [EBP + EAX * 4 + ffffffffffffffcc], EDX [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called [Parser.C:1274] curAddr 0x8051883: add [EBP + fffffffffffffffc], 1 [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called [Parser.C] straight-line parse into block at 8051887 [Parser.C:1485] recording block [8051873,8051887) [Parser.C] block 8051887 exists [Parser.C:1485] recording block [805188d,805188d) [Parser.C] parsing block 805188d [Parser.C:1274] curAddr 0x805188d: mov [EBP + fffffffffffffff4], 18cc25d [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called [Parser.C:1274] curAddr 0x8051894: mov [EBP + fffffffffffffff8], 18cc25e [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called [Parser.C:1274] curAddr 0x805189b: call ffffffb1 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffffb1 + EIP + 5 to 0x805189b...SUCCESS (CFT=0x8051851) [Parser.C:1485] recording block [805188d,80518a0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805189b->8051851 resolveable_edge: 1, tailcall: 0, target: 8051851 [ParserDetails.C:588] pushing 8051851 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805189b->80518a0 resolveable_edge: 1, tailcall: 0, target: 80518a0 [ParserDetails.C:588] pushing 80518a0 onto worklist [Parser.C] binding call 805189b->8051851 [Parser.C] block 8051851 exists Checking non-returning for call26_2 [Parser.C:1485] recording block [80518a0,80518a0) [Parser.C] parsing block 80518a0 [Parser.C:1274] curAddr 0x80518a0: leave [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called [Parser.C:1274] curAddr 0x80518a1: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_26_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80518a0,80518a2) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80518a1 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80518a1...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8051856 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_26_call1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8053261) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053261) [Parser.C:1485] recording block [8053261,8053261) [Parser.C] ==== starting to parse frame 8053261 ==== [Parser.C] parsing block 8053261 [Parser.C:1274] curAddr 0x8053261: push EBP, ESP [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053262: mov EBP, ESP [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053264: push EBX, ESP [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053265: sub ESP, 14 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053268: call ffff9a93 + EIP + 5 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9a93 + EIP + 5 to 0x8053268...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x805326d: add EBX, 8d93 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053273: mov [ESP], 14 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x805327a: call ffff9891 + EIP + 5 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9891 + EIP + 5 to 0x805327a...SUCCESS (CFT=0x804cb10) [Parser.C:1485] recording block [8053261,805327f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805327a->804cb10 resolveable_edge: 1, tailcall: 0, target: 804cb10 [ParserDetails.C:588] pushing 804cb10 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805327a->805327f resolveable_edge: 1, tailcall: 0, target: 805327f [ParserDetails.C:588] pushing 805327f onto worklist [Parser.C] binding call 805327a->804cb10 [Parser.C] block 804cb10 exists Checking non-returning for malloc [Parser.C:1485] recording block [805327f,805327f) [Parser.C] parsing block 805327f [Parser.C:1274] curAddr 0x805327f: mov EDX, EAX [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053281: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053287: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053289: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x805328f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053291: test EAX, EAX [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053293: jnz 31 + EIP + 2 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called branch or return, ret true [Parser.C:1485] recording block [805327f,8053295) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 31 + EIP + 2 to 0x8053293...SUCCESS (CFT=0x80532c6) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053293->80532c6 resolveable_edge: 1, tailcall: 0, target: 80532c6 [ParserDetails.C:588] pushing 80532c6 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053293->8053295 resolveable_edge: 1, tailcall: 0, target: 8053295 [ParserDetails.C:588] pushing 8053295 onto worklist [Parser.C:1485] recording block [80532c6,80532c6) [Parser.C] parsing block 80532c6 [Parser.C:1274] curAddr 0x80532c6: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532cc: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532ce: lea EDX, EBX + ffff773a [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532d4: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532d6: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532dc: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532de: lea EDX, EBX + ffff7771 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532e4: mov [EAX + 4], EDX [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532e7: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532ed: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532ef: lea EDX, EBX + ffff7320 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532f5: mov [EAX + 8], EDX [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532f8: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532fe: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053300: lea EDX, EBX + ffff78d8 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053306: mov [EAX + c], EDX [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053309: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x805330f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053311: lea EDX, EBX + ffff7905 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x8053317: mov [EAX + 10], EDX [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x805331a: add ESP, 14 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x805331d: pop EBX, ESP [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x805331e: pop EBP, ESP [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x805331f: ret near [ESP] [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called branch or return, ret true [Parser.C:1485] recording block [80532c6,8053320) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x805331f Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x805331f...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8053295,8053295) [Parser.C] parsing block 8053295 [Parser.C:1274] curAddr 0x8053295: mov EAX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x805329b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x805329d: mov [ESP + c], 63 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532a5: lea EDX, EBX + ffffbedc [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532ab: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532af: lea EDX, EBX + ffffbf74 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532b5: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532b9: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called [Parser.C:1274] curAddr 0x80532bc: call ffff98cf + EIP + 5 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff98cf + EIP + 5 to 0x80532bc...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [8053295,80532c1) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80532bc->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80532bc->80532c1 resolveable_edge: 1, tailcall: 0, target: 80532c1 [ParserDetails.C:588] pushing 80532c1 onto worklist [Parser.C] binding call 80532bc->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C:1485] recording block [80532c1,80532c1) [Parser.C] parsing block 80532c1 [Parser.C:1274] curAddr 0x80532c1: call ffff99da + EIP + 5 [Parser.C:1280] leaf 1 funcname initOutputDriver hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff99da + EIP + 5 to 0x80532c1...SUCCESS (CFT=0x804cca0) [Parser.C:1485] recording block [80532c1,80532c6) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80532c1->804cca0 resolveable_edge: 1, tailcall: 0, target: 804cca0 [ParserDetails.C:588] pushing 804cca0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80532c1->80532c6 resolveable_edge: 1, tailcall: 0, target: 80532c6 [ParserDetails.C:588] pushing 80532c6 onto worklist [Parser.C] binding call 80532c1->804cca0 [ParseData.C] new function for target 804cca0 [Parser.C:1485] recording block [804cca0,804cca0) [suspend frame 8053261] [Parser.C] frame 8053261 blocked at 80532c1 call target 804cca0 [Parser.C] block 804cca0 exists [Parser.C] ==== starting to parse frame 804cca0 ==== [Parser.C] parsing block 804cca0 [Parser.C:1274] curAddr 0x804cca0: jmp [805c0ac] [Parser.C:1280] leaf 1 funcname targ804cca0 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c0ac] to 0x804cca0...FAIL (CFT=0x0), callTarget exp: [805c0ac] ... indirect jump at 0x804cca0, delay parsing it [Parser.C:1485] recording block [804cca0,804cca6) ... continue parse indirect jump at 804cca0 [Parser.C:1485] recording block [804cca0,804cca6) Getting edges ... indirect jump at 0x804cca0 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c0ac] at 0x804cca0 Apply indirect control flow analysis at 804cca0 Looking for thunk Looking for thunk in block [804cca0,804cca6).......WARNING: after advance at 0x804cca6, curInsn() NULL Expanding instruction @ 804cca0: jmp [805c0ac] Original expand: (<134594732:32>,) Adding assignment (@804cca0<[x86::eip]>[_805c0ac]) in instruction jmp [805c0ac] at 804cca0, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cca0, insn: jmp [805c0ac] Old fact for 804cca0: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cca0 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cca0<[x86::eip]>[_805c0ac]) Instruction: jmp [805c0ac] AST: (<134594732:64>,) Generate bound fact for Interval 0[134594732,134594732] 0[805c0ac,805c0ac], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594732:64>,) Apply relations2 to (<134594732:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594732,134594732] 0[805c0ac,805c0ac], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594732:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cca0 The fact from 804cca0 before applying transfer function Do not track predicate Var: , Interval 0[134594732,134594732] 0[805c0ac,805c0ac], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594732:64>,) No known value at the top of the stack Fact from 804cca0 after applying transfer function Do not track predicate Var: , Interval 0[134594732,134594732] 0[805c0ac,805c0ac], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594732:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594732,134594732] 0[805c0ac,805c0ac], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594732:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594732,134594732] 0[805c0ac,805c0ac], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c0ac not read only, returning false Not jump table format! [Parser.C] finalizing targ804cca0 (804cca0) No targets, exits func Adding block 0x804cca0 as exit 804cca0 extent [804cca0,804cca6) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c0ac] at 0x804cca0 in function targ804cca0 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cca0->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for abort [Parser.C] frame 804cca0 complete, return status: 1 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] abort return status 1, no waiters [Parser.C] ==== resuming parse of frame 8053261 ==== Checking non-returning for abort Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804cca0 at 80532c1 [Parser.C] frame 8053261 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] initOutputDriver return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8050a7b) [Parser.C:180] entered parse_at([804ccd0,80549c4),8050a7b) function at 8050a7b already parsed, status 3 [Parser.C:224] entered parse_at(804fee7) [Parser.C:180] entered parse_at([804ccd0,80549c4),804fee7) [Parser.C:1485] recording block [804fee7,804fee7) [Parser.C] ==== starting to parse frame 804fee7 ==== [Parser.C] parsing block 804fee7 [Parser.C:1274] curAddr 0x804fee7: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fee8: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804feea: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804feeb: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804feee: call ffffce0d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffce0d + EIP + 5 to 0x804feee...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804fef3: add EBX, c10d [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fef9: call ffffff5e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffff5e + EIP + 5 to 0x804fef9...SUCCESS (CFT=0x804fe5c) [Parser.C:1485] recording block [804fee7,804fefe) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fef9->804fe5c resolveable_edge: 1, tailcall: 0, target: 804fe5c [ParserDetails.C:588] pushing 804fe5c onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fef9->804fefe resolveable_edge: 1, tailcall: 0, target: 804fefe [ParserDetails.C:588] pushing 804fefe onto worklist [Parser.C] binding call 804fef9->804fe5c [Parser.C:1485] recording block [804fe5c,804fe5c) [suspend frame 804fee7] [Parser.C] frame 804fee7 blocked at 804fef9 call target 804fe5c [Parser.C] block 804fe5c exists [Parser.C] ==== starting to parse frame 804fe5c ==== [Parser.C] parsing block 804fe5c [Parser.C:1274] curAddr 0x804fe5c: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fe5d: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fe5f: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fe60: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fe63: call ffffce98 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffce98 + EIP + 5 to 0x804fe63...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804fe68: add EBX, c198 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fe6e: lea EAX, EBX + 504 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fe74: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fe76: cmp EAX, 11 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fe79: jnz 17 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fe5c,804fe7b) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 17 + EIP + 2 to 0x804fe79...SUCCESS (CFT=0x804fe92) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fe79->804fe92 resolveable_edge: 1, tailcall: 0, target: 804fe92 [ParserDetails.C:588] pushing 804fe92 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fe79->804fe7b resolveable_edge: 1, tailcall: 0, target: 804fe7b [ParserDetails.C:588] pushing 804fe7b onto worklist [Parser.C:1485] recording block [804fe92,804fe92) [Parser.C] parsing block 804fe92 [Parser.C:1274] curAddr 0x804fe92: lea EAX, EBX + ffffa504 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fe98: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fe9b: call 3b1d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3b1d + EIP + 5 to 0x804fe9b...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804fe92,804fea0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fe9b->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fe9b->804fea0 resolveable_edge: 1, tailcall: 0, target: 804fea0 [ParserDetails.C:588] pushing 804fea0 onto worklist [Parser.C] binding call 804fe9b->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804fea0,804fea0) [Parser.C] parsing block 804fea0 [Parser.C:1274] curAddr 0x804fea0: lea EAX, EBX + 504 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fea6: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fea8: cmp EAX, 2a [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804feab: jnz 10 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fea0,804fead) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 10 + EIP + 2 to 0x804feab...SUCCESS (CFT=0x804febd) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804feab->804febd resolveable_edge: 1, tailcall: 0, target: 804febd [ParserDetails.C:588] pushing 804febd onto worklist ParserDetails.C[80]: adding conditional not taken edge 804feab->804fead resolveable_edge: 1, tailcall: 0, target: 804fead [ParserDetails.C:588] pushing 804fead onto worklist [Parser.C:1485] recording block [804febd,804febd) [Parser.C] parsing block 804febd [Parser.C:1274] curAddr 0x804febd: lea EAX, EBX + 504 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fec3: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fec5: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fec9: lea EAX, EBX + ffffa594 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fecf: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fed2: call 3ae6 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3ae6 + EIP + 5 to 0x804fed2...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804febd,804fed7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fed2->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fed2->804fed7 resolveable_edge: 1, tailcall: 0, target: 804fed7 [ParserDetails.C:588] pushing 804fed7 onto worklist [Parser.C] binding call 804fed2->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804fed7,804fed7) [Parser.C] parsing block 804fed7 [Parser.C:1274] curAddr 0x804fed7: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fede: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fee1: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fee4: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fee5: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fee6: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fed7,804fee7) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804fee6 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804fee6...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804fe7b,804fe7b) [Parser.C] parsing block 804fe7b [Parser.C:1274] curAddr 0x804fe7b: lea EAX, EBX + ffffa4cc [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fe81: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fe84: call 3b34 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3b34 + EIP + 5 to 0x804fe84...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804fe7b,804fe89) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fe84->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fe84->804fe89 resolveable_edge: 1, tailcall: 0, target: 804fe89 [ParserDetails.C:588] pushing 804fe89 onto worklist [Parser.C] binding call 804fe84->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804fe89,804fe89) [Parser.C] parsing block 804fe89 [Parser.C:1274] curAddr 0x804fe89: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804fe90: jmp 4c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 4c + EIP + 2 to 0x804fe90...SUCCESS (CFT=0x804fede) [Parser.C:1485] recording block [804fe89,804fe92) Getting edges Checking for Tail Call jump to 0x804fede is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804fe90->804fede resolveable_edge: 1, tailcall: 0, target: 804fede [ParserDetails.C:588] pushing 804fede onto worklist [Parser.C:1485] recording block [804fead,804fead) [Parser.C] parsing block 804fead [Parser.C:1274] curAddr 0x804fead: lea EAX, EBX + ffffa540 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804feb3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called [Parser.C:1274] curAddr 0x804feb6: call 3b02 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3b02 + EIP + 5 to 0x804feb6...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804fead,804febb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804feb6->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804feb6->804febb resolveable_edge: 1, tailcall: 0, target: 804febb [ParserDetails.C:588] pushing 804febb onto worklist [Parser.C] binding call 804feb6->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804febb,804febb) [Parser.C] parsing block 804febb [Parser.C:1274] curAddr 0x804febb: jmp 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_18_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 1a + EIP + 2 to 0x804febb...SUCCESS (CFT=0x804fed7) [Parser.C:1485] recording block [804febb,804febd) Getting edges Checking for Tail Call jump to 0x804fed7 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804febb->804fed7 resolveable_edge: 1, tailcall: 0, target: 804fed7 [ParserDetails.C:588] pushing 804fed7 onto worklist [Parser.C] block 804fed7 exists [Parser.C] skipping locally parsed target at 804fed7 [Parser.C] address 804fede splits [804fed7,804fee7) (0x1db3910) [Parser.C:1485] recording block [804fede,804fee7) [Parser.C] skipping locally parsed target at 804fede [Parser.C] frame 804fe5c complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_18_func1 return status 3, no waiters [Parser.C] ==== resuming parse of frame 804fee7 ==== Checking non-returning for test1_18_func1 Checking non-returning for test1_18_func1 [Parser.C:1485] recording block [804fefe,804fefe) [Parser.C] parsing block 804fefe [Parser.C:1274] curAddr 0x804fefe: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff00: jnz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fefe,804ff02) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 15 + EIP + 2 to 0x804ff00...SUCCESS (CFT=0x804ff17) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ff00->804ff17 resolveable_edge: 1, tailcall: 0, target: 804ff17 [ParserDetails.C:588] pushing 804ff17 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ff00->804ff02 resolveable_edge: 1, tailcall: 0, target: 804ff02 [ParserDetails.C:588] pushing 804ff02 onto worklist [Parser.C:1485] recording block [804ff17,804ff17) [Parser.C] parsing block 804ff17 [Parser.C:1274] curAddr 0x804ff17: mov EAX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff1d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff1f: mov [ESP + c], 52 [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff27: lea EDX, EBX + ffffa5d4 [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff2d: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff31: lea EDX, EBX + ffffa639 [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff37: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff3b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff3e: call ffffcc4d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffcc4d + EIP + 5 to 0x804ff3e...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [804ff17,804ff43) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ff3e->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ff3e->804ff43 resolveable_edge: 1, tailcall: 0, target: 804ff43 [ParserDetails.C:588] pushing 804ff43 onto worklist [Parser.C] binding call 804ff3e->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C:1485] recording block [804ff43,804ff43) [Parser.C] parsing block 804ff43 [Parser.C:1274] curAddr 0x804ff43: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff48: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff4b: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff4c: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff4d: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804ff43,804ff4e) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804ff4d Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804ff4d...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804ff02,804ff02) [Parser.C] parsing block 804ff02 [Parser.C:1274] curAddr 0x804ff02: mov EAX, [EBX + 508] [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff08: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff0b: call 4495 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4495 + EIP + 5 to 0x804ff0b...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [804ff02,804ff10) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ff0b->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ff0b->804ff10 resolveable_edge: 1, tailcall: 0, target: 804ff10 [ParserDetails.C:588] pushing 804ff10 onto worklist [Parser.C] binding call 804ff0b->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [804ff10,804ff10) [Parser.C] parsing block 804ff10 [Parser.C:1274] curAddr 0x804ff10: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ff15: jmp 31 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_18_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 31 + EIP + 2 to 0x804ff15...SUCCESS (CFT=0x804ff48) [Parser.C:1485] recording block [804ff10,804ff17) Getting edges Checking for Tail Call jump to 0x804ff48 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804ff15->804ff48 resolveable_edge: 1, tailcall: 0, target: 804ff48 [ParserDetails.C:588] pushing 804ff48 onto worklist [Parser.C] address 804ff48 splits [804ff43,804ff4e) (0x1db4a90) [Parser.C:1485] recording block [804ff48,804ff4e) [Parser.C] skipping locally parsed target at 804ff48 [Parser.C] frame 804fee7 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_18_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8053e8a) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053e8a) function at 8053e8a already parsed, status 3 [Parser.C:224] entered parse_at(8053d47) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053d47) [Parser.C:1485] recording block [8053d47,8053d47) [Parser.C] ==== starting to parse frame 8053d47 ==== [Parser.C] parsing block 8053d47 [Parser.C:1274] curAddr 0x8053d47: push EBP, ESP [Parser.C:1280] leaf 1 funcname warningLog hasCFT called [Parser.C:1274] curAddr 0x8053d48: mov EBP, ESP [Parser.C:1280] leaf 1 funcname warningLog hasCFT called [Parser.C:1274] curAddr 0x8053d4a: push EBX, ESP [Parser.C:1280] leaf 1 funcname warningLog hasCFT called [Parser.C:1274] curAddr 0x8053d4b: sub ESP, 14 [Parser.C:1280] leaf 1 funcname warningLog hasCFT called [Parser.C:1274] curAddr 0x8053d4e: call ffff8fad + EIP + 5 [Parser.C:1280] leaf 1 funcname warningLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8fad + EIP + 5 to 0x8053d4e...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053d53: add EBX, 82ad [Parser.C:1280] leaf 1 funcname warningLog hasCFT called [Parser.C:1274] curAddr 0x8053d59: mov EAX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname warningLog hasCFT called [Parser.C:1274] curAddr 0x8053d5f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname warningLog hasCFT called [Parser.C:1274] curAddr 0x8053d61: mov [ESP + c], 17e [Parser.C:1280] leaf 1 funcname warningLog hasCFT called [Parser.C:1274] curAddr 0x8053d69: lea EDX, EBX + ffffbedc [Parser.C:1280] leaf 1 funcname warningLog hasCFT called [Parser.C:1274] curAddr 0x8053d6f: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname warningLog hasCFT called [Parser.C:1274] curAddr 0x8053d73: lea EDX, EBX + ffffbf38 [Parser.C:1280] leaf 1 funcname warningLog hasCFT called [Parser.C:1274] curAddr 0x8053d79: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname warningLog hasCFT called [Parser.C:1274] curAddr 0x8053d7d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname warningLog hasCFT called [Parser.C:1274] curAddr 0x8053d80: call ffff8e0b + EIP + 5 [Parser.C:1280] leaf 1 funcname warningLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8e0b + EIP + 5 to 0x8053d80...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [8053d47,8053d85) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053d80->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053d80->8053d85 resolveable_edge: 1, tailcall: 0, target: 8053d85 [ParserDetails.C:588] pushing 8053d85 onto worklist [Parser.C] binding call 8053d80->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C:1485] recording block [8053d85,8053d85) [Parser.C] parsing block 8053d85 [Parser.C:1274] curAddr 0x8053d85: add ESP, 14 [Parser.C:1280] leaf 1 funcname warningLog hasCFT called [Parser.C:1274] curAddr 0x8053d88: pop EBX, ESP [Parser.C:1280] leaf 1 funcname warningLog hasCFT called [Parser.C:1274] curAddr 0x8053d89: pop EBP, ESP [Parser.C:1280] leaf 1 funcname warningLog hasCFT called [Parser.C:1274] curAddr 0x8053d8a: ret near [ESP] [Parser.C:1280] leaf 1 funcname warningLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053d85,8053d8b) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053d8a Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053d8a...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8053d47 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] warningLog return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052778) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052778) [Parser.C:1485] recording block [8052778,8052778) [Parser.C] ==== starting to parse frame 8052778 ==== [Parser.C] parsing block 8052778 [Parser.C:1274] curAddr 0x8052778: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052779: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x805277b: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x805277c: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x805277f: call ffffa57c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffa57c + EIP + 5 to 0x805277f...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052784: add EBX, 987c [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x805278a: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052791: mov [EBP + fffffffffffffff0], 2afa [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052798: mov [EBP + ffffffffffffffec], 1a [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x805279f: mov [EBP + ffffffffffffffe8], 2f0 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80527a6: call 12a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 12a + EIP + 5 to 0x80527a6...SUCCESS (CFT=0x80528d5) [Parser.C:1485] recording block [8052778,80527ab) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80527a6->80528d5 resolveable_edge: 1, tailcall: 0, target: 80528d5 [ParserDetails.C:588] pushing 80528d5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80527a6->80527ab resolveable_edge: 1, tailcall: 0, target: 80527ab [ParserDetails.C:588] pushing 80527ab onto worklist [Parser.C] binding call 80527a6->80528d5 [Parser.C] block 80528d5 exists Checking non-returning for test1_37_call1 Checking non-returning for test1_37_call1 [Parser.C:1485] recording block [80527ab,80527ab) [Parser.C] parsing block 80527ab [Parser.C:1274] curAddr 0x80527ab: call 1f8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1f8 + EIP + 5 to 0x80527ab...SUCCESS (CFT=0x80529a8) [Parser.C:1485] recording block [80527ab,80527b0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80527ab->80529a8 resolveable_edge: 1, tailcall: 0, target: 80529a8 [ParserDetails.C:588] pushing 80529a8 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80527ab->80527b0 resolveable_edge: 1, tailcall: 0, target: 80527b0 [ParserDetails.C:588] pushing 80527b0 onto worklist [Parser.C] binding call 80527ab->80529a8 [Parser.C] block 80529a8 exists Checking non-returning for test1_37_call2 Checking non-returning for test1_37_call2 [Parser.C:1485] recording block [80527b0,80527b0) [Parser.C] parsing block 80527b0 [Parser.C:1274] curAddr 0x80527b0: call 288 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 288 + EIP + 5 to 0x80527b0...SUCCESS (CFT=0x8052a3d) [Parser.C:1485] recording block [80527b0,80527b5) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80527b0->8052a3d resolveable_edge: 1, tailcall: 0, target: 8052a3d [ParserDetails.C:588] pushing 8052a3d onto worklist ParserDetails.C[68]: adding function fallthrough edge 80527b0->80527b5 resolveable_edge: 1, tailcall: 0, target: 80527b5 [ParserDetails.C:588] pushing 80527b5 onto worklist [Parser.C] binding call 80527b0->8052a3d [Parser.C:1485] recording block [8052a3d,8052a3d) [suspend frame 8052778] [Parser.C] frame 8052778 blocked at 80527b0 call target 8052a3d [Parser.C] block 8052a3d exists [Parser.C] ==== starting to parse frame 8052a3d ==== [Parser.C] parsing block 8052a3d [Parser.C:1274] curAddr 0x8052a3d: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a3e: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a40: sub ESP, 10 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a43: call ffffb13d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffb13d + EIP + 5 to 0x8052a43...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8052a48: add ECX, 95b8 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a4e: mov [EBP + fffffffffffffffc], 0 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a55: jmp 5d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5d + EIP + 2 to 0x8052a55...SUCCESS (CFT=0x8052ab4) [Parser.C:1485] recording block [8052a3d,8052a57) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8052a55->8052ab4 resolveable_edge: 1, tailcall: 0, target: 8052ab4 [ParserDetails.C:588] pushing 8052ab4 onto worklist [Parser.C:1485] recording block [8052ab4,8052ab4) [Parser.C] parsing block 8052ab4 [Parser.C:1274] curAddr 0x8052ab4: mov EAX, [EBP + fffffffffffffffc] [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052ab7: cmp EAX, 63 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052aba: jle ffffffffffffff9b + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052ab4,8052abc) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffff9b + EIP + 2 to 0x8052aba...SUCCESS (CFT=0x8052a57) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052aba->8052a57 resolveable_edge: 1, tailcall: 0, target: 8052a57 [ParserDetails.C:588] pushing 8052a57 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052aba->8052abc resolveable_edge: 1, tailcall: 0, target: 8052abc [ParserDetails.C:588] pushing 8052abc onto worklist [Parser.C:1485] recording block [8052a57,8052a57) [Parser.C] parsing block 8052a57 [Parser.C:1274] curAddr 0x8052a57: mov EAX, [EBP + fffffffffffffffc] [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a5a: and EAX, 1 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a5d: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a5f: jnz 13 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052a57,8052a61) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 13 + EIP + 2 to 0x8052a5f...SUCCESS (CFT=0x8052a74) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052a5f->8052a74 resolveable_edge: 1, tailcall: 0, target: 8052a74 [ParserDetails.C:588] pushing 8052a74 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052a5f->8052a61 resolveable_edge: 1, tailcall: 0, target: 8052a61 [ParserDetails.C:588] pushing 8052a61 onto worklist [Parser.C:1485] recording block [8052a74,8052a74) [Parser.C] parsing block 8052a74 [Parser.C:1274] curAddr 0x8052a74: mov [EBP + fffffffffffffff8], 0 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a7b: jmp 26 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 26 + EIP + 2 to 0x8052a7b...SUCCESS (CFT=0x8052aa3) [Parser.C:1485] recording block [8052a74,8052a7d) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8052a7b->8052aa3 resolveable_edge: 1, tailcall: 0, target: 8052aa3 [ParserDetails.C:588] pushing 8052aa3 onto worklist [Parser.C:1485] recording block [8052a61,8052a61) [Parser.C] parsing block 8052a61 [Parser.C:1274] curAddr 0x8052a61: lea EAX, ECX + 998 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a67: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a69: lea EDX, EAX + 1 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a6c: lea EAX, ECX + 998 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a72: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C] straight-line parse into block at 8052a74 [Parser.C:1485] recording block [8052a61,8052a74) [Parser.C] block 8052a74 exists [Parser.C:1485] recording block [8052abc,8052abc) [Parser.C] parsing block 8052abc [Parser.C:1274] curAddr 0x8052abc: leave [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052abd: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052abc,8052abe) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052abd Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052abd...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8052aa3,8052aa3) [Parser.C] parsing block 8052aa3 [Parser.C:1274] curAddr 0x8052aa3: mov EAX, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052aa6: cmp EAX, 9 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052aa9: jle ffffffffffffffd2 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052aa3,8052aab) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffd2 + EIP + 2 to 0x8052aa9...SUCCESS (CFT=0x8052a7d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052aa9->8052a7d resolveable_edge: 1, tailcall: 0, target: 8052a7d [ParserDetails.C:588] pushing 8052a7d onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052aa9->8052aab resolveable_edge: 1, tailcall: 0, target: 8052aab [ParserDetails.C:588] pushing 8052aab onto worklist [Parser.C:1485] recording block [8052a7d,8052a7d) [Parser.C] parsing block 8052a7d [Parser.C:1274] curAddr 0x8052a7d: mov EAX, [EBP + fffffffffffffffc] [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a80: and EAX, 1 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a83: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a85: jnz 13 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052a7d,8052a87) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 13 + EIP + 2 to 0x8052a85...SUCCESS (CFT=0x8052a9a) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052a85->8052a9a resolveable_edge: 1, tailcall: 0, target: 8052a9a [ParserDetails.C:588] pushing 8052a9a onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052a85->8052a87 resolveable_edge: 1, tailcall: 0, target: 8052a87 [ParserDetails.C:588] pushing 8052a87 onto worklist [Parser.C:1485] recording block [8052a9a,8052a9a) [Parser.C] parsing block 8052a9a [Parser.C:1274] curAddr 0x8052a9a: mov EAX, [EBP + fffffffffffffff8] [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a9d: add EAX, 1 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052aa0: mov [EBP + fffffffffffffff8], EAX [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C] straight-line parse into block at 8052aa3 [Parser.C:1485] recording block [8052a9a,8052aa3) [Parser.C] block 8052aa3 exists [Parser.C:1485] recording block [8052a87,8052a87) [Parser.C] parsing block 8052a87 [Parser.C:1274] curAddr 0x8052a87: lea EAX, ECX + 998 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a8d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a8f: lea EDX, EAX + 1 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a92: lea EAX, ECX + 998 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052a98: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C] straight-line parse into block at 8052a9a [Parser.C:1485] recording block [8052a87,8052a9a) [Parser.C] block 8052a9a exists [Parser.C:1485] recording block [8052aab,8052aab) [Parser.C] parsing block 8052aab [Parser.C:1274] curAddr 0x8052aab: mov EAX, [EBP + fffffffffffffffc] [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052aae: add EAX, 1 [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C:1274] curAddr 0x8052ab1: mov [EBP + fffffffffffffffc], EAX [Parser.C:1280] leaf 1 funcname test1_37_call3 hasCFT called [Parser.C] straight-line parse into block at 8052ab4 [Parser.C:1485] recording block [8052aab,8052ab4) [Parser.C] block 8052ab4 exists [Parser.C] frame 8052a3d complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_37_call3 return status 3, no waiters [Parser.C] ==== resuming parse of frame 8052778 ==== Checking non-returning for test1_37_call3 Checking non-returning for test1_37_call3 [Parser.C:1485] recording block [80527b5,80527b5) [Parser.C] parsing block 80527b5 [Parser.C:1274] curAddr 0x80527b5: lea EAX, EBX + 990 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80527bb: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80527bd: cmp EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80527c0: jz 36 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80527b5,80527c2) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 36 + EIP + 2 to 0x80527c0...SUCCESS (CFT=0x80527f8) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80527c0->80527f8 resolveable_edge: 1, tailcall: 0, target: 80527f8 [ParserDetails.C:588] pushing 80527f8 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80527c0->80527c2 resolveable_edge: 1, tailcall: 0, target: 80527c2 [ParserDetails.C:588] pushing 80527c2 onto worklist [Parser.C:1485] recording block [80527f8,80527f8) [Parser.C] parsing block 80527f8 [Parser.C:1274] curAddr 0x80527f8: lea EAX, EBX + 994 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80527fe: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052800: cmp EAX, [EBP + ffffffffffffffec] [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052803: jz 36 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80527f8,8052805) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 36 + EIP + 2 to 0x8052803...SUCCESS (CFT=0x805283b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052803->805283b resolveable_edge: 1, tailcall: 0, target: 805283b [ParserDetails.C:588] pushing 805283b onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052803->8052805 resolveable_edge: 1, tailcall: 0, target: 8052805 [ParserDetails.C:588] pushing 8052805 onto worklist [Parser.C:1485] recording block [805283b,805283b) [Parser.C] parsing block 805283b [Parser.C:1274] curAddr 0x805283b: lea EAX, EBX + 998 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052841: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052843: cmp EAX, [EBP + ffffffffffffffe8] [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052846: jz 36 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [805283b,8052848) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 36 + EIP + 2 to 0x8052846...SUCCESS (CFT=0x805287e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052846->805287e resolveable_edge: 1, tailcall: 0, target: 805287e [ParserDetails.C:588] pushing 805287e onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052846->8052848 resolveable_edge: 1, tailcall: 0, target: 8052848 [ParserDetails.C:588] pushing 8052848 onto worklist [Parser.C:1485] recording block [805287e,805287e) [Parser.C] parsing block 805287e [Parser.C:1274] curAddr 0x805287e: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052882: jnz 23 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [805287e,8052884) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 23 + EIP + 2 to 0x8052882...SUCCESS (CFT=0x80528a7) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052882->80528a7 resolveable_edge: 1, tailcall: 0, target: 80528a7 [ParserDetails.C:588] pushing 80528a7 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052882->8052884 resolveable_edge: 1, tailcall: 0, target: 8052884 [ParserDetails.C:588] pushing 8052884 onto worklist [Parser.C:1485] recording block [80528a7,80528a7) [Parser.C] parsing block 80528a7 [Parser.C:1274] curAddr 0x80528a7: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80528ac: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80528af: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80528b0: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80528b1: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80528a7,80528b2) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80528b1 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80528b1...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [80527c2,80527c2) [Parser.C] parsing block 80527c2 [Parser.C:1274] curAddr 0x80527c2: mov [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80527c9: lea EAX, EBX + ffffba60 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80527cf: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80527d2: call 11e6 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 11e6 + EIP + 5 to 0x80527d2...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80527c2,80527d7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80527d2->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80527d2->80527d7 resolveable_edge: 1, tailcall: 0, target: 80527d7 [ParserDetails.C:588] pushing 80527d7 onto worklist [Parser.C] binding call 80527d2->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80527d7,80527d7) [Parser.C] parsing block 80527d7 [Parser.C:1274] curAddr 0x80527d7: lea EAX, EBX + 990 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80527dd: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80527df: mov EDX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80527e2: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80527e6: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80527ea: lea EAX, EBX + ffffba88 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80527f0: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80527f3: call 11c5 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 11c5 + EIP + 5 to 0x80527f3...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80527d7,80527f8) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80527f3->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80527f3->80527f8 resolveable_edge: 1, tailcall: 0, target: 80527f8 [ParserDetails.C:588] pushing 80527f8 onto worklist [Parser.C] binding call 80527f3->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 80527f8 exists [Parser.C] skipping locally parsed target at 80527f8 [Parser.C:1485] recording block [8052805,8052805) [Parser.C] parsing block 8052805 [Parser.C:1274] curAddr 0x8052805: mov [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x805280c: lea EAX, EBX + ffffba60 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052812: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052815: call 11a3 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 11a3 + EIP + 5 to 0x8052815...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052805,805281a) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052815->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052815->805281a resolveable_edge: 1, tailcall: 0, target: 805281a [ParserDetails.C:588] pushing 805281a onto worklist [Parser.C] binding call 8052815->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [805281a,805281a) [Parser.C] parsing block 805281a [Parser.C:1274] curAddr 0x805281a: lea EAX, EBX + 994 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052820: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052822: mov EDX, [EBP + ffffffffffffffec] [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052825: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052829: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x805282d: lea EAX, EBX + ffffbabc [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052833: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052836: call 1182 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1182 + EIP + 5 to 0x8052836...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805281a,805283b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052836->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052836->805283b resolveable_edge: 1, tailcall: 0, target: 805283b [ParserDetails.C:588] pushing 805283b onto worklist [Parser.C] binding call 8052836->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 805283b exists [Parser.C] skipping locally parsed target at 805283b [Parser.C:1485] recording block [8052848,8052848) [Parser.C] parsing block 8052848 [Parser.C:1274] curAddr 0x8052848: mov [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x805284f: lea EAX, EBX + ffffba60 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052855: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052858: call 1160 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1160 + EIP + 5 to 0x8052858...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052848,805285d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052858->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052858->805285d resolveable_edge: 1, tailcall: 0, target: 805285d [ParserDetails.C:588] pushing 805285d onto worklist [Parser.C] binding call 8052858->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [805285d,805285d) [Parser.C] parsing block 805285d [Parser.C:1274] curAddr 0x805285d: lea EAX, EBX + 998 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052863: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052865: mov EDX, [EBP + ffffffffffffffe8] [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052868: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x805286c: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052870: lea EAX, EBX + ffffbaf0 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052876: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052879: call 113f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 113f + EIP + 5 to 0x8052879...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805285d,805287e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052879->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052879->805287e resolveable_edge: 1, tailcall: 0, target: 805287e [ParserDetails.C:588] pushing 805287e onto worklist [Parser.C] binding call 8052879->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 805287e exists [Parser.C] skipping locally parsed target at 805287e [Parser.C:1485] recording block [8052884,8052884) [Parser.C] parsing block 8052884 [Parser.C:1274] curAddr 0x8052884: lea EAX, EBX + ffffbb24 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x805288a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x805288d: call 112b + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 112b + EIP + 5 to 0x805288d...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052884,8052892) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805288d->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805288d->8052892 resolveable_edge: 1, tailcall: 0, target: 8052892 [ParserDetails.C:588] pushing 8052892 onto worklist [Parser.C] binding call 805288d->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052892,8052892) [Parser.C] parsing block 8052892 [Parser.C:1274] curAddr 0x8052892: mov EAX, [EBX + 70c] [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052898: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x805289b: call 1b05 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1b05 + EIP + 5 to 0x805289b...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8052892,80528a0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805289b->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805289b->80528a0 resolveable_edge: 1, tailcall: 0, target: 80528a0 [ParserDetails.C:588] pushing 80528a0 onto worklist [Parser.C] binding call 805289b->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [80528a0,80528a0) [Parser.C] parsing block 80528a0 [Parser.C:1274] curAddr 0x80528a0: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called [Parser.C:1274] curAddr 0x80528a5: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_37_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x80528a5...SUCCESS (CFT=0x80528ac) [Parser.C:1485] recording block [80528a0,80528a7) Getting edges Checking for Tail Call jump to 0x80528ac is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 80528a5->80528ac resolveable_edge: 1, tailcall: 0, target: 80528ac [ParserDetails.C:588] pushing 80528ac onto worklist [Parser.C] address 80528ac splits [80528a7,80528b2) (0x1db70a0) [Parser.C:1485] recording block [80528ac,80528b2) [Parser.C] skipping locally parsed target at 80528ac [Parser.C] frame 8052778 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_37_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052cdc) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052cdc) [Parser.C:1485] recording block [8052cdc,8052cdc) [Parser.C] ==== starting to parse frame 8052cdc ==== [Parser.C] parsing block 8052cdc [Parser.C:1274] curAddr 0x8052cdc: push EBP, ESP [Parser.C:1280] leaf 1 funcname test2_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052cdd: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test2_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052cdf: push EBX, ESP [Parser.C:1280] leaf 1 funcname test2_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ce0: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test2_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ce3: call ffffa018 + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_5_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffa018 + EIP + 5 to 0x8052ce3...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052ce8: add EBX, 9318 [Parser.C:1280] leaf 1 funcname test2_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052cee: lea EAX, EBX + ffffbbb5 [Parser.C:1280] leaf 1 funcname test2_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052cf4: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test2_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052cf7: call 16a9 + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_5_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 16a9 + EIP + 5 to 0x8052cf7...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8052cdc,8052cfc) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052cf7->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052cf7->8052cfc resolveable_edge: 1, tailcall: 0, target: 8052cfc [ParserDetails.C:588] pushing 8052cfc onto worklist [Parser.C] binding call 8052cf7->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8052cfc,8052cfc) [Parser.C] parsing block 8052cfc [Parser.C:1274] curAddr 0x8052cfc: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test2_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d01: add ESP, 14 [Parser.C:1280] leaf 1 funcname test2_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d04: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test2_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d05: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test2_5_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d06: ret near [ESP] [Parser.C:1280] leaf 1 funcname test2_5_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052cfc,8052d07) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052d06 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052d06...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052cdc complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test2_5_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804f37b) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f37b) [Parser.C:1485] recording block [804f37b,804f37b) [Parser.C] ==== starting to parse frame 804f37b ==== [Parser.C] parsing block 804f37b [Parser.C:1274] curAddr 0x804f37b: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_call2 hasCFT called [Parser.C:1274] curAddr 0x804f37c: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_call2 hasCFT called [Parser.C:1274] curAddr 0x804f37e: call ffffe802 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_11_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe802 + EIP + 5 to 0x804f37e...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x804f383: add ECX, cc7d [Parser.C:1280] leaf 1 funcname test1_11_call2 hasCFT called [Parser.C:1274] curAddr 0x804f389: mov EAX, [ECX + 82c] [Parser.C:1280] leaf 1 funcname test1_11_call2 hasCFT called [Parser.C:1274] curAddr 0x804f38f: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_11_call2 hasCFT called [Parser.C:1274] curAddr 0x804f392: jnz a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_11_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f37b,804f394) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz a + EIP + 2 to 0x804f392...SUCCESS (CFT=0x804f39e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f392->804f39e resolveable_edge: 1, tailcall: 0, target: 804f39e [ParserDetails.C:588] pushing 804f39e onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f392->804f394 resolveable_edge: 1, tailcall: 0, target: 804f394 [ParserDetails.C:588] pushing 804f394 onto worklist [Parser.C:1485] recording block [804f39e,804f39e) [Parser.C] parsing block 804f39e [Parser.C:1274] curAddr 0x804f39e: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_call2 hasCFT called [Parser.C:1274] curAddr 0x804f39f: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_11_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f39e,804f3a0) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f39f Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f39f...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804f394,804f394) [Parser.C] parsing block 804f394 [Parser.C:1274] curAddr 0x804f394: mov [ECX + 834], 1 [Parser.C:1280] leaf 1 funcname test1_11_call2 hasCFT called [Parser.C] straight-line parse into block at 804f39e [Parser.C:1485] recording block [804f394,804f39e) [Parser.C] block 804f39e exists [Parser.C] frame 804f37b complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_11_call2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8053320) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053320) function at 8053320 already parsed, status 3 [Parser.C:224] entered parse_at(804e114) [Parser.C:180] entered parse_at([804ccd0,80549c4),804e114) function at 804e114 already parsed, status 3 [Parser.C:224] entered parse_at(804f3c5) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f3c5) [Parser.C:1485] recording block [804f3c5,804f3c5) [Parser.C] ==== starting to parse frame 804f3c5 ==== [Parser.C] parsing block 804f3c5 [Parser.C:1274] curAddr 0x804f3c5: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f3c6: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f3c8: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f3c9: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f3cc: call ffffd92f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd92f + EIP + 5 to 0x804f3cc...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804f3d1: add EBX, cc2f [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f3d7: mov EAX, [EBX + 82c] [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f3dd: cmp EAX, 3 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f3e0: jnz a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f3c5,804f3e2) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz a + EIP + 2 to 0x804f3e0...SUCCESS (CFT=0x804f3ec) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f3e0->804f3ec resolveable_edge: 1, tailcall: 0, target: 804f3ec [ParserDetails.C:588] pushing 804f3ec onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f3e0->804f3e2 resolveable_edge: 1, tailcall: 0, target: 804f3e2 [ParserDetails.C:588] pushing 804f3e2 onto worklist [Parser.C:1485] recording block [804f3ec,804f3ec) [Parser.C] parsing block 804f3ec [Parser.C:1274] curAddr 0x804f3ec: mov EAX, [EBX + 830] [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f3f2: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f3f4: jz 38 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f3ec,804f3f6) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 38 + EIP + 2 to 0x804f3f4...SUCCESS (CFT=0x804f42e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f3f4->804f42e resolveable_edge: 1, tailcall: 0, target: 804f42e [ParserDetails.C:588] pushing 804f42e onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f3f4->804f3f6 resolveable_edge: 1, tailcall: 0, target: 804f3f6 [ParserDetails.C:588] pushing 804f3f6 onto worklist [Parser.C:1485] recording block [804f42e,804f42e) [Parser.C] parsing block 804f42e [Parser.C:1274] curAddr 0x804f42e: lea EAX, EBX + ffff9df8 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f434: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f437: call 4581 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4581 + EIP + 5 to 0x804f437...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f42e,804f43c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f437->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f437->804f43c resolveable_edge: 1, tailcall: 0, target: 804f43c [ParserDetails.C:588] pushing 804f43c onto worklist [Parser.C] binding call 804f437->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804f43c,804f43c) [Parser.C] parsing block 804f43c [Parser.C:1274] curAddr 0x804f43c: mov EAX, [EBX + 830] [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f442: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f444: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f43c,804f446) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x804f444...SUCCESS (CFT=0x804f454) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f444->804f454 resolveable_edge: 1, tailcall: 0, target: 804f454 [ParserDetails.C:588] pushing 804f454 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f444->804f446 resolveable_edge: 1, tailcall: 0, target: 804f446 [ParserDetails.C:588] pushing 804f446 onto worklist [Parser.C:1485] recording block [804f454,804f454) [Parser.C] parsing block 804f454 [Parser.C:1274] curAddr 0x804f454: mov EAX, [EBX + 834] [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f45a: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f45c: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f454,804f45e) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x804f45c...SUCCESS (CFT=0x804f46c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f45c->804f46c resolveable_edge: 1, tailcall: 0, target: 804f46c [ParserDetails.C:588] pushing 804f46c onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f45c->804f45e resolveable_edge: 1, tailcall: 0, target: 804f45e [ParserDetails.C:588] pushing 804f45e onto worklist [Parser.C:1485] recording block [804f46c,804f46c) [Parser.C] parsing block 804f46c [Parser.C:1274] curAddr 0x804f46c: mov EAX, [EBX + 838] [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f472: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f474: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f46c,804f476) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x804f474...SUCCESS (CFT=0x804f484) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f474->804f484 resolveable_edge: 1, tailcall: 0, target: 804f484 [ParserDetails.C:588] pushing 804f484 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f474->804f476 resolveable_edge: 1, tailcall: 0, target: 804f476 [ParserDetails.C:588] pushing 804f476 onto worklist [Parser.C:1485] recording block [804f484,804f484) [Parser.C] parsing block 804f484 [Parser.C:1274] curAddr 0x804f484: mov EAX, [EBX + 83c] [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f48a: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f48c: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f484,804f48e) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x804f48c...SUCCESS (CFT=0x804f49c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f48c->804f49c resolveable_edge: 1, tailcall: 0, target: 804f49c [ParserDetails.C:588] pushing 804f49c onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f48c->804f48e resolveable_edge: 1, tailcall: 0, target: 804f48e [ParserDetails.C:588] pushing 804f48e onto worklist [Parser.C:1485] recording block [804f49c,804f49c) [Parser.C] parsing block 804f49c [Parser.C:1274] curAddr 0x804f49c: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f49f: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f4a0: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f4a1: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f49c,804f4a2) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f4a1 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f4a1...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804f3e2,804f3e2) [Parser.C] parsing block 804f3e2 [Parser.C:1274] curAddr 0x804f3e2: mov [EBX + 83c], 1 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C] straight-line parse into block at 804f3ec [Parser.C:1485] recording block [804f3e2,804f3ec) [Parser.C] block 804f3ec exists [Parser.C:1485] recording block [804f3f6,804f3f6) [Parser.C] parsing block 804f3f6 [Parser.C:1274] curAddr 0x804f3f6: mov EAX, [EBX + 834] [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f3fc: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f3fe: jz 2e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f3f6,804f400) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 2e + EIP + 2 to 0x804f3fe...SUCCESS (CFT=0x804f42e) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f42e is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f3fe->804f42e resolveable_edge: 1, tailcall: 0, target: 804f42e [ParserDetails.C:588] pushing 804f42e onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f3fe->804f400 resolveable_edge: 1, tailcall: 0, target: 804f400 [ParserDetails.C:588] pushing 804f400 onto worklist [Parser.C] block 804f42e exists [Parser.C] skipping locally parsed target at 804f42e [Parser.C:1485] recording block [804f400,804f400) [Parser.C] parsing block 804f400 [Parser.C:1274] curAddr 0x804f400: mov EAX, [EBX + 838] [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f406: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f408: jz 24 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f400,804f40a) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 24 + EIP + 2 to 0x804f408...SUCCESS (CFT=0x804f42e) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f42e is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f408->804f42e resolveable_edge: 1, tailcall: 0, target: 804f42e [ParserDetails.C:588] pushing 804f42e onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f408->804f40a resolveable_edge: 1, tailcall: 0, target: 804f40a [ParserDetails.C:588] pushing 804f40a onto worklist [Parser.C] block 804f42e exists [Parser.C] skipping locally parsed target at 804f42e [Parser.C:1485] recording block [804f40a,804f40a) [Parser.C] parsing block 804f40a [Parser.C:1274] curAddr 0x804f40a: mov EAX, [EBX + 83c] [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f410: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f412: jz 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f40a,804f414) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1a + EIP + 2 to 0x804f412...SUCCESS (CFT=0x804f42e) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804f42e is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804f412->804f42e resolveable_edge: 1, tailcall: 0, target: 804f42e [ParserDetails.C:588] pushing 804f42e onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f412->804f414 resolveable_edge: 1, tailcall: 0, target: 804f414 [ParserDetails.C:588] pushing 804f414 onto worklist [Parser.C] block 804f42e exists [Parser.C] skipping locally parsed target at 804f42e [Parser.C:1485] recording block [804f414,804f414) [Parser.C] parsing block 804f414 [Parser.C:1274] curAddr 0x804f414: lea EAX, EBX + ffff9dc8 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f41a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f41d: call 459b + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 459b + EIP + 5 to 0x804f41d...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f414,804f422) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f41d->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f41d->804f422 resolveable_edge: 1, tailcall: 0, target: 804f422 [ParserDetails.C:588] pushing 804f422 onto worklist [Parser.C] binding call 804f41d->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804f422,804f422) [Parser.C] parsing block 804f422 [Parser.C:1274] curAddr 0x804f422: mov [EBX + 840], 1 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f42c: jmp 6e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 6e + EIP + 2 to 0x804f42c...SUCCESS (CFT=0x804f49c) [Parser.C:1485] recording block [804f422,804f42e) Getting edges Checking for Tail Call jump to 0x804f49c is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804f42c->804f49c resolveable_edge: 1, tailcall: 0, target: 804f49c [ParserDetails.C:588] pushing 804f49c onto worklist [Parser.C:1485] recording block [804f446,804f446) [Parser.C] parsing block 804f446 [Parser.C:1274] curAddr 0x804f446: lea EAX, EBX + ffff9e2c [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f44c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f44f: call 4569 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4569 + EIP + 5 to 0x804f44f...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f446,804f454) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f44f->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f44f->804f454 resolveable_edge: 1, tailcall: 0, target: 804f454 [ParserDetails.C:588] pushing 804f454 onto worklist [Parser.C] binding call 804f44f->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f454 exists [Parser.C] skipping locally parsed target at 804f454 [Parser.C:1485] recording block [804f45e,804f45e) [Parser.C] parsing block 804f45e [Parser.C:1274] curAddr 0x804f45e: lea EAX, EBX + ffff9e60 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f464: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f467: call 4551 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4551 + EIP + 5 to 0x804f467...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f45e,804f46c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f467->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f467->804f46c resolveable_edge: 1, tailcall: 0, target: 804f46c [ParserDetails.C:588] pushing 804f46c onto worklist [Parser.C] binding call 804f467->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f46c exists [Parser.C] skipping locally parsed target at 804f46c [Parser.C:1485] recording block [804f476,804f476) [Parser.C] parsing block 804f476 [Parser.C:1274] curAddr 0x804f476: lea EAX, EBX + ffff9e98 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f47c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f47f: call 4539 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4539 + EIP + 5 to 0x804f47f...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f476,804f484) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f47f->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f47f->804f484 resolveable_edge: 1, tailcall: 0, target: 804f484 [ParserDetails.C:588] pushing 804f484 onto worklist [Parser.C] binding call 804f47f->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f484 exists [Parser.C] skipping locally parsed target at 804f484 [Parser.C:1485] recording block [804f48e,804f48e) [Parser.C] parsing block 804f48e [Parser.C:1274] curAddr 0x804f48e: lea EAX, EBX + ffff9ed0 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f494: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called [Parser.C:1274] curAddr 0x804f497: call 4521 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_11_call4 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 4521 + EIP + 5 to 0x804f497...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804f48e,804f49c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f497->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f497->804f49c resolveable_edge: 1, tailcall: 0, target: 804f49c [ParserDetails.C:588] pushing 804f49c onto worklist [Parser.C] binding call 804f497->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804f49c exists [Parser.C] skipping locally parsed target at 804f49c [Parser.C] block 804f49c exists [Parser.C] skipping locally parsed target at 804f49c [Parser.C] frame 804f3c5 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_11_call4 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804ccd0) [Parser.C:180] entered parse_at([804ccd0,80549c4),804ccd0) [Parser.C:1485] recording block [804ccd0,804ccd0) [Parser.C] ==== starting to parse frame 804ccd0 ==== [Parser.C] parsing block 804ccd0 [Parser.C:1274] curAddr 0x804ccd0: xor EBP, EBP [Parser.C:1280] leaf 1 funcname _start hasCFT called [Parser.C:1274] curAddr 0x804ccd2: pop ESI, ESP [Parser.C:1280] leaf 1 funcname _start hasCFT called [Parser.C:1274] curAddr 0x804ccd3: mov ECX, ESP [Parser.C:1280] leaf 1 funcname _start hasCFT called [Parser.C:1274] curAddr 0x804ccd5: and ESP, f0 [Parser.C:1280] leaf 1 funcname _start hasCFT called [Parser.C:1274] curAddr 0x804ccd8: push EAX, ESP [Parser.C:1280] leaf 1 funcname _start hasCFT called [Parser.C:1274] curAddr 0x804ccd9: push ESP, ESP [Parser.C:1280] leaf 1 funcname _start hasCFT called [Parser.C:1274] curAddr 0x804ccda: push EDX, ESP [Parser.C:1280] leaf 1 funcname _start hasCFT called [Parser.C:1274] curAddr 0x804ccdb: push 80549c0, ESP [Parser.C:1280] leaf 1 funcname _start hasCFT called [Parser.C:1274] curAddr 0x804cce0: push 8054950, ESP [Parser.C:1280] leaf 1 funcname _start hasCFT called [Parser.C:1274] curAddr 0x804cce5: push ECX, ESP [Parser.C:1280] leaf 1 funcname _start hasCFT called [Parser.C:1274] curAddr 0x804cce6: push ESI, ESP [Parser.C:1280] leaf 1 funcname _start hasCFT called [Parser.C:1274] curAddr 0x804cce7: push 804d14a, ESP [Parser.C:1280] leaf 1 funcname _start hasCFT called [Parser.C:1274] curAddr 0x804ccec: call fffffe8f + EIP + 5 [Parser.C:1280] leaf 1 funcname _start hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffe8f + EIP + 5 to 0x804ccec...SUCCESS (CFT=0x804cb80) [Parser.C:1485] recording block [804ccd0,804ccf1) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804ccec->804cb80 resolveable_edge: 1, tailcall: 0, target: 804cb80 [ParserDetails.C:588] pushing 804cb80 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804ccec->804ccf1 resolveable_edge: 1, tailcall: 0, target: 804ccf1 [ParserDetails.C:588] pushing 804ccf1 onto worklist [Parser.C] binding call 804ccec->804cb80 [ParseData.C] new function for target 804cb80 [Parser.C:1485] recording block [804cb80,804cb80) [suspend frame 804ccd0] [Parser.C] frame 804ccd0 blocked at 804ccec call target 804cb80 [Parser.C] block 804cb80 exists [Parser.C] ==== starting to parse frame 804cb80 ==== [Parser.C] parsing block 804cb80 [Parser.C:1274] curAddr 0x804cb80: jmp [805c064] [Parser.C:1280] leaf 1 funcname targ804cb80 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c064] to 0x804cb80...FAIL (CFT=0x0), callTarget exp: [805c064] ... indirect jump at 0x804cb80, delay parsing it [Parser.C:1485] recording block [804cb80,804cb86) ... continue parse indirect jump at 804cb80 [Parser.C:1485] recording block [804cb80,804cb86) Getting edges ... indirect jump at 0x804cb80 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c064] at 0x804cb80 Apply indirect control flow analysis at 804cb80 Looking for thunk Looking for thunk in block [804cb80,804cb86).......WARNING: after advance at 0x804cb86, curInsn() NULL Expanding instruction @ 804cb80: jmp [805c064] Original expand: (<134594660:32>,) Adding assignment (@804cb80<[x86::eip]>[_805c064]) in instruction jmp [805c064] at 804cb80, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cb80, insn: jmp [805c064] Old fact for 804cb80: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cb80 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cb80<[x86::eip]>[_805c064]) Instruction: jmp [805c064] AST: (<134594660:64>,) Generate bound fact for Interval 0[134594660,134594660] 0[805c064,805c064], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594660:64>,) Apply relations2 to (<134594660:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594660,134594660] 0[805c064,805c064], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594660:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cb80 The fact from 804cb80 before applying transfer function Do not track predicate Var: , Interval 0[134594660,134594660] 0[805c064,805c064], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594660:64>,) No known value at the top of the stack Fact from 804cb80 after applying transfer function Do not track predicate Var: , Interval 0[134594660,134594660] 0[805c064,805c064], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594660:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594660,134594660] 0[805c064,805c064], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594660:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594660,134594660] 0[805c064,805c064], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c064 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cb80 (804cb80) No targets, exits func Adding block 0x804cb80 as exit 804cb80 extent [804cb80,804cb86) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c064] at 0x804cb80 in function targ804cb80 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cb80->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for __libc_start_main [Parser.C] frame 804cb80 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] __libc_start_main return status 2, no waiters [Parser.C] ==== resuming parse of frame 804ccd0 ==== Checking non-returning for __libc_start_main [Parser.C:1485] recording block [804ccf1,804ccf1) [Parser.C] parsing block 804ccf1 [Parser.C:1274] curAddr 0x804ccf1: hlt [Parser.C:1280] leaf 1 funcname _start hasCFT called [Parser.C:1485] recording block [804ccf1,804ccf2) [Parser.C] frame 804ccd0 complete, return status: 1 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] _start return status 1, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804fbd9) [Parser.C:180] entered parse_at([804ccd0,80549c4),804fbd9) function at 804fbd9 already parsed, status 3 [Parser.C:224] entered parse_at(80518a4) [Parser.C:180] entered parse_at([804ccd0,80549c4),80518a4) [Parser.C:1485] recording block [80518a4,80518a4) [Parser.C] ==== starting to parse frame 80518a4 ==== [Parser.C] parsing block 80518a4 [Parser.C:1274] curAddr 0x80518a4: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518a5: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518a7: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518a8: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518ab: call ffffb450 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffb450 + EIP + 5 to 0x80518ab...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x80518b0: add EBX, a750 [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518b6: lea EAX, EBX + 5e4 [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518bc: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518be: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518c1: setz AL [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518c4: movzx EAX, AL [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518c7: mov [EBP + fffffffffffffff0], EAX [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518ca: cmp [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518ce: jz 25 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80518a4,80518d0) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 25 + EIP + 2 to 0x80518ce...SUCCESS (CFT=0x80518f5) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80518ce->80518f5 resolveable_edge: 1, tailcall: 0, target: 80518f5 [ParserDetails.C:588] pushing 80518f5 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80518ce->80518d0 resolveable_edge: 1, tailcall: 0, target: 80518d0 [ParserDetails.C:588] pushing 80518d0 onto worklist [Parser.C:1485] recording block [80518f5,80518f5) [Parser.C] parsing block 80518f5 [Parser.C:1274] curAddr 0x80518f5: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518fc: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518ff: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051902: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051903: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051904: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80518f5,8051905) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8051904 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8051904...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [80518d0,80518d0) [Parser.C] parsing block 80518d0 [Parser.C:1274] curAddr 0x80518d0: lea EAX, EBX + ffffb0a8 [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518d6: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518d9: call 20df + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 20df + EIP + 5 to 0x80518d9...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80518d0,80518de) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80518d9->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80518d9->80518de resolveable_edge: 1, tailcall: 0, target: 80518de [ParserDetails.C:588] pushing 80518de onto worklist [Parser.C] binding call 80518d9->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80518de,80518de) [Parser.C] parsing block 80518de [Parser.C:1274] curAddr 0x80518de: mov EAX, [EBX + 6a8] [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518e4: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518e7: call 2ab9 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2ab9 + EIP + 5 to 0x80518e7...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [80518de,80518ec) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80518e7->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80518e7->80518ec resolveable_edge: 1, tailcall: 0, target: 80518ec [ParserDetails.C:588] pushing 80518ec onto worklist [Parser.C] binding call 80518e7->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [80518ec,80518ec) [Parser.C] parsing block 80518ec [Parser.C:1274] curAddr 0x80518ec: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called [Parser.C:1274] curAddr 0x80518f3: jmp 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_27_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 7 + EIP + 2 to 0x80518f3...SUCCESS (CFT=0x80518fc) [Parser.C:1485] recording block [80518ec,80518f5) Getting edges Checking for Tail Call jump to 0x80518fc is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 80518f3->80518fc resolveable_edge: 1, tailcall: 0, target: 80518fc [ParserDetails.C:588] pushing 80518fc onto worklist [Parser.C] address 80518fc splits [80518f5,8051905) (0x1dbdd90) [Parser.C:1485] recording block [80518fc,8051905) [Parser.C] skipping locally parsed target at 80518fc [Parser.C] frame 80518a4 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_27_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804cf36) [Parser.C:180] entered parse_at([804ccd0,80549c4),804cf36) [Parser.C:1485] recording block [804cf36,804cf36) [Parser.C] ==== starting to parse frame 804cf36 ==== [Parser.C] parsing block 804cf36 [Parser.C:1274] curAddr 0x804cf36: push EBP, ESP [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf37: mov EBP, ESP [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf39: push ESI, ESP [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf3a: push EBX, ESP [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf3b: sub ESP, 20 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf3e: call fffffdbd + EIP + 5 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffdbd + EIP + 5 to 0x804cf3e...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804cf43: add EBX, f0bd [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf49: lea EAX, EBX + ffff8a51 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf4f: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf53: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf56: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf59: call fffffc62 + EIP + 5 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffc62 + EIP + 5 to 0x804cf59...SUCCESS (CFT=0x804cbc0) [Parser.C:1485] recording block [804cf36,804cf5e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804cf59->804cbc0 resolveable_edge: 1, tailcall: 0, target: 804cbc0 [ParserDetails.C:588] pushing 804cbc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804cf59->804cf5e resolveable_edge: 1, tailcall: 0, target: 804cf5e [ParserDetails.C:588] pushing 804cf5e onto worklist [Parser.C] binding call 804cf59->804cbc0 [Parser.C] block 804cbc0 exists Checking non-returning for fopen [Parser.C:1485] recording block [804cf5e,804cf5e) [Parser.C] parsing block 804cf5e [Parser.C:1274] curAddr 0x804cf5e: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf61: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf65: jz 32 + EIP + 2 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cf5e,804cf67) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 32 + EIP + 2 to 0x804cf65...SUCCESS (CFT=0x804cf99) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804cf65->804cf99 resolveable_edge: 1, tailcall: 0, target: 804cf99 [ParserDetails.C:588] pushing 804cf99 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804cf65->804cf67 resolveable_edge: 1, tailcall: 0, target: 804cf67 [ParserDetails.C:588] pushing 804cf67 onto worklist [Parser.C:1485] recording block [804cf99,804cf99) [Parser.C] parsing block 804cf99 [Parser.C:1274] curAddr 0x804cf99: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf9f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cfa1: mov ESI, [EAX] [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cfa3: call fffffc48 + EIP + 5 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffc48 + EIP + 5 to 0x804cfa3...SUCCESS (CFT=0x804cbf0) [Parser.C:1485] recording block [804cf99,804cfa8) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804cfa3->804cbf0 resolveable_edge: 1, tailcall: 0, target: 804cbf0 [ParserDetails.C:588] pushing 804cbf0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804cfa3->804cfa8 resolveable_edge: 1, tailcall: 0, target: 804cfa8 [ParserDetails.C:588] pushing 804cfa8 onto worklist [Parser.C] binding call 804cfa3->804cbf0 [Parser.C] block 804cbf0 exists Checking non-returning for __errno_location [Parser.C:1485] recording block [804cfa8,804cfa8) [Parser.C] parsing block 804cfa8 [Parser.C:1274] curAddr 0x804cfa8: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cfaa: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cfad: call fffffb7e + EIP + 5 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffb7e + EIP + 5 to 0x804cfad...SUCCESS (CFT=0x804cb30) [Parser.C:1485] recording block [804cfa8,804cfb2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804cfad->804cb30 resolveable_edge: 1, tailcall: 0, target: 804cb30 [ParserDetails.C:588] pushing 804cb30 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804cfad->804cfb2 resolveable_edge: 1, tailcall: 0, target: 804cfb2 [ParserDetails.C:588] pushing 804cfb2 onto worklist [Parser.C] binding call 804cfad->804cb30 [Parser.C] block 804cb30 exists Checking non-returning for strerror [Parser.C:1485] recording block [804cfb2,804cfb2) [Parser.C] parsing block 804cfb2 [Parser.C:1274] curAddr 0x804cfb2: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cfb6: lea EAX, EBX + ffff8a2c [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cfbc: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cfc0: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cfc7: call ESI [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called IA_IAPI.C[847]: binding PC EIP in call ESI to 0x804cfc7...FAIL (CFT=0x0), callTarget exp: ESI ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804cfb2,804cfc9) Getting edges Returned 2 edges ... Call 0x804cfc7 is indirect ... Call 0x804cfc7 is indirect ... Call 0x804cfc7 is indirect 2 edges: ParserDetails.C[64]: adding call edge 804cfc7->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804cfc7->804cfc9 resolveable_edge: 1, tailcall: 0, target: 804cfc9 [ParserDetails.C:588] pushing 804cfc9 onto worklist [Parser.C:1485] recording block [804cfc9,804cfc9) [Parser.C] parsing block 804cfc9 [Parser.C:1274] curAddr 0x804cfc9: add ESP, 20 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cfcc: pop EBX, ESP [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cfcd: pop ESI, ESP [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cfce: pop EBP, ESP [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cfcf: ret near [ESP] [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cfc9,804cfd0) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804cfcf Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804cfcf...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804cf67,804cf67) [Parser.C] parsing block 804cf67 [Parser.C:1274] curAddr 0x804cf67: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf6a: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf6e: mov [ESP + 8], 2 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf76: mov [ESP + 4], 1 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf7e: lea EAX, EBX + ffff8a53 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf84: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf87: call fffffb44 + EIP + 5 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffb44 + EIP + 5 to 0x804cf87...SUCCESS (CFT=0x804cad0) [Parser.C:1485] recording block [804cf67,804cf8c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804cf87->804cad0 resolveable_edge: 1, tailcall: 0, target: 804cad0 [ParserDetails.C:588] pushing 804cad0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804cf87->804cf8c resolveable_edge: 1, tailcall: 0, target: 804cf8c [ParserDetails.C:588] pushing 804cf8c onto worklist [Parser.C] binding call 804cf87->804cad0 [ParseData.C] new function for target 804cad0 [Parser.C:1485] recording block [804cad0,804cad0) [suspend frame 804cf36] [Parser.C] frame 804cf36 blocked at 804cf87 call target 804cad0 [Parser.C] block 804cad0 exists [Parser.C] ==== starting to parse frame 804cad0 ==== [Parser.C] parsing block 804cad0 [Parser.C:1274] curAddr 0x804cad0: jmp [805c038] [Parser.C:1280] leaf 1 funcname targ804cad0 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c038] to 0x804cad0...FAIL (CFT=0x0), callTarget exp: [805c038] ... indirect jump at 0x804cad0, delay parsing it [Parser.C:1485] recording block [804cad0,804cad6) ... continue parse indirect jump at 804cad0 [Parser.C:1485] recording block [804cad0,804cad6) Getting edges ... indirect jump at 0x804cad0 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c038] at 0x804cad0 Apply indirect control flow analysis at 804cad0 Looking for thunk Looking for thunk in block [804cad0,804cad6).......WARNING: after advance at 0x804cad6, curInsn() NULL Expanding instruction @ 804cad0: jmp [805c038] Original expand: (<134594616:32>,) Adding assignment (@804cad0<[x86::eip]>[_805c038]) in instruction jmp [805c038] at 804cad0, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cad0, insn: jmp [805c038] Old fact for 804cad0: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cad0 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cad0<[x86::eip]>[_805c038]) Instruction: jmp [805c038] AST: (<134594616:64>,) Generate bound fact for Interval 0[134594616,134594616] 0[805c038,805c038], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594616:64>,) Apply relations2 to (<134594616:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594616,134594616] 0[805c038,805c038], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594616:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cad0 The fact from 804cad0 before applying transfer function Do not track predicate Var: , Interval 0[134594616,134594616] 0[805c038,805c038], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594616:64>,) No known value at the top of the stack Fact from 804cad0 after applying transfer function Do not track predicate Var: , Interval 0[134594616,134594616] 0[805c038,805c038], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594616:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594616,134594616] 0[805c038,805c038], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594616:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594616,134594616] 0[805c038,805c038], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c038 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cad0 (804cad0) No targets, exits func Adding block 0x804cad0 as exit 804cad0 extent [804cad0,804cad6) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c038] at 0x804cad0 in function targ804cad0 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cad0->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for fwrite [Parser.C] frame 804cad0 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] fwrite return status 2, no waiters [Parser.C] ==== resuming parse of frame 804cf36 ==== Checking non-returning for fwrite [Parser.C:1485] recording block [804cf8c,804cf8c) [Parser.C] parsing block 804cf8c [Parser.C:1274] curAddr 0x804cf8c: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf8f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called [Parser.C:1274] curAddr 0x804cf92: call fffffb09 + EIP + 5 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffb09 + EIP + 5 to 0x804cf92...SUCCESS (CFT=0x804caa0) [Parser.C:1485] recording block [804cf8c,804cf97) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804cf92->804caa0 resolveable_edge: 1, tailcall: 0, target: 804caa0 [ParserDetails.C:588] pushing 804caa0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804cf92->804cf97 resolveable_edge: 1, tailcall: 0, target: 804cf97 [ParserDetails.C:588] pushing 804cf97 onto worklist [Parser.C] binding call 804cf92->804caa0 [Parser.C] block 804caa0 exists Checking non-returning for fclose [Parser.C:1485] recording block [804cf97,804cf97) [Parser.C] parsing block 804cf97 [Parser.C:1274] curAddr 0x804cf97: jmp 30 + EIP + 2 [Parser.C:1280] leaf 1 funcname updateResumeLogCompleted hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 30 + EIP + 2 to 0x804cf97...SUCCESS (CFT=0x804cfc9) [Parser.C:1485] recording block [804cf97,804cf99) Getting edges Checking for Tail Call jump to 0x804cfc9 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804cf97->804cfc9 resolveable_edge: 1, tailcall: 0, target: 804cfc9 [ParserDetails.C:588] pushing 804cfc9 onto worklist [Parser.C] block 804cfc9 exists [Parser.C] skipping locally parsed target at 804cfc9 [Parser.C] frame 804cf36 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] updateResumeLogCompleted return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804dee4) [Parser.C:180] entered parse_at([804ccd0,80549c4),804dee4) [Parser.C:1485] recording block [804dee4,804dee4) [Parser.C] ==== starting to parse frame 804dee4 ==== [Parser.C] parsing block 804dee4 [Parser.C:1274] curAddr 0x804dee4: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called [Parser.C:1274] curAddr 0x804dee5: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called [Parser.C:1274] curAddr 0x804dee7: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called [Parser.C:1274] curAddr 0x804dee8: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called [Parser.C:1274] curAddr 0x804deeb: call ffffee10 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffee10 + EIP + 5 to 0x804deeb...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804def0: add EBX, e110 [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called [Parser.C:1274] curAddr 0x804def6: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called [Parser.C:1274] curAddr 0x804defc: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called [Parser.C:1274] curAddr 0x804defe: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called [Parser.C:1274] curAddr 0x804df00: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dee4,804df02) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804df00...SUCCESS (CFT=0x804df10) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804df00->804df10 resolveable_edge: 1, tailcall: 0, target: 804df10 [ParserDetails.C:588] pushing 804df10 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804df00->804df02 resolveable_edge: 1, tailcall: 0, target: 804df02 [ParserDetails.C:588] pushing 804df02 onto worklist [Parser.C:1485] recording block [804df10,804df10) [Parser.C] parsing block 804df10 [Parser.C:1274] curAddr 0x804df10: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called [Parser.C:1274] curAddr 0x804df13: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called [Parser.C:1274] curAddr 0x804df14: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called [Parser.C:1274] curAddr 0x804df15: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804df10,804df16) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804df15 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804df15...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804df02,804df02) [Parser.C] parsing block 804df02 [Parser.C:1274] curAddr 0x804df02: lea EAX, EBX + ffff914c [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called [Parser.C:1274] curAddr 0x804df08: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called [Parser.C:1274] curAddr 0x804df0b: call ffffec10 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_3_func3_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffec10 + EIP + 5 to 0x804df0b...SUCCESS (CFT=0x804cb20) [Parser.C:1485] recording block [804df02,804df10) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804df0b->804cb20 resolveable_edge: 1, tailcall: 0, target: 804cb20 [ParserDetails.C:588] pushing 804cb20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804df0b->804df10 resolveable_edge: 1, tailcall: 0, target: 804df10 [ParserDetails.C:588] pushing 804df10 onto worklist [Parser.C] binding call 804df0b->804cb20 [Parser.C] block 804cb20 exists Checking non-returning for puts [Parser.C] block 804df10 exists [Parser.C] skipping locally parsed target at 804df10 [Parser.C] frame 804dee4 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_3_func3_1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80507a4) [Parser.C:180] entered parse_at([804ccd0,80549c4),80507a4) [Parser.C:1485] recording block [80507a4,80507a4) [Parser.C] ==== starting to parse frame 80507a4 ==== [Parser.C] parsing block 80507a4 [Parser.C:1274] curAddr 0x80507a4: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called [Parser.C:1274] curAddr 0x80507a5: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called [Parser.C:1274] curAddr 0x80507a7: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called [Parser.C:1274] curAddr 0x80507a8: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called [Parser.C:1274] curAddr 0x80507ab: call ffffc550 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffc550 + EIP + 5 to 0x80507ab...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x80507b0: add EBX, b850 [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called [Parser.C:1274] curAddr 0x80507b6: lea EAX, EBX + ffffa884 [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called [Parser.C:1274] curAddr 0x80507bc: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called [Parser.C:1274] curAddr 0x80507bf: call 31f9 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 31f9 + EIP + 5 to 0x80507bf...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80507a4,80507c4) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80507bf->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80507bf->80507c4 resolveable_edge: 1, tailcall: 0, target: 80507c4 [ParserDetails.C:588] pushing 80507c4 onto worklist [Parser.C] binding call 80507bf->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80507c4,80507c4) [Parser.C] parsing block 80507c4 [Parser.C:1274] curAddr 0x80507c4: mov EAX, [EBX + 544] [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called [Parser.C:1274] curAddr 0x80507ca: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called [Parser.C:1274] curAddr 0x80507cd: call 3bd3 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3bd3 + EIP + 5 to 0x80507cd...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [80507c4,80507d2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80507cd->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80507cd->80507d2 resolveable_edge: 1, tailcall: 0, target: 80507d2 [ParserDetails.C:588] pushing 80507d2 onto worklist [Parser.C] binding call 80507cd->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [80507d2,80507d2) [Parser.C] parsing block 80507d2 [Parser.C:1274] curAddr 0x80507d2: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called [Parser.C:1274] curAddr 0x80507d7: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called [Parser.C:1274] curAddr 0x80507da: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called [Parser.C:1274] curAddr 0x80507db: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called [Parser.C:1274] curAddr 0x80507dc: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_21_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80507d2,80507dd) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80507dc Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80507dc...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 80507a4 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_21_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052b0d) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052b0d) [Parser.C:1485] recording block [8052b0d,8052b0d) [Parser.C] ==== starting to parse frame 8052b0d ==== [Parser.C] parsing block 8052b0d [Parser.C:1274] curAddr 0x8052b0d: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C:1274] curAddr 0x8052b0e: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C:1274] curAddr 0x8052b10: sub ESP, 18 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C:1274] curAddr 0x8052b13: call 6d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 6d + EIP + 5 to 0x8052b13...SUCCESS (CFT=0x8052b85) [Parser.C:1485] recording block [8052b0d,8052b18) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052b13->8052b85 resolveable_edge: 1, tailcall: 0, target: 8052b85 [ParserDetails.C:588] pushing 8052b85 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052b13->8052b18 resolveable_edge: 1, tailcall: 0, target: 8052b18 [ParserDetails.C:588] pushing 8052b18 onto worklist [Parser.C] binding call 8052b13->8052b85 [Parser.C] block 8052b85 exists Checking non-returning for funCall38_1 [Parser.C:1485] recording block [8052b18,8052b18) [Parser.C] parsing block 8052b18 [Parser.C:1274] curAddr 0x8052b18: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C:1274] curAddr 0x8052b1f: jmp 57 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 57 + EIP + 2 to 0x8052b1f...SUCCESS (CFT=0x8052b78) [Parser.C:1485] recording block [8052b18,8052b21) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8052b1f->8052b78 resolveable_edge: 1, tailcall: 0, target: 8052b78 [ParserDetails.C:588] pushing 8052b78 onto worklist [Parser.C:1485] recording block [8052b78,8052b78) [Parser.C] parsing block 8052b78 [Parser.C:1274] curAddr 0x8052b78: cmp [EBP + fffffffffffffff4], 31 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C:1274] curAddr 0x8052b7c: jle ffffffffffffffa3 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052b78,8052b7e) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffa3 + EIP + 2 to 0x8052b7c...SUCCESS (CFT=0x8052b21) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052b7c->8052b21 resolveable_edge: 1, tailcall: 0, target: 8052b21 [ParserDetails.C:588] pushing 8052b21 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052b7c->8052b7e resolveable_edge: 1, tailcall: 0, target: 8052b7e [ParserDetails.C:588] pushing 8052b7e onto worklist [Parser.C:1485] recording block [8052b21,8052b21) [Parser.C] parsing block 8052b21 [Parser.C:1274] curAddr 0x8052b21: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C:1274] curAddr 0x8052b24: mov [EBP + fffffffffffffff0], EAX [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C:1274] curAddr 0x8052b27: call 78 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 78 + EIP + 5 to 0x8052b27...SUCCESS (CFT=0x8052ba4) [Parser.C:1485] recording block [8052b21,8052b2c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052b27->8052ba4 resolveable_edge: 1, tailcall: 0, target: 8052ba4 [ParserDetails.C:588] pushing 8052ba4 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052b27->8052b2c resolveable_edge: 1, tailcall: 0, target: 8052b2c [ParserDetails.C:588] pushing 8052b2c onto worklist [Parser.C] binding call 8052b27->8052ba4 [Parser.C] block 8052ba4 exists Checking non-returning for funCall38_2 [Parser.C:1485] recording block [8052b2c,8052b2c) [Parser.C] parsing block 8052b2c [Parser.C:1274] curAddr 0x8052b2c: mov [EBP + ffffffffffffffec], 0 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C:1274] curAddr 0x8052b33: jmp 1e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 1e + EIP + 2 to 0x8052b33...SUCCESS (CFT=0x8052b53) [Parser.C:1485] recording block [8052b2c,8052b35) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8052b33->8052b53 resolveable_edge: 1, tailcall: 0, target: 8052b53 [ParserDetails.C:588] pushing 8052b53 onto worklist [Parser.C:1485] recording block [8052b7e,8052b7e) [Parser.C] parsing block 8052b7e [Parser.C:1274] curAddr 0x8052b7e: call bc + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call bc + EIP + 5 to 0x8052b7e...SUCCESS (CFT=0x8052c3f) [Parser.C:1485] recording block [8052b7e,8052b83) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052b7e->8052c3f resolveable_edge: 1, tailcall: 0, target: 8052c3f [ParserDetails.C:588] pushing 8052c3f onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052b7e->8052b83 resolveable_edge: 1, tailcall: 0, target: 8052b83 [ParserDetails.C:588] pushing 8052b83 onto worklist [Parser.C] binding call 8052b7e->8052c3f [Parser.C] block 8052c3f exists Checking non-returning for funCall38_7 [Parser.C:1485] recording block [8052b83,8052b83) [Parser.C] parsing block 8052b83 [Parser.C:1274] curAddr 0x8052b83: leave [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C:1274] curAddr 0x8052b84: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052b83,8052b85) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052b84 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052b84...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8052b53,8052b53) [Parser.C] parsing block 8052b53 [Parser.C:1274] curAddr 0x8052b53: cmp [EBP + fffffffffffffff4], 63 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C:1274] curAddr 0x8052b57: jle ffffffffffffffdc + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052b53,8052b59) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffdc + EIP + 2 to 0x8052b57...SUCCESS (CFT=0x8052b35) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052b57->8052b35 resolveable_edge: 1, tailcall: 0, target: 8052b35 [ParserDetails.C:588] pushing 8052b35 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052b57->8052b59 resolveable_edge: 1, tailcall: 0, target: 8052b59 [ParserDetails.C:588] pushing 8052b59 onto worklist [Parser.C:1485] recording block [8052b35,8052b35) [Parser.C] parsing block 8052b35 [Parser.C:1274] curAddr 0x8052b35: mov [EBP + ffffffffffffffe8], 0 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C:1274] curAddr 0x8052b3c: jmp 9 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 9 + EIP + 2 to 0x8052b3c...SUCCESS (CFT=0x8052b47) [Parser.C:1485] recording block [8052b35,8052b3e) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8052b3c->8052b47 resolveable_edge: 1, tailcall: 0, target: 8052b47 [ParserDetails.C:588] pushing 8052b47 onto worklist [Parser.C:1485] recording block [8052b59,8052b59) [Parser.C] parsing block 8052b59 [Parser.C:1274] curAddr 0x8052b59: call 84 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 84 + EIP + 5 to 0x8052b59...SUCCESS (CFT=0x8052be2) [Parser.C:1485] recording block [8052b59,8052b5e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052b59->8052be2 resolveable_edge: 1, tailcall: 0, target: 8052be2 [ParserDetails.C:588] pushing 8052be2 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052b59->8052b5e resolveable_edge: 1, tailcall: 0, target: 8052b5e [ParserDetails.C:588] pushing 8052b5e onto worklist [Parser.C] binding call 8052b59->8052be2 [Parser.C] block 8052be2 exists Checking non-returning for funCall38_4 [Parser.C:1485] recording block [8052b5e,8052b5e) [Parser.C] parsing block 8052b5e [Parser.C:1274] curAddr 0x8052b5e: jmp 9 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 9 + EIP + 2 to 0x8052b5e...SUCCESS (CFT=0x8052b69) [Parser.C:1485] recording block [8052b5e,8052b60) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8052b5e->8052b69 resolveable_edge: 1, tailcall: 0, target: 8052b69 [ParserDetails.C:588] pushing 8052b69 onto worklist [Parser.C:1485] recording block [8052b47,8052b47) [Parser.C] parsing block 8052b47 [Parser.C:1274] curAddr 0x8052b47: mov EAX, [EBP + ffffffffffffffe8] [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C:1274] curAddr 0x8052b4a: cmp EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C:1274] curAddr 0x8052b4d: jl ffffffffffffffef + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052b47,8052b4f) Getting edges IA_IAPI.C[847]: binding PC EIP in jl ffffffffffffffef + EIP + 2 to 0x8052b4d...SUCCESS (CFT=0x8052b3e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052b4d->8052b3e resolveable_edge: 1, tailcall: 0, target: 8052b3e [ParserDetails.C:588] pushing 8052b3e onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052b4d->8052b4f resolveable_edge: 1, tailcall: 0, target: 8052b4f [ParserDetails.C:588] pushing 8052b4f onto worklist [Parser.C:1485] recording block [8052b3e,8052b3e) [Parser.C] parsing block 8052b3e [Parser.C:1274] curAddr 0x8052b3e: call 80 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 80 + EIP + 5 to 0x8052b3e...SUCCESS (CFT=0x8052bc3) [Parser.C:1485] recording block [8052b3e,8052b43) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052b3e->8052bc3 resolveable_edge: 1, tailcall: 0, target: 8052bc3 [ParserDetails.C:588] pushing 8052bc3 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052b3e->8052b43 resolveable_edge: 1, tailcall: 0, target: 8052b43 [ParserDetails.C:588] pushing 8052b43 onto worklist [Parser.C] binding call 8052b3e->8052bc3 [Parser.C] block 8052bc3 exists Checking non-returning for funCall38_3 [Parser.C:1485] recording block [8052b43,8052b43) [Parser.C] parsing block 8052b43 [Parser.C:1274] curAddr 0x8052b43: add [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C] straight-line parse into block at 8052b47 [Parser.C:1485] recording block [8052b43,8052b47) [Parser.C] block 8052b47 exists [Parser.C:1485] recording block [8052b4f,8052b4f) [Parser.C] parsing block 8052b4f [Parser.C:1274] curAddr 0x8052b4f: add [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C] straight-line parse into block at 8052b53 [Parser.C:1485] recording block [8052b4f,8052b53) [Parser.C] block 8052b53 exists [Parser.C:1485] recording block [8052b69,8052b69) [Parser.C] parsing block 8052b69 [Parser.C:1274] curAddr 0x8052b69: cmp [EBP + fffffffffffffff0], 63 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C:1274] curAddr 0x8052b6d: jle fffffffffffffff1 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052b69,8052b6f) Getting edges IA_IAPI.C[847]: binding PC EIP in jle fffffffffffffff1 + EIP + 2 to 0x8052b6d...SUCCESS (CFT=0x8052b60) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052b6d->8052b60 resolveable_edge: 1, tailcall: 0, target: 8052b60 [ParserDetails.C:588] pushing 8052b60 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052b6d->8052b6f resolveable_edge: 1, tailcall: 0, target: 8052b6f [ParserDetails.C:588] pushing 8052b6f onto worklist [Parser.C:1485] recording block [8052b60,8052b60) [Parser.C] parsing block 8052b60 [Parser.C:1274] curAddr 0x8052b60: call 9c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 9c + EIP + 5 to 0x8052b60...SUCCESS (CFT=0x8052c01) [Parser.C:1485] recording block [8052b60,8052b65) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052b60->8052c01 resolveable_edge: 1, tailcall: 0, target: 8052c01 [ParserDetails.C:588] pushing 8052c01 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052b60->8052b65 resolveable_edge: 1, tailcall: 0, target: 8052b65 [ParserDetails.C:588] pushing 8052b65 onto worklist [Parser.C] binding call 8052b60->8052c01 [Parser.C] block 8052c01 exists Checking non-returning for funCall38_5 [Parser.C:1485] recording block [8052b65,8052b65) [Parser.C] parsing block 8052b65 [Parser.C:1274] curAddr 0x8052b65: add [EBP + fffffffffffffff0], 1 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C] straight-line parse into block at 8052b69 [Parser.C:1485] recording block [8052b65,8052b69) [Parser.C] block 8052b69 exists [Parser.C:1485] recording block [8052b6f,8052b6f) [Parser.C] parsing block 8052b6f [Parser.C:1274] curAddr 0x8052b6f: call ac + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ac + EIP + 5 to 0x8052b6f...SUCCESS (CFT=0x8052c20) [Parser.C:1485] recording block [8052b6f,8052b74) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052b6f->8052c20 resolveable_edge: 1, tailcall: 0, target: 8052c20 [ParserDetails.C:588] pushing 8052c20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052b6f->8052b74 resolveable_edge: 1, tailcall: 0, target: 8052b74 [ParserDetails.C:588] pushing 8052b74 onto worklist [Parser.C] binding call 8052b6f->8052c20 [Parser.C] block 8052c20 exists Checking non-returning for funCall38_6 [Parser.C:1485] recording block [8052b74,8052b74) [Parser.C] parsing block 8052b74 [Parser.C:1274] curAddr 0x8052b74: add [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_38_call1 hasCFT called [Parser.C] straight-line parse into block at 8052b78 [Parser.C:1485] recording block [8052b74,8052b78) [Parser.C] block 8052b78 exists [Parser.C] frame 8052b0d complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_38_call1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804fc11) [Parser.C:180] entered parse_at([804ccd0,80549c4),804fc11) [Parser.C:1485] recording block [804fc11,804fc11) [Parser.C] ==== starting to parse frame 804fc11 ==== [Parser.C] parsing block 804fc11 [Parser.C:1274] curAddr 0x804fc11: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc12: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc14: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc15: sub ESP, 34 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc18: call ffffd0e3 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd0e3 + EIP + 5 to 0x804fc18...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804fc1d: add EBX, c3e3 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc23: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc29: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc2b: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc2d: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fc11,804fc2f) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804fc2d...SUCCESS (CFT=0x804fc44) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fc2d->804fc44 resolveable_edge: 1, tailcall: 0, target: 804fc44 [ParserDetails.C:588] pushing 804fc44 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fc2d->804fc2f resolveable_edge: 1, tailcall: 0, target: 804fc2f [ParserDetails.C:588] pushing 804fc2f onto worklist [Parser.C:1485] recording block [804fc44,804fc44) [Parser.C] parsing block 804fc44 [Parser.C:1274] curAddr 0x804fc44: cmp [EBP + 8], 0 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc48: jnz 2a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fc44,804fc4a) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 2a + EIP + 2 to 0x804fc48...SUCCESS (CFT=0x804fc74) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fc48->804fc74 resolveable_edge: 1, tailcall: 0, target: 804fc74 [ParserDetails.C:588] pushing 804fc74 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fc48->804fc4a resolveable_edge: 1, tailcall: 0, target: 804fc4a [ParserDetails.C:588] pushing 804fc4a onto worklist [Parser.C:1485] recording block [804fc74,804fc74) [Parser.C] parsing block 804fc74 [Parser.C:1274] curAddr 0x804fc74: cmp [EBP + 8], 1 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc78: jz 2a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fc74,804fc7a) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 2a + EIP + 2 to 0x804fc78...SUCCESS (CFT=0x804fca4) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fc78->804fca4 resolveable_edge: 1, tailcall: 0, target: 804fca4 [ParserDetails.C:588] pushing 804fca4 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fc78->804fc7a resolveable_edge: 1, tailcall: 0, target: 804fc7a [ParserDetails.C:588] pushing 804fc7a onto worklist [Parser.C:1485] recording block [804fca4,804fca4) [Parser.C] parsing block 804fca4 [Parser.C:1274] curAddr 0x804fca4: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fca7: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcaa: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcad: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcb0: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcb2: mov [EBP + fffffffffffffff0], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcb5: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcb8: imul EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcbc: mov [EBP + ffffffffffffffec], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcbf: mov EAX, [EBP + ffffffffffffffec] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcc2: cdq EDX, EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcc3: idiv EDX, EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcc6: mov [EBP + ffffffffffffffe8], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcc9: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fccc: mov EDX, [EBP + ffffffffffffffe8] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fccf: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcd1: mov [EBP + ffffffffffffffe4], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcd4: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcd7: mov EDX, [EBP + ffffffffffffffe4] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcda: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcdc: mov [EBP + ffffffffffffffe0], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcdf: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fce2: mov EDX, [EBP + ffffffffffffffe0] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fce5: add EAX, EDX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fce7: mov [EBP + ffffffffffffffdc], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcea: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcf0: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcf2: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcf4: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fca4,804fcf6) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804fcf4...SUCCESS (CFT=0x804fd0b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fcf4->804fd0b resolveable_edge: 1, tailcall: 0, target: 804fd0b [ParserDetails.C:588] pushing 804fd0b onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fcf4->804fcf6 resolveable_edge: 1, tailcall: 0, target: 804fcf6 [ParserDetails.C:588] pushing 804fcf6 onto worklist [Parser.C:1485] recording block [804fd0b,804fd0b) [Parser.C] parsing block 804fd0b [Parser.C:1274] curAddr 0x804fd0b: mov EAX, [EBP + ffffffffffffffdc] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fd0e: add ESP, 34 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fd11: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fd12: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fd13: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fd0b,804fd14) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804fd13 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804fd13...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804fc2f,804fc2f) [Parser.C] parsing block 804fc2f [Parser.C:1274] curAddr 0x804fc2f: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc32: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc36: lea EAX, EBX + ffffa3c9 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc3c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc3f: call ffffce0c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffce0c + EIP + 5 to 0x804fc3f...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [804fc2f,804fc44) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fc3f->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fc3f->804fc44 resolveable_edge: 1, tailcall: 0, target: 804fc44 [ParserDetails.C:588] pushing 804fc44 onto worklist [Parser.C] binding call 804fc3f->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 804fc44 exists [Parser.C] skipping locally parsed target at 804fc44 [Parser.C:1485] recording block [804fc4a,804fc4a) [Parser.C] parsing block 804fc4a [Parser.C:1274] curAddr 0x804fc4a: lea EAX, EBX + ffffa49f [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc50: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc54: mov [ESP + 8], 7a [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc5c: lea EAX, EBX + ffffa3e4 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc62: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc66: lea EAX, EBX + ffffa449 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc6c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc6f: call ffffd04c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd04c + EIP + 5 to 0x804fc6f...SUCCESS (CFT=0x804ccc0) [Parser.C:1485] recording block [804fc4a,804fc74) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fc6f->804ccc0 resolveable_edge: 1, tailcall: 0, target: 804ccc0 [ParserDetails.C:588] pushing 804ccc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fc6f->804fc74 resolveable_edge: 1, tailcall: 0, target: 804fc74 [ParserDetails.C:588] pushing 804fc74 onto worklist [Parser.C] binding call 804fc6f->804ccc0 [Parser.C] block 804ccc0 exists Checking non-returning for __assert_fail Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804ccc0 at 804fc6f [Parser.C:1485] recording block [804fc7a,804fc7a) [Parser.C] parsing block 804fc7a [Parser.C:1274] curAddr 0x804fc7a: lea EAX, EBX + ffffa49f [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc80: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc84: mov [ESP + 8], 7b [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc8c: lea EAX, EBX + ffffa3e4 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc92: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc96: lea EAX, EBX + ffffa44f [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc9c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fc9f: call ffffd01c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd01c + EIP + 5 to 0x804fc9f...SUCCESS (CFT=0x804ccc0) [Parser.C:1485] recording block [804fc7a,804fca4) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fc9f->804ccc0 resolveable_edge: 1, tailcall: 0, target: 804ccc0 [ParserDetails.C:588] pushing 804ccc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fc9f->804fca4 resolveable_edge: 1, tailcall: 0, target: 804fca4 [ParserDetails.C:588] pushing 804fca4 onto worklist [Parser.C] binding call 804fc9f->804ccc0 [Parser.C] block 804ccc0 exists Checking non-returning for __assert_fail Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804ccc0 at 804fc9f [Parser.C:1485] recording block [804fcf6,804fcf6) [Parser.C] parsing block 804fcf6 [Parser.C:1274] curAddr 0x804fcf6: mov EAX, [EBP + ffffffffffffffdc] [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcf9: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fcfd: lea EAX, EBX + ffffa455 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fd03: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called [Parser.C:1274] curAddr 0x804fd06: call ffffcd45 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffcd45 + EIP + 5 to 0x804fd06...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [804fcf6,804fd0b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fd06->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fd06->804fd0b resolveable_edge: 1, tailcall: 0, target: 804fd0b [ParserDetails.C:588] pushing 804fd0b onto worklist [Parser.C] binding call 804fd06->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 804fd0b exists [Parser.C] skipping locally parsed target at 804fd0b [Parser.C] frame 804fc11 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_17_call1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804df96) [Parser.C:180] entered parse_at([804ccd0,80549c4),804df96) [Parser.C:1485] recording block [804df96,804df96) [Parser.C] ==== starting to parse frame 804df96 ==== [Parser.C] parsing block 804df96 [Parser.C:1274] curAddr 0x804df96: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804df97: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804df99: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804df9a: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804df9d: call ffffed5e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffed5e + EIP + 5 to 0x804df9d...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804dfa2: add EBX, e05e [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dfa8: call ffffff37 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffff37 + EIP + 5 to 0x804dfa8...SUCCESS (CFT=0x804dee4) [Parser.C:1485] recording block [804df96,804dfad) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dfa8->804dee4 resolveable_edge: 1, tailcall: 0, target: 804dee4 [ParserDetails.C:588] pushing 804dee4 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dfa8->804dfad resolveable_edge: 1, tailcall: 0, target: 804dfad [ParserDetails.C:588] pushing 804dfad onto worklist [Parser.C] binding call 804dfa8->804dee4 [Parser.C] block 804dee4 exists Checking non-returning for test1_3_func3_1 Checking non-returning for test1_3_func3_1 [Parser.C:1485] recording block [804dfad,804dfad) [Parser.C] parsing block 804dfad [Parser.C:1274] curAddr 0x804dfad: mov EAX, [EBX + 7e0] [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dfb3: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dfb5: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dfad,804dfb7) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x804dfb5...SUCCESS (CFT=0x804dfcc) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804dfb5->804dfcc resolveable_edge: 1, tailcall: 0, target: 804dfcc [ParserDetails.C:588] pushing 804dfcc onto worklist ParserDetails.C[80]: adding conditional not taken edge 804dfb5->804dfb7 resolveable_edge: 1, tailcall: 0, target: 804dfb7 [ParserDetails.C:588] pushing 804dfb7 onto worklist [Parser.C:1485] recording block [804dfcc,804dfcc) [Parser.C] parsing block 804dfcc [Parser.C:1274] curAddr 0x804dfcc: mov EAX, [EBX + 7e4] [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dfd2: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dfd4: jnz 1c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dfcc,804dfd6) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 1c + EIP + 2 to 0x804dfd4...SUCCESS (CFT=0x804dff2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804dfd4->804dff2 resolveable_edge: 1, tailcall: 0, target: 804dff2 [ParserDetails.C:588] pushing 804dff2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804dfd4->804dfd6 resolveable_edge: 1, tailcall: 0, target: 804dfd6 [ParserDetails.C:588] pushing 804dfd6 onto worklist [Parser.C:1485] recording block [804dff2,804dff2) [Parser.C] parsing block 804dff2 [Parser.C:1274] curAddr 0x804dff2: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dff7: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dffa: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dffb: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dffc: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dff2,804dffd) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804dffc Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804dffc...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804dfb7,804dfb7) [Parser.C] parsing block 804dfb7 [Parser.C:1274] curAddr 0x804dfb7: mov EAX, [EBX + 388] [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dfbd: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dfc0: call 63e0 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 63e0 + EIP + 5 to 0x804dfc0...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [804dfb7,804dfc5) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dfc0->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dfc0->804dfc5 resolveable_edge: 1, tailcall: 0, target: 804dfc5 [ParserDetails.C:588] pushing 804dfc5 onto worklist [Parser.C] binding call 804dfc0->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [804dfc5,804dfc5) [Parser.C] parsing block 804dfc5 [Parser.C:1274] curAddr 0x804dfc5: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dfca: jmp 2b + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 2b + EIP + 2 to 0x804dfca...SUCCESS (CFT=0x804dff7) [Parser.C:1485] recording block [804dfc5,804dfcc) Getting edges Checking for Tail Call jump to 0x804dff7 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804dfca->804dff7 resolveable_edge: 1, tailcall: 0, target: 804dff7 [ParserDetails.C:588] pushing 804dff7 onto worklist [Parser.C:1485] recording block [804dfd6,804dfd6) [Parser.C] parsing block 804dfd6 [Parser.C:1274] curAddr 0x804dfd6: lea EAX, EBX + ffff9194 [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dfdc: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dfdf: call 59d9 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 59d9 + EIP + 5 to 0x804dfdf...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804dfd6,804dfe4) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dfdf->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dfdf->804dfe4 resolveable_edge: 1, tailcall: 0, target: 804dfe4 [ParserDetails.C:588] pushing 804dfe4 onto worklist [Parser.C] binding call 804dfdf->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [804dfe4,804dfe4) [Parser.C] parsing block 804dfe4 [Parser.C:1274] curAddr 0x804dfe4: lea EAX, EBX + ffff9204 [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dfea: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called [Parser.C:1274] curAddr 0x804dfed: call 59cb + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_3_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 59cb + EIP + 5 to 0x804dfed...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [804dfe4,804dff2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dfed->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dfed->804dff2 resolveable_edge: 1, tailcall: 0, target: 804dff2 [ParserDetails.C:588] pushing 804dff2 onto worklist [Parser.C] binding call 804dfed->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C] block 804dff2 exists [Parser.C] skipping locally parsed target at 804dff2 [Parser.C] address 804dff7 splits [804dff2,804dffd) (0x1dc3fd0) [Parser.C:1485] recording block [804dff7,804dffd) [Parser.C] skipping locally parsed target at 804dff7 [Parser.C] frame 804df96 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_3_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(805238d) [Parser.C:180] entered parse_at([804ccd0,80549c4),805238d) [Parser.C:1485] recording block [805238d,805238d) [Parser.C] ==== starting to parse frame 805238d ==== [Parser.C] parsing block 805238d [Parser.C:1274] curAddr 0x805238d: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x805238e: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052390: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052391: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052394: call ffffa967 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffa967 + EIP + 5 to 0x8052394...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052399: add EBX, 9c67 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x805239f: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523a6: jmp b8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp b8 + EIP + 5 to 0x80523a6...SUCCESS (CFT=0x8052463) [Parser.C:1485] recording block [805238d,80523ab) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 80523a6->8052463 resolveable_edge: 1, tailcall: 0, target: 8052463 [ParserDetails.C:588] pushing 8052463 onto worklist [Parser.C:1485] recording block [8052463,8052463) [Parser.C] parsing block 8052463 [Parser.C:1274] curAddr 0x8052463: cmp [EBP + fffffffffffffff4], 9 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052467: jle ffffff3e + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052463,805246d) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffff3e + EIP + 6 to 0x8052467...SUCCESS (CFT=0x80523ab) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052467->80523ab resolveable_edge: 1, tailcall: 0, target: 80523ab [ParserDetails.C:588] pushing 80523ab onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052467->805246d resolveable_edge: 1, tailcall: 0, target: 805246d [ParserDetails.C:588] pushing 805246d onto worklist [Parser.C:1485] recording block [80523ab,80523ab) [Parser.C] parsing block 80523ab [Parser.C:1274] curAddr 0x80523ab: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523b1: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523b3: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523b5: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80523ab,80523b7) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x80523b5...SUCCESS (CFT=0x80523cc) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80523b5->80523cc resolveable_edge: 1, tailcall: 0, target: 80523cc [ParserDetails.C:588] pushing 80523cc onto worklist ParserDetails.C[80]: adding conditional not taken edge 80523b5->80523b7 resolveable_edge: 1, tailcall: 0, target: 80523b7 [ParserDetails.C:588] pushing 80523b7 onto worklist [Parser.C:1485] recording block [80523cc,80523cc) [Parser.C] parsing block 80523cc [Parser.C:1274] curAddr 0x80523cc: mov [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523d3: jmp 59 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 59 + EIP + 2 to 0x80523d3...SUCCESS (CFT=0x805242e) [Parser.C:1485] recording block [80523cc,80523d5) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 80523d3->805242e resolveable_edge: 1, tailcall: 0, target: 805242e [ParserDetails.C:588] pushing 805242e onto worklist [Parser.C:1485] recording block [80523b7,80523b7) [Parser.C] parsing block 80523b7 [Parser.C:1274] curAddr 0x80523b7: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523ba: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523be: lea EAX, EBX + ffffb780 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523c4: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523c7: call ffffa684 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffa684 + EIP + 5 to 0x80523c7...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [80523b7,80523cc) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80523c7->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80523c7->80523cc resolveable_edge: 1, tailcall: 0, target: 80523cc [ParserDetails.C:588] pushing 80523cc onto worklist [Parser.C] binding call 80523c7->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 80523cc exists [Parser.C] skipping locally parsed target at 80523cc [Parser.C:1485] recording block [805246d,805246d) [Parser.C] parsing block 805246d [Parser.C:1274] curAddr 0x805246d: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052470: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052471: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052472: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [805246d,8052473) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052472 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052472...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [805242e,805242e) [Parser.C] parsing block 805242e [Parser.C:1274] curAddr 0x805242e: cmp [EBP + fffffffffffffff0], 9 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052432: jle ffffffffffffffa1 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [805242e,8052434) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffa1 + EIP + 2 to 0x8052432...SUCCESS (CFT=0x80523d5) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052432->80523d5 resolveable_edge: 1, tailcall: 0, target: 80523d5 [ParserDetails.C:588] pushing 80523d5 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052432->8052434 resolveable_edge: 1, tailcall: 0, target: 8052434 [ParserDetails.C:588] pushing 8052434 onto worklist [Parser.C:1485] recording block [80523d5,80523d5) [Parser.C] parsing block 80523d5 [Parser.C:1274] curAddr 0x80523d5: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523db: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523dd: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523df: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80523d5,80523e1) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x80523df...SUCCESS (CFT=0x80523f6) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80523df->80523f6 resolveable_edge: 1, tailcall: 0, target: 80523f6 [ParserDetails.C:588] pushing 80523f6 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80523df->80523e1 resolveable_edge: 1, tailcall: 0, target: 80523e1 [ParserDetails.C:588] pushing 80523e1 onto worklist [Parser.C:1485] recording block [80523f6,80523f6) [Parser.C] parsing block 80523f6 [Parser.C:1274] curAddr 0x80523f6: mov [EBP + ffffffffffffffec], 0 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523fd: jmp 25 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 25 + EIP + 2 to 0x80523fd...SUCCESS (CFT=0x8052424) [Parser.C:1485] recording block [80523f6,80523ff) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 80523fd->8052424 resolveable_edge: 1, tailcall: 0, target: 8052424 [ParserDetails.C:588] pushing 8052424 onto worklist [Parser.C:1485] recording block [80523e1,80523e1) [Parser.C] parsing block 80523e1 [Parser.C:1274] curAddr 0x80523e1: mov EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523e4: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523e8: lea EAX, EBX + ffffb788 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523ee: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x80523f1: call ffffa65a + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffa65a + EIP + 5 to 0x80523f1...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [80523e1,80523f6) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80523f1->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80523f1->80523f6 resolveable_edge: 1, tailcall: 0, target: 80523f6 [ParserDetails.C:588] pushing 80523f6 onto worklist [Parser.C] binding call 80523f1->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 80523f6 exists [Parser.C] skipping locally parsed target at 80523f6 [Parser.C:1485] recording block [8052434,8052434) [Parser.C] parsing block 8052434 [Parser.C:1274] curAddr 0x8052434: add [EBP + fffffffffffffff0], 1 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052438: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x805243e: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052440: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052442: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052434,8052444) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x8052442...SUCCESS (CFT=0x8052459) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052442->8052459 resolveable_edge: 1, tailcall: 0, target: 8052459 [ParserDetails.C:588] pushing 8052459 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052442->8052444 resolveable_edge: 1, tailcall: 0, target: 8052444 [ParserDetails.C:588] pushing 8052444 onto worklist [Parser.C:1485] recording block [8052459,8052459) [Parser.C] parsing block 8052459 [Parser.C:1274] curAddr 0x8052459: cmp [EBP + fffffffffffffff0], 9 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x805245d: jle ffffffffffffffd5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052459,805245f) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffd5 + EIP + 2 to 0x805245d...SUCCESS (CFT=0x8052434) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x8052434 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 805245d->8052434 resolveable_edge: 1, tailcall: 0, target: 8052434 [ParserDetails.C:588] pushing 8052434 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805245d->805245f resolveable_edge: 1, tailcall: 0, target: 805245f [ParserDetails.C:588] pushing 805245f onto worklist [Parser.C] block 8052434 exists [Parser.C] skipping locally parsed target at 8052434 [Parser.C:1485] recording block [8052444,8052444) [Parser.C] parsing block 8052444 [Parser.C:1274] curAddr 0x8052444: mov EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052447: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x805244b: lea EAX, EBX + ffffb788 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052451: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052454: call ffffa5f7 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffa5f7 + EIP + 5 to 0x8052454...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [8052444,8052459) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052454->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052454->8052459 resolveable_edge: 1, tailcall: 0, target: 8052459 [ParserDetails.C:588] pushing 8052459 onto worklist [Parser.C] binding call 8052454->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 8052459 exists [Parser.C] skipping locally parsed target at 8052459 [Parser.C:1485] recording block [805245f,805245f) [Parser.C] parsing block 805245f [Parser.C:1274] curAddr 0x805245f: add [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C] straight-line parse into block at 8052463 [Parser.C:1485] recording block [805245f,8052463) [Parser.C] block 8052463 exists [Parser.C:1485] recording block [8052424,8052424) [Parser.C] parsing block 8052424 [Parser.C:1274] curAddr 0x8052424: cmp [EBP + ffffffffffffffec], 9 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052428: jle ffffffffffffffd5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052424,805242a) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffd5 + EIP + 2 to 0x8052428...SUCCESS (CFT=0x80523ff) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052428->80523ff resolveable_edge: 1, tailcall: 0, target: 80523ff [ParserDetails.C:588] pushing 80523ff onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052428->805242a resolveable_edge: 1, tailcall: 0, target: 805242a [ParserDetails.C:588] pushing 805242a onto worklist [Parser.C:1485] recording block [80523ff,80523ff) [Parser.C] parsing block 80523ff [Parser.C:1274] curAddr 0x80523ff: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052405: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052407: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052409: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80523ff,805240b) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x8052409...SUCCESS (CFT=0x8052420) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052409->8052420 resolveable_edge: 1, tailcall: 0, target: 8052420 [ParserDetails.C:588] pushing 8052420 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052409->805240b resolveable_edge: 1, tailcall: 0, target: 805240b [ParserDetails.C:588] pushing 805240b onto worklist [Parser.C:1485] recording block [8052420,8052420) [Parser.C] parsing block 8052420 [Parser.C:1274] curAddr 0x8052420: add [EBP + ffffffffffffffec], 1 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C] straight-line parse into block at 8052424 [Parser.C:1485] recording block [8052420,8052424) [Parser.C] block 8052424 exists [Parser.C:1485] recording block [805240b,805240b) [Parser.C] parsing block 805240b [Parser.C:1274] curAddr 0x805240b: mov EAX, [EBP + ffffffffffffffec] [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x805240e: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052412: lea EAX, EBX + ffffb790 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x8052418: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C:1274] curAddr 0x805241b: call ffffa630 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffa630 + EIP + 5 to 0x805241b...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [805240b,8052420) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805241b->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805241b->8052420 resolveable_edge: 1, tailcall: 0, target: 8052420 [ParserDetails.C:588] pushing 8052420 onto worklist [Parser.C] binding call 805241b->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 8052420 exists [Parser.C] skipping locally parsed target at 8052420 [Parser.C:1485] recording block [805242a,805242a) [Parser.C] parsing block 805242a [Parser.C:1274] curAddr 0x805242a: add [EBP + fffffffffffffff0], 1 [Parser.C:1280] leaf 1 funcname test1_34_func2 hasCFT called [Parser.C] straight-line parse into block at 805242e [Parser.C:1485] recording block [805242a,805242e) [Parser.C] block 805242e exists [Parser.C] frame 805238d complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_34_func2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80512b7) [Parser.C:180] entered parse_at([804ccd0,80549c4),80512b7) function at 80512b7 already parsed, status 3 [Parser.C:224] entered parse_at(8054754) [Parser.C:180] entered parse_at([804ccd0,80549c4),8054754) [Parser.C:1485] recording block [8054754,8054754) [Parser.C] ==== starting to parse frame 8054754 ==== [Parser.C] parsing block 8054754 [Parser.C:1274] curAddr 0x8054754: push EBP, ESP [Parser.C:1280] leaf 1 funcname handler hasCFT called [Parser.C:1274] curAddr 0x8054755: mov EBP, ESP [Parser.C:1280] leaf 1 funcname handler hasCFT called [Parser.C:1274] curAddr 0x8054757: call ffff9429 + EIP + 5 [Parser.C:1280] leaf 1 funcname handler hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9429 + EIP + 5 to 0x8054757...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x805475c: add ECX, 78a4 [Parser.C:1280] leaf 1 funcname handler hasCFT called [Parser.C:1274] curAddr 0x8054762: mov EAX, [ECX + a00] [Parser.C:1280] leaf 1 funcname handler hasCFT called [Parser.C:1274] curAddr 0x8054768: mov EDX, [ECX + a04] [Parser.C:1280] leaf 1 funcname handler hasCFT called [Parser.C:1274] curAddr 0x805476e: add EAX, 1 [Parser.C:1280] leaf 1 funcname handler hasCFT called [Parser.C:1274] curAddr 0x8054771: adc EDX, 0 [Parser.C:1280] leaf 1 funcname handler hasCFT called [Parser.C:1274] curAddr 0x8054774: mov [ECX + a00], EAX [Parser.C:1280] leaf 1 funcname handler hasCFT called [Parser.C:1274] curAddr 0x805477a: mov [ECX + a04], EDX [Parser.C:1280] leaf 1 funcname handler hasCFT called [Parser.C:1274] curAddr 0x8054780: pop EBP, ESP [Parser.C:1280] leaf 1 funcname handler hasCFT called [Parser.C:1274] curAddr 0x8054781: ret near [ESP] [Parser.C:1280] leaf 1 funcname handler hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054754,8054782) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8054781 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8054781...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8054754 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] handler return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8051f39) [Parser.C:180] entered parse_at([804ccd0,80549c4),8051f39) [Parser.C:1485] recording block [8051f39,8051f39) [Parser.C] ==== starting to parse frame 8051f39 ==== [Parser.C] parsing block 8051f39 [Parser.C:1274] curAddr 0x8051f39: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_31_func3 hasCFT called [Parser.C:1274] curAddr 0x8051f3a: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_31_func3 hasCFT called [Parser.C:1274] curAddr 0x8051f3c: call ffffbc44 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_31_func3 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffbc44 + EIP + 5 to 0x8051f3c...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x8051f41: add ECX, a0bf [Parser.C:1280] leaf 1 funcname test1_31_func3 hasCFT called [Parser.C:1274] curAddr 0x8051f47: mov [ECX + 93c], 1 [Parser.C:1280] leaf 1 funcname test1_31_func3 hasCFT called [Parser.C:1274] curAddr 0x8051f51: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_31_func3 hasCFT called [Parser.C:1274] curAddr 0x8051f52: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_31_func3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051f39,8051f53) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8051f52 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8051f52...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8051f39 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_31_func3 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8050abb) [Parser.C:180] entered parse_at([804ccd0,80549c4),8050abb) [Parser.C:1485] recording block [8050abb,8050abb) [Parser.C] ==== starting to parse frame 8050abb ==== [Parser.C] parsing block 8050abb [Parser.C:1274] curAddr 0x8050abb: push EBP, ESP [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050abc: mov EBP, ESP [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050abe: push EBX, ESP [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050abf: sub ESP, 24 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050ac2: call ffffc239 + EIP + 5 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffc239 + EIP + 5 to 0x8050ac2...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8050ac7: add EBX, b539 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050acd: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050ad4: mov [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050adb: mov [ESP], 5 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050ae2: call ffffffc9 + EIP + 5 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffffc9 + EIP + 5 to 0x8050ae2...SUCCESS (CFT=0x8050ab0) [Parser.C:1485] recording block [8050abb,8050ae7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050ae2->8050ab0 resolveable_edge: 1, tailcall: 0, target: 8050ab0 [ParserDetails.C:588] pushing 8050ab0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050ae2->8050ae7 resolveable_edge: 1, tailcall: 0, target: 8050ae7 [ParserDetails.C:588] pushing 8050ae7 onto worklist [Parser.C] binding call 8050ae2->8050ab0 [Parser.C:1485] recording block [8050ab0,8050ab0) [suspend frame 8050abb] [Parser.C] frame 8050abb blocked at 8050ae2 call target 8050ab0 [Parser.C] block 8050ab0 exists [Parser.C] ==== starting to parse frame 8050ab0 ==== [Parser.C] parsing block 8050ab0 [Parser.C:1274] curAddr 0x8050ab0: push EBP, ESP [Parser.C:1280] leaf 1 funcname srsv1 hasCFT called [Parser.C:1274] curAddr 0x8050ab1: mov EBP, ESP [Parser.C:1280] leaf 1 funcname srsv1 hasCFT called [Parser.C:1274] curAddr 0x8050ab3: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname srsv1 hasCFT called [Parser.C:1274] curAddr 0x8050ab6: shl/sal EAX, 3 [Parser.C:1280] leaf 1 funcname srsv1 hasCFT called [Parser.C:1274] curAddr 0x8050ab9: pop EBP, ESP [Parser.C:1280] leaf 1 funcname srsv1 hasCFT called [Parser.C:1274] curAddr 0x8050aba: ret near [ESP] [Parser.C:1280] leaf 1 funcname srsv1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050ab0,8050abb) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8050aba Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8050aba...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8050ab0 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] srsv1 return status 3, no waiters [Parser.C] ==== resuming parse of frame 8050abb ==== Checking non-returning for srsv1 Checking non-returning for srsv1 [Parser.C:1485] recording block [8050ae7,8050ae7) [Parser.C] parsing block 8050ae7 [Parser.C:1274] curAddr 0x8050ae7: mov [EBP + fffffffffffffff0], EAX [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050aea: lea EAX, EBX + 8b0 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050af0: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050af2: cmp EAX, 5 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050af5: jz 9 + EIP + 2 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050ae7,8050af7) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 9 + EIP + 2 to 0x8050af5...SUCCESS (CFT=0x8050b00) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050af5->8050b00 resolveable_edge: 1, tailcall: 0, target: 8050b00 [ParserDetails.C:588] pushing 8050b00 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050af5->8050af7 resolveable_edge: 1, tailcall: 0, target: 8050af7 [ParserDetails.C:588] pushing 8050af7 onto worklist [Parser.C:1485] recording block [8050b00,8050b00) [Parser.C] parsing block 8050b00 [Parser.C:1274] curAddr 0x8050b00: lea EAX, EBX + 8b4 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b06: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b08: cmp EAX, 5 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b0b: jz 9 + EIP + 2 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050b00,8050b0d) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 9 + EIP + 2 to 0x8050b0b...SUCCESS (CFT=0x8050b16) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050b0b->8050b16 resolveable_edge: 1, tailcall: 0, target: 8050b16 [ParserDetails.C:588] pushing 8050b16 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050b0b->8050b0d resolveable_edge: 1, tailcall: 0, target: 8050b0d [ParserDetails.C:588] pushing 8050b0d onto worklist [Parser.C:1485] recording block [8050b16,8050b16) [Parser.C] parsing block 8050b16 [Parser.C:1274] curAddr 0x8050b16: lea EAX, EBX + 8b8 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b1c: movzx EAX, [EAX] [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b1f: cmp AL, 65 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b21: jz 9 + EIP + 2 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050b16,8050b23) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 9 + EIP + 2 to 0x8050b21...SUCCESS (CFT=0x8050b2c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050b21->8050b2c resolveable_edge: 1, tailcall: 0, target: 8050b2c [ParserDetails.C:588] pushing 8050b2c onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050b21->8050b23 resolveable_edge: 1, tailcall: 0, target: 8050b23 [ParserDetails.C:588] pushing 8050b23 onto worklist [Parser.C:1485] recording block [8050b2c,8050b2c) [Parser.C] parsing block 8050b2c [Parser.C:1274] curAddr 0x8050b2c: lea EAX, EBX + 8bc [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b32: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b34: cmp EAX, 5 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b37: jz 9 + EIP + 2 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050b2c,8050b39) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 9 + EIP + 2 to 0x8050b37...SUCCESS (CFT=0x8050b42) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050b37->8050b42 resolveable_edge: 1, tailcall: 0, target: 8050b42 [ParserDetails.C:588] pushing 8050b42 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050b37->8050b39 resolveable_edge: 1, tailcall: 0, target: 8050b39 [ParserDetails.C:588] pushing 8050b39 onto worklist [Parser.C:1485] recording block [8050b42,8050b42) [Parser.C] parsing block 8050b42 [Parser.C:1274] curAddr 0x8050b42: lea EAX, EBX + 8c0 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b48: fld ST0, [EAX] [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b4a: fld ST0, [EBX + ffffaba0] [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b50: fucomip ST0, ST1 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b52: jp e + EIP + 2 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050b42,8050b54) Getting edges IA_IAPI.C[847]: binding PC EIP in jp e + EIP + 2 to 0x8050b52...SUCCESS (CFT=0x8050b62) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050b52->8050b62 resolveable_edge: 1, tailcall: 0, target: 8050b62 [ParserDetails.C:588] pushing 8050b62 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050b52->8050b54 resolveable_edge: 1, tailcall: 0, target: 8050b54 [ParserDetails.C:588] pushing 8050b54 onto worklist [Parser.C:1485] recording block [8050b62,8050b62) [Parser.C] parsing block 8050b62 [Parser.C:1274] curAddr 0x8050b62: fstp ST0, ST0 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b64: mov [EBP + fffffffffffffff4], 5 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b6b: nop [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b6c: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b70: jz a2 + EIP + 6 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050b62,8050b76) Getting edges IA_IAPI.C[847]: binding PC EIP in jz a2 + EIP + 6 to 0x8050b70...SUCCESS (CFT=0x8050c18) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050b70->8050c18 resolveable_edge: 1, tailcall: 0, target: 8050c18 [ParserDetails.C:588] pushing 8050c18 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050b70->8050b76 resolveable_edge: 1, tailcall: 0, target: 8050b76 [ParserDetails.C:588] pushing 8050b76 onto worklist [Parser.C:1485] recording block [8050c18,8050c18) [Parser.C] parsing block 8050c18 [Parser.C:1274] curAddr 0x8050c18: lea EAX, EBX + ffffab80 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c1e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c21: call 2d97 + EIP + 5 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2d97 + EIP + 5 to 0x8050c21...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050c18,8050c26) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050c21->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050c21->8050c26 resolveable_edge: 1, tailcall: 0, target: 8050c26 [ParserDetails.C:588] pushing 8050c26 onto worklist [Parser.C] binding call 8050c21->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8050c26,8050c26) [Parser.C] parsing block 8050c26 [Parser.C:1274] curAddr 0x8050c26: mov EAX, [EBX + 558] [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c2c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c2f: call 3771 + EIP + 5 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3771 + EIP + 5 to 0x8050c2f...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8050c26,8050c34) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050c2f->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050c2f->8050c34 resolveable_edge: 1, tailcall: 0, target: 8050c34 [ParserDetails.C:588] pushing 8050c34 onto worklist [Parser.C] binding call 8050c2f->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8050c34,8050c34) [Parser.C] parsing block 8050c34 [Parser.C:1274] curAddr 0x8050c34: mov EAX, 0 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c39: add ESP, 24 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c3c: pop EBX, ESP [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c3d: pop EBP, ESP [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c3e: ret near [ESP] [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050c34,8050c3f) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8050c3e Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8050c3e...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8050af7,8050af7) [Parser.C] parsing block 8050af7 [Parser.C:1274] curAddr 0x8050af7: mov [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050afe: jmp 6c + EIP + 2 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 6c + EIP + 2 to 0x8050afe...SUCCESS (CFT=0x8050b6c) [Parser.C:1485] recording block [8050af7,8050b00) Getting edges Checking for Tail Call jump to 0x8050b6c is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8050afe->8050b6c resolveable_edge: 1, tailcall: 0, target: 8050b6c [ParserDetails.C:588] pushing 8050b6c onto worklist [Parser.C:1485] recording block [8050b0d,8050b0d) [Parser.C] parsing block 8050b0d [Parser.C:1274] curAddr 0x8050b0d: mov [EBP + fffffffffffffff4], 2 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b14: jmp 56 + EIP + 2 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 56 + EIP + 2 to 0x8050b14...SUCCESS (CFT=0x8050b6c) [Parser.C:1485] recording block [8050b0d,8050b16) Getting edges Checking for Tail Call jump to 0x8050b6c is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8050b14->8050b6c resolveable_edge: 1, tailcall: 0, target: 8050b6c [ParserDetails.C:588] pushing 8050b6c onto worklist [Parser.C:1485] recording block [8050b23,8050b23) [Parser.C] parsing block 8050b23 [Parser.C:1274] curAddr 0x8050b23: mov [EBP + fffffffffffffff4], 3 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b2a: jmp 40 + EIP + 2 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 40 + EIP + 2 to 0x8050b2a...SUCCESS (CFT=0x8050b6c) [Parser.C:1485] recording block [8050b23,8050b2c) Getting edges Checking for Tail Call jump to 0x8050b6c is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8050b2a->8050b6c resolveable_edge: 1, tailcall: 0, target: 8050b6c [ParserDetails.C:588] pushing 8050b6c onto worklist [Parser.C:1485] recording block [8050b39,8050b39) [Parser.C] parsing block 8050b39 [Parser.C:1274] curAddr 0x8050b39: mov [EBP + fffffffffffffff4], 4 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b40: jmp 2a + EIP + 2 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 2a + EIP + 2 to 0x8050b40...SUCCESS (CFT=0x8050b6c) [Parser.C:1485] recording block [8050b39,8050b42) Getting edges Checking for Tail Call jump to 0x8050b6c is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8050b40->8050b6c resolveable_edge: 1, tailcall: 0, target: 8050b6c [ParserDetails.C:588] pushing 8050b6c onto worklist [Parser.C:1485] recording block [8050b54,8050b54) [Parser.C] parsing block 8050b54 [Parser.C:1274] curAddr 0x8050b54: fld ST0, [EBX + ffffaba0] [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b5a: fucomip ST0, ST1 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b5c: fstp ST0, ST0 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b5e: jz c + EIP + 2 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050b54,8050b60) Getting edges IA_IAPI.C[847]: binding PC EIP in jz c + EIP + 2 to 0x8050b5e...SUCCESS (CFT=0x8050b6c) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x8050b6c is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 8050b5e->8050b6c resolveable_edge: 1, tailcall: 0, target: 8050b6c [ParserDetails.C:588] pushing 8050b6c onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050b5e->8050b60 resolveable_edge: 1, tailcall: 0, target: 8050b60 [ParserDetails.C:588] pushing 8050b60 onto worklist [Parser.C] address 8050b6c splits [8050b62,8050b76) (0x1dc82b0) [Parser.C:1485] recording block [8050b6c,8050b76) [Parser.C] skipping locally parsed target at 8050b6c [Parser.C:1485] recording block [8050b60,8050b60) [Parser.C] parsing block 8050b60 [Parser.C:1274] curAddr 0x8050b60: jmp 2 + EIP + 2 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 2 + EIP + 2 to 0x8050b60...SUCCESS (CFT=0x8050b64) [Parser.C:1485] recording block [8050b60,8050b62) Getting edges Checking for Tail Call jump to 0x8050b64 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8050b60->8050b64 resolveable_edge: 1, tailcall: 0, target: 8050b64 [ParserDetails.C:588] pushing 8050b64 onto worklist [Parser.C:1485] recording block [8050b76,8050b76) [Parser.C] parsing block 8050b76 [Parser.C:1274] curAddr 0x8050b76: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b79: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b7d: lea EAX, EBX + ffffab00 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b83: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b86: call 2e32 + EIP + 5 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2e32 + EIP + 5 to 0x8050b86...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050b76,8050b8b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050b86->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050b86->8050b8b resolveable_edge: 1, tailcall: 0, target: 8050b8b [ParserDetails.C:588] pushing 8050b8b onto worklist [Parser.C] binding call 8050b86->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8050b8b,8050b8b) [Parser.C] parsing block 8050b8b [Parser.C:1274] curAddr 0x8050b8b: lea EAX, EBX + 8b0 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b91: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b93: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b97: lea EAX, EBX + ffffab2d [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050b9d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050ba0: call 2e18 + EIP + 5 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2e18 + EIP + 5 to 0x8050ba0...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050b8b,8050ba5) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050ba0->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050ba0->8050ba5 resolveable_edge: 1, tailcall: 0, target: 8050ba5 [ParserDetails.C:588] pushing 8050ba5 onto worklist [Parser.C] binding call 8050ba0->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8050ba5,8050ba5) [Parser.C] parsing block 8050ba5 [Parser.C:1274] curAddr 0x8050ba5: lea EAX, EBX + 8b4 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050bab: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050bad: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050bb1: lea EAX, EBX + ffffab3d [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050bb7: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050bba: call 2dfe + EIP + 5 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2dfe + EIP + 5 to 0x8050bba...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050ba5,8050bbf) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050bba->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050bba->8050bbf resolveable_edge: 1, tailcall: 0, target: 8050bbf [ParserDetails.C:588] pushing 8050bbf onto worklist [Parser.C] binding call 8050bba->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8050bbf,8050bbf) [Parser.C] parsing block 8050bbf [Parser.C:1274] curAddr 0x8050bbf: lea EAX, EBX + 8b8 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050bc5: movzx EAX, [EAX] [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050bc8: movsx EAX, AL [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050bcb: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050bcf: lea EAX, EBX + ffffab4e [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050bd5: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050bd8: call 2de0 + EIP + 5 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2de0 + EIP + 5 to 0x8050bd8...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050bbf,8050bdd) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050bd8->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050bd8->8050bdd resolveable_edge: 1, tailcall: 0, target: 8050bdd [ParserDetails.C:588] pushing 8050bdd onto worklist [Parser.C] binding call 8050bd8->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8050bdd,8050bdd) [Parser.C] parsing block 8050bdd [Parser.C:1274] curAddr 0x8050bdd: lea EAX, EBX + 8bc [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050be3: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050be5: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050be9: lea EAX, EBX + ffffab5e [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050bef: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050bf2: call 2dc6 + EIP + 5 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2dc6 + EIP + 5 to 0x8050bf2...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050bdd,8050bf7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050bf2->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050bf2->8050bf7 resolveable_edge: 1, tailcall: 0, target: 8050bf7 [ParserDetails.C:588] pushing 8050bf7 onto worklist [Parser.C] binding call 8050bf2->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8050bf7,8050bf7) [Parser.C] parsing block 8050bf7 [Parser.C:1274] curAddr 0x8050bf7: lea EAX, EBX + 8c0 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050bfd: fld ST0, [EAX] [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050bff: fstp [ESP + 4], ST0 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c03: lea EAX, EBX + ffffab6e [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c09: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c0c: call 2dac + EIP + 5 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2dac + EIP + 5 to 0x8050c0c...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050bf7,8050c11) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050c0c->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050c0c->8050c11 resolveable_edge: 1, tailcall: 0, target: 8050c11 [ParserDetails.C:588] pushing 8050c11 onto worklist [Parser.C] binding call 8050c0c->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8050c11,8050c11) [Parser.C] parsing block 8050c11 [Parser.C:1274] curAddr 0x8050c11: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c16: jmp 21 + EIP + 2 [Parser.C:1280] leaf 1 funcname snip_ref_shlib_var_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 21 + EIP + 2 to 0x8050c16...SUCCESS (CFT=0x8050c39) [Parser.C:1485] recording block [8050c11,8050c18) Getting edges Checking for Tail Call jump to 0x8050c39 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8050c16->8050c39 resolveable_edge: 1, tailcall: 0, target: 8050c39 [ParserDetails.C:588] pushing 8050c39 onto worklist [Parser.C] address 8050b64 splits [8050b62,8050b6c) (0x1dc82b0) [Parser.C:1485] recording block [8050b64,8050b6c) [Parser.C] skipping locally parsed target at 8050b64 [Parser.C] block 8050b6c exists [Parser.C] skipping locally parsed target at 8050b6c [Parser.C] block 8050b6c exists [Parser.C] skipping locally parsed target at 8050b6c [Parser.C] block 8050b6c exists [Parser.C] skipping locally parsed target at 8050b6c [Parser.C] block 8050b6c exists [Parser.C] skipping locally parsed target at 8050b6c [Parser.C] address 8050c39 splits [8050c34,8050c3f) (0x1dc8a20) [Parser.C:1485] recording block [8050c39,8050c3f) [Parser.C] skipping locally parsed target at 8050c39 [Parser.C] frame 8050abb complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] snip_ref_shlib_var_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804d14a) [Parser.C:180] entered parse_at([804ccd0,80549c4),804d14a) [Parser.C:1485] recording block [804d14a,804d14a) [Parser.C] ==== starting to parse frame 804d14a ==== [Parser.C] parsing block 804d14a [Parser.C:1274] curAddr 0x804d14a: push EBP, ESP [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d14b: mov EBP, ESP [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d14d: push EBX, ESP [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d14e: and ESP, f0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d151: sub ESP, 40 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d154: call fffffba7 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffba7 + EIP + 5 to 0x804d154...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804d159: add EBX, eea7 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d15f: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d162: mov [ESP + 1c], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d166: mov [ESP + 34], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d16e: mov [ESP + 30], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d176: mov [ESP + 18], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d17e: mov [ESP + 28], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d186: mov [ESP + 24], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d18e: mov EDX, [ESP + 1c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d192: lea EAX, EBX + a08 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d198: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d19a: lea EAX, EBX + a10 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1a0: mov EDX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1a3: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1a5: call 60b7 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call 60b7 + EIP + 5 to 0x804d1a5...SUCCESS (CFT=0x8053261) [Parser.C:1485] recording block [804d14a,804d1aa) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d1a5->8053261 resolveable_edge: 1, tailcall: 0, target: 8053261 [ParserDetails.C:588] pushing 8053261 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d1a5->804d1aa resolveable_edge: 1, tailcall: 0, target: 804d1aa [ParserDetails.C:588] pushing 804d1aa onto worklist [Parser.C] binding call 804d1a5->8053261 [Parser.C] block 8053261 exists Checking non-returning for initOutputDriver Checking non-returning for initOutputDriver [Parser.C:1485] recording block [804d1aa,804d1aa) [Parser.C] parsing block 804d1aa [Parser.C:1274] curAddr 0x804d1aa: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1ad: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1af: mov [ESP + 4], 2f [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1b7: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1ba: call fffffa81 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffa81 + EIP + 5 to 0x804d1ba...SUCCESS (CFT=0x804cc40) [Parser.C:1485] recording block [804d1aa,804d1bf) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d1ba->804cc40 resolveable_edge: 1, tailcall: 0, target: 804cc40 [ParserDetails.C:588] pushing 804cc40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d1ba->804d1bf resolveable_edge: 1, tailcall: 0, target: 804d1bf [ParserDetails.C:588] pushing 804d1bf onto worklist [Parser.C] binding call 804d1ba->804cc40 [ParseData.C] new function for target 804cc40 [Parser.C:1485] recording block [804cc40,804cc40) [suspend frame 804d14a] [Parser.C] frame 804d14a blocked at 804d1ba call target 804cc40 [Parser.C] block 804cc40 exists [Parser.C] ==== starting to parse frame 804cc40 ==== [Parser.C] parsing block 804cc40 [Parser.C:1274] curAddr 0x804cc40: jmp [805c094] [Parser.C:1280] leaf 1 funcname targ804cc40 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c094] to 0x804cc40...FAIL (CFT=0x0), callTarget exp: [805c094] ... indirect jump at 0x804cc40, delay parsing it [Parser.C:1485] recording block [804cc40,804cc46) ... continue parse indirect jump at 804cc40 [Parser.C:1485] recording block [804cc40,804cc46) Getting edges ... indirect jump at 0x804cc40 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c094] at 0x804cc40 Apply indirect control flow analysis at 804cc40 Looking for thunk Looking for thunk in block [804cc40,804cc46).......WARNING: after advance at 0x804cc46, curInsn() NULL Expanding instruction @ 804cc40: jmp [805c094] Original expand: (<134594708:32>,) Adding assignment (@804cc40<[x86::eip]>[_805c094]) in instruction jmp [805c094] at 804cc40, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cc40, insn: jmp [805c094] Old fact for 804cc40: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cc40 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cc40<[x86::eip]>[_805c094]) Instruction: jmp [805c094] AST: (<134594708:64>,) Generate bound fact for Interval 0[134594708,134594708] 0[805c094,805c094], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594708:64>,) Apply relations2 to (<134594708:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594708,134594708] 0[805c094,805c094], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594708:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cc40 The fact from 804cc40 before applying transfer function Do not track predicate Var: , Interval 0[134594708,134594708] 0[805c094,805c094], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594708:64>,) No known value at the top of the stack Fact from 804cc40 after applying transfer function Do not track predicate Var: , Interval 0[134594708,134594708] 0[805c094,805c094], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594708:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594708,134594708] 0[805c094,805c094], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594708:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594708,134594708] 0[805c094,805c094], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c094 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cc40 (804cc40) No targets, exits func Adding block 0x804cc40 as exit 804cc40 extent [804cc40,804cc46) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c094] at 0x804cc40 in function targ804cc40 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cc40->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for strrchr [Parser.C] frame 804cc40 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] strrchr return status 2, no waiters [Parser.C] ==== resuming parse of frame 804d14a ==== Checking non-returning for strrchr [Parser.C:1485] recording block [804d1bf,804d1bf) [Parser.C] parsing block 804d1bf [Parser.C:1274] curAddr 0x804d1bf: mov [ESP + 18], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1c3: cmp [ESP + 18], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1c8: jnz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d1bf,804d1ca) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 18 + EIP + 2 to 0x804d1c8...SUCCESS (CFT=0x804d1e2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d1c8->804d1e2 resolveable_edge: 1, tailcall: 0, target: 804d1e2 [ParserDetails.C:588] pushing 804d1e2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d1c8->804d1ca resolveable_edge: 1, tailcall: 0, target: 804d1ca [ParserDetails.C:588] pushing 804d1ca onto worklist [Parser.C:1485] recording block [804d1e2,804d1e2) [Parser.C] parsing block 804d1e2 [Parser.C:1274] curAddr 0x804d1e2: add [ESP + 18], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1e7: mov EAX, [ESP + 18] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1eb: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1ee: call 6eb1 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call 6eb1 + EIP + 5 to 0x804d1ee...SUCCESS (CFT=0x80540a4) [Parser.C:1485] recording block [804d1e2,804d1f3) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d1ee->80540a4 resolveable_edge: 1, tailcall: 0, target: 80540a4 [ParserDetails.C:588] pushing 80540a4 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d1ee->804d1f3 resolveable_edge: 1, tailcall: 0, target: 804d1f3 [ParserDetails.C:588] pushing 804d1f3 onto worklist [Parser.C] binding call 804d1ee->80540a4 [Parser.C] block 80540a4 exists Checking non-returning for setExecutableName Checking non-returning for setExecutableName [Parser.C:1485] recording block [804d1f3,804d1f3) [Parser.C] parsing block 804d1f3 [Parser.C:1274] curAddr 0x804d1f3: mov [ESP + 38], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1fb: jmp 16 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 16 + EIP + 2 to 0x804d1fb...SUCCESS (CFT=0x804d213) [Parser.C:1485] recording block [804d1f3,804d1fd) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 804d1fb->804d213 resolveable_edge: 1, tailcall: 0, target: 804d213 [ParserDetails.C:588] pushing 804d213 onto worklist [Parser.C:1485] recording block [804d1ca,804d1ca) [Parser.C] parsing block 804d1ca [Parser.C:1274] curAddr 0x804d1ca: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1cd: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1cf: mov [ESP + 18], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1d3: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1d6: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1d8: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d1db: call 6ec4 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call 6ec4 + EIP + 5 to 0x804d1db...SUCCESS (CFT=0x80540a4) [Parser.C:1485] recording block [804d1ca,804d1e0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d1db->80540a4 resolveable_edge: 1, tailcall: 0, target: 80540a4 [ParserDetails.C:588] pushing 80540a4 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d1db->804d1e0 resolveable_edge: 1, tailcall: 0, target: 804d1e0 [ParserDetails.C:588] pushing 804d1e0 onto worklist [Parser.C] binding call 804d1db->80540a4 [Parser.C] block 80540a4 exists Checking non-returning for setExecutableName Checking non-returning for setExecutableName [Parser.C:1485] recording block [804d1e0,804d1e0) [Parser.C] parsing block 804d1e0 [Parser.C:1274] curAddr 0x804d1e0: jmp 11 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 11 + EIP + 2 to 0x804d1e0...SUCCESS (CFT=0x804d1f3) [Parser.C:1485] recording block [804d1e0,804d1e2) Getting edges Checking for Tail Call jump to 0x804d1f3 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d1e0->804d1f3 resolveable_edge: 1, tailcall: 0, target: 804d1f3 [ParserDetails.C:588] pushing 804d1f3 onto worklist [Parser.C] block 804d1f3 exists [Parser.C] skipping locally parsed target at 804d1f3 [Parser.C:1485] recording block [804d213,804d213) [Parser.C] parsing block 804d213 [Parser.C:1274] curAddr 0x804d213: lea EAX, EBX + cc [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d219: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d21b: cmp [ESP + 38], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d21f: jl ffffffffffffffdc + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d213,804d221) Getting edges IA_IAPI.C[847]: binding PC EIP in jl ffffffffffffffdc + EIP + 2 to 0x804d21f...SUCCESS (CFT=0x804d1fd) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d21f->804d1fd resolveable_edge: 1, tailcall: 0, target: 804d1fd [ParserDetails.C:588] pushing 804d1fd onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d21f->804d221 resolveable_edge: 1, tailcall: 0, target: 804d221 [ParserDetails.C:588] pushing 804d221 onto worklist [Parser.C:1485] recording block [804d1fd,804d1fd) [Parser.C] parsing block 804d1fd [Parser.C:1274] curAddr 0x804d1fd: lea EAX, EBX + a20 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d203: mov EDX, [ESP + 38] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d207: mov [EAX + EDX * 4], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d20e: add [ESP + 38], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C] straight-line parse into block at 804d213 [Parser.C:1485] recording block [804d1fd,804d213) [Parser.C] block 804d213 exists [Parser.C:1485] recording block [804d221,804d221) [Parser.C] parsing block 804d221 [Parser.C:1274] curAddr 0x804d221: mov [ESP + 3c], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d229: jmp 63e + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 63e + EIP + 5 to 0x804d229...SUCCESS (CFT=0x804d86c) [Parser.C:1485] recording block [804d221,804d22e) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 804d229->804d86c resolveable_edge: 1, tailcall: 0, target: 804d86c [ParserDetails.C:588] pushing 804d86c onto worklist [Parser.C:1485] recording block [804d86c,804d86c) [Parser.C] parsing block 804d86c [Parser.C:1274] curAddr 0x804d86c: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d870: cmp EAX, [ESP + 1c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d874: jb fffff9b4 + EIP + 6 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d86c,804d87a) Getting edges IA_IAPI.C[847]: binding PC EIP in jb fffff9b4 + EIP + 6 to 0x804d874...SUCCESS (CFT=0x804d22e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d874->804d22e resolveable_edge: 1, tailcall: 0, target: 804d22e [ParserDetails.C:588] pushing 804d22e onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d874->804d87a resolveable_edge: 1, tailcall: 0, target: 804d87a [ParserDetails.C:588] pushing 804d87a onto worklist [Parser.C:1485] recording block [804d22e,804d22e) [Parser.C] parsing block 804d22e [Parser.C:1274] curAddr 0x804d22e: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d232: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d239: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d23c: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d23e: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d240: lea EDX, EBX + ffff8b1c [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d246: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d24a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d24d: call fffff7ee + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff7ee + EIP + 5 to 0x804d24d...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804d22e,804d252) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d24d->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d24d->804d252 resolveable_edge: 1, tailcall: 0, target: 804d252 [ParserDetails.C:588] pushing 804d252 onto worklist [Parser.C] binding call 804d24d->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804d252,804d252) [Parser.C] parsing block 804d252 [Parser.C:1274] curAddr 0x804d252: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d254: jnz 11 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d252,804d256) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 11 + EIP + 2 to 0x804d254...SUCCESS (CFT=0x804d267) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d254->804d267 resolveable_edge: 1, tailcall: 0, target: 804d267 [ParserDetails.C:588] pushing 804d267 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d254->804d256 resolveable_edge: 1, tailcall: 0, target: 804d256 [ParserDetails.C:588] pushing 804d256 onto worklist [Parser.C:1485] recording block [804d267,804d267) [Parser.C] parsing block 804d267 [Parser.C:1274] curAddr 0x804d267: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d26b: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d272: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d275: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d277: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d279: lea EDX, EBX + ffff8b25 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d27f: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d283: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d286: call fffff7b5 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff7b5 + EIP + 5 to 0x804d286...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804d267,804d28b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d286->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d286->804d28b resolveable_edge: 1, tailcall: 0, target: 804d28b [ParserDetails.C:588] pushing 804d28b onto worklist [Parser.C] binding call 804d286->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804d28b,804d28b) [Parser.C] parsing block 804d28b [Parser.C:1274] curAddr 0x804d28b: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d28d: jnz 56 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d28b,804d28f) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 56 + EIP + 2 to 0x804d28d...SUCCESS (CFT=0x804d2e5) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d28d->804d2e5 resolveable_edge: 1, tailcall: 0, target: 804d2e5 [ParserDetails.C:588] pushing 804d2e5 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d28d->804d28f resolveable_edge: 1, tailcall: 0, target: 804d28f [ParserDetails.C:588] pushing 804d28f onto worklist [Parser.C:1485] recording block [804d2e5,804d2e5) [Parser.C] parsing block 804d2e5 [Parser.C:1274] curAddr 0x804d2e5: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2e9: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2f0: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2f3: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2f5: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2f7: lea EDX, EBX + ffff8b41 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2fd: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d301: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d304: call fffff737 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff737 + EIP + 5 to 0x804d304...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804d2e5,804d309) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d304->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d304->804d309 resolveable_edge: 1, tailcall: 0, target: 804d309 [ParserDetails.C:588] pushing 804d309 onto worklist [Parser.C] binding call 804d304->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804d309,804d309) [Parser.C] parsing block 804d309 [Parser.C:1274] curAddr 0x804d309: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d30b: jnz 8e + EIP + 6 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d309,804d311) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 8e + EIP + 6 to 0x804d30b...SUCCESS (CFT=0x804d39f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d30b->804d39f resolveable_edge: 1, tailcall: 0, target: 804d39f [ParserDetails.C:588] pushing 804d39f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d30b->804d311 resolveable_edge: 1, tailcall: 0, target: 804d311 [ParserDetails.C:588] pushing 804d311 onto worklist [Parser.C:1485] recording block [804d39f,804d39f) [Parser.C] parsing block 804d39f [Parser.C:1274] curAddr 0x804d39f: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3a3: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3aa: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3ad: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3af: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3b1: lea EDX, EBX + ffff8b8f [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3b7: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3bb: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3be: call fffff67d + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff67d + EIP + 5 to 0x804d3be...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804d39f,804d3c3) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d3be->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d3be->804d3c3 resolveable_edge: 1, tailcall: 0, target: 804d3c3 [ParserDetails.C:588] pushing 804d3c3 onto worklist [Parser.C] binding call 804d3be->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804d3c3,804d3c3) [Parser.C] parsing block 804d3c3 [Parser.C:1274] curAddr 0x804d3c3: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3c5: jnz f + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d3c3,804d3c7) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz f + EIP + 2 to 0x804d3c5...SUCCESS (CFT=0x804d3d6) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d3c5->804d3d6 resolveable_edge: 1, tailcall: 0, target: 804d3d6 [ParserDetails.C:588] pushing 804d3d6 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d3c5->804d3c7 resolveable_edge: 1, tailcall: 0, target: 804d3c7 [ParserDetails.C:588] pushing 804d3c7 onto worklist [Parser.C:1485] recording block [804d3d6,804d3d6) [Parser.C] parsing block 804d3d6 [Parser.C:1274] curAddr 0x804d3d6: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3da: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3e1: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3e4: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3e6: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3e8: lea EDX, EBX + ffff8b9d [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3ee: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3f2: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3f5: call fffff646 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff646 + EIP + 5 to 0x804d3f5...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804d3d6,804d3fa) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d3f5->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d3f5->804d3fa resolveable_edge: 1, tailcall: 0, target: 804d3fa [ParserDetails.C:588] pushing 804d3fa onto worklist [Parser.C] binding call 804d3f5->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804d3fa,804d3fa) [Parser.C] parsing block 804d3fa [Parser.C:1274] curAddr 0x804d3fa: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3fc: jnz f + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d3fa,804d3fe) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz f + EIP + 2 to 0x804d3fc...SUCCESS (CFT=0x804d40d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d3fc->804d40d resolveable_edge: 1, tailcall: 0, target: 804d40d [ParserDetails.C:588] pushing 804d40d onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d3fc->804d3fe resolveable_edge: 1, tailcall: 0, target: 804d3fe [ParserDetails.C:588] pushing 804d3fe onto worklist [Parser.C:1485] recording block [804d40d,804d40d) [Parser.C] parsing block 804d40d [Parser.C:1274] curAddr 0x804d40d: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d411: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d418: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d41b: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d41d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d41f: lea EDX, EBX + ffff8bac [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d425: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d429: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d42c: call fffff60f + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff60f + EIP + 5 to 0x804d42c...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804d40d,804d431) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d42c->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d42c->804d431 resolveable_edge: 1, tailcall: 0, target: 804d431 [ParserDetails.C:588] pushing 804d431 onto worklist [Parser.C] binding call 804d42c->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804d431,804d431) [Parser.C] parsing block 804d431 [Parser.C:1274] curAddr 0x804d431: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d433: jnz c6 + EIP + 6 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d431,804d439) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz c6 + EIP + 6 to 0x804d433...SUCCESS (CFT=0x804d4ff) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d433->804d4ff resolveable_edge: 1, tailcall: 0, target: 804d4ff [ParserDetails.C:588] pushing 804d4ff onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d433->804d439 resolveable_edge: 1, tailcall: 0, target: 804d439 [ParserDetails.C:588] pushing 804d439 onto worklist [Parser.C:1485] recording block [804d4ff,804d4ff) [Parser.C] parsing block 804d4ff [Parser.C:1274] curAddr 0x804d4ff: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d503: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d50a: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d50d: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d50f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d511: lea EDX, EBX + ffff8bdc [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d517: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d51b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d51e: call fffff51d + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff51d + EIP + 5 to 0x804d51e...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804d4ff,804d523) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d51e->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d51e->804d523 resolveable_edge: 1, tailcall: 0, target: 804d523 [ParserDetails.C:588] pushing 804d523 onto worklist [Parser.C] binding call 804d51e->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804d523,804d523) [Parser.C] parsing block 804d523 [Parser.C:1274] curAddr 0x804d523: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d525: jnz 5f + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d523,804d527) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 5f + EIP + 2 to 0x804d525...SUCCESS (CFT=0x804d586) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d525->804d586 resolveable_edge: 1, tailcall: 0, target: 804d586 [ParserDetails.C:588] pushing 804d586 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d525->804d527 resolveable_edge: 1, tailcall: 0, target: 804d527 [ParserDetails.C:588] pushing 804d527 onto worklist [Parser.C:1485] recording block [804d586,804d586) [Parser.C] parsing block 804d586 [Parser.C:1274] curAddr 0x804d586: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d58a: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d591: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d594: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d596: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d598: lea EDX, EBX + ffff8c0f [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d59e: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5a2: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5a5: call fffff496 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff496 + EIP + 5 to 0x804d5a5...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804d586,804d5aa) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d5a5->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d5a5->804d5aa resolveable_edge: 1, tailcall: 0, target: 804d5aa [ParserDetails.C:588] pushing 804d5aa onto worklist [Parser.C] binding call 804d5a5->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804d5aa,804d5aa) [Parser.C] parsing block 804d5aa [Parser.C:1274] curAddr 0x804d5aa: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5ac: jnz d + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d5aa,804d5ae) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz d + EIP + 2 to 0x804d5ac...SUCCESS (CFT=0x804d5bb) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d5ac->804d5bb resolveable_edge: 1, tailcall: 0, target: 804d5bb [ParserDetails.C:588] pushing 804d5bb onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d5ac->804d5ae resolveable_edge: 1, tailcall: 0, target: 804d5ae [ParserDetails.C:588] pushing 804d5ae onto worklist [Parser.C:1485] recording block [804d5bb,804d5bb) [Parser.C] parsing block 804d5bb [Parser.C:1274] curAddr 0x804d5bb: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5bf: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5c6: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5c9: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5cb: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5cd: lea EDX, EBX + ffff8c1d [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5d3: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5d7: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5da: call fffff461 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff461 + EIP + 5 to 0x804d5da...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804d5bb,804d5df) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d5da->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d5da->804d5df resolveable_edge: 1, tailcall: 0, target: 804d5df [ParserDetails.C:588] pushing 804d5df onto worklist [Parser.C] binding call 804d5da->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804d5df,804d5df) [Parser.C] parsing block 804d5df [Parser.C:1274] curAddr 0x804d5df: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5e1: jnz 5a + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d5df,804d5e3) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 5a + EIP + 2 to 0x804d5e1...SUCCESS (CFT=0x804d63d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d5e1->804d63d resolveable_edge: 1, tailcall: 0, target: 804d63d [ParserDetails.C:588] pushing 804d63d onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d5e1->804d5e3 resolveable_edge: 1, tailcall: 0, target: 804d5e3 [ParserDetails.C:588] pushing 804d5e3 onto worklist [Parser.C:1485] recording block [804d63d,804d63d) [Parser.C] parsing block 804d63d [Parser.C:1274] curAddr 0x804d63d: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d641: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d648: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d64b: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d64d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d64f: lea EDX, EBX + ffff8c5a [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d655: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d659: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d65c: call fffff3df + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff3df + EIP + 5 to 0x804d65c...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804d63d,804d661) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d65c->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d65c->804d661 resolveable_edge: 1, tailcall: 0, target: 804d661 [ParserDetails.C:588] pushing 804d661 onto worklist [Parser.C] binding call 804d65c->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804d661,804d661) [Parser.C] parsing block 804d661 [Parser.C:1274] curAddr 0x804d661: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d663: jnz 33 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d661,804d665) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 33 + EIP + 2 to 0x804d663...SUCCESS (CFT=0x804d698) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d663->804d698 resolveable_edge: 1, tailcall: 0, target: 804d698 [ParserDetails.C:588] pushing 804d698 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d663->804d665 resolveable_edge: 1, tailcall: 0, target: 804d665 [ParserDetails.C:588] pushing 804d665 onto worklist [Parser.C:1485] recording block [804d698,804d698) [Parser.C] parsing block 804d698 [Parser.C:1274] curAddr 0x804d698: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d69c: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6a3: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6a6: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6a8: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6aa: lea EDX, EBX + ffff8c62 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6b0: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6b4: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6b7: call fffff384 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff384 + EIP + 5 to 0x804d6b7...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804d698,804d6bc) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d6b7->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d6b7->804d6bc resolveable_edge: 1, tailcall: 0, target: 804d6bc [ParserDetails.C:588] pushing 804d6bc onto worklist [Parser.C] binding call 804d6b7->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804d6bc,804d6bc) [Parser.C] parsing block 804d6bc [Parser.C:1274] curAddr 0x804d6bc: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6be: jnz a + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d6bc,804d6c0) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz a + EIP + 2 to 0x804d6be...SUCCESS (CFT=0x804d6ca) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d6be->804d6ca resolveable_edge: 1, tailcall: 0, target: 804d6ca [ParserDetails.C:588] pushing 804d6ca onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d6be->804d6c0 resolveable_edge: 1, tailcall: 0, target: 804d6c0 [ParserDetails.C:588] pushing 804d6c0 onto worklist [Parser.C:1485] recording block [804d6ca,804d6ca) [Parser.C] parsing block 804d6ca [Parser.C:1274] curAddr 0x804d6ca: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6ce: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6d5: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6d8: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6da: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6dc: lea EDX, EBX + ffff8c6c [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6e2: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6e6: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6e9: call fffff352 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff352 + EIP + 5 to 0x804d6e9...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804d6ca,804d6ee) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d6e9->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d6e9->804d6ee resolveable_edge: 1, tailcall: 0, target: 804d6ee [ParserDetails.C:588] pushing 804d6ee onto worklist [Parser.C] binding call 804d6e9->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804d6ee,804d6ee) [Parser.C] parsing block 804d6ee [Parser.C:1274] curAddr 0x804d6ee: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6f0: jnz 24 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d6ee,804d6f2) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 24 + EIP + 2 to 0x804d6f0...SUCCESS (CFT=0x804d716) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d6f0->804d716 resolveable_edge: 1, tailcall: 0, target: 804d716 [ParserDetails.C:588] pushing 804d716 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d6f0->804d6f2 resolveable_edge: 1, tailcall: 0, target: 804d6f2 [ParserDetails.C:588] pushing 804d6f2 onto worklist [Parser.C:1485] recording block [804d716,804d716) [Parser.C] parsing block 804d716 [Parser.C:1274] curAddr 0x804d716: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d71a: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d721: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d724: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d726: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d728: lea EDX, EBX + ffff8c77 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d72e: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d732: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d735: call fffff306 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff306 + EIP + 5 to 0x804d735...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804d716,804d73a) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d735->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d735->804d73a resolveable_edge: 1, tailcall: 0, target: 804d73a [ParserDetails.C:588] pushing 804d73a onto worklist [Parser.C] binding call 804d735->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804d73a,804d73a) [Parser.C] parsing block 804d73a [Parser.C:1274] curAddr 0x804d73a: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d73c: jnz 2c + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d73a,804d73e) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 2c + EIP + 2 to 0x804d73c...SUCCESS (CFT=0x804d76a) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d73c->804d76a resolveable_edge: 1, tailcall: 0, target: 804d76a [ParserDetails.C:588] pushing 804d76a onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d73c->804d73e resolveable_edge: 1, tailcall: 0, target: 804d73e [ParserDetails.C:588] pushing 804d73e onto worklist [Parser.C:1485] recording block [804d76a,804d76a) [Parser.C] parsing block 804d76a [Parser.C:1274] curAddr 0x804d76a: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d76e: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d775: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d778: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d77a: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d77c: lea EDX, EBX + ffff8c81 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d782: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d786: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d789: call fffff2b2 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff2b2 + EIP + 5 to 0x804d789...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804d76a,804d78e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d789->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d789->804d78e resolveable_edge: 1, tailcall: 0, target: 804d78e [ParserDetails.C:588] pushing 804d78e onto worklist [Parser.C] binding call 804d789->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804d78e,804d78e) [Parser.C] parsing block 804d78e [Parser.C:1274] curAddr 0x804d78e: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d790: jnz 3e + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d78e,804d792) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 3e + EIP + 2 to 0x804d790...SUCCESS (CFT=0x804d7d0) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d790->804d7d0 resolveable_edge: 1, tailcall: 0, target: 804d7d0 [ParserDetails.C:588] pushing 804d7d0 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d790->804d792 resolveable_edge: 1, tailcall: 0, target: 804d792 [ParserDetails.C:588] pushing 804d792 onto worklist [Parser.C:1485] recording block [804d7d0,804d7d0) [Parser.C] parsing block 804d7d0 [Parser.C:1274] curAddr 0x804d7d0: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7d4: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7db: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7de: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7e0: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7e2: lea EDX, EBX + ffff8c8e [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7e8: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7ec: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7ef: call fffff24c + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff24c + EIP + 5 to 0x804d7ef...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804d7d0,804d7f4) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d7ef->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d7ef->804d7f4 resolveable_edge: 1, tailcall: 0, target: 804d7f4 [ParserDetails.C:588] pushing 804d7f4 onto worklist [Parser.C] binding call 804d7ef->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804d7f4,804d7f4) [Parser.C] parsing block 804d7f4 [Parser.C:1274] curAddr 0x804d7f4: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7f6: jnz 6f + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d7f4,804d7f8) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 6f + EIP + 2 to 0x804d7f6...SUCCESS (CFT=0x804d867) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d7f6->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d7f6->804d7f8 resolveable_edge: 1, tailcall: 0, target: 804d7f8 [ParserDetails.C:588] pushing 804d7f8 onto worklist [Parser.C:1485] recording block [804d867,804d867) [Parser.C] parsing block 804d867 [Parser.C:1274] curAddr 0x804d867: add [ESP + 3c], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C] straight-line parse into block at 804d86c [Parser.C:1485] recording block [804d867,804d86c) [Parser.C] block 804d86c exists [Parser.C:1485] recording block [804d256,804d256) [Parser.C] parsing block 804d256 [Parser.C:1274] curAddr 0x804d256: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d25c: mov [EAX], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d262: jmp 600 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 600 + EIP + 5 to 0x804d262...SUCCESS (CFT=0x804d867) [Parser.C:1485] recording block [804d256,804d267) Getting edges Checking for Tail Call jump to 0x804d867 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d262->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist [Parser.C:1485] recording block [804d28f,804d28f) [Parser.C] parsing block 804d28f [Parser.C:1274] curAddr 0x804d28f: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d293: add EAX, 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d296: cmp EAX, [ESP + 1c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d29a: jb 29 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d28f,804d29c) Getting edges IA_IAPI.C[847]: binding PC EIP in jb 29 + EIP + 2 to 0x804d29a...SUCCESS (CFT=0x804d2c5) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d29a->804d2c5 resolveable_edge: 1, tailcall: 0, target: 804d2c5 [ParserDetails.C:588] pushing 804d2c5 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d29a->804d29c resolveable_edge: 1, tailcall: 0, target: 804d29c [ParserDetails.C:588] pushing 804d29c onto worklist [Parser.C:1485] recording block [804d2c5,804d2c5) [Parser.C] parsing block 804d2c5 [Parser.C:1274] curAddr 0x804d2c5: add [ESP + 3c], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2ca: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2ce: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2d5: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2d8: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2da: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2dc: mov [ESP + 34], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2e0: jmp 582 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 582 + EIP + 5 to 0x804d2e0...SUCCESS (CFT=0x804d867) [Parser.C:1485] recording block [804d2c5,804d2e5) Getting edges Checking for Tail Call jump to 0x804d867 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d2e0->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist [Parser.C:1485] recording block [804d29c,804d29c) [Parser.C] parsing block 804d29c [Parser.C:1274] curAddr 0x804d29c: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2a2: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2a4: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2a6: lea EDX, EBX + ffff8b2a [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2ac: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2b0: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2b7: call EAX [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x804d2b7...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804d29c,804d2b9) Getting edges Returned 2 edges ... Call 0x804d2b7 is indirect ... Call 0x804d2b7 is indirect ... Call 0x804d2b7 is indirect 2 edges: ParserDetails.C[64]: adding call edge 804d2b7->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804d2b7->804d2b9 resolveable_edge: 1, tailcall: 0, target: 804d2b9 [ParserDetails.C:588] pushing 804d2b9 onto worklist [Parser.C:1485] recording block [804d2b9,804d2b9) [Parser.C] parsing block 804d2b9 [Parser.C:1274] curAddr 0x804d2b9: mov [ESP], ffffffff [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d2c0: call fffff88b + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff88b + EIP + 5 to 0x804d2c0...SUCCESS (CFT=0x804cb50) [Parser.C:1485] recording block [804d2b9,804d2c5) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d2c0->804cb50 resolveable_edge: 1, tailcall: 0, target: 804cb50 [ParserDetails.C:588] pushing 804cb50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d2c0->804d2c5 resolveable_edge: 1, tailcall: 0, target: 804d2c5 [ParserDetails.C:588] pushing 804d2c5 onto worklist [Parser.C] binding call 804d2c0->804cb50 [Parser.C] block 804cb50 exists Checking non-returning for exit Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804cb50 at 804d2c0 [Parser.C:1485] recording block [804d311,804d311) [Parser.C] parsing block 804d311 [Parser.C:1274] curAddr 0x804d311: mov [EBX + 7c4], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d31b: add [ESP + 3c], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d320: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d324: cmp EAX, [ESP + 1c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d328: jb 50 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d311,804d32a) Getting edges IA_IAPI.C[847]: binding PC EIP in jb 50 + EIP + 2 to 0x804d328...SUCCESS (CFT=0x804d37a) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d328->804d37a resolveable_edge: 1, tailcall: 0, target: 804d37a [ParserDetails.C:588] pushing 804d37a onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d328->804d32a resolveable_edge: 1, tailcall: 0, target: 804d32a [ParserDetails.C:588] pushing 804d32a onto worklist [Parser.C:1485] recording block [804d37a,804d37a) [Parser.C] parsing block 804d37a [Parser.C:1274] curAddr 0x804d37a: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d37e: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d385: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d388: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d38a: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d38c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d38f: call fffff8cc + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff8cc + EIP + 5 to 0x804d38f...SUCCESS (CFT=0x804cc60) [Parser.C:1485] recording block [804d37a,804d394) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d38f->804cc60 resolveable_edge: 1, tailcall: 0, target: 804cc60 [ParserDetails.C:588] pushing 804cc60 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d38f->804d394 resolveable_edge: 1, tailcall: 0, target: 804d394 [ParserDetails.C:588] pushing 804d394 onto worklist [Parser.C] binding call 804d38f->804cc60 [ParseData.C] new function for target 804cc60 [Parser.C:1485] recording block [804cc60,804cc60) [suspend frame 804d14a] [Parser.C] frame 804d14a blocked at 804d38f call target 804cc60 [Parser.C] block 804cc60 exists [Parser.C] ==== starting to parse frame 804cc60 ==== [Parser.C] parsing block 804cc60 [Parser.C:1274] curAddr 0x804cc60: jmp [805c09c] [Parser.C:1280] leaf 1 funcname targ804cc60 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c09c] to 0x804cc60...FAIL (CFT=0x0), callTarget exp: [805c09c] ... indirect jump at 0x804cc60, delay parsing it [Parser.C:1485] recording block [804cc60,804cc66) ... continue parse indirect jump at 804cc60 [Parser.C:1485] recording block [804cc60,804cc66) Getting edges ... indirect jump at 0x804cc60 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c09c] at 0x804cc60 Apply indirect control flow analysis at 804cc60 Looking for thunk Looking for thunk in block [804cc60,804cc66).......WARNING: after advance at 0x804cc66, curInsn() NULL Expanding instruction @ 804cc60: jmp [805c09c] Original expand: (<134594716:32>,) Adding assignment (@804cc60<[x86::eip]>[_805c09c]) in instruction jmp [805c09c] at 804cc60, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cc60, insn: jmp [805c09c] Old fact for 804cc60: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cc60 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cc60<[x86::eip]>[_805c09c]) Instruction: jmp [805c09c] AST: (<134594716:64>,) Generate bound fact for Interval 0[134594716,134594716] 0[805c09c,805c09c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594716:64>,) Apply relations2 to (<134594716:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594716,134594716] 0[805c09c,805c09c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594716:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cc60 The fact from 804cc60 before applying transfer function Do not track predicate Var: , Interval 0[134594716,134594716] 0[805c09c,805c09c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594716:64>,) No known value at the top of the stack Fact from 804cc60 after applying transfer function Do not track predicate Var: , Interval 0[134594716,134594716] 0[805c09c,805c09c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594716:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594716,134594716] 0[805c09c,805c09c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594716:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594716,134594716] 0[805c09c,805c09c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c09c not read only, returning false Not jump table format! [Parser.C] finalizing targ804cc60 (804cc60) No targets, exits func Adding block 0x804cc60 as exit 804cc60 extent [804cc60,804cc66) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c09c] at 0x804cc60 in function targ804cc60 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cc60->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for atoi [Parser.C] frame 804cc60 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] atoi return status 2, no waiters [Parser.C] ==== resuming parse of frame 804d14a ==== Checking non-returning for atoi [Parser.C:1485] recording block [804d394,804d394) [Parser.C] parsing block 804d394 [Parser.C:1274] curAddr 0x804d394: mov [EBX + 7b8], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d39a: jmp 4c8 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 4c8 + EIP + 5 to 0x804d39a...SUCCESS (CFT=0x804d867) [Parser.C:1485] recording block [804d394,804d39f) Getting edges Checking for Tail Call jump to 0x804d867 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d39a->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist [Parser.C:1485] recording block [804d32a,804d32a) [Parser.C] parsing block 804d32a [Parser.C:1274] curAddr 0x804d32a: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d330: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d332: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d334: lea EDX, EBX + ffff8b49 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d33a: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d33e: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d345: call EAX [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x804d345...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804d32a,804d347) Getting edges Returned 2 edges ... Call 0x804d345 is indirect ... Call 0x804d345 is indirect ... Call 0x804d345 is indirect 2 edges: ParserDetails.C[64]: adding call edge 804d345->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804d345->804d347 resolveable_edge: 1, tailcall: 0, target: 804d347 [ParserDetails.C:588] pushing 804d347 onto worklist [Parser.C:1485] recording block [804d347,804d347) [Parser.C] parsing block 804d347 [Parser.C:1274] curAddr 0x804d347: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d34d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d34f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d351: lea EDX, EBX + ffff8b58 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d357: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d35b: lea EDX, EBX + ffff8a27 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d361: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d365: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d36c: call EAX [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x804d36c...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804d347,804d36e) Getting edges Returned 2 edges ... Call 0x804d36c is indirect ... Call 0x804d36c is indirect ... Call 0x804d36c is indirect 2 edges: ParserDetails.C[64]: adding call edge 804d36c->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804d36c->804d36e resolveable_edge: 1, tailcall: 0, target: 804d36e [ParserDetails.C:588] pushing 804d36e onto worklist [Parser.C:1485] recording block [804d36e,804d36e) [Parser.C] parsing block 804d36e [Parser.C:1274] curAddr 0x804d36e: mov [ESP], ffffffff [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d375: call fffff7d6 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff7d6 + EIP + 5 to 0x804d375...SUCCESS (CFT=0x804cb50) [Parser.C:1485] recording block [804d36e,804d37a) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d375->804cb50 resolveable_edge: 1, tailcall: 0, target: 804cb50 [ParserDetails.C:588] pushing 804cb50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d375->804d37a resolveable_edge: 1, tailcall: 0, target: 804d37a [ParserDetails.C:588] pushing 804d37a onto worklist [Parser.C] binding call 804d375->804cb50 [Parser.C] block 804cb50 exists Checking non-returning for exit Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804cb50 at 804d375 [Parser.C:1485] recording block [804d3c7,804d3c7) [Parser.C] parsing block 804d3c7 [Parser.C:1274] curAddr 0x804d3c7: mov [EBX + 7bc], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d3d1: jmp 491 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 491 + EIP + 5 to 0x804d3d1...SUCCESS (CFT=0x804d867) [Parser.C:1485] recording block [804d3c7,804d3d6) Getting edges Checking for Tail Call jump to 0x804d867 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d3d1->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist [Parser.C:1485] recording block [804d3fe,804d3fe) [Parser.C] parsing block 804d3fe [Parser.C:1274] curAddr 0x804d3fe: mov [EBX + 7c0], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d408: jmp 45a + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 45a + EIP + 5 to 0x804d408...SUCCESS (CFT=0x804d867) [Parser.C:1485] recording block [804d3fe,804d40d) Getting edges Checking for Tail Call jump to 0x804d867 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d408->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist [Parser.C:1485] recording block [804d439,804d439) [Parser.C] parsing block 804d439 [Parser.C:1274] curAddr 0x804d439: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d43d: add EAX, 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d440: cmp EAX, [ESP + 1c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d444: jb 29 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d439,804d446) Getting edges IA_IAPI.C[847]: binding PC EIP in jb 29 + EIP + 2 to 0x804d444...SUCCESS (CFT=0x804d46f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d444->804d46f resolveable_edge: 1, tailcall: 0, target: 804d46f [ParserDetails.C:588] pushing 804d46f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d444->804d446 resolveable_edge: 1, tailcall: 0, target: 804d446 [ParserDetails.C:588] pushing 804d446 onto worklist [Parser.C:1485] recording block [804d46f,804d46f) [Parser.C] parsing block 804d46f [Parser.C:1274] curAddr 0x804d46f: add [ESP + 3c], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d474: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d478: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d47f: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d482: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d484: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d486: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d489: call fffff602 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff602 + EIP + 5 to 0x804d489...SUCCESS (CFT=0x804ca90) [Parser.C:1485] recording block [804d46f,804d48e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d489->804ca90 resolveable_edge: 1, tailcall: 0, target: 804ca90 [ParserDetails.C:588] pushing 804ca90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d489->804d48e resolveable_edge: 1, tailcall: 0, target: 804d48e [ParserDetails.C:588] pushing 804d48e onto worklist [Parser.C] binding call 804d489->804ca90 [ParseData.C] new function for target 804ca90 [Parser.C:1485] recording block [804ca90,804ca90) [suspend frame 804d14a] [Parser.C] frame 804d14a blocked at 804d489 call target 804ca90 [Parser.C] block 804ca90 exists [Parser.C] ==== starting to parse frame 804ca90 ==== [Parser.C] parsing block 804ca90 [Parser.C:1274] curAddr 0x804ca90: jmp [805c028] [Parser.C:1280] leaf 1 funcname targ804ca90 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c028] to 0x804ca90...FAIL (CFT=0x0), callTarget exp: [805c028] ... indirect jump at 0x804ca90, delay parsing it [Parser.C:1485] recording block [804ca90,804ca96) ... continue parse indirect jump at 804ca90 [Parser.C:1485] recording block [804ca90,804ca96) Getting edges ... indirect jump at 0x804ca90 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c028] at 0x804ca90 Apply indirect control flow analysis at 804ca90 Looking for thunk Looking for thunk in block [804ca90,804ca96).......WARNING: after advance at 0x804ca96, curInsn() NULL Expanding instruction @ 804ca90: jmp [805c028] Original expand: (<134594600:32>,) Adding assignment (@804ca90<[x86::eip]>[_805c028]) in instruction jmp [805c028] at 804ca90, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804ca90, insn: jmp [805c028] Old fact for 804ca90: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804ca90 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804ca90<[x86::eip]>[_805c028]) Instruction: jmp [805c028] AST: (<134594600:64>,) Generate bound fact for Interval 0[134594600,134594600] 0[805c028,805c028], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594600:64>,) Apply relations2 to (<134594600:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594600,134594600] 0[805c028,805c028], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594600:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804ca90 The fact from 804ca90 before applying transfer function Do not track predicate Var: , Interval 0[134594600,134594600] 0[805c028,805c028], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594600:64>,) No known value at the top of the stack Fact from 804ca90 after applying transfer function Do not track predicate Var: , Interval 0[134594600,134594600] 0[805c028,805c028], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594600:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594600,134594600] 0[805c028,805c028], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594600:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594600,134594600] 0[805c028,805c028], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c028 not read only, returning false Not jump table format! [Parser.C] finalizing targ804ca90 (804ca90) No targets, exits func Adding block 0x804ca90 as exit 804ca90 extent [804ca90,804ca96) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c028] at 0x804ca90 in function targ804ca90 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804ca90->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for strdup [Parser.C] frame 804ca90 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] strdup return status 2, no waiters [Parser.C] ==== resuming parse of frame 804d14a ==== Checking non-returning for strdup [Parser.C:1485] recording block [804d48e,804d48e) [Parser.C] parsing block 804d48e [Parser.C:1274] curAddr 0x804d48e: mov [ESP + 14], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d492: lea EAX, EBX + ffff8bda [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d498: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d49c: mov EAX, [ESP + 14] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d4a0: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d4a3: call fffff778 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff778 + EIP + 5 to 0x804d4a3...SUCCESS (CFT=0x804cc20) [Parser.C:1485] recording block [804d48e,804d4a8) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d4a3->804cc20 resolveable_edge: 1, tailcall: 0, target: 804cc20 [ParserDetails.C:588] pushing 804cc20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d4a3->804d4a8 resolveable_edge: 1, tailcall: 0, target: 804d4a8 [ParserDetails.C:588] pushing 804d4a8 onto worklist [Parser.C] binding call 804d4a3->804cc20 [ParseData.C] new function for target 804cc20 [Parser.C:1485] recording block [804cc20,804cc20) [suspend frame 804d14a] [Parser.C] frame 804d14a blocked at 804d4a3 call target 804cc20 [Parser.C] block 804cc20 exists [Parser.C] ==== starting to parse frame 804cc20 ==== [Parser.C] parsing block 804cc20 [Parser.C:1274] curAddr 0x804cc20: jmp [805c08c] [Parser.C:1280] leaf 1 funcname targ804cc20 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c08c] to 0x804cc20...FAIL (CFT=0x0), callTarget exp: [805c08c] ... indirect jump at 0x804cc20, delay parsing it [Parser.C:1485] recording block [804cc20,804cc26) ... continue parse indirect jump at 804cc20 [Parser.C:1485] recording block [804cc20,804cc26) Getting edges ... indirect jump at 0x804cc20 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c08c] at 0x804cc20 Apply indirect control flow analysis at 804cc20 Looking for thunk Looking for thunk in block [804cc20,804cc26).......WARNING: after advance at 0x804cc26, curInsn() NULL Expanding instruction @ 804cc20: jmp [805c08c] Original expand: (<134594700:32>,) Adding assignment (@804cc20<[x86::eip]>[_805c08c]) in instruction jmp [805c08c] at 804cc20, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cc20, insn: jmp [805c08c] Old fact for 804cc20: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cc20 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cc20<[x86::eip]>[_805c08c]) Instruction: jmp [805c08c] AST: (<134594700:64>,) Generate bound fact for Interval 0[134594700,134594700] 0[805c08c,805c08c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594700:64>,) Apply relations2 to (<134594700:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594700,134594700] 0[805c08c,805c08c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594700:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cc20 The fact from 804cc20 before applying transfer function Do not track predicate Var: , Interval 0[134594700,134594700] 0[805c08c,805c08c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594700:64>,) No known value at the top of the stack Fact from 804cc20 after applying transfer function Do not track predicate Var: , Interval 0[134594700,134594700] 0[805c08c,805c08c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594700:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594700,134594700] 0[805c08c,805c08c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594700:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594700,134594700] 0[805c08c,805c08c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c08c not read only, returning false Not jump table format! [Parser.C] finalizing targ804cc20 (804cc20) No targets, exits func Adding block 0x804cc20 as exit 804cc20 extent [804cc20,804cc26) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c08c] at 0x804cc20 in function targ804cc20 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cc20->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for strtok [Parser.C] frame 804cc20 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] strtok return status 2, no waiters [Parser.C] ==== resuming parse of frame 804d14a ==== Checking non-returning for strtok [Parser.C:1485] recording block [804d4a8,804d4a8) [Parser.C] parsing block 804d4a8 [Parser.C:1274] curAddr 0x804d4a8: mov [ESP + 20], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d4ac: mov EAX, [ESP + 20] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d4b0: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d4b3: call fffff918 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff918 + EIP + 5 to 0x804d4b3...SUCCESS (CFT=0x804cdd0) [Parser.C:1485] recording block [804d4a8,804d4b8) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d4b3->804cdd0 resolveable_edge: 1, tailcall: 0, target: 804cdd0 [ParserDetails.C:588] pushing 804cdd0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d4b3->804d4b8 resolveable_edge: 1, tailcall: 0, target: 804d4b8 [ParserDetails.C:588] pushing 804d4b8 onto worklist [Parser.C] binding call 804d4b3->804cdd0 [Parser.C] block 804cdd0 exists Checking non-returning for setRunTest Checking non-returning for setRunTest [Parser.C:1485] recording block [804d4b8,804d4b8) [Parser.C] parsing block 804d4b8 [Parser.C:1274] curAddr 0x804d4b8: jmp 2d + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 2d + EIP + 2 to 0x804d4b8...SUCCESS (CFT=0x804d4e7) [Parser.C:1485] recording block [804d4b8,804d4ba) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 804d4b8->804d4e7 resolveable_edge: 1, tailcall: 0, target: 804d4e7 [ParserDetails.C:588] pushing 804d4e7 onto worklist [Parser.C:1485] recording block [804d446,804d446) [Parser.C] parsing block 804d446 [Parser.C:1274] curAddr 0x804d446: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d44c: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d44e: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d450: lea EDX, EBX + ffff8bb4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d456: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d45a: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d461: call EAX [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x804d461...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804d446,804d463) Getting edges Returned 2 edges ... Call 0x804d461 is indirect ... Call 0x804d461 is indirect ... Call 0x804d461 is indirect 2 edges: ParserDetails.C[64]: adding call edge 804d461->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804d461->804d463 resolveable_edge: 1, tailcall: 0, target: 804d463 [ParserDetails.C:588] pushing 804d463 onto worklist [Parser.C:1485] recording block [804d463,804d463) [Parser.C] parsing block 804d463 [Parser.C:1274] curAddr 0x804d463: mov [ESP], ffffffff [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d46a: call fffff6e1 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff6e1 + EIP + 5 to 0x804d46a...SUCCESS (CFT=0x804cb50) [Parser.C:1485] recording block [804d463,804d46f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d46a->804cb50 resolveable_edge: 1, tailcall: 0, target: 804cb50 [ParserDetails.C:588] pushing 804cb50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d46a->804d46f resolveable_edge: 1, tailcall: 0, target: 804d46f [ParserDetails.C:588] pushing 804d46f onto worklist [Parser.C] binding call 804d46a->804cb50 [Parser.C] block 804cb50 exists Checking non-returning for exit Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804cb50 at 804d46a [Parser.C:1485] recording block [804d527,804d527) [Parser.C] parsing block 804d527 [Parser.C:1274] curAddr 0x804d527: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d52b: add EAX, 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d52e: cmp EAX, [ESP + 1c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d532: jb 29 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d527,804d534) Getting edges IA_IAPI.C[847]: binding PC EIP in jb 29 + EIP + 2 to 0x804d532...SUCCESS (CFT=0x804d55d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d532->804d55d resolveable_edge: 1, tailcall: 0, target: 804d55d [ParserDetails.C:588] pushing 804d55d onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d532->804d534 resolveable_edge: 1, tailcall: 0, target: 804d534 [ParserDetails.C:588] pushing 804d534 onto worklist [Parser.C:1485] recording block [804d55d,804d55d) [Parser.C] parsing block 804d55d [Parser.C:1274] curAddr 0x804d55d: add [ESP + 3c], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d562: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d566: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d56d: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d570: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d572: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d574: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d577: call fffffa54 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffa54 + EIP + 5 to 0x804d577...SUCCESS (CFT=0x804cfd0) [Parser.C:1485] recording block [804d55d,804d57c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d577->804cfd0 resolveable_edge: 1, tailcall: 0, target: 804cfd0 [ParserDetails.C:588] pushing 804cfd0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d577->804d57c resolveable_edge: 1, tailcall: 0, target: 804d57c [ParserDetails.C:588] pushing 804d57c onto worklist [Parser.C] binding call 804d577->804cfd0 [Parser.C:1485] recording block [804cfd0,804cfd0) [suspend frame 804d14a] [Parser.C] frame 804d14a blocked at 804d577 call target 804cfd0 [Parser.C] block 804cfd0 exists [Parser.C] ==== starting to parse frame 804cfd0 ==== [Parser.C] parsing block 804cfd0 [Parser.C:1274] curAddr 0x804cfd0: push EBP, ESP [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804cfd1: mov EBP, ESP [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804cfd3: push EBX, ESP [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804cfd4: sub ESP, 14 [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804cfd7: call fffffd24 + EIP + 5 [Parser.C:1280] leaf 1 funcname setLabel hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffd24 + EIP + 5 to 0x804cfd7...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804cfdc: add EBX, f024 [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804cfe2: lea EAX, EBX + cc [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804cfe8: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804cfea: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804cfed: jle 1f + EIP + 2 [Parser.C:1280] leaf 1 funcname setLabel hasCFT called branch or return, ret true [Parser.C:1485] recording block [804cfd0,804cfef) Getting edges IA_IAPI.C[847]: binding PC EIP in jle 1f + EIP + 2 to 0x804cfed...SUCCESS (CFT=0x804d00e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804cfed->804d00e resolveable_edge: 1, tailcall: 0, target: 804d00e [ParserDetails.C:588] pushing 804d00e onto worklist ParserDetails.C[80]: adding conditional not taken edge 804cfed->804cfef resolveable_edge: 1, tailcall: 0, target: 804cfef [ParserDetails.C:588] pushing 804cfef onto worklist [Parser.C:1485] recording block [804d00e,804d00e) [Parser.C] parsing block 804d00e [Parser.C:1274] curAddr 0x804d00e: lea EAX, EBX + e0 [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804d014: mov EDX, [EBP + 8] [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804d017: mov [EAX + c], EDX [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804d01a: add ESP, 14 [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804d01d: pop EBX, ESP [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804d01e: pop EBP, ESP [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804d01f: ret near [ESP] [Parser.C:1280] leaf 1 funcname setLabel hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d00e,804d020) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804d01f Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804d01f...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804cfef,804cfef) [Parser.C] parsing block 804cfef [Parser.C:1274] curAddr 0x804cfef: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804cff5: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804cff7: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804cff9: lea EDX, EBX + ffff8a58 [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804cfff: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804d003: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname setLabel hasCFT called [Parser.C:1274] curAddr 0x804d00a: call EAX [Parser.C:1280] leaf 1 funcname setLabel hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x804d00a...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804cfef,804d00c) Getting edges Returned 2 edges ... Call 0x804d00a is indirect ... Call 0x804d00a is indirect ... Call 0x804d00a is indirect 2 edges: ParserDetails.C[64]: adding call edge 804d00a->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804d00a->804d00c resolveable_edge: 1, tailcall: 0, target: 804d00c [ParserDetails.C:588] pushing 804d00c onto worklist [Parser.C:1485] recording block [804d00c,804d00c) [Parser.C] parsing block 804d00c [Parser.C:1274] curAddr 0x804d00c: jmp c + EIP + 2 [Parser.C:1280] leaf 1 funcname setLabel hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp c + EIP + 2 to 0x804d00c...SUCCESS (CFT=0x804d01a) [Parser.C:1485] recording block [804d00c,804d00e) Getting edges Checking for Tail Call jump to 0x804d01a is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d00c->804d01a resolveable_edge: 1, tailcall: 0, target: 804d01a [ParserDetails.C:588] pushing 804d01a onto worklist [Parser.C] address 804d01a splits [804d00e,804d020) (0x1ddb610) [Parser.C:1485] recording block [804d01a,804d020) [Parser.C] skipping locally parsed target at 804d01a [Parser.C] frame 804cfd0 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] setLabel return status 3, no waiters [Parser.C] ==== resuming parse of frame 804d14a ==== Checking non-returning for setLabel Checking non-returning for setLabel [Parser.C:1485] recording block [804d57c,804d57c) [Parser.C] parsing block 804d57c [Parser.C:1274] curAddr 0x804d57c: add [ESP + 28], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d581: jmp 2e1 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 2e1 + EIP + 5 to 0x804d581...SUCCESS (CFT=0x804d867) [Parser.C:1485] recording block [804d57c,804d586) Getting edges Checking for Tail Call jump to 0x804d867 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d581->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist [Parser.C:1485] recording block [804d534,804d534) [Parser.C] parsing block 804d534 [Parser.C:1274] curAddr 0x804d534: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d53a: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d53c: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d53e: lea EDX, EBX + ffff8be4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d544: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d548: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d54f: call EAX [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x804d54f...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804d534,804d551) Getting edges Returned 2 edges ... Call 0x804d54f is indirect ... Call 0x804d54f is indirect ... Call 0x804d54f is indirect 2 edges: ParserDetails.C[64]: adding call edge 804d54f->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804d54f->804d551 resolveable_edge: 1, tailcall: 0, target: 804d551 [ParserDetails.C:588] pushing 804d551 onto worklist [Parser.C:1485] recording block [804d551,804d551) [Parser.C] parsing block 804d551 [Parser.C:1274] curAddr 0x804d551: mov [ESP], ffffffff [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d558: call fffff5f3 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff5f3 + EIP + 5 to 0x804d558...SUCCESS (CFT=0x804cb50) [Parser.C:1485] recording block [804d551,804d55d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d558->804cb50 resolveable_edge: 1, tailcall: 0, target: 804cb50 [ParserDetails.C:588] pushing 804cb50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d558->804d55d resolveable_edge: 1, tailcall: 0, target: 804d55d [ParserDetails.C:588] pushing 804d55d onto worklist [Parser.C] binding call 804d558->804cb50 [Parser.C] block 804cb50 exists Checking non-returning for exit Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804cb50 at 804d558 [Parser.C:1485] recording block [804d5ae,804d5ae) [Parser.C] parsing block 804d5ae [Parser.C:1274] curAddr 0x804d5ae: mov [ESP + 24], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5b6: jmp 2ac + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 2ac + EIP + 5 to 0x804d5b6...SUCCESS (CFT=0x804d867) [Parser.C:1485] recording block [804d5ae,804d5bb) Getting edges Checking for Tail Call jump to 0x804d867 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d5b6->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist [Parser.C:1485] recording block [804d5e3,804d5e3) [Parser.C] parsing block 804d5e3 [Parser.C:1274] curAddr 0x804d5e3: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5e7: add EAX, 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5ea: cmp EAX, [ESP + 1c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5ee: jb 29 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d5e3,804d5f0) Getting edges IA_IAPI.C[847]: binding PC EIP in jb 29 + EIP + 2 to 0x804d5ee...SUCCESS (CFT=0x804d619) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d5ee->804d619 resolveable_edge: 1, tailcall: 0, target: 804d619 [ParserDetails.C:588] pushing 804d619 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d5ee->804d5f0 resolveable_edge: 1, tailcall: 0, target: 804d5f0 [ParserDetails.C:588] pushing 804d5f0 onto worklist [Parser.C:1485] recording block [804d619,804d619) [Parser.C] parsing block 804d619 [Parser.C:1274] curAddr 0x804d619: add [ESP + 3c], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d61e: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d622: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d629: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d62c: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d62e: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d630: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d633: call 6ab7 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call 6ab7 + EIP + 5 to 0x804d633...SUCCESS (CFT=0x80540ef) [Parser.C:1485] recording block [804d619,804d638) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d633->80540ef resolveable_edge: 1, tailcall: 0, target: 80540ef [ParserDetails.C:588] pushing 80540ef onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d633->804d638 resolveable_edge: 1, tailcall: 0, target: 804d638 [ParserDetails.C:588] pushing 804d638 onto worklist [Parser.C] binding call 804d633->80540ef [Parser.C] block 80540ef exists Checking non-returning for setHumanLog Checking non-returning for setHumanLog [Parser.C:1485] recording block [804d638,804d638) [Parser.C] parsing block 804d638 [Parser.C:1274] curAddr 0x804d638: jmp 22a + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 22a + EIP + 5 to 0x804d638...SUCCESS (CFT=0x804d867) [Parser.C:1485] recording block [804d638,804d63d) Getting edges Checking for Tail Call jump to 0x804d867 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d638->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist [Parser.C:1485] recording block [804d5f0,804d5f0) [Parser.C] parsing block 804d5f0 [Parser.C:1274] curAddr 0x804d5f0: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5f6: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5f8: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d5fa: lea EDX, EBX + ffff8c28 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d600: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d604: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d60b: call EAX [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x804d60b...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804d5f0,804d60d) Getting edges Returned 2 edges ... Call 0x804d60b is indirect ... Call 0x804d60b is indirect ... Call 0x804d60b is indirect 2 edges: ParserDetails.C[64]: adding call edge 804d60b->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804d60b->804d60d resolveable_edge: 1, tailcall: 0, target: 804d60d [ParserDetails.C:588] pushing 804d60d onto worklist [Parser.C:1485] recording block [804d60d,804d60d) [Parser.C] parsing block 804d60d [Parser.C:1274] curAddr 0x804d60d: mov [ESP], ffffffff [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d614: call fffff537 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff537 + EIP + 5 to 0x804d614...SUCCESS (CFT=0x804cb50) [Parser.C:1485] recording block [804d60d,804d619) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d614->804cb50 resolveable_edge: 1, tailcall: 0, target: 804cb50 [ParserDetails.C:588] pushing 804cb50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d614->804d619 resolveable_edge: 1, tailcall: 0, target: 804d619 [ParserDetails.C:588] pushing 804d619 onto worklist [Parser.C] binding call 804d614->804cb50 [Parser.C] block 804cb50 exists Checking non-returning for exit Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804cb50 at 804d614 [Parser.C:1485] recording block [804d665,804d665) [Parser.C] parsing block 804d665 [Parser.C:1274] curAddr 0x804d665: mov [ESP + 38], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d66d: jmp 16 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 16 + EIP + 2 to 0x804d66d...SUCCESS (CFT=0x804d685) [Parser.C:1485] recording block [804d665,804d66f) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 804d66d->804d685 resolveable_edge: 1, tailcall: 0, target: 804d685 [ParserDetails.C:588] pushing 804d685 onto worklist [Parser.C:1485] recording block [804d6c0,804d6c0) [Parser.C] parsing block 804d6c0 [Parser.C:1274] curAddr 0x804d6c0: call 6398 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call 6398 + EIP + 5 to 0x804d6c0...SUCCESS (CFT=0x8053a5d) [Parser.C:1485] recording block [804d6c0,804d6c5) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d6c0->8053a5d resolveable_edge: 1, tailcall: 0, target: 8053a5d [ParserDetails.C:588] pushing 8053a5d onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d6c0->804d6c5 resolveable_edge: 1, tailcall: 0, target: 804d6c5 [ParserDetails.C:588] pushing 804d6c5 onto worklist [Parser.C] binding call 804d6c0->8053a5d [Parser.C] block 8053a5d exists Checking non-returning for initDatabaseOutputDriver Checking non-returning for initDatabaseOutputDriver [Parser.C:1485] recording block [804d6c5,804d6c5) [Parser.C] parsing block 804d6c5 [Parser.C:1274] curAddr 0x804d6c5: jmp 19d + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 19d + EIP + 5 to 0x804d6c5...SUCCESS (CFT=0x804d867) [Parser.C:1485] recording block [804d6c5,804d6ca) Getting edges Checking for Tail Call jump to 0x804d867 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d6c5->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist [Parser.C:1485] recording block [804d6f2,804d6f2) [Parser.C] parsing block 804d6f2 [Parser.C:1274] curAddr 0x804d6f2: add [ESP + 3c], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6f7: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d6fb: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d702: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d705: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d707: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d709: lea EAX, EBX + 790 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d70f: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d711: jmp 151 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 151 + EIP + 5 to 0x804d711...SUCCESS (CFT=0x804d867) [Parser.C:1485] recording block [804d6f2,804d716) Getting edges Checking for Tail Call jump to 0x804d867 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d711->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist [Parser.C:1485] recording block [804d73e,804d73e) [Parser.C] parsing block 804d73e [Parser.C:1274] curAddr 0x804d73e: add [ESP + 3c], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d743: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d747: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d74e: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d751: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d753: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d755: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d758: call fffff503 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff503 + EIP + 5 to 0x804d758...SUCCESS (CFT=0x804cc60) [Parser.C:1485] recording block [804d73e,804d75d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d758->804cc60 resolveable_edge: 1, tailcall: 0, target: 804cc60 [ParserDetails.C:588] pushing 804cc60 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d758->804d75d resolveable_edge: 1, tailcall: 0, target: 804d75d [ParserDetails.C:588] pushing 804d75d onto worklist [Parser.C] binding call 804d758->804cc60 [Parser.C] block 804cc60 exists Checking non-returning for atoi [Parser.C:1485] recording block [804d75d,804d75d) [Parser.C] parsing block 804d75d [Parser.C:1274] curAddr 0x804d75d: lea EDX, EBX + a0c [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d763: mov [EDX], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d765: jmp fd + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp fd + EIP + 5 to 0x804d765...SUCCESS (CFT=0x804d867) [Parser.C:1485] recording block [804d75d,804d76a) Getting edges Checking for Tail Call jump to 0x804d867 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d765->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist [Parser.C:1485] recording block [804d792,804d792) [Parser.C] parsing block 804d792 [Parser.C:1274] curAddr 0x804d792: add [ESP + 3c], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d797: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d79b: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7a2: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7a5: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7a7: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7a9: lea EDX, EBX + ffff8a25 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7af: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7b3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7b6: call fffff405 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff405 + EIP + 5 to 0x804d7b6...SUCCESS (CFT=0x804cbc0) [Parser.C:1485] recording block [804d792,804d7bb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d7b6->804cbc0 resolveable_edge: 1, tailcall: 0, target: 804cbc0 [ParserDetails.C:588] pushing 804cbc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d7b6->804d7bb resolveable_edge: 1, tailcall: 0, target: 804d7bb [ParserDetails.C:588] pushing 804d7bb onto worklist [Parser.C] binding call 804d7b6->804cbc0 [Parser.C] block 804cbc0 exists Checking non-returning for fopen [Parser.C:1485] recording block [804d7bb,804d7bb) [Parser.C] parsing block 804d7bb [Parser.C:1274] curAddr 0x804d7bb: mov [ESP + 10], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7bf: mov EAX, [ESP + 10] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7c3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7c6: call fffff2d5 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff2d5 + EIP + 5 to 0x804d7c6...SUCCESS (CFT=0x804caa0) [Parser.C:1485] recording block [804d7bb,804d7cb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d7c6->804caa0 resolveable_edge: 1, tailcall: 0, target: 804caa0 [ParserDetails.C:588] pushing 804caa0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d7c6->804d7cb resolveable_edge: 1, tailcall: 0, target: 804d7cb [ParserDetails.C:588] pushing 804d7cb onto worklist [Parser.C] binding call 804d7c6->804caa0 [Parser.C] block 804caa0 exists Checking non-returning for fclose [Parser.C:1485] recording block [804d7cb,804d7cb) [Parser.C] parsing block 804d7cb [Parser.C:1274] curAddr 0x804d7cb: jmp 97 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 97 + EIP + 5 to 0x804d7cb...SUCCESS (CFT=0x804d867) [Parser.C:1485] recording block [804d7cb,804d7d0) Getting edges Checking for Tail Call jump to 0x804d867 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d7cb->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist [Parser.C:1485] recording block [804d7f8,804d7f8) [Parser.C] parsing block 804d7f8 [Parser.C:1274] curAddr 0x804d7f8: add [ESP + 3c], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d7fd: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d801: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d808: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d80b: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d80d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d80f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d812: call fffff449 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff449 + EIP + 5 to 0x804d812...SUCCESS (CFT=0x804cc60) [Parser.C:1485] recording block [804d7f8,804d817) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d812->804cc60 resolveable_edge: 1, tailcall: 0, target: 804cc60 [ParserDetails.C:588] pushing 804cc60 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d812->804d817 resolveable_edge: 1, tailcall: 0, target: 804d817 [ParserDetails.C:588] pushing 804d817 onto worklist [Parser.C] binding call 804d812->804cc60 [Parser.C] block 804cc60 exists Checking non-returning for atoi [Parser.C:1485] recording block [804d817,804d817) [Parser.C] parsing block 804d817 [Parser.C:1274] curAddr 0x804d817: lea EDX, EBX + 7b0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d81d: mov [EDX], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d81f: lea EAX, EBX + 7b0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d825: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d827: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d829: jnz 3c + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d817,804d82b) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 3c + EIP + 2 to 0x804d829...SUCCESS (CFT=0x804d867) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804d867 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804d829->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d829->804d82b resolveable_edge: 1, tailcall: 0, target: 804d82b [ParserDetails.C:588] pushing 804d82b onto worklist [Parser.C] block 804d867 exists [Parser.C] skipping locally parsed target at 804d867 [Parser.C:1485] recording block [804d82b,804d82b) [Parser.C] parsing block 804d82b [Parser.C:1274] curAddr 0x804d82b: mov EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d82f: lea EDX, 0 + EAX * 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d836: mov EAX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d839: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d83b: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d83d: mov EAX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d843: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d845: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d849: lea EDX, EBX + ffff8c99 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d84f: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d853: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d856: call fffff335 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff335 + EIP + 5 to 0x804d856...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [804d82b,804d85b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d856->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d856->804d85b resolveable_edge: 1, tailcall: 0, target: 804d85b [ParserDetails.C:588] pushing 804d85b onto worklist [Parser.C] binding call 804d856->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C:1485] recording block [804d85b,804d85b) [Parser.C] parsing block 804d85b [Parser.C:1274] curAddr 0x804d85b: mov [ESP], ffffffff [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d862: call fffff2e9 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff2e9 + EIP + 5 to 0x804d862...SUCCESS (CFT=0x804cb50) [Parser.C:1485] recording block [804d85b,804d867) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d862->804cb50 resolveable_edge: 1, tailcall: 0, target: 804cb50 [ParserDetails.C:588] pushing 804cb50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d862->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist [Parser.C] binding call 804d862->804cb50 [Parser.C] block 804cb50 exists Checking non-returning for exit Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804cb50 at 804d862 [Parser.C:1485] recording block [804d87a,804d87a) [Parser.C] parsing block 804d87a [Parser.C:1274] curAddr 0x804d87a: cmp [ESP + 34], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d87f: jz b3 + EIP + 6 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d87a,804d885) Getting edges IA_IAPI.C[847]: binding PC EIP in jz b3 + EIP + 6 to 0x804d87f...SUCCESS (CFT=0x804d938) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d87f->804d938 resolveable_edge: 1, tailcall: 0, target: 804d938 [ParserDetails.C:588] pushing 804d938 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d87f->804d885 resolveable_edge: 1, tailcall: 0, target: 804d885 [ParserDetails.C:588] pushing 804d885 onto worklist [Parser.C:1485] recording block [804d938,804d938) [Parser.C] parsing block 804d938 [Parser.C:1274] curAddr 0x804d938: mov EAX, [EBX + fffffffc] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d93e: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d940: lea EAX, EBX + 9e4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d946: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d948: mov EAX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d94e: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d950: lea EAX, EBX + 9e8 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d956: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d958: cmp [ESP + 1c], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d95d: jz c + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d938,804d95f) Getting edges IA_IAPI.C[847]: binding PC EIP in jz c + EIP + 2 to 0x804d95d...SUCCESS (CFT=0x804d96b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d95d->804d96b resolveable_edge: 1, tailcall: 0, target: 804d96b [ParserDetails.C:588] pushing 804d96b onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d95d->804d95f resolveable_edge: 1, tailcall: 0, target: 804d95f [ParserDetails.C:588] pushing 804d95f onto worklist [Parser.C:1485] recording block [804d96b,804d96b) [Parser.C] parsing block 804d96b [Parser.C:1274] curAddr 0x804d96b: lea EAX, EBX + c8 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d971: mov ECX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d973: lea EAX, EBX + 7a4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d979: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d97b: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d97d: jz 8 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d96b,804d97f) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 8 + EIP + 2 to 0x804d97d...SUCCESS (CFT=0x804d987) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d97d->804d987 resolveable_edge: 1, tailcall: 0, target: 804d987 [ParserDetails.C:588] pushing 804d987 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d97d->804d97f resolveable_edge: 1, tailcall: 0, target: 804d97f [ParserDetails.C:588] pushing 804d97f onto worklist [Parser.C:1485] recording block [804d987,804d987) [Parser.C] parsing block 804d987 [Parser.C:1274] curAddr 0x804d987: lea EAX, EBX + ffff8cd6 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d98d: mov EDX, [EBP + c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d990: mov EDX, [EDX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d992: mov [ESP + c], ECX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d996: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d99a: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d99e: lea EAX, EBX + ffff8cd8 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d9a4: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d9a7: call 5fd9 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5fd9 + EIP + 5 to 0x804d9a7...SUCCESS (CFT=0x8053985) [Parser.C:1485] recording block [804d987,804d9ac) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d9a7->8053985 resolveable_edge: 1, tailcall: 0, target: 8053985 [ParserDetails.C:588] pushing 8053985 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d9a7->804d9ac resolveable_edge: 1, tailcall: 0, target: 804d9ac [ParserDetails.C:588] pushing 804d9ac onto worklist [Parser.C] binding call 804d9a7->8053985 [Parser.C] block 8053985 exists Checking non-returning for logstatus Checking non-returning for logstatus [Parser.C:1485] recording block [804d9ac,804d9ac) [Parser.C] parsing block 804d9ac [Parser.C:1274] curAddr 0x804d9ac: cmp [ESP + 1c], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d9b1: jnz 36 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d9ac,804d9b3) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 36 + EIP + 2 to 0x804d9b1...SUCCESS (CFT=0x804d9e9) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d9b1->804d9e9 resolveable_edge: 1, tailcall: 0, target: 804d9e9 [ParserDetails.C:588] pushing 804d9e9 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d9b1->804d9b3 resolveable_edge: 1, tailcall: 0, target: 804d9b3 [ParserDetails.C:588] pushing 804d9b3 onto worklist [Parser.C:1485] recording block [804d9e9,804d9e9) [Parser.C] parsing block 804d9e9 [Parser.C:1274] curAddr 0x804d9e9: mov EAX, [EBX + 7c4] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d9ef: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d9f1: jz 1d + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d9e9,804d9f3) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1d + EIP + 2 to 0x804d9f1...SUCCESS (CFT=0x804da10) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d9f1->804da10 resolveable_edge: 1, tailcall: 0, target: 804da10 [ParserDetails.C:588] pushing 804da10 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d9f1->804d9f3 resolveable_edge: 1, tailcall: 0, target: 804d9f3 [ParserDetails.C:588] pushing 804d9f3 onto worklist [Parser.C:1485] recording block [804da10,804da10) [Parser.C] parsing block 804da10 [Parser.C:1274] curAddr 0x804da10: mov [ESP], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da17: call 66a3 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call 66a3 + EIP + 5 to 0x804da17...SUCCESS (CFT=0x80540bf) [Parser.C:1485] recording block [804da10,804da1c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804da17->80540bf resolveable_edge: 1, tailcall: 0, target: 80540bf [ParserDetails.C:588] pushing 80540bf onto worklist ParserDetails.C[68]: adding function fallthrough edge 804da17->804da1c resolveable_edge: 1, tailcall: 0, target: 804da1c [ParserDetails.C:588] pushing 804da1c onto worklist [Parser.C] binding call 804da17->80540bf [Parser.C] block 80540bf exists Checking non-returning for setUseAttach Checking non-returning for setUseAttach [Parser.C:1485] recording block [804da1c,804da1c) [Parser.C] parsing block 804da1c [Parser.C:1274] curAddr 0x804da1c: mov [ESP + 3c], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da24: jmp e7 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp e7 + EIP + 5 to 0x804da24...SUCCESS (CFT=0x804db10) [Parser.C:1485] recording block [804da1c,804da29) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 804da24->804db10 resolveable_edge: 1, tailcall: 0, target: 804db10 [ParserDetails.C:588] pushing 804db10 onto worklist [Parser.C:1485] recording block [804d885,804d885) [Parser.C] parsing block 804d885 [Parser.C:1274] curAddr 0x804d885: lea EAX, EBX + ffff8cb5 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d88b: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d88f: mov EAX, [ESP + 34] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d893: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d896: call fffff1a5 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff1a5 + EIP + 5 to 0x804d896...SUCCESS (CFT=0x804ca40) [Parser.C:1485] recording block [804d885,804d89b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d896->804ca40 resolveable_edge: 1, tailcall: 0, target: 804ca40 [ParserDetails.C:588] pushing 804ca40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d896->804d89b resolveable_edge: 1, tailcall: 0, target: 804d89b [ParserDetails.C:588] pushing 804d89b onto worklist [Parser.C] binding call 804d896->804ca40 [Parser.C] block 804ca40 exists Checking non-returning for strcmp [Parser.C:1485] recording block [804d89b,804d89b) [Parser.C] parsing block 804d89b [Parser.C:1274] curAddr 0x804d89b: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d89d: jz 95 + EIP + 6 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d89b,804d8a3) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 95 + EIP + 6 to 0x804d89d...SUCCESS (CFT=0x804d938) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804d938 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804d89d->804d938 resolveable_edge: 1, tailcall: 0, target: 804d938 [ParserDetails.C:588] pushing 804d938 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d89d->804d8a3 resolveable_edge: 1, tailcall: 0, target: 804d8a3 [ParserDetails.C:588] pushing 804d8a3 onto worklist [Parser.C] block 804d938 exists [Parser.C] skipping locally parsed target at 804d938 [Parser.C:1485] recording block [804d8a3,804d8a3) [Parser.C] parsing block 804d8a3 [Parser.C:1274] curAddr 0x804d8a3: mov EAX, [ESP + 34] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8a7: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8ab: mov [ESP], 2 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8b2: call 5a69 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5a69 + EIP + 5 to 0x804d8b2...SUCCESS (CFT=0x8053320) [Parser.C:1485] recording block [804d8a3,804d8b7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d8b2->8053320 resolveable_edge: 1, tailcall: 0, target: 8053320 [ParserDetails.C:588] pushing 8053320 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d8b2->804d8b7 resolveable_edge: 1, tailcall: 0, target: 804d8b7 [ParserDetails.C:588] pushing 804d8b7 onto worklist [Parser.C] binding call 804d8b2->8053320 [Parser.C] block 8053320 exists Checking non-returning for redirectStream Checking non-returning for redirectStream [Parser.C:1485] recording block [804d8b7,804d8b7) [Parser.C] parsing block 804d8b7 [Parser.C:1274] curAddr 0x804d8b7: mov EAX, [ESP + 34] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8bb: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8bf: mov [ESP], 3 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8c6: call 5a55 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5a55 + EIP + 5 to 0x804d8c6...SUCCESS (CFT=0x8053320) [Parser.C:1485] recording block [804d8b7,804d8cb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d8c6->8053320 resolveable_edge: 1, tailcall: 0, target: 8053320 [ParserDetails.C:588] pushing 8053320 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d8c6->804d8cb resolveable_edge: 1, tailcall: 0, target: 804d8cb [ParserDetails.C:588] pushing 804d8cb onto worklist [Parser.C] binding call 804d8c6->8053320 [Parser.C] block 8053320 exists Checking non-returning for redirectStream Checking non-returning for redirectStream [Parser.C:1485] recording block [804d8cb,804d8cb) [Parser.C] parsing block 804d8cb [Parser.C:1274] curAddr 0x804d8cb: lea EAX, EBX + ffff8a51 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8d1: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8d5: mov EAX, [ESP + 34] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8d9: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8dc: call fffff2df + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff2df + EIP + 5 to 0x804d8dc...SUCCESS (CFT=0x804cbc0) [Parser.C:1485] recording block [804d8cb,804d8e1) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d8dc->804cbc0 resolveable_edge: 1, tailcall: 0, target: 804cbc0 [ParserDetails.C:588] pushing 804cbc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d8dc->804d8e1 resolveable_edge: 1, tailcall: 0, target: 804d8e1 [ParserDetails.C:588] pushing 804d8e1 onto worklist [Parser.C] binding call 804d8dc->804cbc0 [Parser.C] block 804cbc0 exists Checking non-returning for fopen [Parser.C:1485] recording block [804d8e1,804d8e1) [Parser.C] parsing block 804d8e1 [Parser.C:1274] curAddr 0x804d8e1: lea EDX, EBX + 9e4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8e7: mov [EDX], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8e9: lea EAX, EBX + 9e4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8ef: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8f1: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8f3: jnz 31 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d8e1,804d8f5) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 31 + EIP + 2 to 0x804d8f3...SUCCESS (CFT=0x804d926) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d8f3->804d926 resolveable_edge: 1, tailcall: 0, target: 804d926 [ParserDetails.C:588] pushing 804d926 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d8f3->804d8f5 resolveable_edge: 1, tailcall: 0, target: 804d8f5 [ParserDetails.C:588] pushing 804d8f5 onto worklist [Parser.C:1485] recording block [804d926,804d926) [Parser.C] parsing block 804d926 [Parser.C:1274] curAddr 0x804d926: lea EAX, EBX + 9e4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d92c: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d92e: lea EAX, EBX + 9e8 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d934: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d936: jmp 20 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 20 + EIP + 2 to 0x804d936...SUCCESS (CFT=0x804d958) [Parser.C:1485] recording block [804d926,804d938) Getting edges Checking for Tail Call jump to 0x804d958 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d936->804d958 resolveable_edge: 1, tailcall: 0, target: 804d958 [ParserDetails.C:588] pushing 804d958 onto worklist [Parser.C:1485] recording block [804d8f5,804d8f5) [Parser.C] parsing block 804d8f5 [Parser.C:1274] curAddr 0x804d8f5: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8fb: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8fd: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d8ff: mov EDX, [ESP + 34] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d903: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d907: lea EDX, EBX + ffff8cb7 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d90d: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d911: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d918: call EAX [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x804d918...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804d8f5,804d91a) Getting edges Returned 2 edges ... Call 0x804d918 is indirect ... Call 0x804d918 is indirect ... Call 0x804d918 is indirect 2 edges: ParserDetails.C[64]: adding call edge 804d918->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804d918->804d91a resolveable_edge: 1, tailcall: 0, target: 804d91a [ParserDetails.C:588] pushing 804d91a onto worklist [Parser.C:1485] recording block [804d91a,804d91a) [Parser.C] parsing block 804d91a [Parser.C:1274] curAddr 0x804d91a: mov [ESP], ffffffff [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d921: call fffff22a + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff22a + EIP + 5 to 0x804d921...SUCCESS (CFT=0x804cb50) [Parser.C:1485] recording block [804d91a,804d926) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d921->804cb50 resolveable_edge: 1, tailcall: 0, target: 804cb50 [ParserDetails.C:588] pushing 804cb50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d921->804d926 resolveable_edge: 1, tailcall: 0, target: 804d926 [ParserDetails.C:588] pushing 804d926 onto worklist [Parser.C] binding call 804d921->804cb50 [Parser.C] block 804cb50 exists Checking non-returning for exit Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804cb50 at 804d921 [Parser.C:1485] recording block [804d95f,804d95f) [Parser.C] parsing block 804d95f [Parser.C:1274] curAddr 0x804d95f: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d965: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d967: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d969: jz 41 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d95f,804d96b) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 41 + EIP + 2 to 0x804d969...SUCCESS (CFT=0x804d9ac) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804d9ac is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804d969->804d9ac resolveable_edge: 1, tailcall: 0, target: 804d9ac [ParserDetails.C:588] pushing 804d9ac onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d969->804d96b resolveable_edge: 1, tailcall: 0, target: 804d96b [ParserDetails.C:588] pushing 804d96b onto worklist [Parser.C] block 804d9ac exists [Parser.C] skipping locally parsed target at 804d9ac [Parser.C] block 804d96b exists [Parser.C] skipping locally parsed target at 804d96b [Parser.C:1485] recording block [804d97f,804d97f) [Parser.C] parsing block 804d97f [Parser.C:1274] curAddr 0x804d97f: lea EAX, EBX + ffff8cd2 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d985: jmp 6 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 6 + EIP + 2 to 0x804d985...SUCCESS (CFT=0x804d98d) [Parser.C:1485] recording block [804d97f,804d987) Getting edges Checking for Tail Call jump to 0x804d98d is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d985->804d98d resolveable_edge: 1, tailcall: 0, target: 804d98d [ParserDetails.C:588] pushing 804d98d onto worklist [Parser.C:1485] recording block [804d9b3,804d9b3) [Parser.C] parsing block 804d9b3 [Parser.C:1274] curAddr 0x804d9b3: mov EAX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d9b9: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d9bb: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d9bf: mov [ESP + 8], 1c [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d9c7: mov [ESP + 4], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d9cf: lea EAX, EBX + ffff8cee [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d9d5: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d9d8: call fffff0f3 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff0f3 + EIP + 5 to 0x804d9d8...SUCCESS (CFT=0x804cad0) [Parser.C:1485] recording block [804d9b3,804d9dd) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d9d8->804cad0 resolveable_edge: 1, tailcall: 0, target: 804cad0 [ParserDetails.C:588] pushing 804cad0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d9d8->804d9dd resolveable_edge: 1, tailcall: 0, target: 804d9dd [ParserDetails.C:588] pushing 804d9dd onto worklist [Parser.C] binding call 804d9d8->804cad0 [Parser.C] block 804cad0 exists Checking non-returning for fwrite [Parser.C:1485] recording block [804d9dd,804d9dd) [Parser.C] parsing block 804d9dd [Parser.C:1274] curAddr 0x804d9dd: mov [ESP], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d9e4: call fffff167 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff167 + EIP + 5 to 0x804d9e4...SUCCESS (CFT=0x804cb50) [Parser.C:1485] recording block [804d9dd,804d9e9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d9e4->804cb50 resolveable_edge: 1, tailcall: 0, target: 804cb50 [ParserDetails.C:588] pushing 804cb50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d9e4->804d9e9 resolveable_edge: 1, tailcall: 0, target: 804d9e9 [ParserDetails.C:588] pushing 804d9e9 onto worklist [Parser.C] binding call 804d9e4->804cb50 [Parser.C] block 804cb50 exists Checking non-returning for exit Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804cb50 at 804d9e4 [Parser.C:1485] recording block [804d9f3,804d9f3) [Parser.C] parsing block 804d9f3 [Parser.C:1274] curAddr 0x804d9f3: mov EAX, [EBX + 7bc] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d9f9: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d9fb: jnz 13 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d9f3,804d9fd) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 13 + EIP + 2 to 0x804d9fb...SUCCESS (CFT=0x804da10) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804da10 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804d9fb->804da10 resolveable_edge: 1, tailcall: 0, target: 804da10 [ParserDetails.C:588] pushing 804da10 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d9fb->804d9fd resolveable_edge: 1, tailcall: 0, target: 804d9fd [ParserDetails.C:588] pushing 804d9fd onto worklist [Parser.C] block 804da10 exists [Parser.C] skipping locally parsed target at 804da10 [Parser.C:1485] recording block [804d9fd,804d9fd) [Parser.C] parsing block 804d9fd [Parser.C:1274] curAddr 0x804d9fd: mov EAX, [EBX + 7c0] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da03: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da05: jnz 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d9fd,804da07) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 7 + EIP + 2 to 0x804da05...SUCCESS (CFT=0x804da0e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804da05->804da0e resolveable_edge: 1, tailcall: 0, target: 804da0e [ParserDetails.C:588] pushing 804da0e onto worklist ParserDetails.C[80]: adding conditional not taken edge 804da05->804da07 resolveable_edge: 1, tailcall: 0, target: 804da07 [ParserDetails.C:588] pushing 804da07 onto worklist [Parser.C:1485] recording block [804da0e,804da0e) [Parser.C] parsing block 804da0e [Parser.C:1274] curAddr 0x804da0e: jmp c + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp c + EIP + 2 to 0x804da0e...SUCCESS (CFT=0x804da1c) [Parser.C:1485] recording block [804da0e,804da10) Getting edges Checking for Tail Call jump to 0x804da1c is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804da0e->804da1c resolveable_edge: 1, tailcall: 0, target: 804da1c [ParserDetails.C:588] pushing 804da1c onto worklist [Parser.C:1485] recording block [804da07,804da07) [Parser.C] parsing block 804da07 [Parser.C:1274] curAddr 0x804da07: call fffff614 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff614 + EIP + 5 to 0x804da07...SUCCESS (CFT=0x804d020) [Parser.C:1485] recording block [804da07,804da0c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804da07->804d020 resolveable_edge: 1, tailcall: 0, target: 804d020 [ParserDetails.C:588] pushing 804d020 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804da07->804da0c resolveable_edge: 1, tailcall: 0, target: 804da0c [ParserDetails.C:588] pushing 804da0c onto worklist [Parser.C] binding call 804da07->804d020 [Parser.C] block 804d020 exists Checking non-returning for handleAttach Checking non-returning for handleAttach [Parser.C:1485] recording block [804da0c,804da0c) [Parser.C] parsing block 804da0c [Parser.C:1274] curAddr 0x804da0c: jmp e + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp e + EIP + 2 to 0x804da0c...SUCCESS (CFT=0x804da1c) [Parser.C:1485] recording block [804da0c,804da0e) Getting edges Checking for Tail Call jump to 0x804da1c is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804da0c->804da1c resolveable_edge: 1, tailcall: 0, target: 804da1c [ParserDetails.C:588] pushing 804da1c onto worklist [Parser.C:1485] recording block [804d4e7,804d4e7) [Parser.C] parsing block 804d4e7 [Parser.C:1274] curAddr 0x804d4e7: cmp [ESP + 20], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d4ec: jnz ffffffffffffffcc + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d4e7,804d4ee) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz ffffffffffffffcc + EIP + 2 to 0x804d4ec...SUCCESS (CFT=0x804d4ba) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d4ec->804d4ba resolveable_edge: 1, tailcall: 0, target: 804d4ba [ParserDetails.C:588] pushing 804d4ba onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d4ec->804d4ee resolveable_edge: 1, tailcall: 0, target: 804d4ee [ParserDetails.C:588] pushing 804d4ee onto worklist [Parser.C:1485] recording block [804d4ba,804d4ba) [Parser.C] parsing block 804d4ba [Parser.C:1274] curAddr 0x804d4ba: lea EAX, EBX + ffff8bda [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d4c0: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d4c4: mov [ESP], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d4cb: call fffff750 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff750 + EIP + 5 to 0x804d4cb...SUCCESS (CFT=0x804cc20) [Parser.C:1485] recording block [804d4ba,804d4d0) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d4cb->804cc20 resolveable_edge: 1, tailcall: 0, target: 804cc20 [ParserDetails.C:588] pushing 804cc20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d4cb->804d4d0 resolveable_edge: 1, tailcall: 0, target: 804d4d0 [ParserDetails.C:588] pushing 804d4d0 onto worklist [Parser.C] binding call 804d4cb->804cc20 [Parser.C] block 804cc20 exists Checking non-returning for strtok [Parser.C:1485] recording block [804d4d0,804d4d0) [Parser.C] parsing block 804d4d0 [Parser.C:1274] curAddr 0x804d4d0: mov [ESP + 20], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d4d4: cmp [ESP + 20], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d4d9: jz c + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d4d0,804d4db) Getting edges IA_IAPI.C[847]: binding PC EIP in jz c + EIP + 2 to 0x804d4d9...SUCCESS (CFT=0x804d4e7) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804d4e7 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804d4d9->804d4e7 resolveable_edge: 1, tailcall: 0, target: 804d4e7 [ParserDetails.C:588] pushing 804d4e7 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d4d9->804d4db resolveable_edge: 1, tailcall: 0, target: 804d4db [ParserDetails.C:588] pushing 804d4db onto worklist [Parser.C] block 804d4e7 exists [Parser.C] skipping locally parsed target at 804d4e7 [Parser.C:1485] recording block [804d4db,804d4db) [Parser.C] parsing block 804d4db [Parser.C:1274] curAddr 0x804d4db: mov EAX, [ESP + 20] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d4df: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d4e2: call fffff8e9 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff8e9 + EIP + 5 to 0x804d4e2...SUCCESS (CFT=0x804cdd0) [Parser.C:1485] recording block [804d4db,804d4e7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d4e2->804cdd0 resolveable_edge: 1, tailcall: 0, target: 804cdd0 [ParserDetails.C:588] pushing 804cdd0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d4e2->804d4e7 resolveable_edge: 1, tailcall: 0, target: 804d4e7 [ParserDetails.C:588] pushing 804d4e7 onto worklist [Parser.C] binding call 804d4e2->804cdd0 [Parser.C] block 804cdd0 exists Checking non-returning for setRunTest Checking non-returning for setRunTest [Parser.C] block 804d4e7 exists [Parser.C] skipping locally parsed target at 804d4e7 [Parser.C:1485] recording block [804d4ee,804d4ee) [Parser.C] parsing block 804d4ee [Parser.C:1274] curAddr 0x804d4ee: mov EAX, [ESP + 14] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d4f2: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d4f5: call fffff586 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff586 + EIP + 5 to 0x804d4f5...SUCCESS (CFT=0x804ca80) [Parser.C:1485] recording block [804d4ee,804d4fa) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804d4f5->804ca80 resolveable_edge: 1, tailcall: 0, target: 804ca80 [ParserDetails.C:588] pushing 804ca80 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804d4f5->804d4fa resolveable_edge: 1, tailcall: 0, target: 804d4fa [ParserDetails.C:588] pushing 804d4fa onto worklist [Parser.C] binding call 804d4f5->804ca80 [Parser.C] block 804ca80 exists Checking non-returning for free [Parser.C:1485] recording block [804d4fa,804d4fa) [Parser.C] parsing block 804d4fa [Parser.C:1274] curAddr 0x804d4fa: jmp 368 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 368 + EIP + 5 to 0x804d4fa...SUCCESS (CFT=0x804d867) [Parser.C:1485] recording block [804d4fa,804d4ff) Getting edges Checking for Tail Call jump to 0x804d867 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d4fa->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist [Parser.C:1485] recording block [804d685,804d685) [Parser.C] parsing block 804d685 [Parser.C:1274] curAddr 0x804d685: lea EAX, EBX + cc [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d68b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d68d: cmp [ESP + 38], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d691: jl ffffffffffffffdc + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804d685,804d693) Getting edges IA_IAPI.C[847]: binding PC EIP in jl ffffffffffffffdc + EIP + 2 to 0x804d691...SUCCESS (CFT=0x804d66f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804d691->804d66f resolveable_edge: 1, tailcall: 0, target: 804d66f [ParserDetails.C:588] pushing 804d66f onto worklist ParserDetails.C[80]: adding conditional not taken edge 804d691->804d693 resolveable_edge: 1, tailcall: 0, target: 804d693 [ParserDetails.C:588] pushing 804d693 onto worklist [Parser.C:1485] recording block [804d66f,804d66f) [Parser.C] parsing block 804d66f [Parser.C:1274] curAddr 0x804d66f: lea EAX, EBX + a20 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d675: mov EDX, [ESP + 38] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d679: mov [EAX + EDX * 4], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804d680: add [ESP + 38], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C] straight-line parse into block at 804d685 [Parser.C:1485] recording block [804d66f,804d685) [Parser.C] block 804d685 exists [Parser.C:1485] recording block [804d693,804d693) [Parser.C] parsing block 804d693 [Parser.C:1274] curAddr 0x804d693: jmp 1cf + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 1cf + EIP + 5 to 0x804d693...SUCCESS (CFT=0x804d867) [Parser.C:1485] recording block [804d693,804d698) Getting edges Checking for Tail Call jump to 0x804d867 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804d693->804d867 resolveable_edge: 1, tailcall: 0, target: 804d867 [ParserDetails.C:588] pushing 804d867 onto worklist [Parser.C] block 804d867 exists [Parser.C] skipping locally parsed target at 804d867 [Parser.C] block 804d867 exists [Parser.C] skipping locally parsed target at 804d867 [Parser.C] block 804d867 exists [Parser.C] skipping locally parsed target at 804d867 [Parser.C] block 804d867 exists [Parser.C] skipping locally parsed target at 804d867 [Parser.C] block 804d867 exists [Parser.C] skipping locally parsed target at 804d867 [Parser.C] block 804d867 exists [Parser.C] skipping locally parsed target at 804d867 [Parser.C] block 804d867 exists [Parser.C] skipping locally parsed target at 804d867 [Parser.C] block 804d867 exists [Parser.C] skipping locally parsed target at 804d867 [Parser.C] block 804d867 exists [Parser.C] skipping locally parsed target at 804d867 [Parser.C] block 804d867 exists [Parser.C] skipping locally parsed target at 804d867 [Parser.C] block 804d867 exists [Parser.C] skipping locally parsed target at 804d867 [Parser.C] block 804d867 exists [Parser.C] skipping locally parsed target at 804d867 [Parser.C] block 804d867 exists [Parser.C] skipping locally parsed target at 804d867 [Parser.C] block 804d867 exists [Parser.C] skipping locally parsed target at 804d867 [Parser.C] address 804d958 splits [804d938,804d95f) (0x1de1ac0) [Parser.C:1485] recording block [804d958,804d95f) [Parser.C] skipping locally parsed target at 804d958 [Parser.C] address 804d98d splits [804d987,804d9ac) (0x1de1dd0) [Parser.C:1485] recording block [804d98d,804d9ac) [Parser.C] skipping locally parsed target at 804d98d [Parser.C] block 804da1c exists [Parser.C] skipping locally parsed target at 804da1c [Parser.C] block 804da1c exists [Parser.C] skipping locally parsed target at 804da1c [Parser.C:1485] recording block [804db10,804db10) [Parser.C] parsing block 804db10 [Parser.C:1274] curAddr 0x804db10: lea EAX, EBX + cc [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db16: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db18: cmp EAX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db1c: jnbe ffffff07 + EIP + 6 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804db10,804db22) Getting edges IA_IAPI.C[847]: binding PC EIP in jnbe ffffff07 + EIP + 6 to 0x804db1c...SUCCESS (CFT=0x804da29) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804db1c->804da29 resolveable_edge: 1, tailcall: 0, target: 804da29 [ParserDetails.C:588] pushing 804da29 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804db1c->804db22 resolveable_edge: 1, tailcall: 0, target: 804db22 [ParserDetails.C:588] pushing 804db22 onto worklist [Parser.C:1485] recording block [804da29,804da29) [Parser.C] parsing block 804da29 [Parser.C:1274] curAddr 0x804da29: lea EAX, EBX + a20 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da2f: mov EDX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da33: mov EAX, [EAX + EDX * 4] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da36: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da38: jz c3 + EIP + 6 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804da29,804da3e) Getting edges IA_IAPI.C[847]: binding PC EIP in jz c3 + EIP + 6 to 0x804da38...SUCCESS (CFT=0x804db01) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804da38->804db01 resolveable_edge: 1, tailcall: 0, target: 804db01 [ParserDetails.C:588] pushing 804db01 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804da38->804da3e resolveable_edge: 1, tailcall: 0, target: 804da3e [ParserDetails.C:588] pushing 804da3e onto worklist [Parser.C:1485] recording block [804db01,804db01) [Parser.C] parsing block 804db01 [Parser.C:1274] curAddr 0x804db01: call 5eef + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5eef + EIP + 5 to 0x804db01...SUCCESS (CFT=0x80539f5) [Parser.C:1485] recording block [804db01,804db06) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804db01->80539f5 resolveable_edge: 1, tailcall: 0, target: 80539f5 [ParserDetails.C:588] pushing 80539f5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804db01->804db06 resolveable_edge: 1, tailcall: 0, target: 804db06 [ParserDetails.C:588] pushing 804db06 onto worklist [Parser.C] binding call 804db01->80539f5 [Parser.C] block 80539f5 exists Checking non-returning for flushOutputLog Checking non-returning for flushOutputLog [Parser.C:1485] recording block [804db06,804db06) [Parser.C] parsing block 804db06 [Parser.C:1274] curAddr 0x804db06: call 5f1e + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5f1e + EIP + 5 to 0x804db06...SUCCESS (CFT=0x8053a29) [Parser.C:1485] recording block [804db06,804db0b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804db06->8053a29 resolveable_edge: 1, tailcall: 0, target: 8053a29 [ParserDetails.C:588] pushing 8053a29 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804db06->804db0b resolveable_edge: 1, tailcall: 0, target: 804db0b [ParserDetails.C:588] pushing 804db0b onto worklist [Parser.C] binding call 804db06->8053a29 [Parser.C:1485] recording block [8053a29,8053a29) [suspend frame 804d14a] [Parser.C] frame 804d14a blocked at 804db06 call target 8053a29 [Parser.C] block 8053a29 exists [Parser.C] ==== starting to parse frame 8053a29 ==== [Parser.C] parsing block 8053a29 [Parser.C:1274] curAddr 0x8053a29: push EBP, ESP [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called [Parser.C:1274] curAddr 0x8053a2a: mov EBP, ESP [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called [Parser.C:1274] curAddr 0x8053a2c: push EBX, ESP [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called [Parser.C:1274] curAddr 0x8053a2d: sub ESP, 14 [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called [Parser.C:1274] curAddr 0x8053a30: call ffff92cb + EIP + 5 [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff92cb + EIP + 5 to 0x8053a30...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053a35: add EBX, 85cb [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called [Parser.C:1274] curAddr 0x8053a3b: lea EAX, EBX + 9e8 [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called [Parser.C:1274] curAddr 0x8053a41: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called [Parser.C:1274] curAddr 0x8053a43: test EAX, EAX [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called [Parser.C:1274] curAddr 0x8053a45: jz 10 + EIP + 2 [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053a29,8053a47) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 10 + EIP + 2 to 0x8053a45...SUCCESS (CFT=0x8053a57) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053a45->8053a57 resolveable_edge: 1, tailcall: 0, target: 8053a57 [ParserDetails.C:588] pushing 8053a57 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053a45->8053a47 resolveable_edge: 1, tailcall: 0, target: 8053a47 [ParserDetails.C:588] pushing 8053a47 onto worklist [Parser.C:1485] recording block [8053a57,8053a57) [Parser.C] parsing block 8053a57 [Parser.C:1274] curAddr 0x8053a57: add ESP, 14 [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called [Parser.C:1274] curAddr 0x8053a5a: pop EBX, ESP [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called [Parser.C:1274] curAddr 0x8053a5b: pop EBP, ESP [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called [Parser.C:1274] curAddr 0x8053a5c: ret near [ESP] [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053a57,8053a5d) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053a5c Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053a5c...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8053a47,8053a47) [Parser.C] parsing block 8053a47 [Parser.C:1274] curAddr 0x8053a47: lea EAX, EBX + 9e8 [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called [Parser.C:1274] curAddr 0x8053a4d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called [Parser.C:1274] curAddr 0x8053a4f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called [Parser.C:1274] curAddr 0x8053a52: call ffff9009 + EIP + 5 [Parser.C:1280] leaf 1 funcname flushErrorLog hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9009 + EIP + 5 to 0x8053a52...SUCCESS (CFT=0x804ca60) [Parser.C:1485] recording block [8053a47,8053a57) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053a52->804ca60 resolveable_edge: 1, tailcall: 0, target: 804ca60 [ParserDetails.C:588] pushing 804ca60 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053a52->8053a57 resolveable_edge: 1, tailcall: 0, target: 8053a57 [ParserDetails.C:588] pushing 8053a57 onto worklist [Parser.C] binding call 8053a52->804ca60 [Parser.C] block 804ca60 exists Checking non-returning for fflush [Parser.C] block 8053a57 exists [Parser.C] skipping locally parsed target at 8053a57 [Parser.C] frame 8053a29 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] flushErrorLog return status 3, no waiters [Parser.C] ==== resuming parse of frame 804d14a ==== Checking non-returning for flushErrorLog Checking non-returning for flushErrorLog [Parser.C:1485] recording block [804db0b,804db0b) [Parser.C] parsing block 804db0b [Parser.C:1274] curAddr 0x804db0b: add [ESP + 3c], 1 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C] straight-line parse into block at 804db10 [Parser.C:1485] recording block [804db0b,804db10) [Parser.C] block 804db10 exists [Parser.C:1485] recording block [804da3e,804da3e) [Parser.C] parsing block 804da3e [Parser.C:1274] curAddr 0x804da3e: lea EAX, EBX + e0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da44: mov EDX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da48: shl/sal EDX, 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da4b: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da4d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da4f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da52: call 6b13 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call 6b13 + EIP + 5 to 0x804da52...SUCCESS (CFT=0x805456a) [Parser.C:1485] recording block [804da3e,804da57) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804da52->805456a resolveable_edge: 1, tailcall: 0, target: 805456a [ParserDetails.C:588] pushing 805456a onto worklist ParserDetails.C[68]: adding function fallthrough edge 804da52->804da57 resolveable_edge: 1, tailcall: 0, target: 804da57 [ParserDetails.C:588] pushing 804da57 onto worklist [Parser.C] binding call 804da52->805456a [Parser.C] block 805456a exists Checking non-returning for log_testrun Checking non-returning for log_testrun [Parser.C:1485] recording block [804da57,804da57) [Parser.C] parsing block 804da57 [Parser.C:1274] curAddr 0x804da57: cmp [ESP + 24], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da5c: jz 3e + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804da57,804da5e) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 3e + EIP + 2 to 0x804da5c...SUCCESS (CFT=0x804da9c) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804da5c->804da9c resolveable_edge: 1, tailcall: 0, target: 804da9c [ParserDetails.C:588] pushing 804da9c onto worklist ParserDetails.C[80]: adding conditional not taken edge 804da5c->804da5e resolveable_edge: 1, tailcall: 0, target: 804da5e [ParserDetails.C:588] pushing 804da5e onto worklist [Parser.C:1485] recording block [804da9c,804da9c) [Parser.C] parsing block 804da9c [Parser.C:1274] curAddr 0x804da9c: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804daa2: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804daa4: mov EAX, [EAX + 10] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804daa7: lea EDX, EBX + e0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804daad: mov ECX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804dab1: shl/sal ECX, 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804dab4: add EDX, ECX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804dab6: mov EDX, [EDX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804dab8: mov [ESP], EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804dabb: call EAX [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x804dabb...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804da9c,804dabd) Getting edges Returned 2 edges ... Call 0x804dabb is indirect ... Call 0x804dabb is indirect ... Call 0x804dabb is indirect 2 edges: ParserDetails.C[64]: adding call edge 804dabb->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804dabb->804dabd resolveable_edge: 1, tailcall: 0, target: 804dabd [ParserDetails.C:588] pushing 804dabd onto worklist [Parser.C:1485] recording block [804dabd,804dabd) [Parser.C] parsing block 804dabd [Parser.C:1274] curAddr 0x804dabd: lea EAX, EBX + e0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804dac3: mov EDX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804dac7: shl/sal EDX, 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804daca: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804dacc: add EAX, 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804dacf: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804dad1: call EAX [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x804dad1...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [804dabd,804dad3) Getting edges Returned 2 edges ... Call 0x804dad1 is indirect ... Call 0x804dad1 is indirect ... Call 0x804dad1 is indirect 2 edges: ParserDetails.C[64]: adding call edge 804dad1->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 804dad1->804dad3 resolveable_edge: 1, tailcall: 0, target: 804dad3 [ParserDetails.C:588] pushing 804dad3 onto worklist [Parser.C:1485] recording block [804dad3,804dad3) [Parser.C] parsing block 804dad3 [Parser.C:1274] curAddr 0x804dad3: lea EAX, EBX + ae0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804dad9: mov EDX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804dadd: mov EAX, [EAX + EDX * 4] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804dae0: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804dae3: call 6b0d + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call 6b0d + EIP + 5 to 0x804dae3...SUCCESS (CFT=0x80545f5) [Parser.C:1485] recording block [804dad3,804dae8) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dae3->80545f5 resolveable_edge: 1, tailcall: 0, target: 80545f5 [ParserDetails.C:588] pushing 80545f5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dae3->804dae8 resolveable_edge: 1, tailcall: 0, target: 804dae8 [ParserDetails.C:588] pushing 804dae8 onto worklist [Parser.C] binding call 804dae3->80545f5 [Parser.C:1485] recording block [80545f5,80545f5) [suspend frame 804d14a] [Parser.C] frame 804d14a blocked at 804dae3 call target 80545f5 [Parser.C] block 80545f5 exists [Parser.C] ==== starting to parse frame 80545f5 ==== [Parser.C] parsing block 80545f5 [Parser.C:1274] curAddr 0x80545f5: push EBP, ESP [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x80545f6: mov EBP, ESP [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x80545f8: push EBX, ESP [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x80545f9: sub ESP, 24 [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x80545fc: call ffff86ff + EIP + 5 [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff86ff + EIP + 5 to 0x80545fc...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8054601: add EBX, 79ff [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054607: lea EAX, EBX + 790 [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x805460d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x805460f: lea EDX, EBX + ffffbfbc [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054615: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054619: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x805461c: call ffff859f + EIP + 5 [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff859f + EIP + 5 to 0x805461c...SUCCESS (CFT=0x804cbc0) [Parser.C:1485] recording block [80545f5,8054621) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805461c->804cbc0 resolveable_edge: 1, tailcall: 0, target: 804cbc0 [ParserDetails.C:588] pushing 804cbc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805461c->8054621 resolveable_edge: 1, tailcall: 0, target: 8054621 [ParserDetails.C:588] pushing 8054621 onto worklist [Parser.C] binding call 805461c->804cbc0 [Parser.C] block 804cbc0 exists Checking non-returning for fopen [Parser.C:1485] recording block [8054621,8054621) [Parser.C] parsing block 8054621 [Parser.C:1274] curAddr 0x8054621: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054624: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054628: jnz 29 + EIP + 2 [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054621,805462a) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 29 + EIP + 2 to 0x8054628...SUCCESS (CFT=0x8054653) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8054628->8054653 resolveable_edge: 1, tailcall: 0, target: 8054653 [ParserDetails.C:588] pushing 8054653 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8054628->805462a resolveable_edge: 1, tailcall: 0, target: 805462a [ParserDetails.C:588] pushing 805462a onto worklist [Parser.C:1485] recording block [8054653,8054653) [Parser.C] parsing block 8054653 [Parser.C:1274] curAddr 0x8054653: cmp [EBP + 8], 0 [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054657: setnz AL [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x805465a: movzx EAX, AL [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x805465d: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054661: lea EAX, EBX + ffffc213 [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054667: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x805466b: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x805466e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054671: call ffff851a + EIP + 5 [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff851a + EIP + 5 to 0x8054671...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [8054653,8054676) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8054671->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8054671->8054676 resolveable_edge: 1, tailcall: 0, target: 8054676 [ParserDetails.C:588] pushing 8054676 onto worklist [Parser.C] binding call 8054671->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C:1485] recording block [8054676,8054676) [Parser.C] parsing block 8054676 [Parser.C:1274] curAddr 0x8054676: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054679: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x805467c: call ffff841f + EIP + 5 [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff841f + EIP + 5 to 0x805467c...SUCCESS (CFT=0x804caa0) [Parser.C:1485] recording block [8054676,8054681) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805467c->804caa0 resolveable_edge: 1, tailcall: 0, target: 804caa0 [ParserDetails.C:588] pushing 804caa0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805467c->8054681 resolveable_edge: 1, tailcall: 0, target: 8054681 [ParserDetails.C:588] pushing 8054681 onto worklist [Parser.C] binding call 805467c->804caa0 [Parser.C] block 804caa0 exists Checking non-returning for fclose [Parser.C:1485] recording block [8054681,8054681) [Parser.C] parsing block 8054681 [Parser.C:1274] curAddr 0x8054681: add ESP, 24 [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054684: pop EBX, ESP [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054685: pop EBP, ESP [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054686: ret near [ESP] [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called branch or return, ret true [Parser.C:1485] recording block [8054681,8054687) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8054686 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8054686...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [805462a,805462a) [Parser.C] parsing block 805462a [Parser.C:1274] curAddr 0x805462a: lea EAX, EBX + 9e0 [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054630: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054632: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054634: lea EDX, EBX + ffffc1f0 [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x805463a: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x805463e: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x8054645: call EAX [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called IA_IAPI.C[847]: binding PC EIP in call EAX to 0x8054645...FAIL (CFT=0x0), callTarget exp: EAX ... Call to 0x0 is invalid (outside code or data) [Parser.C:1485] recording block [805462a,8054647) Getting edges Returned 2 edges ... Call 0x8054645 is indirect ... Call 0x8054645 is indirect ... Call 0x8054645 is indirect 2 edges: ParserDetails.C[64]: adding call edge 8054645->0 resolveable_edge: 0, tailcall: 0, target: 0 ParserDetails.C[68]: adding function fallthrough edge 8054645->8054647 resolveable_edge: 1, tailcall: 0, target: 8054647 [ParserDetails.C:588] pushing 8054647 onto worklist [Parser.C:1485] recording block [8054647,8054647) [Parser.C] parsing block 8054647 [Parser.C:1274] curAddr 0x8054647: mov [ESP], 0 [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called [Parser.C:1274] curAddr 0x805464e: call ffff84fd + EIP + 5 [Parser.C:1280] leaf 1 funcname log_testresult hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff84fd + EIP + 5 to 0x805464e...SUCCESS (CFT=0x804cb50) [Parser.C:1485] recording block [8054647,8054653) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805464e->804cb50 resolveable_edge: 1, tailcall: 0, target: 804cb50 [ParserDetails.C:588] pushing 804cb50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805464e->8054653 resolveable_edge: 1, tailcall: 0, target: 8054653 [ParserDetails.C:588] pushing 8054653 onto worklist [Parser.C] binding call 805464e->804cb50 [Parser.C] block 804cb50 exists Checking non-returning for exit Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804cb50 at 805464e [Parser.C] frame 80545f5 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] log_testresult return status 3, no waiters [Parser.C] ==== resuming parse of frame 804d14a ==== Checking non-returning for log_testresult Checking non-returning for log_testresult [Parser.C:1485] recording block [804dae8,804dae8) [Parser.C] parsing block 804dae8 [Parser.C:1274] curAddr 0x804dae8: lea EAX, EBX + ae0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804daee: mov EDX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804daf2: mov EAX, [EAX + EDX * 4] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804daf5: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804daf7: jnz 8 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dae8,804daf9) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 8 + EIP + 2 to 0x804daf7...SUCCESS (CFT=0x804db01) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804db01 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804daf7->804db01 resolveable_edge: 1, tailcall: 0, target: 804db01 [ParserDetails.C:588] pushing 804db01 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804daf7->804daf9 resolveable_edge: 1, tailcall: 0, target: 804daf9 [ParserDetails.C:588] pushing 804daf9 onto worklist [Parser.C] block 804db01 exists [Parser.C] skipping locally parsed target at 804db01 [Parser.C:1485] recording block [804da5e,804da5e) [Parser.C] parsing block 804da5e [Parser.C:1274] curAddr 0x804da5e: lea EAX, EBX + e0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da64: mov EDX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da68: shl/sal EDX, 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da6b: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da6d: add EAX, c [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da70: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da72: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da74: jz 26 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804da5e,804da76) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 26 + EIP + 2 to 0x804da74...SUCCESS (CFT=0x804da9c) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804da9c is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804da74->804da9c resolveable_edge: 1, tailcall: 0, target: 804da9c [ParserDetails.C:588] pushing 804da9c onto worklist ParserDetails.C[80]: adding conditional not taken edge 804da74->804da76 resolveable_edge: 1, tailcall: 0, target: 804da76 [ParserDetails.C:588] pushing 804da76 onto worklist [Parser.C] block 804da9c exists [Parser.C] skipping locally parsed target at 804da9c [Parser.C:1485] recording block [804da76,804da76) [Parser.C] parsing block 804da76 [Parser.C:1274] curAddr 0x804da76: lea EAX, EBX + e0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da7c: mov EDX, [ESP + 3c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da80: shl/sal EDX, 4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da83: add EAX, EDX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da85: add EAX, c [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da88: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da8a: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da8e: lea EAX, EBX + ffff8a27 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da94: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804da97: call 5ee9 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5ee9 + EIP + 5 to 0x804da97...SUCCESS (CFT=0x8053985) [Parser.C:1485] recording block [804da76,804da9c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804da97->8053985 resolveable_edge: 1, tailcall: 0, target: 8053985 [ParserDetails.C:588] pushing 8053985 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804da97->804da9c resolveable_edge: 1, tailcall: 0, target: 804da9c [ParserDetails.C:588] pushing 804da9c onto worklist [Parser.C] binding call 804da97->8053985 [Parser.C] block 8053985 exists Checking non-returning for logstatus Checking non-returning for logstatus [Parser.C] block 804da9c exists [Parser.C] skipping locally parsed target at 804da9c [Parser.C:1485] recording block [804daf9,804daf9) [Parser.C] parsing block 804daf9 [Parser.C:1274] curAddr 0x804daf9: mov [ESP + 30], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C] straight-line parse into block at 804db01 [Parser.C:1485] recording block [804daf9,804db01) [Parser.C] block 804db01 exists [Parser.C:1485] recording block [804db22,804db22) [Parser.C] parsing block 804db22 [Parser.C:1274] curAddr 0x804db22: cmp [ESP + 30], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db27: jz 18 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804db22,804db29) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 18 + EIP + 2 to 0x804db27...SUCCESS (CFT=0x804db41) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804db27->804db41 resolveable_edge: 1, tailcall: 0, target: 804db41 [ParserDetails.C:588] pushing 804db41 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804db27->804db29 resolveable_edge: 1, tailcall: 0, target: 804db29 [ParserDetails.C:588] pushing 804db29 onto worklist [Parser.C:1485] recording block [804db41,804db41) [Parser.C] parsing block 804db41 [Parser.C:1274] curAddr 0x804db41: mov [ESP + 2c], ffffffff [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db49: lea EAX, EBX + 9e4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db4f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db51: test EAX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db53: jz 24 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804db41,804db55) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 24 + EIP + 2 to 0x804db53...SUCCESS (CFT=0x804db79) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804db53->804db79 resolveable_edge: 1, tailcall: 0, target: 804db79 [ParserDetails.C:588] pushing 804db79 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804db53->804db55 resolveable_edge: 1, tailcall: 0, target: 804db55 [ParserDetails.C:588] pushing 804db55 onto worklist [Parser.C:1485] recording block [804db79,804db79) [Parser.C] parsing block 804db79 [Parser.C:1274] curAddr 0x804db79: mov EAX, [ESP + 2c] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db7d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db80: call ffffefcb + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffefcb + EIP + 5 to 0x804db80...SUCCESS (CFT=0x804cb50) [Parser.C:1485] recording block [804db79,804db85) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804db80->804cb50 resolveable_edge: 1, tailcall: 0, target: 804cb50 [ParserDetails.C:588] pushing 804cb50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804db80->804db85 resolveable_edge: 1, tailcall: 0, target: 804db85 [ParserDetails.C:588] pushing 804db85 onto worklist [Parser.C] binding call 804db80->804cb50 [Parser.C] block 804cb50 exists Checking non-returning for exit Disallowing FT edge: CodeSource reports PLT nonreturning [Parser.C] no fallthrough for non-returning call to 804cb50 at 804db80 [Parser.C:1485] recording block [804db29,804db29) [Parser.C] parsing block 804db29 [Parser.C:1274] curAddr 0x804db29: lea EAX, EBX + ffff8d0b [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db2f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db32: call 5e4e + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call 5e4e + EIP + 5 to 0x804db32...SUCCESS (CFT=0x8053985) [Parser.C:1485] recording block [804db29,804db37) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804db32->8053985 resolveable_edge: 1, tailcall: 0, target: 8053985 [ParserDetails.C:588] pushing 8053985 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804db32->804db37 resolveable_edge: 1, tailcall: 0, target: 804db37 [ParserDetails.C:588] pushing 804db37 onto worklist [Parser.C] binding call 804db32->8053985 [Parser.C] block 8053985 exists Checking non-returning for logstatus Checking non-returning for logstatus [Parser.C:1485] recording block [804db37,804db37) [Parser.C] parsing block 804db37 [Parser.C:1274] curAddr 0x804db37: mov [ESP + 2c], 0 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db3f: jmp 8 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 8 + EIP + 2 to 0x804db3f...SUCCESS (CFT=0x804db49) [Parser.C:1485] recording block [804db37,804db41) Getting edges Checking for Tail Call jump to 0x804db49 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804db3f->804db49 resolveable_edge: 1, tailcall: 0, target: 804db49 [ParserDetails.C:588] pushing 804db49 onto worklist [Parser.C:1485] recording block [804db55,804db55) [Parser.C] parsing block 804db55 [Parser.C:1274] curAddr 0x804db55: lea EAX, EBX + 9e4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db5b: mov EDX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db5d: mov EAX, [EBX + fffffffc] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db63: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db65: cmp EDX, EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db67: jz 10 + EIP + 2 [Parser.C:1280] leaf 1 funcname main hasCFT called branch or return, ret true [Parser.C:1485] recording block [804db55,804db69) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 10 + EIP + 2 to 0x804db67...SUCCESS (CFT=0x804db79) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x804db79 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 804db67->804db79 resolveable_edge: 1, tailcall: 0, target: 804db79 [ParserDetails.C:588] pushing 804db79 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804db67->804db69 resolveable_edge: 1, tailcall: 0, target: 804db69 [ParserDetails.C:588] pushing 804db69 onto worklist [Parser.C] block 804db79 exists [Parser.C] skipping locally parsed target at 804db79 [Parser.C:1485] recording block [804db69,804db69) [Parser.C] parsing block 804db69 [Parser.C:1274] curAddr 0x804db69: lea EAX, EBX + 9e4 [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db6f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db71: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname main hasCFT called [Parser.C:1274] curAddr 0x804db74: call ffffef27 + EIP + 5 [Parser.C:1280] leaf 1 funcname main hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffef27 + EIP + 5 to 0x804db74...SUCCESS (CFT=0x804caa0) [Parser.C:1485] recording block [804db69,804db79) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804db74->804caa0 resolveable_edge: 1, tailcall: 0, target: 804caa0 [ParserDetails.C:588] pushing 804caa0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804db74->804db79 resolveable_edge: 1, tailcall: 0, target: 804db79 [ParserDetails.C:588] pushing 804db79 onto worklist [Parser.C] binding call 804db74->804caa0 [Parser.C] block 804caa0 exists Checking non-returning for fclose [Parser.C] block 804db79 exists [Parser.C] skipping locally parsed target at 804db79 [Parser.C] address 804db49 splits [804db41,804db55) (0x1de9a10) [Parser.C:1485] recording block [804db49,804db55) [Parser.C] skipping locally parsed target at 804db49 [Parser.C] frame 804d14a complete, return status: 1 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] main return status 1, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804f516) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f516) function at 804f516 already parsed, status 3 [Parser.C:224] entered parse_at(804e220) [Parser.C:180] entered parse_at([804ccd0,80549c4),804e220) function at 804e220 already parsed, status 3 [Parser.C:224] entered parse_at(804f530) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f530) function at 804f530 already parsed, status 3 [Parser.C:224] entered parse_at(8050aa2) [Parser.C:180] entered parse_at([804ccd0,80549c4),8050aa2) [Parser.C:1485] recording block [8050aa2,8050aa2) [Parser.C] ==== starting to parse frame 8050aa2 ==== [Parser.C] parsing block 8050aa2 [Parser.C:1274] curAddr 0x8050aa2: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_22_call7 hasCFT called [Parser.C:1274] curAddr 0x8050aa3: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_22_call7 hasCFT called [Parser.C:1274] curAddr 0x8050aa5: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_22_call7 hasCFT called [Parser.C:1274] curAddr 0x8050aa8: add EAX, 21947c [Parser.C:1280] leaf 1 funcname test1_22_call7 hasCFT called [Parser.C:1274] curAddr 0x8050aad: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_22_call7 hasCFT called [Parser.C:1274] curAddr 0x8050aae: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_22_call7 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050aa2,8050aaf) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8050aae Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8050aae...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8050aa2 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_22_call7 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052354) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052354) [Parser.C:1485] recording block [8052354,8052354) [Parser.C] ==== starting to parse frame 8052354 ==== [Parser.C] parsing block 8052354 [Parser.C:1274] curAddr 0x8052354: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052355: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052357: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052358: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called [Parser.C:1274] curAddr 0x805235b: call ffffa9a0 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffa9a0 + EIP + 5 to 0x805235b...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052360: add EBX, 9ca0 [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052366: lea EAX, EBX + ffffb75c [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called [Parser.C:1274] curAddr 0x805236c: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called [Parser.C:1274] curAddr 0x805236f: call 1649 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1649 + EIP + 5 to 0x805236f...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052354,8052374) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805236f->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805236f->8052374 resolveable_edge: 1, tailcall: 0, target: 8052374 [ParserDetails.C:588] pushing 8052374 onto worklist [Parser.C] binding call 805236f->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052374,8052374) [Parser.C] parsing block 8052374 [Parser.C:1274] curAddr 0x8052374: mov EAX, [EBX + 6fc] [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called [Parser.C:1274] curAddr 0x805237a: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called [Parser.C:1274] curAddr 0x805237d: call 2023 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2023 + EIP + 5 to 0x805237d...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8052374,8052382) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805237d->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805237d->8052382 resolveable_edge: 1, tailcall: 0, target: 8052382 [ParserDetails.C:588] pushing 8052382 onto worklist [Parser.C] binding call 805237d->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8052382,8052382) [Parser.C] parsing block 8052382 [Parser.C:1274] curAddr 0x8052382: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052387: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called [Parser.C:1274] curAddr 0x805238a: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called [Parser.C:1274] curAddr 0x805238b: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called [Parser.C:1274] curAddr 0x805238c: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_34_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052382,805238d) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x805238c Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x805238c...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052354 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_34_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80507e0) [Parser.C:180] entered parse_at([804ccd0,80549c4),80507e0) function at 80507e0 already parsed, status 3 [Parser.C:224] entered parse_at(8052e27) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052e27) [Parser.C:1485] recording block [8052e27,8052e27) [Parser.C] ==== starting to parse frame 8052e27 ==== [Parser.C] parsing block 8052e27 [Parser.C:1274] curAddr 0x8052e27: push EBP, ESP [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e28: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e2a: push EBX, ESP [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e2b: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e2e: call ffff9ecd + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9ecd + EIP + 5 to 0x8052e2e...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052e33: add EBX, 91cd [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e39: call ffffffba + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffffba + EIP + 5 to 0x8052e39...SUCCESS (CFT=0x8052df8) [Parser.C:1485] recording block [8052e27,8052e3e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052e39->8052df8 resolveable_edge: 1, tailcall: 0, target: 8052df8 [ParserDetails.C:588] pushing 8052df8 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052e39->8052e3e resolveable_edge: 1, tailcall: 0, target: 8052e3e [ParserDetails.C:588] pushing 8052e3e onto worklist [Parser.C] binding call 8052e39->8052df8 [Parser.C] block 8052df8 exists Checking non-returning for test2_12_func1 Checking non-returning for test2_12_func1 [Parser.C:1485] recording block [8052e3e,8052e3e) [Parser.C] parsing block 8052e3e [Parser.C:1274] curAddr 0x8052e3e: lea EAX, EBX + 9c8 [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e44: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e46: test EAX, EAX [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e48: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052e3e,8052e4a) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x8052e48...SUCCESS (CFT=0x8052e5f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052e48->8052e5f resolveable_edge: 1, tailcall: 0, target: 8052e5f [ParserDetails.C:588] pushing 8052e5f onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052e48->8052e4a resolveable_edge: 1, tailcall: 0, target: 8052e4a [ParserDetails.C:588] pushing 8052e4a onto worklist [Parser.C:1485] recording block [8052e5f,8052e5f) [Parser.C] parsing block 8052e5f [Parser.C:1274] curAddr 0x8052e5f: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e64: add ESP, 14 [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e67: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e68: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e69: ret near [ESP] [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052e5f,8052e6a) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052e69 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052e69...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8052e4a,8052e4a) [Parser.C] parsing block 8052e4a [Parser.C:1274] curAddr 0x8052e4a: mov EAX, [EBX + 750] [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e50: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e53: call 154d + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 154d + EIP + 5 to 0x8052e53...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8052e4a,8052e58) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052e53->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052e53->8052e58 resolveable_edge: 1, tailcall: 0, target: 8052e58 [ParserDetails.C:588] pushing 8052e58 onto worklist [Parser.C] binding call 8052e53->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8052e58,8052e58) [Parser.C] parsing block 8052e58 [Parser.C:1274] curAddr 0x8052e58: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052e5d: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test2_12_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x8052e5d...SUCCESS (CFT=0x8052e64) [Parser.C:1485] recording block [8052e58,8052e5f) Getting edges Checking for Tail Call jump to 0x8052e64 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8052e5d->8052e64 resolveable_edge: 1, tailcall: 0, target: 8052e64 [ParserDetails.C:588] pushing 8052e64 onto worklist [Parser.C] address 8052e64 splits [8052e5f,8052e6a) (0x1ddb1b0) [Parser.C:1485] recording block [8052e64,8052e6a) [Parser.C] skipping locally parsed target at 8052e64 [Parser.C] frame 8052e27 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test2_12_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(805325c) [Parser.C:180] entered parse_at([804ccd0,80549c4),805325c) [Parser.C:1485] recording block [805325c,805325c) [Parser.C] ==== starting to parse frame 805325c ==== [Parser.C] parsing block 805325c [Parser.C:1274] curAddr 0x805325c: push EBP, ESP [Parser.C:1280] leaf 1 funcname nullSetTestName hasCFT called [Parser.C:1274] curAddr 0x805325d: mov EBP, ESP [Parser.C:1280] leaf 1 funcname nullSetTestName hasCFT called [Parser.C:1274] curAddr 0x805325f: pop EBP, ESP [Parser.C:1280] leaf 1 funcname nullSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053260: ret near [ESP] [Parser.C:1280] leaf 1 funcname nullSetTestName hasCFT called branch or return, ret true [Parser.C:1485] recording block [805325c,8053261) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053260 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053260...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 805325c complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] nullSetTestName return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8051f90) [Parser.C:180] entered parse_at([804ccd0,80549c4),8051f90) [Parser.C:1485] recording block [8051f90,8051f90) [Parser.C] ==== starting to parse frame 8051f90 ==== [Parser.C] parsing block 8051f90 [Parser.C:1274] curAddr 0x8051f90: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051f91: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051f93: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051f94: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051f97: call ffffad64 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffad64 + EIP + 5 to 0x8051f97...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8051f9c: add EBX, a064 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051fa2: mov [EBX + 948], 0 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051fac: mov [EBX + 94c], 0 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051fb6: mov [EBX + 950], 0 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051fc0: mov [EBX + 954], 0 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051fca: call 129 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 129 + EIP + 5 to 0x8051fca...SUCCESS (CFT=0x80520f8) [Parser.C:1485] recording block [8051f90,8051fcf) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051fca->80520f8 resolveable_edge: 1, tailcall: 0, target: 80520f8 [ParserDetails.C:588] pushing 80520f8 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051fca->8051fcf resolveable_edge: 1, tailcall: 0, target: 8051fcf [ParserDetails.C:588] pushing 8051fcf onto worklist [Parser.C] binding call 8051fca->80520f8 [Parser.C] block 80520f8 exists Checking non-returning for test1_32_func2 Checking non-returning for test1_32_func2 [Parser.C:1485] recording block [8051fcf,8051fcf) [Parser.C] parsing block 8051fcf [Parser.C:1274] curAddr 0x8051fcf: mov EAX, [EBX + 950] [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051fd5: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051fd8: setz AL [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051fdb: movzx EAX, AL [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051fde: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051fe1: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051fe5: jnz 30 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051fcf,8051fe7) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 30 + EIP + 2 to 0x8051fe5...SUCCESS (CFT=0x8052017) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051fe5->8052017 resolveable_edge: 1, tailcall: 0, target: 8052017 [ParserDetails.C:588] pushing 8052017 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051fe5->8051fe7 resolveable_edge: 1, tailcall: 0, target: 8051fe7 [ParserDetails.C:588] pushing 8051fe7 onto worklist [Parser.C:1485] recording block [8052017,8052017) [Parser.C] parsing block 8052017 [Parser.C:1274] curAddr 0x8052017: mov EAX, [EBX + 954] [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x805201d: cmp EAX, 3 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052020: setz AL [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052023: movzx EAX, AL [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052026: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052029: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x805202d: jnz 9e + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052017,8052033) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 9e + EIP + 6 to 0x805202d...SUCCESS (CFT=0x80520d1) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805202d->80520d1 resolveable_edge: 1, tailcall: 0, target: 80520d1 [ParserDetails.C:588] pushing 80520d1 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805202d->8052033 resolveable_edge: 1, tailcall: 0, target: 8052033 [ParserDetails.C:588] pushing 8052033 onto worklist [Parser.C:1485] recording block [80520d1,80520d1) [Parser.C] parsing block 80520d1 [Parser.C:1274] curAddr 0x80520d1: mov EAX, [EBX + 6e8] [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x80520d7: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x80520da: call 22c6 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 22c6 + EIP + 5 to 0x80520da...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [80520d1,80520df) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80520da->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80520da->80520df resolveable_edge: 1, tailcall: 0, target: 80520df [ParserDetails.C:588] pushing 80520df onto worklist [Parser.C] binding call 80520da->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [80520df,80520df) [Parser.C] parsing block 80520df [Parser.C:1274] curAddr 0x80520df: lea EAX, EBX + ffffb650 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x80520e5: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x80520e8: call 18d0 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 18d0 + EIP + 5 to 0x80520e8...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80520df,80520ed) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80520e8->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80520e8->80520ed resolveable_edge: 1, tailcall: 0, target: 80520ed [ParserDetails.C:588] pushing 80520ed onto worklist [Parser.C] binding call 80520e8->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80520ed,80520ed) [Parser.C] parsing block 80520ed [Parser.C:1274] curAddr 0x80520ed: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x80520f2: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x80520f5: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x80520f6: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x80520f7: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80520ed,80520f8) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80520f7 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80520f7...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8051fe7,8051fe7) [Parser.C] parsing block 8051fe7 [Parser.C:1274] curAddr 0x8051fe7: lea EAX, EBX + ffffb4d0 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051fed: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051ff0: call 19c8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 19c8 + EIP + 5 to 0x8051ff0...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051fe7,8051ff5) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051ff0->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051ff0->8051ff5 resolveable_edge: 1, tailcall: 0, target: 8051ff5 [ParserDetails.C:588] pushing 8051ff5 onto worklist [Parser.C] binding call 8051ff0->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8051ff5,8051ff5) [Parser.C] parsing block 8051ff5 [Parser.C:1274] curAddr 0x8051ff5: mov EAX, [EBX + 950] [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051ffb: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051fff: lea EAX, EBX + ffffb508 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052005: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052008: call 19b0 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 19b0 + EIP + 5 to 0x8052008...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8051ff5,805200d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052008->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052008->805200d resolveable_edge: 1, tailcall: 0, target: 805200d [ParserDetails.C:588] pushing 805200d onto worklist [Parser.C] binding call 8052008->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [805200d,805200d) [Parser.C] parsing block 805200d [Parser.C:1274] curAddr 0x805200d: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052012: jmp db + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp db + EIP + 5 to 0x8052012...SUCCESS (CFT=0x80520f2) [Parser.C:1485] recording block [805200d,8052017) Getting edges Checking for Tail Call jump to 0x80520f2 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8052012->80520f2 resolveable_edge: 1, tailcall: 0, target: 80520f2 [ParserDetails.C:588] pushing 80520f2 onto worklist [Parser.C:1485] recording block [8052033,8052033) [Parser.C] parsing block 8052033 [Parser.C:1274] curAddr 0x8052033: lea EAX, EBX + ffffb4d0 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052039: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x805203c: call 197c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 197c + EIP + 5 to 0x805203c...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052033,8052041) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805203c->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805203c->8052041 resolveable_edge: 1, tailcall: 0, target: 8052041 [ParserDetails.C:588] pushing 8052041 onto worklist [Parser.C] binding call 805203c->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052041,8052041) [Parser.C] parsing block 8052041 [Parser.C:1274] curAddr 0x8052041: mov EAX, [EBX + 954] [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052047: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x805204b: lea EAX, EBX + ffffb558 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052051: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052054: call 1964 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1964 + EIP + 5 to 0x8052054...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052041,8052059) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052054->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052054->8052059 resolveable_edge: 1, tailcall: 0, target: 8052059 [ParserDetails.C:588] pushing 8052059 onto worklist [Parser.C] binding call 8052054->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052059,8052059) [Parser.C] parsing block 8052059 [Parser.C:1274] curAddr 0x8052059: mov EAX, [EBX + 954] [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x805205f: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052062: jz 27 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052059,8052064) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 27 + EIP + 2 to 0x8052062...SUCCESS (CFT=0x805208b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052062->805208b resolveable_edge: 1, tailcall: 0, target: 805208b [ParserDetails.C:588] pushing 805208b onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052062->8052064 resolveable_edge: 1, tailcall: 0, target: 8052064 [ParserDetails.C:588] pushing 8052064 onto worklist [Parser.C:1485] recording block [805208b,805208b) [Parser.C] parsing block 805208b [Parser.C:1274] curAddr 0x805208b: lea EAX, EBX + ffffb5a8 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052091: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052094: call 1924 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1924 + EIP + 5 to 0x8052094...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805208b,8052099) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052094->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052094->8052099 resolveable_edge: 1, tailcall: 0, target: 8052099 [ParserDetails.C:588] pushing 8052099 onto worklist [Parser.C] binding call 8052094->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052099,8052099) [Parser.C] parsing block 8052099 [Parser.C:1274] curAddr 0x8052099: jmp 2f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 2f + EIP + 2 to 0x8052099...SUCCESS (CFT=0x80520ca) [Parser.C:1485] recording block [8052099,805209b) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8052099->80520ca resolveable_edge: 1, tailcall: 0, target: 80520ca [ParserDetails.C:588] pushing 80520ca onto worklist [Parser.C:1485] recording block [8052064,8052064) [Parser.C] parsing block 8052064 [Parser.C:1274] curAddr 0x8052064: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052067: jnle 6 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052064,8052069) Getting edges IA_IAPI.C[847]: binding PC EIP in jnle 6 + EIP + 2 to 0x8052067...SUCCESS (CFT=0x805206f) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052067->805206f resolveable_edge: 1, tailcall: 0, target: 805206f [ParserDetails.C:588] pushing 805206f onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052067->8052069 resolveable_edge: 1, tailcall: 0, target: 8052069 [ParserDetails.C:588] pushing 8052069 onto worklist [Parser.C:1485] recording block [805206f,805206f) [Parser.C] parsing block 805206f [Parser.C:1274] curAddr 0x805206f: cmp EAX, 2 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052072: jz 27 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [805206f,8052074) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 27 + EIP + 2 to 0x8052072...SUCCESS (CFT=0x805209b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052072->805209b resolveable_edge: 1, tailcall: 0, target: 805209b [ParserDetails.C:588] pushing 805209b onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052072->8052074 resolveable_edge: 1, tailcall: 0, target: 8052074 [ParserDetails.C:588] pushing 8052074 onto worklist [Parser.C:1485] recording block [805209b,805209b) [Parser.C] parsing block 805209b [Parser.C:1274] curAddr 0x805209b: lea EAX, EBX + ffffb5d8 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x80520a1: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x80520a4: call 1914 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1914 + EIP + 5 to 0x80520a4...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805209b,80520a9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80520a4->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80520a4->80520a9 resolveable_edge: 1, tailcall: 0, target: 80520a9 [ParserDetails.C:588] pushing 80520a9 onto worklist [Parser.C] binding call 80520a4->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80520a9,80520a9) [Parser.C] parsing block 80520a9 [Parser.C:1274] curAddr 0x80520a9: jmp 1f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 1f + EIP + 2 to 0x80520a9...SUCCESS (CFT=0x80520ca) [Parser.C:1485] recording block [80520a9,80520ab) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 80520a9->80520ca resolveable_edge: 1, tailcall: 0, target: 80520ca [ParserDetails.C:588] pushing 80520ca onto worklist [Parser.C:1485] recording block [8052069,8052069) [Parser.C] parsing block 8052069 [Parser.C:1274] curAddr 0x8052069: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x805206b: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052069,805206d) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x805206b...SUCCESS (CFT=0x805207b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805206b->805207b resolveable_edge: 1, tailcall: 0, target: 805207b [ParserDetails.C:588] pushing 805207b onto worklist ParserDetails.C[80]: adding conditional not taken edge 805206b->805206d resolveable_edge: 1, tailcall: 0, target: 805206d [ParserDetails.C:588] pushing 805206d onto worklist [Parser.C:1485] recording block [805207b,805207b) [Parser.C] parsing block 805207b [Parser.C:1274] curAddr 0x805207b: lea EAX, EBX + ffffb584 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052081: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052084: call 1934 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1934 + EIP + 5 to 0x8052084...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805207b,8052089) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052084->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052084->8052089 resolveable_edge: 1, tailcall: 0, target: 8052089 [ParserDetails.C:588] pushing 8052089 onto worklist [Parser.C] binding call 8052084->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052089,8052089) [Parser.C] parsing block 8052089 [Parser.C:1274] curAddr 0x8052089: jmp 3f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 3f + EIP + 2 to 0x8052089...SUCCESS (CFT=0x80520ca) [Parser.C:1485] recording block [8052089,805208b) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8052089->80520ca resolveable_edge: 1, tailcall: 0, target: 80520ca [ParserDetails.C:588] pushing 80520ca onto worklist [Parser.C:1485] recording block [805206d,805206d) [Parser.C] parsing block 805206d [Parser.C:1274] curAddr 0x805206d: jmp 4c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 4c + EIP + 2 to 0x805206d...SUCCESS (CFT=0x80520bb) [Parser.C:1485] recording block [805206d,805206f) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 805206d->80520bb resolveable_edge: 1, tailcall: 0, target: 80520bb [ParserDetails.C:588] pushing 80520bb onto worklist [Parser.C:1485] recording block [8052074,8052074) [Parser.C] parsing block 8052074 [Parser.C:1274] curAddr 0x8052074: cmp EAX, 3 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052077: jz 32 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052074,8052079) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 32 + EIP + 2 to 0x8052077...SUCCESS (CFT=0x80520ab) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052077->80520ab resolveable_edge: 1, tailcall: 0, target: 80520ab [ParserDetails.C:588] pushing 80520ab onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052077->8052079 resolveable_edge: 1, tailcall: 0, target: 8052079 [ParserDetails.C:588] pushing 8052079 onto worklist [Parser.C:1485] recording block [80520ab,80520ab) [Parser.C] parsing block 80520ab [Parser.C:1274] curAddr 0x80520ab: lea EAX, EBX + ffffb608 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x80520b1: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x80520b4: call 1904 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1904 + EIP + 5 to 0x80520b4...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80520ab,80520b9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80520b4->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80520b4->80520b9 resolveable_edge: 1, tailcall: 0, target: 80520b9 [ParserDetails.C:588] pushing 80520b9 onto worklist [Parser.C] binding call 80520b4->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80520b9,80520b9) [Parser.C] parsing block 80520b9 [Parser.C:1274] curAddr 0x80520b9: jmp f + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp f + EIP + 2 to 0x80520b9...SUCCESS (CFT=0x80520ca) [Parser.C:1485] recording block [80520b9,80520bb) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 80520b9->80520ca resolveable_edge: 1, tailcall: 0, target: 80520ca [ParserDetails.C:588] pushing 80520ca onto worklist [Parser.C:1485] recording block [8052079,8052079) [Parser.C] parsing block 8052079 [Parser.C:1274] curAddr 0x8052079: jmp 40 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 40 + EIP + 2 to 0x8052079...SUCCESS (CFT=0x80520bb) [Parser.C:1485] recording block [8052079,805207b) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 8052079->80520bb resolveable_edge: 1, tailcall: 0, target: 80520bb [ParserDetails.C:588] pushing 80520bb onto worklist [Parser.C:1485] recording block [80520bb,80520bb) [Parser.C] parsing block 80520bb [Parser.C:1274] curAddr 0x80520bb: lea EAX, EBX + ffffb630 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x80520c1: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x80520c4: call 18f4 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 18f4 + EIP + 5 to 0x80520c4...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80520bb,80520c9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80520c4->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80520c4->80520c9 resolveable_edge: 1, tailcall: 0, target: 80520c9 [ParserDetails.C:588] pushing 80520c9 onto worklist [Parser.C] binding call 80520c4->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80520c9,80520c9) [Parser.C] parsing block 80520c9 [Parser.C:1274] curAddr 0x80520c9: nop [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x80520ca: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_32_mutatee [Parser.C:1485] recording block [80520c9,80520ca) [Parser.C:1485] recording block [80520ca,80520ca) [Parser.C:1295] nop-block ended at 80520ca [Parser.C:1298] pushing 80520ca onto worklist [Parser.C] block 80520ca exists [Parser.C] parsing block 80520ca [Parser.C:1274] curAddr 0x80520ca: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called [Parser.C:1274] curAddr 0x80520cf: jmp 21 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_32_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 21 + EIP + 2 to 0x80520cf...SUCCESS (CFT=0x80520f2) [Parser.C:1485] recording block [80520ca,80520d1) Getting edges Checking for Tail Call jump to 0x80520f2 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 80520cf->80520f2 resolveable_edge: 1, tailcall: 0, target: 80520f2 [ParserDetails.C:588] pushing 80520f2 onto worklist [Parser.C] block 80520bb exists [Parser.C] skipping locally parsed target at 80520bb [Parser.C] block 80520ca exists [Parser.C] skipping locally parsed target at 80520ca [Parser.C] block 80520ca exists [Parser.C] skipping locally parsed target at 80520ca [Parser.C] block 80520ca exists [Parser.C] skipping locally parsed target at 80520ca [Parser.C] block 80520ca exists [Parser.C] skipping locally parsed target at 80520ca [Parser.C] address 80520f2 splits [80520ed,80520f8) (0x1ded360) [Parser.C:1485] recording block [80520f2,80520f8) [Parser.C] skipping locally parsed target at 80520f2 [Parser.C] block 80520f2 exists [Parser.C] skipping locally parsed target at 80520f2 [Parser.C] frame 8051f90 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_32_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8050a95) [Parser.C:180] entered parse_at([804ccd0,80549c4),8050a95) function at 8050a95 already parsed, status 3 [Parser.C:224] entered parse_at(804db8c) [Parser.C:180] entered parse_at([804ccd0,80549c4),804db8c) [Parser.C:1485] recording block [804db8c,804db8c) [Parser.C] ==== starting to parse frame 804db8c ==== [Parser.C] parsing block 804db8c [Parser.C:1274] curAddr 0x804db8c: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called [Parser.C:1274] curAddr 0x804db8d: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called [Parser.C:1274] curAddr 0x804db8f: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called [Parser.C:1274] curAddr 0x804db90: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called [Parser.C:1274] curAddr 0x804db93: call fffff168 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffff168 + EIP + 5 to 0x804db93...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804db98: add EBX, e468 [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called [Parser.C:1274] curAddr 0x804db9e: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called [Parser.C:1274] curAddr 0x804dba4: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called [Parser.C:1274] curAddr 0x804dba6: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called [Parser.C:1274] curAddr 0x804dba8: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804db8c,804dbaa) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x804dba8...SUCCESS (CFT=0x804dbb8) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804dba8->804dbb8 resolveable_edge: 1, tailcall: 0, target: 804dbb8 [ParserDetails.C:588] pushing 804dbb8 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804dba8->804dbaa resolveable_edge: 1, tailcall: 0, target: 804dbaa [ParserDetails.C:588] pushing 804dbaa onto worklist [Parser.C:1485] recording block [804dbb8,804dbb8) [Parser.C] parsing block 804dbb8 [Parser.C:1274] curAddr 0x804dbb8: mov [EBX + 7cc], b [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called [Parser.C:1274] curAddr 0x804dbc2: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called [Parser.C:1274] curAddr 0x804dbc5: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called [Parser.C:1274] curAddr 0x804dbc6: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called [Parser.C:1274] curAddr 0x804dbc7: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804dbb8,804dbc8) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804dbc7 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804dbc7...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804dbaa,804dbaa) [Parser.C] parsing block 804dbaa [Parser.C:1274] curAddr 0x804dbaa: lea EAX, EBX + ffff8eac [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called [Parser.C:1274] curAddr 0x804dbb0: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called [Parser.C:1274] curAddr 0x804dbb3: call ffffef68 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_1_call1_1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffef68 + EIP + 5 to 0x804dbb3...SUCCESS (CFT=0x804cb20) [Parser.C:1485] recording block [804dbaa,804dbb8) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804dbb3->804cb20 resolveable_edge: 1, tailcall: 0, target: 804cb20 [ParserDetails.C:588] pushing 804cb20 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804dbb3->804dbb8 resolveable_edge: 1, tailcall: 0, target: 804dbb8 [ParserDetails.C:588] pushing 804dbb8 onto worklist [Parser.C] binding call 804dbb3->804cb20 [Parser.C] block 804cb20 exists Checking non-returning for puts [Parser.C] block 804dbb8 exists [Parser.C] skipping locally parsed target at 804dbb8 [Parser.C] frame 804db8c complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_1_call1_1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8050c4b) [Parser.C:180] entered parse_at([804ccd0,80549c4),8050c4b) [Parser.C:1485] recording block [8050c4b,8050c4b) [Parser.C] ==== starting to parse frame 8050c4b ==== [Parser.C] parsing block 8050c4b [Parser.C:1274] curAddr 0x8050c4b: push EBP, ESP [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c4c: mov EBP, ESP [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c4e: push EBX, ESP [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c4f: sub ESP, 24 [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c52: call ffffc0a9 + EIP + 5 [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffc0a9 + EIP + 5 to 0x8050c52...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8050c57: add EBX, b3a9 [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c5d: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c64: mov [ESP], 5 [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c6b: call ffffffd0 + EIP + 5 [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffffd0 + EIP + 5 to 0x8050c6b...SUCCESS (CFT=0x8050c40) [Parser.C:1485] recording block [8050c4b,8050c70) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050c6b->8050c40 resolveable_edge: 1, tailcall: 0, target: 8050c40 [ParserDetails.C:588] pushing 8050c40 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050c6b->8050c70 resolveable_edge: 1, tailcall: 0, target: 8050c70 [ParserDetails.C:588] pushing 8050c70 onto worklist [Parser.C] binding call 8050c6b->8050c40 [Parser.C:1485] recording block [8050c40,8050c40) [suspend frame 8050c4b] [Parser.C] frame 8050c4b blocked at 8050c6b call target 8050c40 [Parser.C] block 8050c40 exists [Parser.C] ==== starting to parse frame 8050c40 ==== [Parser.C] parsing block 8050c40 [Parser.C:1274] curAddr 0x8050c40: push EBP, ESP [Parser.C:1280] leaf 1 funcname scsv1 hasCFT called [Parser.C:1274] curAddr 0x8050c41: mov EBP, ESP [Parser.C:1280] leaf 1 funcname scsv1 hasCFT called [Parser.C:1274] curAddr 0x8050c43: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname scsv1 hasCFT called [Parser.C:1274] curAddr 0x8050c46: shl/sal EAX, 3 [Parser.C:1280] leaf 1 funcname scsv1 hasCFT called [Parser.C:1274] curAddr 0x8050c49: pop EBP, ESP [Parser.C:1280] leaf 1 funcname scsv1 hasCFT called [Parser.C:1274] curAddr 0x8050c4a: ret near [ESP] [Parser.C:1280] leaf 1 funcname scsv1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050c40,8050c4b) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8050c4a Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8050c4a...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8050c40 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] scsv1 return status 3, no waiters [Parser.C] ==== resuming parse of frame 8050c4b ==== Checking non-returning for scsv1 Checking non-returning for scsv1 [Parser.C:1485] recording block [8050c70,8050c70) [Parser.C] parsing block 8050c70 [Parser.C:1274] curAddr 0x8050c70: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c73: lea EAX, EBX + 8d4 [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c79: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c7b: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c7e: jz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050c70,8050c80) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 15 + EIP + 2 to 0x8050c7e...SUCCESS (CFT=0x8050c95) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050c7e->8050c95 resolveable_edge: 1, tailcall: 0, target: 8050c95 [ParserDetails.C:588] pushing 8050c95 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050c7e->8050c80 resolveable_edge: 1, tailcall: 0, target: 8050c80 [ParserDetails.C:588] pushing 8050c80 onto worklist [Parser.C:1485] recording block [8050c95,8050c95) [Parser.C] parsing block 8050c95 [Parser.C:1274] curAddr 0x8050c95: lea EAX, EBX + ffffabe0 [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c9b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c9e: call 2d1a + EIP + 5 [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2d1a + EIP + 5 to 0x8050c9e...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050c95,8050ca3) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050c9e->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050c9e->8050ca3 resolveable_edge: 1, tailcall: 0, target: 8050ca3 [ParserDetails.C:588] pushing 8050ca3 onto worklist [Parser.C] binding call 8050c9e->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8050ca3,8050ca3) [Parser.C] parsing block 8050ca3 [Parser.C:1274] curAddr 0x8050ca3: mov EAX, [EBX + 560] [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050ca9: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050cac: call 36f4 + EIP + 5 [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 36f4 + EIP + 5 to 0x8050cac...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8050ca3,8050cb1) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050cac->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050cac->8050cb1 resolveable_edge: 1, tailcall: 0, target: 8050cb1 [ParserDetails.C:588] pushing 8050cb1 onto worklist [Parser.C] binding call 8050cac->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8050cb1,8050cb1) [Parser.C] parsing block 8050cb1 [Parser.C:1274] curAddr 0x8050cb1: mov EAX, 0 [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050cb6: add ESP, 24 [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050cb9: pop EBX, ESP [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050cba: pop EBP, ESP [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050cbb: ret near [ESP] [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050cb1,8050cbc) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8050cbb Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8050cbb...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8050c80,8050c80) [Parser.C] parsing block 8050c80 [Parser.C:1274] curAddr 0x8050c80: lea EAX, EBX + ffffabbc [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c86: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c89: call 2d2f + EIP + 5 [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2d2f + EIP + 5 to 0x8050c89...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050c80,8050c8e) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050c89->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050c89->8050c8e resolveable_edge: 1, tailcall: 0, target: 8050c8e [ParserDetails.C:588] pushing 8050c8e onto worklist [Parser.C] binding call 8050c89->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8050c8e,8050c8e) [Parser.C] parsing block 8050c8e [Parser.C:1274] curAddr 0x8050c8e: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050c93: jmp 21 + EIP + 2 [Parser.C:1280] leaf 1 funcname snip_change_shlib_var_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 21 + EIP + 2 to 0x8050c93...SUCCESS (CFT=0x8050cb6) [Parser.C:1485] recording block [8050c8e,8050c95) Getting edges Checking for Tail Call jump to 0x8050cb6 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8050c93->8050cb6 resolveable_edge: 1, tailcall: 0, target: 8050cb6 [ParserDetails.C:588] pushing 8050cb6 onto worklist [Parser.C] address 8050cb6 splits [8050cb1,8050cbc) (0x1dd9190) [Parser.C:1485] recording block [8050cb6,8050cbc) [Parser.C] skipping locally parsed target at 8050cb6 [Parser.C] frame 8050c4b complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] snip_change_shlib_var_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8053f5d) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053f5d) [Parser.C:1485] recording block [8053f5d,8053f5d) [Parser.C] ==== starting to parse frame 8053f5d ==== [Parser.C] parsing block 8053f5d [Parser.C:1274] curAddr 0x8053f5d: push EBP, ESP [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053f5e: mov EBP, ESP [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053f60: push EBX, ESP [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053f61: sub ESP, 24 [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053f64: call ffff8d97 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8d97 + EIP + 5 to 0x8053f64...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053f69: add EBX, 8097 [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053f6f: mov EAX, [EBX + 9fc] [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053f75: lea EDX, EBX + ffffbfbc [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053f7b: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053f7f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053f82: call ffff8c39 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8c39 + EIP + 5 to 0x8053f82...SUCCESS (CFT=0x804cbc0) [Parser.C:1485] recording block [8053f5d,8053f87) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053f82->804cbc0 resolveable_edge: 1, tailcall: 0, target: 804cbc0 [ParserDetails.C:588] pushing 804cbc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053f82->8053f87 resolveable_edge: 1, tailcall: 0, target: 8053f87 [ParserDetails.C:588] pushing 8053f87 onto worklist [Parser.C] binding call 8053f82->804cbc0 [Parser.C] block 804cbc0 exists Checking non-returning for fopen [Parser.C:1485] recording block [8053f87,8053f87) [Parser.C] parsing block 8053f87 [Parser.C:1274] curAddr 0x8053f87: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053f8a: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053f8d: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053f91: lea EAX, EBX + ffffc0ff [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053f97: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053f9b: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053f9e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053fa1: call ffff8bea + EIP + 5 [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8bea + EIP + 5 to 0x8053fa1...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [8053f87,8053fa6) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053fa1->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053fa1->8053fa6 resolveable_edge: 1, tailcall: 0, target: 8053fa6 [ParserDetails.C:588] pushing 8053fa6 onto worklist [Parser.C] binding call 8053fa1->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C:1485] recording block [8053fa6,8053fa6) [Parser.C] parsing block 8053fa6 [Parser.C:1274] curAddr 0x8053fa6: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053fa9: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053fac: call ffff8aef + EIP + 5 [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8aef + EIP + 5 to 0x8053fac...SUCCESS (CFT=0x804caa0) [Parser.C:1485] recording block [8053fa6,8053fb1) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053fac->804caa0 resolveable_edge: 1, tailcall: 0, target: 804caa0 [ParserDetails.C:588] pushing 804caa0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053fac->8053fb1 resolveable_edge: 1, tailcall: 0, target: 8053fb1 [ParserDetails.C:588] pushing 8053fb1 onto worklist [Parser.C] binding call 8053fac->804caa0 [Parser.C] block 804caa0 exists Checking non-returning for fclose [Parser.C:1485] recording block [8053fb1,8053fb1) [Parser.C] parsing block 8053fb1 [Parser.C:1274] curAddr 0x8053fb1: add ESP, 24 [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053fb4: pop EBX, ESP [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053fb5: pop EBP, ESP [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called [Parser.C:1274] curAddr 0x8053fb6: ret near [ESP] [Parser.C:1280] leaf 1 funcname dbLogResult hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053fb1,8053fb7) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053fb6 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053fb6...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8053f5d complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] dbLogResult return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8050c40) [Parser.C:180] entered parse_at([804ccd0,80549c4),8050c40) function at 8050c40 already parsed, status 3 [Parser.C:224] entered parse_at(8052d48) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052d48) [Parser.C:1485] recording block [8052d48,8052d48) [Parser.C] ==== starting to parse frame 8052d48 ==== [Parser.C] parsing block 8052d48 [Parser.C:1274] curAddr 0x8052d48: push EBP, ESP [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d49: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d4b: push EBX, ESP [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d4c: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d4f: call ffff9fac + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9fac + EIP + 5 to 0x8052d4f...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052d54: add EBX, 92ac [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d5a: lea EAX, EBX + ffffbbd0 [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d60: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d63: call c1d + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call c1d + EIP + 5 to 0x8052d63...SUCCESS (CFT=0x8053985) [Parser.C:1485] recording block [8052d48,8052d68) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052d63->8053985 resolveable_edge: 1, tailcall: 0, target: 8053985 [ParserDetails.C:588] pushing 8053985 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052d63->8052d68 resolveable_edge: 1, tailcall: 0, target: 8052d68 [ParserDetails.C:588] pushing 8052d68 onto worklist [Parser.C] binding call 8052d63->8053985 [Parser.C] block 8053985 exists Checking non-returning for logstatus Checking non-returning for logstatus [Parser.C:1485] recording block [8052d68,8052d68) [Parser.C] parsing block 8052d68 [Parser.C:1274] curAddr 0x8052d68: mov EAX, [EBX + 740] [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d6e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d71: call 162f + EIP + 5 [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 162f + EIP + 5 to 0x8052d71...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8052d68,8052d76) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052d71->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052d71->8052d76 resolveable_edge: 1, tailcall: 0, target: 8052d76 [ParserDetails.C:588] pushing 8052d76 onto worklist [Parser.C] binding call 8052d71->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8052d76,8052d76) [Parser.C] parsing block 8052d76 [Parser.C:1274] curAddr 0x8052d76: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d7b: add ESP, 14 [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d7e: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d7f: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052d80: ret near [ESP] [Parser.C:1280] leaf 1 funcname test2_9_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052d76,8052d81) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052d80 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052d80...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052d48 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test2_9_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(805082b) [Parser.C:180] entered parse_at([804ccd0,80549c4),805082b) function at 805082b already parsed, status 3 [Parser.C:224] entered parse_at(804fa83) [Parser.C:180] entered parse_at([804ccd0,80549c4),804fa83) function at 804fa83 already parsed, status 3 [Parser.C:224] entered parse_at(804ed75) [Parser.C:180] entered parse_at([804ccd0,80549c4),804ed75) [Parser.C:1485] recording block [804ed75,804ed75) [Parser.C] ==== starting to parse frame 804ed75 ==== [Parser.C] parsing block 804ed75 [Parser.C:1274] curAddr 0x804ed75: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ed76: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ed78: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ed79: sub ESP, 44 [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ed7c: call ffffdf7f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffdf7f + EIP + 5 to 0x804ed7c...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804ed81: add EBX, d27f [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ed87: mov [ESP + 24], a [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ed8f: mov [ESP + 20], 9 [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ed97: mov [ESP + 1c], 8 [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ed9f: mov [ESP + 18], 7 [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804eda7: mov [ESP + 14], 6 [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804edaf: mov [ESP + 10], 5 [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804edb7: mov [ESP + c], 4 [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804edbf: mov [ESP + 8], 3 [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804edc7: mov [ESP + 4], 2 [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804edcf: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804edd6: call fffffdb5 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffdb5 + EIP + 5 to 0x804edd6...SUCCESS (CFT=0x804eb90) [Parser.C:1485] recording block [804ed75,804eddb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804edd6->804eb90 resolveable_edge: 1, tailcall: 0, target: 804eb90 [ParserDetails.C:588] pushing 804eb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804edd6->804eddb resolveable_edge: 1, tailcall: 0, target: 804eddb [ParserDetails.C:588] pushing 804eddb onto worklist [Parser.C] binding call 804edd6->804eb90 [Parser.C] block 804eb90 exists Checking non-returning for test1_8_func1 Checking non-returning for test1_8_func1 [Parser.C:1485] recording block [804eddb,804eddb) [Parser.C] parsing block 804eddb [Parser.C:1274] curAddr 0x804eddb: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804edde: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804ede2: jnz e + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804eddb,804ede4) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz e + EIP + 2 to 0x804ede2...SUCCESS (CFT=0x804edf2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804ede2->804edf2 resolveable_edge: 1, tailcall: 0, target: 804edf2 [ParserDetails.C:588] pushing 804edf2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804ede2->804ede4 resolveable_edge: 1, tailcall: 0, target: 804ede4 [ParserDetails.C:588] pushing 804ede4 onto worklist [Parser.C:1485] recording block [804edf2,804edf2) [Parser.C] parsing block 804edf2 [Parser.C:1274] curAddr 0x804edf2: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804edf5: add ESP, 44 [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804edf8: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804edf9: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804edfa: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804edf2,804edfb) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804edfa Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804edfa...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804ede4,804ede4) [Parser.C] parsing block 804ede4 [Parser.C:1274] curAddr 0x804ede4: mov EAX, [EBX + 4cc] [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804edea: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called [Parser.C:1274] curAddr 0x804eded: call 55b3 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_8_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 55b3 + EIP + 5 to 0x804eded...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [804ede4,804edf2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804eded->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804eded->804edf2 resolveable_edge: 1, tailcall: 0, target: 804edf2 [ParserDetails.C:588] pushing 804edf2 onto worklist [Parser.C] binding call 804eded->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C] block 804edf2 exists [Parser.C] skipping locally parsed target at 804edf2 [Parser.C] frame 804ed75 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_8_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804fa1f) [Parser.C:180] entered parse_at([804ccd0,80549c4),804fa1f) function at 804fa1f already parsed, status 3 [Parser.C:224] entered parse_at(8050cbc) [Parser.C:180] entered parse_at([804ccd0,80549c4),8050cbc) [Parser.C:1485] recording block [8050cbc,8050cbc) [Parser.C] ==== starting to parse frame 8050cbc ==== [Parser.C] parsing block 8050cbc [Parser.C:1274] curAddr 0x8050cbc: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050cbd: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050cbf: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050cc0: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050cc3: call ffffc038 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffc038 + EIP + 5 to 0x8050cc3...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8050cc8: add EBX, b338 [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050cce: call be + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call be + EIP + 5 to 0x8050cce...SUCCESS (CFT=0x8050d91) [Parser.C:1485] recording block [8050cbc,8050cd3) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050cce->8050d91 resolveable_edge: 1, tailcall: 0, target: 8050d91 [ParserDetails.C:588] pushing 8050d91 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050cce->8050cd3 resolveable_edge: 1, tailcall: 0, target: 8050cd3 [ParserDetails.C:588] pushing 8050cd3 onto worklist [Parser.C] binding call 8050cce->8050d91 [Parser.C] block 8050d91 exists Checking non-returning for test1_23_call1 Checking non-returning for test1_23_call1 [Parser.C:1485] recording block [8050cd3,8050cd3) [Parser.C] parsing block 8050cd3 [Parser.C:1274] curAddr 0x8050cd3: mov EAX, [EBX + 8e4] [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050cd9: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050cdb: jnz 25 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050cd3,8050cdd) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 25 + EIP + 2 to 0x8050cdb...SUCCESS (CFT=0x8050d02) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8050cdb->8050d02 resolveable_edge: 1, tailcall: 0, target: 8050d02 [ParserDetails.C:588] pushing 8050d02 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8050cdb->8050cdd resolveable_edge: 1, tailcall: 0, target: 8050cdd [ParserDetails.C:588] pushing 8050cdd onto worklist [Parser.C:1485] recording block [8050d02,8050d02) [Parser.C] parsing block 8050d02 [Parser.C:1274] curAddr 0x8050d02: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050d09: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050d0c: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050d0f: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050d10: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050d11: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8050d02,8050d12) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8050d11 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8050d11...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8050cdd,8050cdd) [Parser.C] parsing block 8050cdd [Parser.C:1274] curAddr 0x8050cdd: lea EAX, EBX + ffffac10 [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050ce3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050ce6: call 2cd2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2cd2 + EIP + 5 to 0x8050ce6...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8050cdd,8050ceb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050ce6->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050ce6->8050ceb resolveable_edge: 1, tailcall: 0, target: 8050ceb [ParserDetails.C:588] pushing 8050ceb onto worklist [Parser.C] binding call 8050ce6->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8050ceb,8050ceb) [Parser.C] parsing block 8050ceb [Parser.C:1274] curAddr 0x8050ceb: mov EAX, [EBX + 57c] [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050cf1: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050cf4: call 36ac + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 36ac + EIP + 5 to 0x8050cf4...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8050ceb,8050cf9) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8050cf4->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8050cf4->8050cf9 resolveable_edge: 1, tailcall: 0, target: 8050cf9 [ParserDetails.C:588] pushing 8050cf9 onto worklist [Parser.C] binding call 8050cf4->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8050cf9,8050cf9) [Parser.C] parsing block 8050cf9 [Parser.C:1274] curAddr 0x8050cf9: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called [Parser.C:1274] curAddr 0x8050d00: jmp 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_23_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 7 + EIP + 2 to 0x8050d00...SUCCESS (CFT=0x8050d09) [Parser.C:1485] recording block [8050cf9,8050d02) Getting edges Checking for Tail Call jump to 0x8050d09 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8050d00->8050d09 resolveable_edge: 1, tailcall: 0, target: 8050d09 [ParserDetails.C:588] pushing 8050d09 onto worklist [Parser.C] address 8050d09 splits [8050d02,8050d12) (0x1dd06e0) [Parser.C:1485] recording block [8050d09,8050d12) [Parser.C] skipping locally parsed target at 8050d09 [Parser.C] frame 8050cbc complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_23_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052985) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052985) [Parser.C:1485] recording block [8052985,8052985) [Parser.C] ==== starting to parse frame 8052985 ==== [Parser.C] parsing block 8052985 [Parser.C:1274] curAddr 0x8052985: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_inc2 hasCFT called [Parser.C:1274] curAddr 0x8052986: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_inc2 hasCFT called [Parser.C:1274] curAddr 0x8052988: call ffffb1f8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_37_inc2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffb1f8 + EIP + 5 to 0x8052988...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x805298d: add ECX, 9673 [Parser.C:1280] leaf 1 funcname test1_37_inc2 hasCFT called [Parser.C:1274] curAddr 0x8052993: lea EAX, ECX + 994 [Parser.C:1280] leaf 1 funcname test1_37_inc2 hasCFT called [Parser.C:1274] curAddr 0x8052999: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_37_inc2 hasCFT called [Parser.C:1274] curAddr 0x805299b: lea EDX, EAX + 1 [Parser.C:1280] leaf 1 funcname test1_37_inc2 hasCFT called [Parser.C:1274] curAddr 0x805299e: lea EAX, ECX + 994 [Parser.C:1280] leaf 1 funcname test1_37_inc2 hasCFT called [Parser.C:1274] curAddr 0x80529a4: mov [EAX], EDX [Parser.C:1280] leaf 1 funcname test1_37_inc2 hasCFT called [Parser.C:1274] curAddr 0x80529a6: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_37_inc2 hasCFT called [Parser.C:1274] curAddr 0x80529a7: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_37_inc2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052985,80529a8) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80529a7 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80529a7...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052985 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_37_inc2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80530d0) [Parser.C:180] entered parse_at([804ccd0,80549c4),80530d0) function at 80530d0 already parsed, status 3 [Parser.C:224] entered parse_at(804e0d8) [Parser.C:180] entered parse_at([804ccd0,80549c4),804e0d8) [Parser.C:1485] recording block [804e0d8,804e0d8) [Parser.C] ==== starting to parse frame 804e0d8 ==== [Parser.C] parsing block 804e0d8 [Parser.C:1274] curAddr 0x804e0d8: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e0d9: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e0db: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e0dc: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e0df: call ffffec1c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffec1c + EIP + 5 to 0x804e0df...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804e0e4: add EBX, df1c [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e0ea: call ffffff43 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffff43 + EIP + 5 to 0x804e0ea...SUCCESS (CFT=0x804e032) [Parser.C:1485] recording block [804e0d8,804e0ef) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e0ea->804e032 resolveable_edge: 1, tailcall: 0, target: 804e032 [ParserDetails.C:588] pushing 804e032 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e0ea->804e0ef resolveable_edge: 1, tailcall: 0, target: 804e0ef [ParserDetails.C:588] pushing 804e0ef onto worklist [Parser.C] binding call 804e0ea->804e032 [Parser.C] block 804e032 exists Checking non-returning for test1_4_func1 Checking non-returning for test1_4_func1 [Parser.C:1485] recording block [804e0ef,804e0ef) [Parser.C] parsing block 804e0ef [Parser.C:1274] curAddr 0x804e0ef: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e0f1: jz 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e0ef,804e0f3) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 7 + EIP + 2 to 0x804e0f1...SUCCESS (CFT=0x804e0fa) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804e0f1->804e0fa resolveable_edge: 1, tailcall: 0, target: 804e0fa [ParserDetails.C:588] pushing 804e0fa onto worklist ParserDetails.C[80]: adding conditional not taken edge 804e0f1->804e0f3 resolveable_edge: 1, tailcall: 0, target: 804e0f3 [ParserDetails.C:588] pushing 804e0f3 onto worklist [Parser.C:1485] recording block [804e0fa,804e0fa) [Parser.C] parsing block 804e0fa [Parser.C:1274] curAddr 0x804e0fa: mov EAX, [EBX + 394] [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e100: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e103: call 629d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 629d + EIP + 5 to 0x804e103...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [804e0fa,804e108) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804e103->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804e103->804e108 resolveable_edge: 1, tailcall: 0, target: 804e108 [ParserDetails.C:588] pushing 804e108 onto worklist [Parser.C] binding call 804e103->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [804e108,804e108) [Parser.C] parsing block 804e108 [Parser.C:1274] curAddr 0x804e108: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e10d: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e110: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e111: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e112: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804e108,804e113) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804e112 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804e112...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804e0f3,804e0f3) [Parser.C] parsing block 804e0f3 [Parser.C:1274] curAddr 0x804e0f3: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called [Parser.C:1274] curAddr 0x804e0f8: jmp 13 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_4_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 13 + EIP + 2 to 0x804e0f8...SUCCESS (CFT=0x804e10d) [Parser.C:1485] recording block [804e0f3,804e0fa) Getting edges Checking for Tail Call jump to 0x804e10d is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804e0f8->804e10d resolveable_edge: 1, tailcall: 0, target: 804e10d [ParserDetails.C:588] pushing 804e10d onto worklist [Parser.C] address 804e10d splits [804e108,804e113) (0x1d602a0) [Parser.C:1485] recording block [804e10d,804e113) [Parser.C] skipping locally parsed target at 804e10d [Parser.C] frame 804e0d8 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_4_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80545f5) [Parser.C:180] entered parse_at([804ccd0,80549c4),80545f5) function at 80545f5 already parsed, status 3 [Parser.C:224] entered parse_at(804f294) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f294) [Parser.C:1485] recording block [804f294,804f294) [Parser.C] ==== starting to parse frame 804f294 ==== [Parser.C] parsing block 804f294 [Parser.C:1274] curAddr 0x804f294: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_10_call3 hasCFT called [Parser.C:1274] curAddr 0x804f295: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_10_call3 hasCFT called [Parser.C:1274] curAddr 0x804f297: call ffffe8e9 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_10_call3 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe8e9 + EIP + 5 to 0x804f297...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x804f29c: add ECX, cd64 [Parser.C:1280] leaf 1 funcname test1_10_call3 hasCFT called [Parser.C:1274] curAddr 0x804f2a2: mov EAX, [ECX + 820] [Parser.C:1280] leaf 1 funcname test1_10_call3 hasCFT called [Parser.C:1274] curAddr 0x804f2a8: cmp EAX, 2 [Parser.C:1280] leaf 1 funcname test1_10_call3 hasCFT called [Parser.C:1274] curAddr 0x804f2ab: jnz 14 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_10_call3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f294,804f2ad) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 14 + EIP + 2 to 0x804f2ab...SUCCESS (CFT=0x804f2c1) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f2ab->804f2c1 resolveable_edge: 1, tailcall: 0, target: 804f2c1 [ParserDetails.C:588] pushing 804f2c1 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f2ab->804f2ad resolveable_edge: 1, tailcall: 0, target: 804f2ad [ParserDetails.C:588] pushing 804f2ad onto worklist [Parser.C:1485] recording block [804f2c1,804f2c1) [Parser.C] parsing block 804f2c1 [Parser.C:1274] curAddr 0x804f2c1: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_10_call3 hasCFT called [Parser.C:1274] curAddr 0x804f2c2: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_10_call3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f2c1,804f2c3) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f2c2 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f2c2...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804f2ad,804f2ad) [Parser.C] parsing block 804f2ad [Parser.C:1274] curAddr 0x804f2ad: mov [ECX + 820], 3 [Parser.C:1280] leaf 1 funcname test1_10_call3 hasCFT called [Parser.C:1274] curAddr 0x804f2b7: mov [ECX + 81c], 1 [Parser.C:1280] leaf 1 funcname test1_10_call3 hasCFT called [Parser.C] straight-line parse into block at 804f2c1 [Parser.C:1485] recording block [804f2ad,804f2c1) [Parser.C] block 804f2c1 exists [Parser.C] frame 804f294 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_10_call3 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(80521fb) [Parser.C:180] entered parse_at([804ccd0,80549c4),80521fb) [Parser.C:1485] recording block [80521fb,80521fb) [Parser.C] ==== starting to parse frame 80521fb ==== [Parser.C] parsing block 80521fb [Parser.C:1274] curAddr 0x80521fb: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_33_func3 hasCFT called [Parser.C:1274] curAddr 0x80521fc: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_33_func3 hasCFT called [Parser.C:1274] curAddr 0x80521fe: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_33_func3 hasCFT called [Parser.C:1274] curAddr 0x80521ff: call ffffaafc + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_33_func3 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffaafc + EIP + 5 to 0x80521ff...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052204: add EBX, 9dfc [Parser.C:1280] leaf 1 funcname test1_33_func3 hasCFT called [Parser.C:1274] curAddr 0x805220a: cmp [EBP + 8], 13 [Parser.C:1280] leaf 1 funcname test1_33_func3 hasCFT called [Parser.C:1274] curAddr 0x805220e: jnbe 13a + EIP + 6 [Parser.C:1280] leaf 1 funcname test1_33_func3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80521fb,8052214) Getting edges IA_IAPI.C[847]: binding PC EIP in jnbe 13a + EIP + 6 to 0x805220e...SUCCESS (CFT=0x805234e) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805220e->805234e resolveable_edge: 1, tailcall: 0, target: 805234e [ParserDetails.C:588] pushing 805234e onto worklist ParserDetails.C[80]: adding conditional not taken edge 805220e->8052214 resolveable_edge: 1, tailcall: 0, target: 8052214 [ParserDetails.C:588] pushing 8052214 onto worklist [Parser.C:1485] recording block [805234e,805234e) [Parser.C] parsing block 805234e [Parser.C:1274] curAddr 0x805234e: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_33_func3 hasCFT called [Parser.C:1274] curAddr 0x8052351: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_33_func3 hasCFT called [Parser.C:1274] curAddr 0x8052352: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_33_func3 hasCFT called [Parser.C:1274] curAddr 0x8052353: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_33_func3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [805234e,8052354) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052353 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052353...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8052214,8052214) [Parser.C] parsing block 8052214 [Parser.C:1274] curAddr 0x8052214: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_33_func3 hasCFT called [Parser.C:1274] curAddr 0x8052217: shl/sal EAX, 2 [Parser.C:1280] leaf 1 funcname test1_33_func3 hasCFT called [Parser.C:1274] curAddr 0x805221a: mov EAX, [EAX + EBX * 1 + ffffb700] [Parser.C:1280] leaf 1 funcname test1_33_func3 hasCFT called [Parser.C:1274] curAddr 0x8052221: add EAX, EBX [Parser.C:1280] leaf 1 funcname test1_33_func3 hasCFT called [Parser.C:1274] curAddr 0x8052223: jmp EAX [Parser.C:1280] leaf 1 funcname test1_33_func3 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp EAX to 0x8052223...FAIL (CFT=0x0), callTarget exp: EAX ... indirect jump at 0x8052223, delay parsing it [Parser.C:1485] recording block [8052214,8052225) ... continue parse indirect jump at 8052223 [Parser.C:1485] recording block [8052214,8052225) Getting edges ... indirect jump at 0x8052223 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp EAX at 0x8052223 Apply indirect control flow analysis at 8052223 Looking for thunk Looking for thunk in block [80521fb,8052214).IA_IAPI.C[847]: binding PC EIP in call ffffaafc + EIP + 5 to 0x80521ff...SUCCESS (CFT=0x804cd00) find thunk at 80521ff, storing value 805c000 to x86::ebx ......WARNING: after advance at 0x8052214, curInsn() NULL Looking for thunk in block [8052214,8052225).......WARNING: after advance at 0x8052225, curInsn() NULL Expanding instruction @ 8052223: jmp EAX Original expand: Adding assignment (@8052223<[x86::eip]>[x86::eax]) in instruction jmp EAX at 8052223, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 8052223, insn: jmp EAX Old fact for 8052223: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Check srcAddr at 0, trgAddr at 8052223, thunk at 80521ff find thunk at 80521ff between the source and the target. Add factInterval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Fact from 0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack New fact at 8052223 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@8052223<[x86::eip]>[x86::eax]) Instruction: jmp EAX AST: Kill bound fact for and are equal inserting relation and , type 0 Apply relations to Apply relations2 to Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 8052223 The fact from 8052223 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack Check srcAddr at 8052223, trgAddr at 0, thunk at 80521ff Fact from 8052223 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = No known value at the top of the stack Facts change! Checking final bound fact for x86::eip jump target expression Expanding instruction @ 8052221: add EAX, EBX Original expand: (((,<33:32>,),((,<33:32>,),<0:1>,),),<0:33>,<32:33>,) Adding assignment (@8052221<[x86::eax]>[x86::eax]>[x86::ebx]) in instruction add EAX, EBX at 8052221, total 2 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 8052221, insn: add EAX, EBX Old fact for 8052221: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Check srcAddr at 0, trgAddr at 8052221, thunk at 80521ff find thunk at 80521ff between the source and the target. Add factInterval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Fact from 0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack New fact at 8052221 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 51 Expand assignment : (@8052221<[x86::eax]>[x86::eax]>[x86::ebx]) Instruction: add EAX, EBX AST: (,,) Kill bound fact for Apply relations to (,,) Apply relations2 to (,,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 8052223, insn: jmp EAX Old fact for 8052223: do not exist Meet incoming edge from 8052221 The fact from 8052221 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack Check srcAddr at 8052221, trgAddr at 8052223, thunk at 80521ff Fact from 8052221 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack New fact at 8052223 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (,,) No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@8052223<[x86::eip]>[x86::eax]) Instruction: jmp EAX AST: Kill bound fact for and are equal inserting relation and , type 0 Apply relations to (,,) Apply relations2 to (,,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack Starting analysis inside SCC 3 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 8052223 The fact from 8052223 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack Check srcAddr at 8052223, trgAddr at 0, thunk at 80521ff Fact from 8052223 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = (,,) = (,,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip jump target expression (,,) Expanding instruction @ 805221a: mov EAX, [EAX + EBX * 1 + ffffb700] Original expand: (((,((,<1:8>,),<0:40>,<32:40>,),),<4294948608:32>,),) Adding assignment (@805221a<[x86::eax]>[x86::eax]>[x86::ebx]>H[]) in instruction mov EAX, [EAX + EBX * 1 + ffffb700] at 805221a, total 3 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 805221a, insn: mov EAX, [EAX + EBX * 1 + ffffb700] Old fact for 805221a: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Check srcAddr at 0, trgAddr at 805221a, thunk at 80521ff find thunk at 80521ff between the source and the target. Add factInterval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Fact from 0 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack New fact at 805221a Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 264 Expand assignment : (@805221a<[x86::eax]>[x86::eax]>[x86::ebx]>H[]) Instruction: mov EAX, [EAX + EBX * 1 + ffffb700] AST: (((,,),<4294948608:32>,),) Kill bound fact for Apply relations to (((,,),<4294948608:32>,),) Apply relations2 to (((,,),<4294948608:32>,),) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294948608:32>,),) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 8052221, insn: add EAX, EBX Old fact for 8052221: do not exist Meet incoming edge from 805221a The fact from 805221a before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294948608:32>,),) No known value at the top of the stack Check srcAddr at 805221a, trgAddr at 8052221, thunk at 80521ff Fact from 805221a after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294948608:32>,),) No known value at the top of the stack New fact at 8052221 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (((,,),<4294948608:32>,),) No known value at the top of the stack Facts change! The predecessor node is normal node entry id 51 Expand assignment : (@8052221<[x86::eax]>[x86::eax]>[x86::ebx]) Instruction: add EAX, EBX AST: (,,) Kill bound fact for Apply relations to ((((,,),<4294948608:32>,),),,) Apply relations2 to ((((,,),<4294948608:32>,),),,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294948608:32>,),),,) No known value at the top of the stack Starting analysis inside SCC 3 Calculate Meet for 8052223, insn: jmp EAX Old fact for 8052223: do not exist Meet incoming edge from 8052221 The fact from 8052221 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294948608:32>,),),,) No known value at the top of the stack Check srcAddr at 8052221, trgAddr at 8052223, thunk at 80521ff Fact from 8052221 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294948608:32>,),),,) No known value at the top of the stack New fact at 8052223 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = ((((,,),<4294948608:32>,),),,) No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@8052223<[x86::eip]>[x86::eax]) Instruction: jmp EAX AST: Kill bound fact for and are equal inserting relation and , type 0 Apply relations to ((((,,),<4294948608:32>,),),,) Apply relations2 to ((((,,),<4294948608:32>,),),,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294948608:32>,),),,) = ((((,,),<4294948608:32>,),),,) No known value at the top of the stack Starting analysis inside SCC 4 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 8052223 The fact from 8052223 before applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294948608:32>,),),,) = ((((,,),<4294948608:32>,),),,) No known value at the top of the stack Check srcAddr at 8052223, trgAddr at 0, thunk at 80521ff Fact from 8052223 after applying transfer function Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294948608:32>,),),,) = ((((,,),<4294948608:32>,),),,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594560,134594560] 0[805c000,805c000], targetBase 0, tableReadSize 0, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: and , relation: 0 Aliasing: = ((((,,),<4294948608:32>,),),,) = ((((,,),<4294948608:32>,),),,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip jump target expression ((((,,),<4294948608:32>,),),,) tableBase 0xffffb700 invalid, not jump table format tableBase 0xffffb700 not read only, not jump table format Not jump table format! Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp EAX at 0x8052223 in function test1_33_func3 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 8052223->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff [Parser.C] frame 80521fb complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_33_func3 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052706) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052706) [Parser.C:1485] recording block [8052706,8052706) [Parser.C] ==== starting to parse frame 8052706 ==== [Parser.C] parsing block 8052706 [Parser.C:1274] curAddr 0x8052706: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052707: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052709: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called [Parser.C:1274] curAddr 0x805270a: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called [Parser.C:1274] curAddr 0x805270d: call ffffa5ee + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffa5ee + EIP + 5 to 0x805270d...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052712: add EBX, 98ee [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052718: call fffffd57 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffd57 + EIP + 5 to 0x8052718...SUCCESS (CFT=0x8052474) [Parser.C:1485] recording block [8052706,805271d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052718->8052474 resolveable_edge: 1, tailcall: 0, target: 8052474 [ParserDetails.C:588] pushing 8052474 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052718->805271d resolveable_edge: 1, tailcall: 0, target: 805271d [ParserDetails.C:588] pushing 805271d onto worklist [Parser.C] binding call 8052718->8052474 [Parser.C:1485] recording block [8052474,8052474) [suspend frame 8052706] [Parser.C] frame 8052706 blocked at 8052718 call target 8052474 [Parser.C] block 8052474 exists [Parser.C] ==== starting to parse frame 8052474 ==== [Parser.C] parsing block 8052474 [Parser.C:1274] curAddr 0x8052474: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052475: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052477: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052478: sub ESP, 44 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805247b: call ffffa880 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffa880 + EIP + 5 to 0x805247b...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052480: add EBX, 9b80 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052486: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805248d: mov [ESP + 24], a [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052495: mov [ESP + 20], 9 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805249d: mov [ESP + 1c], 8 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80524a5: mov [ESP + 18], 7 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80524ad: mov [ESP + 14], 6 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80524b5: mov [ESP + 10], 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80524bd: mov [ESP + c], 4 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80524c5: mov [ESP + 8], 3 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80524cd: mov [ESP + 4], 2 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80524d5: mov [ESP], 1 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80524dc: call 260 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 260 + EIP + 5 to 0x80524dc...SUCCESS (CFT=0x8052741) [Parser.C:1485] recording block [8052474,80524e1) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80524dc->8052741 resolveable_edge: 1, tailcall: 0, target: 8052741 [ParserDetails.C:588] pushing 8052741 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80524dc->80524e1 resolveable_edge: 1, tailcall: 0, target: 80524e1 [ParserDetails.C:588] pushing 80524e1 onto worklist [Parser.C] binding call 80524dc->8052741 [Parser.C] block 8052741 exists Checking non-returning for test1_36_call1 Checking non-returning for test1_36_call1 [Parser.C:1485] recording block [80524e1,80524e1) [Parser.C] parsing block 80524e1 [Parser.C:1274] curAddr 0x80524e1: mov [EBP + fffffffffffffff0], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80524e4: cmp [EBP + fffffffffffffff0], 37 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80524e8: jz 1c + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80524e1,80524ea) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1c + EIP + 2 to 0x80524e8...SUCCESS (CFT=0x8052506) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80524e8->8052506 resolveable_edge: 1, tailcall: 0, target: 8052506 [ParserDetails.C:588] pushing 8052506 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80524e8->80524ea resolveable_edge: 1, tailcall: 0, target: 80524ea [ParserDetails.C:588] pushing 80524ea onto worklist [Parser.C:1485] recording block [8052506,8052506) [Parser.C] parsing block 8052506 [Parser.C:1274] curAddr 0x8052506: lea EAX, EBX + 964 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805250c: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805250e: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052511: jz 21 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052506,8052513) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 21 + EIP + 2 to 0x8052511...SUCCESS (CFT=0x8052534) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052511->8052534 resolveable_edge: 1, tailcall: 0, target: 8052534 [ParserDetails.C:588] pushing 8052534 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052511->8052513 resolveable_edge: 1, tailcall: 0, target: 8052513 [ParserDetails.C:588] pushing 8052513 onto worklist [Parser.C:1485] recording block [8052534,8052534) [Parser.C] parsing block 8052534 [Parser.C:1274] curAddr 0x8052534: lea EAX, EBX + 968 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805253a: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805253c: cmp EAX, 2 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805253f: jz 21 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052534,8052541) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 21 + EIP + 2 to 0x805253f...SUCCESS (CFT=0x8052562) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805253f->8052562 resolveable_edge: 1, tailcall: 0, target: 8052562 [ParserDetails.C:588] pushing 8052562 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805253f->8052541 resolveable_edge: 1, tailcall: 0, target: 8052541 [ParserDetails.C:588] pushing 8052541 onto worklist [Parser.C:1485] recording block [8052562,8052562) [Parser.C] parsing block 8052562 [Parser.C:1274] curAddr 0x8052562: lea EAX, EBX + 96c [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052568: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805256a: cmp EAX, 3 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805256d: jz 21 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052562,805256f) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 21 + EIP + 2 to 0x805256d...SUCCESS (CFT=0x8052590) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805256d->8052590 resolveable_edge: 1, tailcall: 0, target: 8052590 [ParserDetails.C:588] pushing 8052590 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805256d->805256f resolveable_edge: 1, tailcall: 0, target: 805256f [ParserDetails.C:588] pushing 805256f onto worklist [Parser.C:1485] recording block [8052590,8052590) [Parser.C] parsing block 8052590 [Parser.C:1274] curAddr 0x8052590: lea EAX, EBX + 970 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052596: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052598: cmp EAX, 4 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805259b: jz 21 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052590,805259d) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 21 + EIP + 2 to 0x805259b...SUCCESS (CFT=0x80525be) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805259b->80525be resolveable_edge: 1, tailcall: 0, target: 80525be [ParserDetails.C:588] pushing 80525be onto worklist ParserDetails.C[80]: adding conditional not taken edge 805259b->805259d resolveable_edge: 1, tailcall: 0, target: 805259d [ParserDetails.C:588] pushing 805259d onto worklist [Parser.C:1485] recording block [80525be,80525be) [Parser.C] parsing block 80525be [Parser.C:1274] curAddr 0x80525be: lea EAX, EBX + 974 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525c4: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525c6: cmp EAX, 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525c9: jz 21 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80525be,80525cb) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 21 + EIP + 2 to 0x80525c9...SUCCESS (CFT=0x80525ec) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80525c9->80525ec resolveable_edge: 1, tailcall: 0, target: 80525ec [ParserDetails.C:588] pushing 80525ec onto worklist ParserDetails.C[80]: adding conditional not taken edge 80525c9->80525cb resolveable_edge: 1, tailcall: 0, target: 80525cb [ParserDetails.C:588] pushing 80525cb onto worklist [Parser.C:1485] recording block [80525ec,80525ec) [Parser.C] parsing block 80525ec [Parser.C:1274] curAddr 0x80525ec: lea EAX, EBX + 978 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525f2: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525f4: cmp EAX, 6 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525f7: jz 21 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80525ec,80525f9) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 21 + EIP + 2 to 0x80525f7...SUCCESS (CFT=0x805261a) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80525f7->805261a resolveable_edge: 1, tailcall: 0, target: 805261a [ParserDetails.C:588] pushing 805261a onto worklist ParserDetails.C[80]: adding conditional not taken edge 80525f7->80525f9 resolveable_edge: 1, tailcall: 0, target: 80525f9 [ParserDetails.C:588] pushing 80525f9 onto worklist [Parser.C:1485] recording block [805261a,805261a) [Parser.C] parsing block 805261a [Parser.C:1274] curAddr 0x805261a: lea EAX, EBX + 97c [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052620: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052622: cmp EAX, 7 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052625: jz 21 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [805261a,8052627) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 21 + EIP + 2 to 0x8052625...SUCCESS (CFT=0x8052648) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052625->8052648 resolveable_edge: 1, tailcall: 0, target: 8052648 [ParserDetails.C:588] pushing 8052648 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052625->8052627 resolveable_edge: 1, tailcall: 0, target: 8052627 [ParserDetails.C:588] pushing 8052627 onto worklist [Parser.C:1485] recording block [8052648,8052648) [Parser.C] parsing block 8052648 [Parser.C:1274] curAddr 0x8052648: lea EAX, EBX + 980 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805264e: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052650: cmp EAX, 8 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052653: jz 21 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052648,8052655) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 21 + EIP + 2 to 0x8052653...SUCCESS (CFT=0x8052676) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052653->8052676 resolveable_edge: 1, tailcall: 0, target: 8052676 [ParserDetails.C:588] pushing 8052676 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052653->8052655 resolveable_edge: 1, tailcall: 0, target: 8052655 [ParserDetails.C:588] pushing 8052655 onto worklist [Parser.C:1485] recording block [8052676,8052676) [Parser.C] parsing block 8052676 [Parser.C:1274] curAddr 0x8052676: lea EAX, EBX + 984 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805267c: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805267e: cmp EAX, 9 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052681: jz 21 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052676,8052683) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 21 + EIP + 2 to 0x8052681...SUCCESS (CFT=0x80526a4) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052681->80526a4 resolveable_edge: 1, tailcall: 0, target: 80526a4 [ParserDetails.C:588] pushing 80526a4 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052681->8052683 resolveable_edge: 1, tailcall: 0, target: 8052683 [ParserDetails.C:588] pushing 8052683 onto worklist [Parser.C:1485] recording block [80526a4,80526a4) [Parser.C] parsing block 80526a4 [Parser.C:1274] curAddr 0x80526a4: lea EAX, EBX + 988 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80526aa: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80526ac: cmp EAX, a [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80526af: jz 21 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80526a4,80526b1) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 21 + EIP + 2 to 0x80526af...SUCCESS (CFT=0x80526d2) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80526af->80526d2 resolveable_edge: 1, tailcall: 0, target: 80526d2 [ParserDetails.C:588] pushing 80526d2 onto worklist ParserDetails.C[80]: adding conditional not taken edge 80526af->80526b1 resolveable_edge: 1, tailcall: 0, target: 80526b1 [ParserDetails.C:588] pushing 80526b1 onto worklist [Parser.C:1485] recording block [80526d2,80526d2) [Parser.C] parsing block 80526d2 [Parser.C:1274] curAddr 0x80526d2: cmp [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80526d6: jnz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80526d2,80526d8) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 15 + EIP + 2 to 0x80526d6...SUCCESS (CFT=0x80526ed) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80526d6->80526ed resolveable_edge: 1, tailcall: 0, target: 80526ed [ParserDetails.C:588] pushing 80526ed onto worklist ParserDetails.C[80]: adding conditional not taken edge 80526d6->80526d8 resolveable_edge: 1, tailcall: 0, target: 80526d8 [ParserDetails.C:588] pushing 80526d8 onto worklist [Parser.C:1485] recording block [80526ed,80526ed) [Parser.C] parsing block 80526ed [Parser.C:1274] curAddr 0x80526ed: lea EAX, EBX + ffffba1c [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80526f3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80526f6: call 12c2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 12c2 + EIP + 5 to 0x80526f6...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80526ed,80526fb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80526f6->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80526f6->80526fb resolveable_edge: 1, tailcall: 0, target: 80526fb [ParserDetails.C:588] pushing 80526fb onto worklist [Parser.C] binding call 80526f6->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80526fb,80526fb) [Parser.C] parsing block 80526fb [Parser.C:1274] curAddr 0x80526fb: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052700: add ESP, 44 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052703: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052704: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052705: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [80526fb,8052706) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052705 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052705...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [80524ea,80524ea) [Parser.C] parsing block 80524ea [Parser.C:1274] curAddr 0x80524ea: mov EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80524ed: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80524f1: lea EAX, EBX + ffffb7a4 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80524f7: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80524fa: call 14be + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 14be + EIP + 5 to 0x80524fa...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80524ea,80524ff) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80524fa->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80524fa->80524ff resolveable_edge: 1, tailcall: 0, target: 80524ff [ParserDetails.C:588] pushing 80524ff onto worklist [Parser.C] binding call 80524fa->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80524ff,80524ff) [Parser.C] parsing block 80524ff [Parser.C:1274] curAddr 0x80524ff: mov [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C] straight-line parse into block at 8052506 [Parser.C:1485] recording block [80524ff,8052506) [Parser.C] block 8052506 exists [Parser.C:1485] recording block [8052513,8052513) [Parser.C] parsing block 8052513 [Parser.C:1274] curAddr 0x8052513: lea EAX, EBX + 964 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052519: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805251b: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805251f: lea EAX, EBX + ffffb7dc [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052525: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052528: call 1490 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1490 + EIP + 5 to 0x8052528...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052513,805252d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052528->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052528->805252d resolveable_edge: 1, tailcall: 0, target: 805252d [ParserDetails.C:588] pushing 805252d onto worklist [Parser.C] binding call 8052528->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [805252d,805252d) [Parser.C] parsing block 805252d [Parser.C:1274] curAddr 0x805252d: mov [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C] straight-line parse into block at 8052534 [Parser.C:1485] recording block [805252d,8052534) [Parser.C] block 8052534 exists [Parser.C:1485] recording block [8052541,8052541) [Parser.C] parsing block 8052541 [Parser.C:1274] curAddr 0x8052541: lea EAX, EBX + 968 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052547: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052549: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805254d: lea EAX, EBX + ffffb810 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052553: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052556: call 1462 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1462 + EIP + 5 to 0x8052556...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052541,805255b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052556->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052556->805255b resolveable_edge: 1, tailcall: 0, target: 805255b [ParserDetails.C:588] pushing 805255b onto worklist [Parser.C] binding call 8052556->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [805255b,805255b) [Parser.C] parsing block 805255b [Parser.C:1274] curAddr 0x805255b: mov [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C] straight-line parse into block at 8052562 [Parser.C:1485] recording block [805255b,8052562) [Parser.C] block 8052562 exists [Parser.C:1485] recording block [805256f,805256f) [Parser.C] parsing block 805256f [Parser.C:1274] curAddr 0x805256f: lea EAX, EBX + 96c [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052575: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052577: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805257b: lea EAX, EBX + ffffb844 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052581: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052584: call 1434 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1434 + EIP + 5 to 0x8052584...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805256f,8052589) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052584->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052584->8052589 resolveable_edge: 1, tailcall: 0, target: 8052589 [ParserDetails.C:588] pushing 8052589 onto worklist [Parser.C] binding call 8052584->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052589,8052589) [Parser.C] parsing block 8052589 [Parser.C:1274] curAddr 0x8052589: mov [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C] straight-line parse into block at 8052590 [Parser.C:1485] recording block [8052589,8052590) [Parser.C] block 8052590 exists [Parser.C:1485] recording block [805259d,805259d) [Parser.C] parsing block 805259d [Parser.C:1274] curAddr 0x805259d: lea EAX, EBX + 970 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525a3: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525a5: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525a9: lea EAX, EBX + ffffb878 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525af: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525b2: call 1406 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1406 + EIP + 5 to 0x80525b2...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [805259d,80525b7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80525b2->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80525b2->80525b7 resolveable_edge: 1, tailcall: 0, target: 80525b7 [ParserDetails.C:588] pushing 80525b7 onto worklist [Parser.C] binding call 80525b2->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80525b7,80525b7) [Parser.C] parsing block 80525b7 [Parser.C:1274] curAddr 0x80525b7: mov [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C] straight-line parse into block at 80525be [Parser.C:1485] recording block [80525b7,80525be) [Parser.C] block 80525be exists [Parser.C:1485] recording block [80525cb,80525cb) [Parser.C] parsing block 80525cb [Parser.C:1274] curAddr 0x80525cb: lea EAX, EBX + 974 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525d1: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525d3: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525d7: lea EAX, EBX + ffffb8ac [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525dd: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525e0: call 13d8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 13d8 + EIP + 5 to 0x80525e0...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80525cb,80525e5) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80525e0->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80525e0->80525e5 resolveable_edge: 1, tailcall: 0, target: 80525e5 [ParserDetails.C:588] pushing 80525e5 onto worklist [Parser.C] binding call 80525e0->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80525e5,80525e5) [Parser.C] parsing block 80525e5 [Parser.C:1274] curAddr 0x80525e5: mov [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C] straight-line parse into block at 80525ec [Parser.C:1485] recording block [80525e5,80525ec) [Parser.C] block 80525ec exists [Parser.C:1485] recording block [80525f9,80525f9) [Parser.C] parsing block 80525f9 [Parser.C:1274] curAddr 0x80525f9: lea EAX, EBX + 978 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80525ff: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052601: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052605: lea EAX, EBX + ffffb8e0 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805260b: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805260e: call 13aa + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 13aa + EIP + 5 to 0x805260e...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80525f9,8052613) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805260e->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805260e->8052613 resolveable_edge: 1, tailcall: 0, target: 8052613 [ParserDetails.C:588] pushing 8052613 onto worklist [Parser.C] binding call 805260e->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052613,8052613) [Parser.C] parsing block 8052613 [Parser.C:1274] curAddr 0x8052613: mov [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C] straight-line parse into block at 805261a [Parser.C:1485] recording block [8052613,805261a) [Parser.C] block 805261a exists [Parser.C:1485] recording block [8052627,8052627) [Parser.C] parsing block 8052627 [Parser.C:1274] curAddr 0x8052627: lea EAX, EBX + 97c [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805262d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805262f: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052633: lea EAX, EBX + ffffb914 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052639: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805263c: call 137c + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 137c + EIP + 5 to 0x805263c...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052627,8052641) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805263c->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805263c->8052641 resolveable_edge: 1, tailcall: 0, target: 8052641 [ParserDetails.C:588] pushing 8052641 onto worklist [Parser.C] binding call 805263c->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052641,8052641) [Parser.C] parsing block 8052641 [Parser.C:1274] curAddr 0x8052641: mov [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C] straight-line parse into block at 8052648 [Parser.C:1485] recording block [8052641,8052648) [Parser.C] block 8052648 exists [Parser.C:1485] recording block [8052655,8052655) [Parser.C] parsing block 8052655 [Parser.C:1274] curAddr 0x8052655: lea EAX, EBX + 980 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805265b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805265d: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052661: lea EAX, EBX + ffffb948 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052667: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805266a: call 134e + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 134e + EIP + 5 to 0x805266a...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052655,805266f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805266a->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 805266a->805266f resolveable_edge: 1, tailcall: 0, target: 805266f [ParserDetails.C:588] pushing 805266f onto worklist [Parser.C] binding call 805266a->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [805266f,805266f) [Parser.C] parsing block 805266f [Parser.C:1274] curAddr 0x805266f: mov [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C] straight-line parse into block at 8052676 [Parser.C:1485] recording block [805266f,8052676) [Parser.C] block 8052676 exists [Parser.C:1485] recording block [8052683,8052683) [Parser.C] parsing block 8052683 [Parser.C:1274] curAddr 0x8052683: lea EAX, EBX + 984 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052689: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805268b: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x805268f: lea EAX, EBX + ffffb97c [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052695: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x8052698: call 1320 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1320 + EIP + 5 to 0x8052698...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052683,805269d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052698->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052698->805269d resolveable_edge: 1, tailcall: 0, target: 805269d [ParserDetails.C:588] pushing 805269d onto worklist [Parser.C] binding call 8052698->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [805269d,805269d) [Parser.C] parsing block 805269d [Parser.C:1274] curAddr 0x805269d: mov [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C] straight-line parse into block at 80526a4 [Parser.C:1485] recording block [805269d,80526a4) [Parser.C] block 80526a4 exists [Parser.C:1485] recording block [80526b1,80526b1) [Parser.C] parsing block 80526b1 [Parser.C:1274] curAddr 0x80526b1: lea EAX, EBX + 988 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80526b7: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80526b9: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80526bd: lea EAX, EBX + ffffb9b0 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80526c3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80526c6: call 12f2 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 12f2 + EIP + 5 to 0x80526c6...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80526b1,80526cb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80526c6->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80526c6->80526cb resolveable_edge: 1, tailcall: 0, target: 80526cb [ParserDetails.C:588] pushing 80526cb onto worklist [Parser.C] binding call 80526c6->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80526cb,80526cb) [Parser.C] parsing block 80526cb [Parser.C:1274] curAddr 0x80526cb: mov [EBP + fffffffffffffff4], 1 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C] straight-line parse into block at 80526d2 [Parser.C:1485] recording block [80526cb,80526d2) [Parser.C] block 80526d2 exists [Parser.C:1485] recording block [80526d8,80526d8) [Parser.C] parsing block 80526d8 [Parser.C:1274] curAddr 0x80526d8: lea EAX, EBX + ffffb9e8 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80526de: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80526e1: call 12d7 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call 12d7 + EIP + 5 to 0x80526e1...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80526d8,80526e6) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80526e1->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80526e1->80526e6 resolveable_edge: 1, tailcall: 0, target: 80526e6 [ParserDetails.C:588] pushing 80526e6 onto worklist [Parser.C] binding call 80526e1->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80526e6,80526e6) [Parser.C] parsing block 80526e6 [Parser.C:1274] curAddr 0x80526e6: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called [Parser.C:1274] curAddr 0x80526eb: jmp 13 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_36_func1 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 13 + EIP + 2 to 0x80526eb...SUCCESS (CFT=0x8052700) [Parser.C:1485] recording block [80526e6,80526ed) Getting edges Checking for Tail Call jump to 0x8052700 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 80526eb->8052700 resolveable_edge: 1, tailcall: 0, target: 8052700 [ParserDetails.C:588] pushing 8052700 onto worklist [Parser.C] address 8052700 splits [80526fb,8052706) (0x1df2820) [Parser.C:1485] recording block [8052700,8052706) [Parser.C] skipping locally parsed target at 8052700 [Parser.C] frame 8052474 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_36_func1 return status 3, no waiters [Parser.C] ==== resuming parse of frame 8052706 ==== Checking non-returning for test1_36_func1 Checking non-returning for test1_36_func1 [Parser.C:1485] recording block [805271d,805271d) [Parser.C] parsing block 805271d [Parser.C:1274] curAddr 0x805271d: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called [Parser.C:1274] curAddr 0x805271f: jnz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [805271d,8052721) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 15 + EIP + 2 to 0x805271f...SUCCESS (CFT=0x8052736) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805271f->8052736 resolveable_edge: 1, tailcall: 0, target: 8052736 [ParserDetails.C:588] pushing 8052736 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805271f->8052721 resolveable_edge: 1, tailcall: 0, target: 8052721 [ParserDetails.C:588] pushing 8052721 onto worklist [Parser.C:1485] recording block [8052736,8052736) [Parser.C] parsing block 8052736 [Parser.C:1274] curAddr 0x8052736: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called [Parser.C:1274] curAddr 0x805273b: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called [Parser.C:1274] curAddr 0x805273e: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called [Parser.C:1274] curAddr 0x805273f: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052740: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052736,8052741) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052740 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052740...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8052721,8052721) [Parser.C] parsing block 8052721 [Parser.C:1274] curAddr 0x8052721: mov EAX, [EBX + 704] [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052727: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called [Parser.C:1274] curAddr 0x805272a: call 1c76 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1c76 + EIP + 5 to 0x805272a...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8052721,805272f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805272a->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805272a->805272f resolveable_edge: 1, tailcall: 0, target: 805272f [ParserDetails.C:588] pushing 805272f onto worklist [Parser.C] binding call 805272a->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [805272f,805272f) [Parser.C] parsing block 805272f [Parser.C:1274] curAddr 0x805272f: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052734: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_36_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x8052734...SUCCESS (CFT=0x805273b) [Parser.C:1485] recording block [805272f,8052736) Getting edges Checking for Tail Call jump to 0x805273b is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8052734->805273b resolveable_edge: 1, tailcall: 0, target: 805273b [ParserDetails.C:588] pushing 805273b onto worklist [Parser.C] address 805273b splits [8052736,8052741) (0x1df44d0) [Parser.C:1485] recording block [805273b,8052741) [Parser.C] skipping locally parsed target at 805273b [Parser.C] frame 8052706 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_36_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8053a29) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053a29) function at 8053a29 already parsed, status 3 [Parser.C:224] entered parse_at(804f237) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f237) [Parser.C:1485] recording block [804f237,804f237) [Parser.C] ==== starting to parse frame 804f237 ==== [Parser.C] parsing block 804f237 [Parser.C:1274] curAddr 0x804f237: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_10_call1 hasCFT called [Parser.C:1274] curAddr 0x804f238: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_10_call1 hasCFT called [Parser.C:1274] curAddr 0x804f23a: call ffffe946 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_10_call1 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffe946 + EIP + 5 to 0x804f23a...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x804f23f: add ECX, cdc1 [Parser.C:1280] leaf 1 funcname test1_10_call1 hasCFT called [Parser.C:1274] curAddr 0x804f245: mov EAX, [ECX + 820] [Parser.C:1280] leaf 1 funcname test1_10_call1 hasCFT called [Parser.C:1274] curAddr 0x804f24b: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_10_call1 hasCFT called [Parser.C:1274] curAddr 0x804f24d: jnz 14 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_10_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f237,804f24f) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 14 + EIP + 2 to 0x804f24d...SUCCESS (CFT=0x804f263) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f24d->804f263 resolveable_edge: 1, tailcall: 0, target: 804f263 [ParserDetails.C:588] pushing 804f263 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f24d->804f24f resolveable_edge: 1, tailcall: 0, target: 804f24f [ParserDetails.C:588] pushing 804f24f onto worklist [Parser.C:1485] recording block [804f263,804f263) [Parser.C] parsing block 804f263 [Parser.C:1274] curAddr 0x804f263: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_10_call1 hasCFT called [Parser.C:1274] curAddr 0x804f264: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_10_call1 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f263,804f265) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f264 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f264...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804f24f,804f24f) [Parser.C] parsing block 804f24f [Parser.C:1274] curAddr 0x804f24f: mov [ECX + 820], 1 [Parser.C:1280] leaf 1 funcname test1_10_call1 hasCFT called [Parser.C:1274] curAddr 0x804f259: mov [ECX + 814], 1 [Parser.C:1280] leaf 1 funcname test1_10_call1 hasCFT called [Parser.C] straight-line parse into block at 804f263 [Parser.C:1485] recording block [804f24f,804f263) [Parser.C] block 804f263 exists [Parser.C] frame 804f237 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_10_call1 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052fb4) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052fb4) function at 8052fb4 already parsed, status 3 [Parser.C:224] entered parse_at(80530c6) [Parser.C:180] entered parse_at([804ccd0,80549c4),80530c6) function at 80530c6 already parsed, status 3 [Parser.C:224] entered parse_at(8052474) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052474) function at 8052474 already parsed, status 3 [Parser.C:224] entered parse_at(804fe21) [Parser.C:180] entered parse_at([804ccd0,80549c4),804fe21) [Parser.C:1485] recording block [804fe21,804fe21) [Parser.C] ==== starting to parse frame 804fe21 ==== [Parser.C] parsing block 804fe21 [Parser.C:1274] curAddr 0x804fe21: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fe22: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fe24: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fe25: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fe28: call ffffced3 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffced3 + EIP + 5 to 0x804fe28...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804fe2d: add EBX, c1d3 [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fe33: call fffffcb8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffcb8 + EIP + 5 to 0x804fe33...SUCCESS (CFT=0x804faf0) [Parser.C:1485] recording block [804fe21,804fe38) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fe33->804faf0 resolveable_edge: 1, tailcall: 0, target: 804faf0 [ParserDetails.C:588] pushing 804faf0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fe33->804fe38 resolveable_edge: 1, tailcall: 0, target: 804fe38 [ParserDetails.C:588] pushing 804fe38 onto worklist [Parser.C] binding call 804fe33->804faf0 [Parser.C] block 804faf0 exists Checking non-returning for test1_17_func1 Checking non-returning for test1_17_func1 [Parser.C:1485] recording block [804fe38,804fe38) [Parser.C] parsing block 804fe38 [Parser.C:1274] curAddr 0x804fe38: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fe3a: jnz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fe38,804fe3c) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 15 + EIP + 2 to 0x804fe3a...SUCCESS (CFT=0x804fe51) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804fe3a->804fe51 resolveable_edge: 1, tailcall: 0, target: 804fe51 [ParserDetails.C:588] pushing 804fe51 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804fe3a->804fe3c resolveable_edge: 1, tailcall: 0, target: 804fe3c [ParserDetails.C:588] pushing 804fe3c onto worklist [Parser.C:1485] recording block [804fe51,804fe51) [Parser.C] parsing block 804fe51 [Parser.C:1274] curAddr 0x804fe51: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fe56: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fe59: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fe5a: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fe5b: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fe51,804fe5c) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804fe5b Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804fe5b...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804fe3c,804fe3c) [Parser.C] parsing block 804fe3c [Parser.C:1274] curAddr 0x804fe3c: mov EAX, [EBX + 4fc] [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fe42: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fe45: call 455b + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 455b + EIP + 5 to 0x804fe45...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [804fe3c,804fe4a) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fe45->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fe45->804fe4a resolveable_edge: 1, tailcall: 0, target: 804fe4a [ParserDetails.C:588] pushing 804fe4a onto worklist [Parser.C] binding call 804fe45->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [804fe4a,804fe4a) [Parser.C] parsing block 804fe4a [Parser.C:1274] curAddr 0x804fe4a: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fe4f: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_17_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x804fe4f...SUCCESS (CFT=0x804fe56) [Parser.C:1485] recording block [804fe4a,804fe51) Getting edges Checking for Tail Call jump to 0x804fe56 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804fe4f->804fe56 resolveable_edge: 1, tailcall: 0, target: 804fe56 [ParserDetails.C:588] pushing 804fe56 onto worklist [Parser.C] address 804fe56 splits [804fe51,804fe5c) (0x1df4550) [Parser.C:1485] recording block [804fe56,804fe5c) [Parser.C] skipping locally parsed target at 804fe56 [Parser.C] frame 804fe21 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_17_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8053b25) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053b25) [Parser.C:1485] recording block [8053b25,8053b25) [Parser.C] ==== starting to parse frame 8053b25 ==== [Parser.C] parsing block 8053b25 [Parser.C:1274] curAddr 0x8053b25: push EBP, ESP [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b26: mov EBP, ESP [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b28: push EBX, ESP [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b29: sub ESP, 4034 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b2f: call ffff91cc + EIP + 5 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff91cc + EIP + 5 to 0x8053b2f...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053b34: add EBX, 84cc [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b3a: cmp [EBP + 8], 0 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b3e: jnz 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053b25,8053b40) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 5 + EIP + 2 to 0x8053b3e...SUCCESS (CFT=0x8053b45) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053b3e->8053b45 resolveable_edge: 1, tailcall: 0, target: 8053b45 [ParserDetails.C:588] pushing 8053b45 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053b3e->8053b40 resolveable_edge: 1, tailcall: 0, target: 8053b40 [ParserDetails.C:588] pushing 8053b40 onto worklist [Parser.C:1485] recording block [8053b45,8053b45) [Parser.C] parsing block 8053b45 [Parser.C:1274] curAddr 0x8053b45: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b48: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b4b: call ffff9020 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9020 + EIP + 5 to 0x8053b4b...SUCCESS (CFT=0x804cb70) [Parser.C:1485] recording block [8053b45,8053b50) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053b4b->804cb70 resolveable_edge: 1, tailcall: 0, target: 804cb70 [ParserDetails.C:588] pushing 804cb70 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053b4b->8053b50 resolveable_edge: 1, tailcall: 0, target: 8053b50 [ParserDetails.C:588] pushing 8053b50 onto worklist [Parser.C] binding call 8053b4b->804cb70 [Parser.C] block 804cb70 exists Checking non-returning for strlen [Parser.C:1485] recording block [8053b50,8053b50) [Parser.C] parsing block 8053b50 [Parser.C:1274] curAddr 0x8053b50: add EAX, 7 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b53: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b56: mov EAX, [EBX + 9fc] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b5c: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b5f: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b63: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b66: call ffff8f95 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8f95 + EIP + 5 to 0x8053b66...SUCCESS (CFT=0x804cb00) [Parser.C:1485] recording block [8053b50,8053b6b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053b66->804cb00 resolveable_edge: 1, tailcall: 0, target: 804cb00 [ParserDetails.C:588] pushing 804cb00 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053b66->8053b6b resolveable_edge: 1, tailcall: 0, target: 8053b6b [ParserDetails.C:588] pushing 8053b6b onto worklist [Parser.C] binding call 8053b66->804cb00 [ParseData.C] new function for target 804cb00 [Parser.C:1485] recording block [804cb00,804cb00) [suspend frame 8053b25] [Parser.C] frame 8053b25 blocked at 8053b66 call target 804cb00 [Parser.C] block 804cb00 exists [Parser.C] ==== starting to parse frame 804cb00 ==== [Parser.C] parsing block 804cb00 [Parser.C:1274] curAddr 0x804cb00: jmp [805c044] [Parser.C:1280] leaf 1 funcname targ804cb00 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c044] to 0x804cb00...FAIL (CFT=0x0), callTarget exp: [805c044] ... indirect jump at 0x804cb00, delay parsing it [Parser.C:1485] recording block [804cb00,804cb06) ... continue parse indirect jump at 804cb00 [Parser.C:1485] recording block [804cb00,804cb06) Getting edges ... indirect jump at 0x804cb00 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c044] at 0x804cb00 Apply indirect control flow analysis at 804cb00 Looking for thunk Looking for thunk in block [804cb00,804cb06).......WARNING: after advance at 0x804cb06, curInsn() NULL Expanding instruction @ 804cb00: jmp [805c044] Original expand: (<134594628:32>,) Adding assignment (@804cb00<[x86::eip]>[_805c044]) in instruction jmp [805c044] at 804cb00, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cb00, insn: jmp [805c044] Old fact for 804cb00: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cb00 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cb00<[x86::eip]>[_805c044]) Instruction: jmp [805c044] AST: (<134594628:64>,) Generate bound fact for Interval 0[134594628,134594628] 0[805c044,805c044], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594628:64>,) Apply relations2 to (<134594628:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594628,134594628] 0[805c044,805c044], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594628:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cb00 The fact from 804cb00 before applying transfer function Do not track predicate Var: , Interval 0[134594628,134594628] 0[805c044,805c044], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594628:64>,) No known value at the top of the stack Fact from 804cb00 after applying transfer function Do not track predicate Var: , Interval 0[134594628,134594628] 0[805c044,805c044], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594628:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594628,134594628] 0[805c044,805c044], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594628:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594628,134594628] 0[805c044,805c044], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c044 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cb00 (804cb00) No targets, exits func Adding block 0x804cb00 as exit 804cb00 extent [804cb00,804cb06) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c044] at 0x804cb00 in function targ804cb00 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cb00->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for realloc [Parser.C] frame 804cb00 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] realloc return status 2, no waiters [Parser.C] ==== resuming parse of frame 8053b25 ==== Checking non-returning for realloc [Parser.C:1485] recording block [8053b6b,8053b6b) [Parser.C] parsing block 8053b6b [Parser.C:1274] curAddr 0x8053b6b: mov [EBX + 9fc], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b71: mov EAX, [EBX + 9fc] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b77: test EAX, EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b79: jnz 31 + EIP + 2 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053b6b,8053b7b) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 31 + EIP + 2 to 0x8053b79...SUCCESS (CFT=0x8053bac) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053b79->8053bac resolveable_edge: 1, tailcall: 0, target: 8053bac [ParserDetails.C:588] pushing 8053bac onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053b79->8053b7b resolveable_edge: 1, tailcall: 0, target: 8053b7b [ParserDetails.C:588] pushing 8053b7b onto worklist [Parser.C:1485] recording block [8053bac,8053bac) [Parser.C] parsing block 8053bac [Parser.C:1274] curAddr 0x8053bac: mov EAX, [EBX + 9fc] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053bb2: mov EDX, [EBP + 8] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053bb5: mov [ESP + c], EDX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053bb9: lea EDX, EBX + ffffc09f [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053bbf: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053bc3: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053bc6: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053bca: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053bcd: call ffff900e + EIP + 5 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff900e + EIP + 5 to 0x8053bcd...SUCCESS (CFT=0x804cbe0) [Parser.C:1485] recording block [8053bac,8053bd2) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053bcd->804cbe0 resolveable_edge: 1, tailcall: 0, target: 804cbe0 [ParserDetails.C:588] pushing 804cbe0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053bcd->8053bd2 resolveable_edge: 1, tailcall: 0, target: 8053bd2 [ParserDetails.C:588] pushing 8053bd2 onto worklist [Parser.C] binding call 8053bcd->804cbe0 [ParseData.C] new function for target 804cbe0 [Parser.C:1485] recording block [804cbe0,804cbe0) [suspend frame 8053b25] [Parser.C] frame 8053b25 blocked at 8053bcd call target 804cbe0 [Parser.C] block 804cbe0 exists [Parser.C] ==== starting to parse frame 804cbe0 ==== [Parser.C] parsing block 804cbe0 [Parser.C:1274] curAddr 0x804cbe0: jmp [805c07c] [Parser.C:1280] leaf 1 funcname targ804cbe0 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c07c] to 0x804cbe0...FAIL (CFT=0x0), callTarget exp: [805c07c] ... indirect jump at 0x804cbe0, delay parsing it [Parser.C:1485] recording block [804cbe0,804cbe6) ... continue parse indirect jump at 804cbe0 [Parser.C:1485] recording block [804cbe0,804cbe6) Getting edges ... indirect jump at 0x804cbe0 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c07c] at 0x804cbe0 Apply indirect control flow analysis at 804cbe0 Looking for thunk Looking for thunk in block [804cbe0,804cbe6).......WARNING: after advance at 0x804cbe6, curInsn() NULL Expanding instruction @ 804cbe0: jmp [805c07c] Original expand: (<134594684:32>,) Adding assignment (@804cbe0<[x86::eip]>[_805c07c]) in instruction jmp [805c07c] at 804cbe0, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cbe0, insn: jmp [805c07c] Old fact for 804cbe0: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cbe0 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cbe0<[x86::eip]>[_805c07c]) Instruction: jmp [805c07c] AST: (<134594684:64>,) Generate bound fact for Interval 0[134594684,134594684] 0[805c07c,805c07c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594684:64>,) Apply relations2 to (<134594684:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594684,134594684] 0[805c07c,805c07c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594684:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cbe0 The fact from 804cbe0 before applying transfer function Do not track predicate Var: , Interval 0[134594684,134594684] 0[805c07c,805c07c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594684:64>,) No known value at the top of the stack Fact from 804cbe0 after applying transfer function Do not track predicate Var: , Interval 0[134594684,134594684] 0[805c07c,805c07c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594684:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594684,134594684] 0[805c07c,805c07c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594684:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594684,134594684] 0[805c07c,805c07c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c07c not read only, returning false Not jump table format! [Parser.C] finalizing targ804cbe0 (804cbe0) No targets, exits func Adding block 0x804cbe0 as exit 804cbe0 extent [804cbe0,804cbe6) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c07c] at 0x804cbe0 in function targ804cbe0 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cbe0->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for snprintf [Parser.C] frame 804cbe0 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] snprintf return status 2, no waiters [Parser.C] ==== resuming parse of frame 8053b25 ==== Checking non-returning for snprintf [Parser.C:1485] recording block [8053bd2,8053bd2) [Parser.C] parsing block 8053bd2 [Parser.C:1274] curAddr 0x8053bd2: mov EAX, [EBX + 788] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053bd8: lea EDX, EBX + ffffc0a8 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053bde: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053be2: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053be5: call ffff8fd6 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8fd6 + EIP + 5 to 0x8053be5...SUCCESS (CFT=0x804cbc0) [Parser.C:1485] recording block [8053bd2,8053bea) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053be5->804cbc0 resolveable_edge: 1, tailcall: 0, target: 804cbc0 [ParserDetails.C:588] pushing 804cbc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053be5->8053bea resolveable_edge: 1, tailcall: 0, target: 8053bea [ParserDetails.C:588] pushing 8053bea onto worklist [Parser.C] binding call 8053be5->804cbc0 [Parser.C] block 804cbc0 exists Checking non-returning for fopen [Parser.C:1485] recording block [8053bea,8053bea) [Parser.C] parsing block 8053bea [Parser.C:1274] curAddr 0x8053bea: mov [EBP + fffffffffffffff0], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053bed: cmp [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053bf1: jz 78 + EIP + 2 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053bea,8053bf3) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 78 + EIP + 2 to 0x8053bf1...SUCCESS (CFT=0x8053c6b) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053bf1->8053c6b resolveable_edge: 1, tailcall: 0, target: 8053c6b [ParserDetails.C:588] pushing 8053c6b onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053bf1->8053bf3 resolveable_edge: 1, tailcall: 0, target: 8053bf3 [ParserDetails.C:588] pushing 8053bf3 onto worklist [Parser.C:1485] recording block [8053c6b,8053c6b) [Parser.C] parsing block 8053c6b [Parser.C:1274] curAddr 0x8053c6b: call ffff8f80 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8f80 + EIP + 5 to 0x8053c6b...SUCCESS (CFT=0x804cbf0) [Parser.C:1485] recording block [8053c6b,8053c70) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053c6b->804cbf0 resolveable_edge: 1, tailcall: 0, target: 804cbf0 [ParserDetails.C:588] pushing 804cbf0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053c6b->8053c70 resolveable_edge: 1, tailcall: 0, target: 8053c70 [ParserDetails.C:588] pushing 8053c70 onto worklist [Parser.C] binding call 8053c6b->804cbf0 [Parser.C] block 804cbf0 exists Checking non-returning for __errno_location [Parser.C:1485] recording block [8053c70,8053c70) [Parser.C] parsing block 8053c70 [Parser.C:1274] curAddr 0x8053c70: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c72: cmp EAX, 2 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c75: jz 3f + EIP + 2 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053c70,8053c77) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 3f + EIP + 2 to 0x8053c75...SUCCESS (CFT=0x8053cb6) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053c75->8053cb6 resolveable_edge: 1, tailcall: 0, target: 8053cb6 [ParserDetails.C:588] pushing 8053cb6 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053c75->8053c77 resolveable_edge: 1, tailcall: 0, target: 8053c77 [ParserDetails.C:588] pushing 8053c77 onto worklist [Parser.C:1485] recording block [8053cb6,8053cb6) [Parser.C] parsing block 8053cb6 [Parser.C:1274] curAddr 0x8053cb6: add ESP, 4034 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053cbc: pop EBX, ESP [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053cbd: pop EBP, ESP [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053cbe: ret near [ESP] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053cb6,8053cbf) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053cbe Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053cbe...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8053b40,8053b40) [Parser.C] parsing block 8053b40 [Parser.C:1274] curAddr 0x8053b40: jmp 171 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 171 + EIP + 5 to 0x8053b40...SUCCESS (CFT=0x8053cb6) [Parser.C:1485] recording block [8053b40,8053b45) Getting edges Checking for Tail Call jump to 0x8053cb6 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8053b40->8053cb6 resolveable_edge: 1, tailcall: 0, target: 8053cb6 [ParserDetails.C:588] pushing 8053cb6 onto worklist [Parser.C:1485] recording block [8053b7b,8053b7b) [Parser.C] parsing block 8053b7b [Parser.C:1274] curAddr 0x8053b7b: mov EAX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b81: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b83: mov [ESP + c], 15a [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b8b: lea EDX, EBX + ffffbedc [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b91: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b95: lea EDX, EBX + ffffc05c [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b9b: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053b9f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053ba2: call ffff8fe9 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8fe9 + EIP + 5 to 0x8053ba2...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [8053b7b,8053ba7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053ba2->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053ba2->8053ba7 resolveable_edge: 1, tailcall: 0, target: 8053ba7 [ParserDetails.C:588] pushing 8053ba7 onto worklist [Parser.C] binding call 8053ba2->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C:1485] recording block [8053ba7,8053ba7) [Parser.C] parsing block 8053ba7 [Parser.C:1274] curAddr 0x8053ba7: jmp 10a + EIP + 5 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 10a + EIP + 5 to 0x8053ba7...SUCCESS (CFT=0x8053cb6) [Parser.C:1485] recording block [8053ba7,8053bac) Getting edges Checking for Tail Call jump to 0x8053cb6 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8053ba7->8053cb6 resolveable_edge: 1, tailcall: 0, target: 8053cb6 [ParserDetails.C:588] pushing 8053cb6 onto worklist [Parser.C:1485] recording block [8053bf3,8053bf3) [Parser.C] parsing block 8053bf3 [Parser.C:1274] curAddr 0x8053bf3: mov EAX, [EBX + 9fc] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053bf9: lea EDX, EBX + ffffbfbc [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053bff: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c03: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c06: call ffff8fb5 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8fb5 + EIP + 5 to 0x8053c06...SUCCESS (CFT=0x804cbc0) [Parser.C:1485] recording block [8053bf3,8053c0b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053c06->804cbc0 resolveable_edge: 1, tailcall: 0, target: 804cbc0 [ParserDetails.C:588] pushing 804cbc0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053c06->8053c0b resolveable_edge: 1, tailcall: 0, target: 8053c0b [ParserDetails.C:588] pushing 8053c0b onto worklist [Parser.C] binding call 8053c06->804cbc0 [Parser.C] block 804cbc0 exists Checking non-returning for fopen [Parser.C:1485] recording block [8053c0b,8053c0b) [Parser.C] parsing block 8053c0b [Parser.C:1274] curAddr 0x8053c0b: mov [EBP + ffffffffffffffec], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c0e: cmp [EBP + ffffffffffffffec], 0 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c12: jz 55 + EIP + 2 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053c0b,8053c14) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 55 + EIP + 2 to 0x8053c12...SUCCESS (CFT=0x8053c69) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053c12->8053c69 resolveable_edge: 1, tailcall: 0, target: 8053c69 [ParserDetails.C:588] pushing 8053c69 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053c12->8053c14 resolveable_edge: 1, tailcall: 0, target: 8053c14 [ParserDetails.C:588] pushing 8053c14 onto worklist [Parser.C:1485] recording block [8053c69,8053c69) [Parser.C] parsing block 8053c69 [Parser.C:1274] curAddr 0x8053c69: jmp 4b + EIP + 2 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 4b + EIP + 2 to 0x8053c69...SUCCESS (CFT=0x8053cb6) [Parser.C:1485] recording block [8053c69,8053c6b) Getting edges Checking for Tail Call jump to 0x8053cb6 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8053c69->8053cb6 resolveable_edge: 1, tailcall: 0, target: 8053cb6 [ParserDetails.C:588] pushing 8053cb6 onto worklist [Parser.C:1485] recording block [8053c14,8053c14) [Parser.C] parsing block 8053c14 [Parser.C:1274] curAddr 0x8053c14: mov EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c17: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c1b: mov [ESP + 8], 1000 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c23: mov [ESP + 4], 1 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c2b: lea EAX, EBP + ffffbfe8 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c31: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c34: call ffff8ea7 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8ea7 + EIP + 5 to 0x8053c34...SUCCESS (CFT=0x804cae0) [Parser.C:1485] recording block [8053c14,8053c39) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053c34->804cae0 resolveable_edge: 1, tailcall: 0, target: 804cae0 [ParserDetails.C:588] pushing 804cae0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053c34->8053c39 resolveable_edge: 1, tailcall: 0, target: 8053c39 [ParserDetails.C:588] pushing 8053c39 onto worklist [Parser.C] binding call 8053c34->804cae0 [ParseData.C] new function for target 804cae0 [Parser.C:1485] recording block [804cae0,804cae0) [suspend frame 8053b25] [Parser.C] frame 8053b25 blocked at 8053c34 call target 804cae0 [Parser.C] block 804cae0 exists [Parser.C] ==== starting to parse frame 804cae0 ==== [Parser.C] parsing block 804cae0 [Parser.C:1274] curAddr 0x804cae0: jmp [805c03c] [Parser.C:1280] leaf 1 funcname targ804cae0 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c03c] to 0x804cae0...FAIL (CFT=0x0), callTarget exp: [805c03c] ... indirect jump at 0x804cae0, delay parsing it [Parser.C:1485] recording block [804cae0,804cae6) ... continue parse indirect jump at 804cae0 [Parser.C:1485] recording block [804cae0,804cae6) Getting edges ... indirect jump at 0x804cae0 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c03c] at 0x804cae0 Apply indirect control flow analysis at 804cae0 Looking for thunk Looking for thunk in block [804cae0,804cae6).......WARNING: after advance at 0x804cae6, curInsn() NULL Expanding instruction @ 804cae0: jmp [805c03c] Original expand: (<134594620:32>,) Adding assignment (@804cae0<[x86::eip]>[_805c03c]) in instruction jmp [805c03c] at 804cae0, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cae0, insn: jmp [805c03c] Old fact for 804cae0: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cae0 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cae0<[x86::eip]>[_805c03c]) Instruction: jmp [805c03c] AST: (<134594620:64>,) Generate bound fact for Interval 0[134594620,134594620] 0[805c03c,805c03c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594620:64>,) Apply relations2 to (<134594620:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594620,134594620] 0[805c03c,805c03c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594620:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cae0 The fact from 804cae0 before applying transfer function Do not track predicate Var: , Interval 0[134594620,134594620] 0[805c03c,805c03c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594620:64>,) No known value at the top of the stack Fact from 804cae0 after applying transfer function Do not track predicate Var: , Interval 0[134594620,134594620] 0[805c03c,805c03c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594620:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594620,134594620] 0[805c03c,805c03c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594620:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594620,134594620] 0[805c03c,805c03c], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c03c not read only, returning false Not jump table format! [Parser.C] finalizing targ804cae0 (804cae0) No targets, exits func Adding block 0x804cae0 as exit 804cae0 extent [804cae0,804cae6) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c03c] at 0x804cae0 in function targ804cae0 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cae0->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for fread [Parser.C] frame 804cae0 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] fread return status 2, no waiters [Parser.C] ==== resuming parse of frame 8053b25 ==== Checking non-returning for fread [Parser.C:1485] recording block [8053c39,8053c39) [Parser.C] parsing block 8053c39 [Parser.C:1274] curAddr 0x8053c39: mov [EBP + ffffffffffffffe8], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c3c: mov EAX, [EBP + ffffffffffffffec] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c3f: mov [ESP + c], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c43: mov EAX, [EBP + ffffffffffffffe8] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c46: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c4a: mov [ESP + 4], 1 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c52: lea EAX, EBP + ffffbfe8 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c58: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c5b: call ffff8e70 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8e70 + EIP + 5 to 0x8053c5b...SUCCESS (CFT=0x804cad0) [Parser.C:1485] recording block [8053c39,8053c60) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053c5b->804cad0 resolveable_edge: 1, tailcall: 0, target: 804cad0 [ParserDetails.C:588] pushing 804cad0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053c5b->8053c60 resolveable_edge: 1, tailcall: 0, target: 8053c60 [ParserDetails.C:588] pushing 8053c60 onto worklist [Parser.C] binding call 8053c5b->804cad0 [Parser.C] block 804cad0 exists Checking non-returning for fwrite [Parser.C:1485] recording block [8053c60,8053c60) [Parser.C] parsing block 8053c60 [Parser.C:1274] curAddr 0x8053c60: cmp [EBP + ffffffffffffffe8], 1000 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c67: jz ffffffffffffffab + EIP + 2 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053c60,8053c69) Getting edges IA_IAPI.C[847]: binding PC EIP in jz ffffffffffffffab + EIP + 2 to 0x8053c67...SUCCESS (CFT=0x8053c14) Returned 2 edges 2 edges: Checking for Tail Call jump to 0x8053c14 is known block, but not func entry, NOT TAIL CALL ParserDetails.C[76]: adding conditional taken edge 8053c67->8053c14 resolveable_edge: 1, tailcall: 0, target: 8053c14 [ParserDetails.C:588] pushing 8053c14 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053c67->8053c69 resolveable_edge: 1, tailcall: 0, target: 8053c69 [ParserDetails.C:588] pushing 8053c69 onto worklist [Parser.C] block 8053c14 exists [Parser.C] skipping locally parsed target at 8053c14 [Parser.C] block 8053c69 exists [Parser.C] skipping locally parsed target at 8053c69 [Parser.C:1485] recording block [8053c77,8053c77) [Parser.C] parsing block 8053c77 [Parser.C:1274] curAddr 0x8053c77: call ffff8f74 + EIP + 5 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8f74 + EIP + 5 to 0x8053c77...SUCCESS (CFT=0x804cbf0) [Parser.C:1485] recording block [8053c77,8053c7c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053c77->804cbf0 resolveable_edge: 1, tailcall: 0, target: 804cbf0 [ParserDetails.C:588] pushing 804cbf0 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053c77->8053c7c resolveable_edge: 1, tailcall: 0, target: 8053c7c [ParserDetails.C:588] pushing 8053c7c onto worklist [Parser.C] binding call 8053c77->804cbf0 [Parser.C] block 804cbf0 exists Checking non-returning for __errno_location [Parser.C:1485] recording block [8053c7c,8053c7c) [Parser.C] parsing block 8053c7c [Parser.C:1274] curAddr 0x8053c7c: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c7e: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c81: call ffff8eaa + EIP + 5 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8eaa + EIP + 5 to 0x8053c81...SUCCESS (CFT=0x804cb30) [Parser.C:1485] recording block [8053c7c,8053c86) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053c81->804cb30 resolveable_edge: 1, tailcall: 0, target: 804cb30 [ParserDetails.C:588] pushing 804cb30 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053c81->8053c86 resolveable_edge: 1, tailcall: 0, target: 8053c86 [ParserDetails.C:588] pushing 8053c86 onto worklist [Parser.C] binding call 8053c81->804cb30 [Parser.C] block 804cb30 exists Checking non-returning for strerror [Parser.C:1485] recording block [8053c86,8053c86) [Parser.C] parsing block 8053c86 [Parser.C:1274] curAddr 0x8053c86: mov EDX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c8c: mov EDX, [EDX] [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c8e: mov [ESP + 10], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c92: mov [ESP + c], 171 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053c9a: lea EAX, EBX + ffffbedc [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053ca0: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053ca4: lea EAX, EBX + ffffc0ac [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053caa: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053cae: mov [ESP], EDX [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053cb1: call ffff8eda + EIP + 5 [Parser.C:1280] leaf 1 funcname dbSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8eda + EIP + 5 to 0x8053cb1...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [8053c86,8053cb6) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053cb1->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053cb1->8053cb6 resolveable_edge: 1, tailcall: 0, target: 8053cb6 [ParserDetails.C:588] pushing 8053cb6 onto worklist [Parser.C] binding call 8053cb1->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C] block 8053cb6 exists [Parser.C] skipping locally parsed target at 8053cb6 [Parser.C] block 8053cb6 exists [Parser.C] skipping locally parsed target at 8053cb6 [Parser.C] block 8053cb6 exists [Parser.C] skipping locally parsed target at 8053cb6 [Parser.C] block 8053cb6 exists [Parser.C] skipping locally parsed target at 8053cb6 [Parser.C] frame 8053b25 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] dbSetTestName return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8050ab0) [Parser.C:180] entered parse_at([804ccd0,80549c4),8050ab0) function at 8050ab0 already parsed, status 3 [Parser.C:224] entered parse_at(8050111) [Parser.C:180] entered parse_at([804ccd0,80549c4),8050111) function at 8050111 already parsed, status 3 [Parser.C:224] entered parse_at(8053cbf) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053cbf) [Parser.C:1485] recording block [8053cbf,8053cbf) [Parser.C] ==== starting to parse frame 8053cbf ==== [Parser.C] parsing block 8053cbf [Parser.C:1274] curAddr 0x8053cbf: push EBP, ESP [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053cc0: mov EBP, ESP [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053cc2: push EBX, ESP [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053cc3: sub ESP, 14 [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053cc6: call ffff9035 + EIP + 5 [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9035 + EIP + 5 to 0x8053cc6...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053ccb: add EBX, 8335 [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053cd1: mov EAX, [EBX + fffffff4] [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053cd7: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053cd9: mov [ESP + c], 176 [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053ce1: lea EDX, EBX + ffffbedc [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053ce7: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053ceb: lea EDX, EBX + ffffbf38 [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053cf1: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053cf5: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053cf8: call ffff8e93 + EIP + 5 [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff8e93 + EIP + 5 to 0x8053cf8...SUCCESS (CFT=0x804cb90) [Parser.C:1485] recording block [8053cbf,8053cfd) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053cf8->804cb90 resolveable_edge: 1, tailcall: 0, target: 804cb90 [ParserDetails.C:588] pushing 804cb90 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053cf8->8053cfd resolveable_edge: 1, tailcall: 0, target: 8053cfd [ParserDetails.C:588] pushing 8053cfd onto worklist [Parser.C] binding call 8053cf8->804cb90 [Parser.C] block 804cb90 exists Checking non-returning for fprintf [Parser.C:1485] recording block [8053cfd,8053cfd) [Parser.C] parsing block 8053cfd [Parser.C:1274] curAddr 0x8053cfd: add ESP, 14 [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053d00: pop EBX, ESP [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053d01: pop EBP, ESP [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called [Parser.C:1274] curAddr 0x8053d02: ret near [ESP] [Parser.C:1280] leaf 1 funcname warningRedirectStream hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053cfd,8053d03) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053d02 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053d02...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8053cbf complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] warningRedirectStream return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8053905) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053905) [Parser.C:1485] recording block [8053905,8053905) [Parser.C] ==== starting to parse frame 8053905 ==== [Parser.C] parsing block 8053905 [Parser.C:1274] curAddr 0x8053905: push EBP, ESP [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053906: mov EBP, ESP [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053908: push EBX, ESP [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053909: sub ESP, 24 [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x805390c: call ffff93ef + EIP + 5 [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff93ef + EIP + 5 to 0x805390c...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8053911: add EBX, 86ef [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053917: cmp [EBP + 8], 0 [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x805391b: jnz 24 + EIP + 2 [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called branch or return, ret true [Parser.C:1485] recording block [8053905,805391d) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 24 + EIP + 2 to 0x805391b...SUCCESS (CFT=0x8053941) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 805391b->8053941 resolveable_edge: 1, tailcall: 0, target: 8053941 [ParserDetails.C:588] pushing 8053941 onto worklist ParserDetails.C[80]: adding conditional not taken edge 805391b->805391d resolveable_edge: 1, tailcall: 0, target: 805391d [ParserDetails.C:588] pushing 805391d onto worklist [Parser.C:1485] recording block [8053941,8053941) [Parser.C] parsing block 8053941 [Parser.C:1274] curAddr 0x8053941: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053944: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053947: call ffff9224 + EIP + 5 [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9224 + EIP + 5 to 0x8053947...SUCCESS (CFT=0x804cb70) [Parser.C:1485] recording block [8053941,805394c) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053947->804cb70 resolveable_edge: 1, tailcall: 0, target: 804cb70 [ParserDetails.C:588] pushing 804cb70 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053947->805394c resolveable_edge: 1, tailcall: 0, target: 805394c [ParserDetails.C:588] pushing 805394c onto worklist [Parser.C] binding call 8053947->804cb70 [Parser.C] block 804cb70 exists Checking non-returning for strlen [Parser.C:1485] recording block [805394c,805394c) [Parser.C] parsing block 805394c [Parser.C:1274] curAddr 0x805394c: add EAX, 1 [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x805394f: mov [EBP + fffffffffffffff4], EAX [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053952: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053955: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053958: call ffff91b3 + EIP + 5 [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff91b3 + EIP + 5 to 0x8053958...SUCCESS (CFT=0x804cb10) [Parser.C:1485] recording block [805394c,805395d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053958->804cb10 resolveable_edge: 1, tailcall: 0, target: 804cb10 [ParserDetails.C:588] pushing 804cb10 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053958->805395d resolveable_edge: 1, tailcall: 0, target: 805395d [ParserDetails.C:588] pushing 805395d onto worklist [Parser.C] binding call 8053958->804cb10 [Parser.C] block 804cb10 exists Checking non-returning for malloc [Parser.C:1485] recording block [805395d,805395d) [Parser.C] parsing block 805395d [Parser.C:1274] curAddr 0x805395d: mov [EBX + 9f8], EAX [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053963: mov EAX, [EBX + 9f8] [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053969: mov EDX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x805396c: mov [ESP + 8], EDX [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053970: mov EDX, [EBP + 8] [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053973: mov [ESP + 4], EDX [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053977: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x805397a: call ffff9281 + EIP + 5 [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff9281 + EIP + 5 to 0x805397a...SUCCESS (CFT=0x804cc00) [Parser.C:1485] recording block [805395d,805397f) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 805397a->804cc00 resolveable_edge: 1, tailcall: 0, target: 804cc00 [ParserDetails.C:588] pushing 804cc00 onto worklist ParserDetails.C[68]: adding function fallthrough edge 805397a->805397f resolveable_edge: 1, tailcall: 0, target: 805397f [ParserDetails.C:588] pushing 805397f onto worklist [Parser.C] binding call 805397a->804cc00 [ParseData.C] new function for target 804cc00 [Parser.C:1485] recording block [804cc00,804cc00) [suspend frame 8053905] [Parser.C] frame 8053905 blocked at 805397a call target 804cc00 [Parser.C] block 804cc00 exists [Parser.C] ==== starting to parse frame 804cc00 ==== [Parser.C] parsing block 804cc00 [Parser.C:1274] curAddr 0x804cc00: jmp [805c084] [Parser.C:1280] leaf 1 funcname targ804cc00 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp [805c084] to 0x804cc00...FAIL (CFT=0x0), callTarget exp: [805c084] ... indirect jump at 0x804cc00, delay parsing it [Parser.C:1485] recording block [804cc00,804cc06) ... continue parse indirect jump at 804cc00 [Parser.C:1485] recording block [804cc00,804cc06) Getting edges ... indirect jump at 0x804cc00 Checking for Tail Call IA_IAPI.C[679]: jump table candidate jmp [805c084] at 0x804cc00 Apply indirect control flow analysis at 804cc00 Looking for thunk Looking for thunk in block [804cc00,804cc06).......WARNING: after advance at 0x804cc06, curInsn() NULL Expanding instruction @ 804cc00: jmp [805c084] Original expand: (<134594692:32>,) Adding assignment (@804cc00<[x86::eip]>[_805c084]) in instruction jmp [805c084] at 804cc00, total 1 This SCC does not incoming edges from outside Starting analysis inside SCC 0 Calculate Meet for 0, the VirtualEntry node Old fact for 0: Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 0 Not calculated Facts do not change! Starting analysis inside SCC 1 Calculate Meet for 804cc00, insn: jmp [805c084] Old fact for 804cc00: do not exist Meet incoming edge from 0 The fact from 0 before applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack The predecessor node is the virtual entry ndoe Fact from 0 after applying transfer function Do not track predicate Relations: Aliasing: No known value at the top of the stack New fact at 804cc00 Do not track predicate Relations: Aliasing: No known value at the top of the stack Facts change! The predecessor node is normal node entry id 6 Expand assignment : (@804cc00<[x86::eip]>[_805c084]) Instruction: jmp [805c084] AST: (<134594692:64>,) Generate bound fact for Interval 0[134594692,134594692] 0[805c084,805c084], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Apply relations to (<134594692:64>,) Apply relations2 to (<134594692:64>,) Calculating transfer function: Output facts Do not track predicate Var: , Interval 0[134594692,134594692] 0[805c084,805c084], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594692:64>,) No known value at the top of the stack Starting analysis inside SCC 2 Calculate Meet for 0, the VirtualExit node Old fact for 0: do not exist Meet incoming edge from 804cc00 The fact from 804cc00 before applying transfer function Do not track predicate Var: , Interval 0[134594692,134594692] 0[805c084,805c084], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594692:64>,) No known value at the top of the stack Fact from 804cc00 after applying transfer function Do not track predicate Var: , Interval 0[134594692,134594692] 0[805c084,805c084], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594692:64>,) No known value at the top of the stack New fact at 0 Do not track predicate Var: , Interval 0[134594692,134594692] 0[805c084,805c084], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 Relations: Aliasing: = (<134594692:64>,) No known value at the top of the stack Facts change! Checking final bound fact for x86::eip The final target bound fact: Interval 0[134594692,134594692] 0[805c084,805c084], targetBase 0, tableReadSize 4, isInverted 0, isSubReadContent 0, isZeroExtend 0 tableBase 0x805c084 not read only, returning false Not jump table format! [Parser.C] finalizing targ804cc00 (804cc00) No targets, exits func Adding block 0x804cc00 as exit 804cc00 extent [804cc00,804cc06) Jump table parser returned 0, 0 edges Parsed jump table IA_IAPI.C[686]: unparsed jump table jmp [805c084] at 0x804cc00 in function targ804cc00 UNINSTRUMENTABLE Returned 1 edges Checking for Tail Call Checking for Tail Call 1 edges: Checking for Tail Call ParserDetails.C[84]: adding indirect edge 804cc00->ffffffffffffffff resolveable_edge: 0, tailcall: 0, target: ffffffffffffffff Checking non-returning for strncpy [Parser.C] frame 804cc00 complete, return status: 2 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] strncpy return status 2, no waiters [Parser.C] ==== resuming parse of frame 8053905 ==== Checking non-returning for strncpy [Parser.C:1485] recording block [805397f,805397f) [Parser.C] parsing block 805397f [Parser.C:1274] curAddr 0x805397f: add ESP, 24 [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053982: pop EBX, ESP [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053983: pop EBP, ESP [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053984: ret near [ESP] [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called branch or return, ret true [Parser.C:1485] recording block [805397f,8053985) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8053984 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8053984...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [805391d,805391d) [Parser.C] parsing block 805391d [Parser.C:1274] curAddr 0x805391d: mov EAX, [EBX + 9f8] [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053923: test EAX, EAX [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053925: jz e + EIP + 2 [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called branch or return, ret true [Parser.C:1485] recording block [805391d,8053927) Getting edges IA_IAPI.C[847]: binding PC EIP in jz e + EIP + 2 to 0x8053925...SUCCESS (CFT=0x8053935) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8053925->8053935 resolveable_edge: 1, tailcall: 0, target: 8053935 [ParserDetails.C:588] pushing 8053935 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8053925->8053927 resolveable_edge: 1, tailcall: 0, target: 8053927 [ParserDetails.C:588] pushing 8053927 onto worklist [Parser.C:1485] recording block [8053935,8053935) [Parser.C] parsing block 8053935 [Parser.C:1274] curAddr 0x8053935: mov [EBX + 9f8], 0 [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x805393f: jmp 3e + EIP + 2 [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 3e + EIP + 2 to 0x805393f...SUCCESS (CFT=0x805397f) [Parser.C:1485] recording block [8053935,8053941) Getting edges Checking for Tail Call jump to 0x805397f is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 805393f->805397f resolveable_edge: 1, tailcall: 0, target: 805397f [ParserDetails.C:588] pushing 805397f onto worklist [Parser.C:1485] recording block [8053927,8053927) [Parser.C] parsing block 8053927 [Parser.C:1274] curAddr 0x8053927: mov EAX, [EBX + 9f8] [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x805392d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called [Parser.C:1274] curAddr 0x8053930: call ffff914b + EIP + 5 [Parser.C:1280] leaf 1 funcname stdSetTestName hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffff914b + EIP + 5 to 0x8053930...SUCCESS (CFT=0x804ca80) [Parser.C:1485] recording block [8053927,8053935) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8053930->804ca80 resolveable_edge: 1, tailcall: 0, target: 804ca80 [ParserDetails.C:588] pushing 804ca80 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8053930->8053935 resolveable_edge: 1, tailcall: 0, target: 8053935 [ParserDetails.C:588] pushing 8053935 onto worklist [Parser.C] binding call 8053930->804ca80 [Parser.C] block 804ca80 exists Checking non-returning for free [Parser.C] block 8053935 exists [Parser.C] skipping locally parsed target at 8053935 [Parser.C] block 805397f exists [Parser.C] skipping locally parsed target at 805397f [Parser.C] frame 8053905 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] stdSetTestName return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052112) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052112) [Parser.C:1485] recording block [8052112,8052112) [Parser.C] ==== starting to parse frame 8052112 ==== [Parser.C] parsing block 8052112 [Parser.C:1274] curAddr 0x8052112: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_32_func3 hasCFT called [Parser.C:1274] curAddr 0x8052113: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_32_func3 hasCFT called [Parser.C:1274] curAddr 0x8052115: call ffffba6b + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_32_func3 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffba6b + EIP + 5 to 0x8052115...SUCCESS (CFT=0x804db85) [Parser.C:1274] curAddr 0x805211a: add ECX, 9ee6 [Parser.C:1280] leaf 1 funcname test1_32_func3 hasCFT called [Parser.C:1274] curAddr 0x8052120: mov [ECX + 950], 1 [Parser.C:1280] leaf 1 funcname test1_32_func3 hasCFT called [Parser.C:1274] curAddr 0x805212a: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_32_func3 hasCFT called [Parser.C:1274] curAddr 0x805212b: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_32_func3 hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052112,805212c) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x805212b Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x805212b...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C] frame 8052112 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_32_func3 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8053985) [Parser.C:180] entered parse_at([804ccd0,80549c4),8053985) function at 8053985 already parsed, status 3 [Parser.C:224] entered parse_at(804cfd0) [Parser.C:180] entered parse_at([804ccd0,80549c4),804cfd0) function at 804cfd0 already parsed, status 3 [Parser.C:224] entered parse_at(80515b4) [Parser.C:180] entered parse_at([804ccd0,80549c4),80515b4) [Parser.C:1485] recording block [80515b4,80515b4) [Parser.C] ==== starting to parse frame 80515b4 ==== [Parser.C] parsing block 80515b4 [Parser.C:1274] curAddr 0x80515b4: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80515b5: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80515b7: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80515b8: sub ESP, 24 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80515bb: call ffffb740 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffb740 + EIP + 5 to 0x80515bb...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x80515c0: add EBX, aa40 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80515c6: lea EAX, EBX + fe0 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80515cc: mov [EAX], 18cbe69 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80515d2: lea EAX, EBX + fe0 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80515d8: mov [EAX + 4], 18cbe6a [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80515df: mov [EBP + fffffffffffffff0], 0 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80515e6: jmp 1a + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 1a + EIP + 2 to 0x80515e6...SUCCESS (CFT=0x8051602) [Parser.C:1485] recording block [80515b4,80515e8) Getting edges Checking for Tail Call Returned 1 edges 1 edges: Checking for Tail Call ParserDetails.C[88]: adding direct edge 80515e6->8051602 resolveable_edge: 1, tailcall: 0, target: 8051602 [ParserDetails.C:588] pushing 8051602 onto worklist [Parser.C:1485] recording block [8051602,8051602) [Parser.C] parsing block 8051602 [Parser.C:1274] curAddr 0x8051602: cmp [EBP + fffffffffffffff0], 9 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051606: jle ffffffffffffffe0 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8051602,8051608) Getting edges IA_IAPI.C[847]: binding PC EIP in jle ffffffffffffffe0 + EIP + 2 to 0x8051606...SUCCESS (CFT=0x80515e8) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8051606->80515e8 resolveable_edge: 1, tailcall: 0, target: 80515e8 [ParserDetails.C:588] pushing 80515e8 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8051606->8051608 resolveable_edge: 1, tailcall: 0, target: 8051608 [ParserDetails.C:588] pushing 8051608 onto worklist [Parser.C:1485] recording block [80515e8,80515e8) [Parser.C] parsing block 80515e8 [Parser.C:1274] curAddr 0x80515e8: mov EAX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80515eb: lea ECX, EAX + 18cbe6b [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80515f1: lea EAX, EBX + fe0 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80515f7: mov EDX, [EBP + fffffffffffffff0] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80515fa: mov [EAX + EDX * 4 + 8], ECX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80515fe: add [EBP + fffffffffffffff0], 1 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C] straight-line parse into block at 8051602 [Parser.C:1485] recording block [80515e8,8051602) [Parser.C] block 8051602 exists [Parser.C:1485] recording block [8051608,8051608) [Parser.C] parsing block 8051608 [Parser.C:1274] curAddr 0x8051608: lea EAX, EBX + fe0 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805160e: mov [EAX + 30], 18cba8d [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051615: lea EAX, EBX + fe0 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805161b: mov [EAX + 34], 18cba8e [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051622: call 22f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 22f + EIP + 5 to 0x8051622...SUCCESS (CFT=0x8051856) [Parser.C:1485] recording block [8051608,8051627) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051622->8051856 resolveable_edge: 1, tailcall: 0, target: 8051856 [ParserDetails.C:588] pushing 8051856 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051622->8051627 resolveable_edge: 1, tailcall: 0, target: 8051627 [ParserDetails.C:588] pushing 8051627 onto worklist [Parser.C] binding call 8051622->8051856 [Parser.C] block 8051856 exists Checking non-returning for test1_26_call1 Checking non-returning for test1_26_call1 [Parser.C:1485] recording block [8051627,8051627) [Parser.C] parsing block 8051627 [Parser.C:1274] curAddr 0x8051627: lea EAX, EBX + 59c [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805162d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805162f: mov [ESP + 8], 18cbe69 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051637: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805163b: lea EAX, EBX + ffffaf35 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051641: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051644: call 1b5 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 1b5 + EIP + 5 to 0x8051644...SUCCESS (CFT=0x80517fe) [Parser.C:1485] recording block [8051627,8051649) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051644->80517fe resolveable_edge: 1, tailcall: 0, target: 80517fe [ParserDetails.C:588] pushing 80517fe onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051644->8051649 resolveable_edge: 1, tailcall: 0, target: 8051649 [ParserDetails.C:588] pushing 8051649 onto worklist [Parser.C] binding call 8051644->80517fe [Parser.C] block 80517fe exists Checking non-returning for verifyScalarValue26 [Parser.C:1485] recording block [8051649,8051649) [Parser.C] parsing block 8051649 [Parser.C:1274] curAddr 0x8051649: lea EAX, EBX + 5a0 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805164f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051651: mov [ESP + 8], 18cbe6a [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051659: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805165d: lea EAX, EBX + ffffaf4e [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051663: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051666: call 193 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 193 + EIP + 5 to 0x8051666...SUCCESS (CFT=0x80517fe) [Parser.C:1485] recording block [8051649,805166b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051666->80517fe resolveable_edge: 1, tailcall: 0, target: 80517fe [ParserDetails.C:588] pushing 80517fe onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051666->805166b resolveable_edge: 1, tailcall: 0, target: 805166b [ParserDetails.C:588] pushing 805166b onto worklist [Parser.C] binding call 8051666->80517fe [Parser.C] block 80517fe exists Checking non-returning for verifyScalarValue26 [Parser.C:1485] recording block [805166b,805166b) [Parser.C] parsing block 805166b [Parser.C:1274] curAddr 0x805166b: lea EAX, EBX + 5a4 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051671: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051673: mov [ESP + 8], 18cbe6b [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805167b: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805167f: lea EAX, EBX + ffffaf67 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051685: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051688: call 171 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 171 + EIP + 5 to 0x8051688...SUCCESS (CFT=0x80517fe) [Parser.C:1485] recording block [805166b,805168d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051688->80517fe resolveable_edge: 1, tailcall: 0, target: 80517fe [ParserDetails.C:588] pushing 80517fe onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051688->805168d resolveable_edge: 1, tailcall: 0, target: 805168d [ParserDetails.C:588] pushing 805168d onto worklist [Parser.C] binding call 8051688->80517fe [Parser.C] block 80517fe exists Checking non-returning for verifyScalarValue26 [Parser.C:1485] recording block [805168d,805168d) [Parser.C] parsing block 805168d [Parser.C:1274] curAddr 0x805168d: lea EAX, EBX + 5a8 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051693: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051695: mov [ESP + 8], 18cbe70 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805169d: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516a1: lea EAX, EBX + ffffaf80 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516a7: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516aa: call 14f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 14f + EIP + 5 to 0x80516aa...SUCCESS (CFT=0x80517fe) [Parser.C:1485] recording block [805168d,80516af) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80516aa->80517fe resolveable_edge: 1, tailcall: 0, target: 80517fe [ParserDetails.C:588] pushing 80517fe onto worklist ParserDetails.C[68]: adding function fallthrough edge 80516aa->80516af resolveable_edge: 1, tailcall: 0, target: 80516af [ParserDetails.C:588] pushing 80516af onto worklist [Parser.C] binding call 80516aa->80517fe [Parser.C] block 80517fe exists Checking non-returning for verifyScalarValue26 [Parser.C:1485] recording block [80516af,80516af) [Parser.C] parsing block 80516af [Parser.C:1274] curAddr 0x80516af: lea EAX, EBX + 5ac [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516b5: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516b7: mov [ESP + 8], 18cba8d [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516bf: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516c3: lea EAX, EBX + ffffaf99 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516c9: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516cc: call 12d + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 12d + EIP + 5 to 0x80516cc...SUCCESS (CFT=0x80517fe) [Parser.C:1485] recording block [80516af,80516d1) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80516cc->80517fe resolveable_edge: 1, tailcall: 0, target: 80517fe [ParserDetails.C:588] pushing 80517fe onto worklist ParserDetails.C[68]: adding function fallthrough edge 80516cc->80516d1 resolveable_edge: 1, tailcall: 0, target: 80516d1 [ParserDetails.C:588] pushing 80516d1 onto worklist [Parser.C] binding call 80516cc->80517fe [Parser.C] block 80517fe exists Checking non-returning for verifyScalarValue26 [Parser.C:1485] recording block [80516d1,80516d1) [Parser.C] parsing block 80516d1 [Parser.C:1274] curAddr 0x80516d1: lea EAX, EBX + 5b0 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516d7: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516d9: mov [ESP + 8], 18cba8e [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516e1: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516e5: lea EAX, EBX + ffffafb2 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516eb: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516ee: call 10b + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 10b + EIP + 5 to 0x80516ee...SUCCESS (CFT=0x80517fe) [Parser.C:1485] recording block [80516d1,80516f3) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80516ee->80517fe resolveable_edge: 1, tailcall: 0, target: 80517fe [ParserDetails.C:588] pushing 80517fe onto worklist ParserDetails.C[68]: adding function fallthrough edge 80516ee->80516f3 resolveable_edge: 1, tailcall: 0, target: 80516f3 [ParserDetails.C:588] pushing 80516f3 onto worklist [Parser.C] binding call 80516ee->80517fe [Parser.C] block 80517fe exists Checking non-returning for verifyScalarValue26 [Parser.C:1485] recording block [80516f3,80516f3) [Parser.C] parsing block 80516f3 [Parser.C:1274] curAddr 0x80516f3: lea EAX, EBX + 5b4 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516f9: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80516fb: mov [ESP + 8], 18cc251 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051703: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051707: lea EAX, EBX + ffffafcb [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805170d: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051710: call e9 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call e9 + EIP + 5 to 0x8051710...SUCCESS (CFT=0x80517fe) [Parser.C:1485] recording block [80516f3,8051715) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051710->80517fe resolveable_edge: 1, tailcall: 0, target: 80517fe [ParserDetails.C:588] pushing 80517fe onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051710->8051715 resolveable_edge: 1, tailcall: 0, target: 8051715 [ParserDetails.C:588] pushing 8051715 onto worklist [Parser.C] binding call 8051710->80517fe [Parser.C] block 80517fe exists Checking non-returning for verifyScalarValue26 [Parser.C:1485] recording block [8051715,8051715) [Parser.C] parsing block 8051715 [Parser.C:1274] curAddr 0x8051715: lea EAX, EBX + 5b8 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805171b: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805171d: mov [ESP + 8], 18cc252 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051725: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051729: lea EAX, EBX + ffffafe4 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805172f: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051732: call c7 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call c7 + EIP + 5 to 0x8051732...SUCCESS (CFT=0x80517fe) [Parser.C:1485] recording block [8051715,8051737) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051732->80517fe resolveable_edge: 1, tailcall: 0, target: 80517fe [ParserDetails.C:588] pushing 80517fe onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051732->8051737 resolveable_edge: 1, tailcall: 0, target: 8051737 [ParserDetails.C:588] pushing 8051737 onto worklist [Parser.C] binding call 8051732->80517fe [Parser.C] block 80517fe exists Checking non-returning for verifyScalarValue26 [Parser.C:1485] recording block [8051737,8051737) [Parser.C] parsing block 8051737 [Parser.C:1274] curAddr 0x8051737: lea EAX, EBX + 5bc [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805173d: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805173f: mov [ESP + 8], 18cc253 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051747: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805174b: lea EAX, EBX + ffffaffd [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051751: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051754: call a5 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call a5 + EIP + 5 to 0x8051754...SUCCESS (CFT=0x80517fe) [Parser.C:1485] recording block [8051737,8051759) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051754->80517fe resolveable_edge: 1, tailcall: 0, target: 80517fe [ParserDetails.C:588] pushing 80517fe onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051754->8051759 resolveable_edge: 1, tailcall: 0, target: 8051759 [ParserDetails.C:588] pushing 8051759 onto worklist [Parser.C] binding call 8051754->80517fe [Parser.C] block 80517fe exists Checking non-returning for verifyScalarValue26 [Parser.C:1485] recording block [8051759,8051759) [Parser.C] parsing block 8051759 [Parser.C:1274] curAddr 0x8051759: lea EAX, EBX + 5c0 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805175f: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051761: mov [ESP + 8], 18cc258 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051769: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805176d: lea EAX, EBX + ffffb017 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051773: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051776: call 83 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 83 + EIP + 5 to 0x8051776...SUCCESS (CFT=0x80517fe) [Parser.C:1485] recording block [8051759,805177b) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051776->80517fe resolveable_edge: 1, tailcall: 0, target: 80517fe [ParserDetails.C:588] pushing 80517fe onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051776->805177b resolveable_edge: 1, tailcall: 0, target: 805177b [ParserDetails.C:588] pushing 805177b onto worklist [Parser.C] binding call 8051776->80517fe [Parser.C] block 80517fe exists Checking non-returning for verifyScalarValue26 [Parser.C:1485] recording block [805177b,805177b) [Parser.C] parsing block 805177b [Parser.C:1274] curAddr 0x805177b: lea EAX, EBX + 5c4 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051781: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051783: mov [ESP + 8], 18cc25d [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805178b: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x805178f: lea EAX, EBX + ffffb031 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051795: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x8051798: call 61 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 61 + EIP + 5 to 0x8051798...SUCCESS (CFT=0x80517fe) [Parser.C:1485] recording block [805177b,805179d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8051798->80517fe resolveable_edge: 1, tailcall: 0, target: 80517fe [ParserDetails.C:588] pushing 80517fe onto worklist ParserDetails.C[68]: adding function fallthrough edge 8051798->805179d resolveable_edge: 1, tailcall: 0, target: 805179d [ParserDetails.C:588] pushing 805179d onto worklist [Parser.C] binding call 8051798->80517fe [Parser.C] block 80517fe exists Checking non-returning for verifyScalarValue26 [Parser.C:1485] recording block [805179d,805179d) [Parser.C] parsing block 805179d [Parser.C:1274] curAddr 0x805179d: lea EAX, EBX + 5c8 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517a3: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517a5: mov [ESP + 8], 18cc25e [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517ad: mov [ESP + 4], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517b1: lea EAX, EBX + ffffb04b [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517b7: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517ba: call 3f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 3f + EIP + 5 to 0x80517ba...SUCCESS (CFT=0x80517fe) [Parser.C:1485] recording block [805179d,80517bf) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80517ba->80517fe resolveable_edge: 1, tailcall: 0, target: 80517fe [ParserDetails.C:588] pushing 80517fe onto worklist ParserDetails.C[68]: adding function fallthrough edge 80517ba->80517bf resolveable_edge: 1, tailcall: 0, target: 80517bf [ParserDetails.C:588] pushing 80517bf onto worklist [Parser.C] binding call 80517ba->80517fe [Parser.C] block 80517fe exists Checking non-returning for verifyScalarValue26 [Parser.C:1485] recording block [80517bf,80517bf) [Parser.C] parsing block 80517bf [Parser.C:1274] curAddr 0x80517bf: mov EAX, [EBX + 8fc] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517c5: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517c7: jnz 25 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80517bf,80517c9) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 25 + EIP + 2 to 0x80517c7...SUCCESS (CFT=0x80517ee) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 80517c7->80517ee resolveable_edge: 1, tailcall: 0, target: 80517ee [ParserDetails.C:588] pushing 80517ee onto worklist ParserDetails.C[80]: adding conditional not taken edge 80517c7->80517c9 resolveable_edge: 1, tailcall: 0, target: 80517c9 [ParserDetails.C:588] pushing 80517c9 onto worklist [Parser.C:1485] recording block [80517ee,80517ee) [Parser.C] parsing block 80517ee [Parser.C:1274] curAddr 0x80517ee: mov [EBP + fffffffffffffff4], ffffffff [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517f5: mov EAX, [EBP + fffffffffffffff4] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517f8: add ESP, 24 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517fb: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517fc: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517fd: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [80517ee,80517fe) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x80517fd Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x80517fd...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [80517c9,80517c9) [Parser.C] parsing block 80517c9 [Parser.C:1274] curAddr 0x80517c9: lea EAX, EBX + ffffb068 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517cf: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517d2: call 21e6 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 21e6 + EIP + 5 to 0x80517d2...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [80517c9,80517d7) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80517d2->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 80517d2->80517d7 resolveable_edge: 1, tailcall: 0, target: 80517d7 [ParserDetails.C:588] pushing 80517d7 onto worklist [Parser.C] binding call 80517d2->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [80517d7,80517d7) [Parser.C] parsing block 80517d7 [Parser.C:1274] curAddr 0x80517d7: mov EAX, [EBX + 5cc] [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517dd: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517e0: call 2bc0 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 2bc0 + EIP + 5 to 0x80517e0...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [80517d7,80517e5) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 80517e0->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 80517e0->80517e5 resolveable_edge: 1, tailcall: 0, target: 80517e5 [ParserDetails.C:588] pushing 80517e5 onto worklist [Parser.C] binding call 80517e0->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [80517e5,80517e5) [Parser.C] parsing block 80517e5 [Parser.C:1274] curAddr 0x80517e5: mov [EBP + fffffffffffffff4], 0 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called [Parser.C:1274] curAddr 0x80517ec: jmp 7 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_26_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 7 + EIP + 2 to 0x80517ec...SUCCESS (CFT=0x80517f5) [Parser.C:1485] recording block [80517e5,80517ee) Getting edges Checking for Tail Call jump to 0x80517f5 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 80517ec->80517f5 resolveable_edge: 1, tailcall: 0, target: 80517f5 [ParserDetails.C:588] pushing 80517f5 onto worklist [Parser.C] address 80517f5 splits [80517ee,80517fe) (0x1e043b0) [Parser.C:1485] recording block [80517f5,80517fe) [Parser.C] skipping locally parsed target at 80517f5 [Parser.C] frame 80515b4 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_26_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804c9e4) [Parser.C:180] entered parse_at([804c9e4,804ca07),804c9e4) function at 804c9e4 already parsed, status 3 [Parser.C:224] entered parse_at(804f848) [Parser.C:180] entered parse_at([804ccd0,80549c4),804f848) [Parser.C:1485] recording block [804f848,804f848) [Parser.C] ==== starting to parse frame 804f848 ==== [Parser.C] parsing block 804f848 [Parser.C:1274] curAddr 0x804f848: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f849: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f84b: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f84c: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f84f: call ffffd4ac + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd4ac + EIP + 5 to 0x804f84f...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804f854: add EBX, c7ac [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f85a: cmp [EBP + 8], 13d684 [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f861: jnz 11 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f848,804f863) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 11 + EIP + 2 to 0x804f861...SUCCESS (CFT=0x804f874) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f861->804f874 resolveable_edge: 1, tailcall: 0, target: 804f874 [ParserDetails.C:588] pushing 804f874 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f861->804f863 resolveable_edge: 1, tailcall: 0, target: 804f863 [ParserDetails.C:588] pushing 804f863 onto worklist [Parser.C:1485] recording block [804f874,804f874) [Parser.C] parsing block 804f874 [Parser.C:1274] curAddr 0x804f874: lea EAX, EBX + 7ac [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f87a: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f87c: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f87e: jz 1d + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f874,804f880) Getting edges IA_IAPI.C[847]: binding PC EIP in jz 1d + EIP + 2 to 0x804f87e...SUCCESS (CFT=0x804f89d) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804f87e->804f89d resolveable_edge: 1, tailcall: 0, target: 804f89d [ParserDetails.C:588] pushing 804f89d onto worklist ParserDetails.C[80]: adding conditional not taken edge 804f87e->804f880 resolveable_edge: 1, tailcall: 0, target: 804f880 [ParserDetails.C:588] pushing 804f880 onto worklist [Parser.C:1485] recording block [804f89d,804f89d) [Parser.C] parsing block 804f89d [Parser.C:1274] curAddr 0x804f89d: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f8a0: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f8a1: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f8a2: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called branch or return, ret true [Parser.C:1485] recording block [804f89d,804f8a3) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804f8a2 Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804f8a2...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804f863,804f863) [Parser.C] parsing block 804f863 [Parser.C:1274] curAddr 0x804f863: mov EAX, [EBX + 848] [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f869: or EAX, 20 [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f86c: mov [EBX + 848], EAX [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f872: jmp 29 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 29 + EIP + 2 to 0x804f872...SUCCESS (CFT=0x804f89d) [Parser.C:1485] recording block [804f863,804f874) Getting edges Checking for Tail Call jump to 0x804f89d is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804f872->804f89d resolveable_edge: 1, tailcall: 0, target: 804f89d [ParserDetails.C:588] pushing 804f89d onto worklist [Parser.C:1485] recording block [804f880,804f880) [Parser.C] parsing block 804f880 [Parser.C:1274] curAddr 0x804f880: mov EAX, [EBP + 8] [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f883: mov [ESP + 8], EAX [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f887: mov [ESP + 4], 13d684 [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f88f: lea EAX, EBX + ffffa116 [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f895: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called [Parser.C:1274] curAddr 0x804f898: call ffffd1b3 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_13_call2 hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd1b3 + EIP + 5 to 0x804f898...SUCCESS (CFT=0x804ca50) [Parser.C:1485] recording block [804f880,804f89d) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804f898->804ca50 resolveable_edge: 1, tailcall: 0, target: 804ca50 [ParserDetails.C:588] pushing 804ca50 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804f898->804f89d resolveable_edge: 1, tailcall: 0, target: 804f89d [ParserDetails.C:588] pushing 804f89d onto worklist [Parser.C] binding call 804f898->804ca50 [Parser.C] block 804ca50 exists Checking non-returning for printf [Parser.C] block 804f89d exists [Parser.C] skipping locally parsed target at 804f89d [Parser.C] block 804f89d exists [Parser.C] skipping locally parsed target at 804f89d [Parser.C] frame 804f848 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_13_call2 return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(804fe5c) [Parser.C:180] entered parse_at([804ccd0,80549c4),804fe5c) function at 804fe5c already parsed, status 3 [Parser.C:224] entered parse_at(8052ac0) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052ac0) [Parser.C:1485] recording block [8052ac0,8052ac0) [Parser.C] ==== starting to parse frame 8052ac0 ==== [Parser.C] parsing block 8052ac0 [Parser.C:1274] curAddr 0x8052ac0: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ac1: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ac3: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ac4: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ac7: call ffffa234 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffa234 + EIP + 5 to 0x8052ac7...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x8052acc: add EBX, 9534 [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ad2: lea EAX, EBX + 714 [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ad8: mov EAX, [EAX] [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ada: cmp EAX, 1 [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052add: jnz 23 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052ac0,8052adf) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 23 + EIP + 2 to 0x8052add...SUCCESS (CFT=0x8052b02) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 8052add->8052b02 resolveable_edge: 1, tailcall: 0, target: 8052b02 [ParserDetails.C:588] pushing 8052b02 onto worklist ParserDetails.C[80]: adding conditional not taken edge 8052add->8052adf resolveable_edge: 1, tailcall: 0, target: 8052adf [ParserDetails.C:588] pushing 8052adf onto worklist [Parser.C:1485] recording block [8052b02,8052b02) [Parser.C] parsing block 8052b02 [Parser.C:1274] curAddr 0x8052b02: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052b07: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052b0a: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052b0b: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052b0c: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [8052b02,8052b0d) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x8052b0c Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x8052b0c...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [8052adf,8052adf) [Parser.C] parsing block 8052adf [Parser.C:1274] curAddr 0x8052adf: lea EAX, EBX + ffffbb54 [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ae5: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052ae8: call ed0 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ed0 + EIP + 5 to 0x8052ae8...SUCCESS (CFT=0x80539bd) [Parser.C:1485] recording block [8052adf,8052aed) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052ae8->80539bd resolveable_edge: 1, tailcall: 0, target: 80539bd [ParserDetails.C:588] pushing 80539bd onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052ae8->8052aed resolveable_edge: 1, tailcall: 0, target: 8052aed [ParserDetails.C:588] pushing 8052aed onto worklist [Parser.C] binding call 8052ae8->80539bd [Parser.C] block 80539bd exists Checking non-returning for logerror Checking non-returning for logerror [Parser.C:1485] recording block [8052aed,8052aed) [Parser.C] parsing block 8052aed [Parser.C:1274] curAddr 0x8052aed: mov EAX, [EBX + 718] [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052af3: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052af6: call 18aa + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 18aa + EIP + 5 to 0x8052af6...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [8052aed,8052afb) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 8052af6->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 8052af6->8052afb resolveable_edge: 1, tailcall: 0, target: 8052afb [ParserDetails.C:588] pushing 8052afb onto worklist [Parser.C] binding call 8052af6->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [8052afb,8052afb) [Parser.C] parsing block 8052afb [Parser.C:1274] curAddr 0x8052afb: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called [Parser.C:1274] curAddr 0x8052b00: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_38_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x8052b00...SUCCESS (CFT=0x8052b07) [Parser.C:1485] recording block [8052afb,8052b02) Getting edges Checking for Tail Call jump to 0x8052b07 is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 8052b00->8052b07 resolveable_edge: 1, tailcall: 0, target: 8052b07 [ParserDetails.C:588] pushing 8052b07 onto worklist [Parser.C] address 8052b07 splits [8052b02,8052b0d) (0x1e04fe0) [Parser.C:1485] recording block [8052b07,8052b0d) [Parser.C] skipping locally parsed target at 8052b07 [Parser.C] frame 8052ac0 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_38_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8051af1) [Parser.C:180] entered parse_at([804ccd0,80549c4),8051af1) function at 8051af1 already parsed, status 3 [Parser.C:224] entered parse_at(804fab5) [Parser.C:180] entered parse_at([804ccd0,80549c4),804fab5) [Parser.C:1485] recording block [804fab5,804fab5) [Parser.C] ==== starting to parse frame 804fab5 ==== [Parser.C] parsing block 804fab5 [Parser.C:1274] curAddr 0x804fab5: push EBP, ESP [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fab6: mov EBP, ESP [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fab8: push EBX, ESP [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fab9: sub ESP, 14 [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fabc: call ffffd23f + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call ffffd23f + EIP + 5 to 0x804fabc...SUCCESS (CFT=0x804cd00) [Parser.C:1274] curAddr 0x804fac1: add EBX, c53f [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fac7: call fffffdd8 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call fffffdd8 + EIP + 5 to 0x804fac7...SUCCESS (CFT=0x804f8a4) [Parser.C:1485] recording block [804fab5,804facc) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fac7->804f8a4 resolveable_edge: 1, tailcall: 0, target: 804f8a4 [ParserDetails.C:588] pushing 804f8a4 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fac7->804facc resolveable_edge: 1, tailcall: 0, target: 804facc [ParserDetails.C:588] pushing 804facc onto worklist [Parser.C] binding call 804fac7->804f8a4 [Parser.C] block 804f8a4 exists Checking non-returning for test1_16_func1 Checking non-returning for test1_16_func1 [Parser.C:1485] recording block [804facc,804facc) [Parser.C] parsing block 804facc [Parser.C:1274] curAddr 0x804facc: test EAX, EAX [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called [Parser.C:1274] curAddr 0x804face: jnz 15 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804facc,804fad0) Getting edges IA_IAPI.C[847]: binding PC EIP in jnz 15 + EIP + 2 to 0x804face...SUCCESS (CFT=0x804fae5) Returned 2 edges 2 edges: Checking for Tail Call ParserDetails.C[76]: adding conditional taken edge 804face->804fae5 resolveable_edge: 1, tailcall: 0, target: 804fae5 [ParserDetails.C:588] pushing 804fae5 onto worklist ParserDetails.C[80]: adding conditional not taken edge 804face->804fad0 resolveable_edge: 1, tailcall: 0, target: 804fad0 [ParserDetails.C:588] pushing 804fad0 onto worklist [Parser.C:1485] recording block [804fae5,804fae5) [Parser.C] parsing block 804fae5 [Parser.C:1274] curAddr 0x804fae5: mov EAX, ffffffff [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called [Parser.C:1274] curAddr 0x804faea: add ESP, 14 [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called [Parser.C:1274] curAddr 0x804faed: pop EBX, ESP [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called [Parser.C:1274] curAddr 0x804faee: pop EBP, ESP [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called [Parser.C:1274] curAddr 0x804faef: ret near [ESP] [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called branch or return, ret true [Parser.C:1485] recording block [804fae5,804faf0) Getting edges IA_IAPI.C[694]: return candidate ret near [ESP] at 0x804faef Returning from parse out edges Returned 0 edges IA_IAPI.C[847]: binding PC EIP in ret near [ESP] to 0x804faef...FAIL (CFT=0x0), callTarget exp: [ESP] 0 edges: [Parser.C:1485] recording block [804fad0,804fad0) [Parser.C] parsing block 804fad0 [Parser.C:1274] curAddr 0x804fad0: mov EAX, [EBX + 4f4] [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fad6: mov [ESP], EAX [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fad9: call 48c7 + EIP + 5 [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called IA_IAPI.C[847]: binding PC EIP in call 48c7 + EIP + 5 to 0x804fad9...SUCCESS (CFT=0x80543a5) [Parser.C:1485] recording block [804fad0,804fade) Getting edges Returned 2 edges 2 edges: ParserDetails.C[64]: adding call edge 804fad9->80543a5 resolveable_edge: 1, tailcall: 0, target: 80543a5 [ParserDetails.C:588] pushing 80543a5 onto worklist ParserDetails.C[68]: adding function fallthrough edge 804fad9->804fade resolveable_edge: 1, tailcall: 0, target: 804fade [ParserDetails.C:588] pushing 804fade onto worklist [Parser.C] binding call 804fad9->80543a5 [Parser.C] block 80543a5 exists Checking non-returning for test_passes Checking non-returning for test_passes [Parser.C:1485] recording block [804fade,804fade) [Parser.C] parsing block 804fade [Parser.C:1274] curAddr 0x804fade: mov EAX, 0 [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called [Parser.C:1274] curAddr 0x804fae3: jmp 5 + EIP + 2 [Parser.C:1280] leaf 1 funcname test1_16_mutatee hasCFT called branch or return, ret true IA_IAPI.C[847]: binding PC EIP in jmp 5 + EIP + 2 to 0x804fae3...SUCCESS (CFT=0x804faea) [Parser.C:1485] recording block [804fade,804fae5) Getting edges Checking for Tail Call jump to 0x804faea is known block, but not func entry, NOT TAIL CALL Returned 1 edges 1 edges: Checking for Tail Call Returning cached tail call check result: 0 ParserDetails.C[88]: adding direct edge 804fae3->804faea resolveable_edge: 1, tailcall: 0, target: 804faea [ParserDetails.C:588] pushing 804faea onto worklist [Parser.C] address 804faea splits [804fae5,804faf0) (0x1e057c0) [Parser.C:1485] recording block [804faea,804faf0) [Parser.C] skipping locally parsed target at 804faea [Parser.C] frame 804fab5 complete, return status: 3 [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] test1_16_mutatee return status 3, no waiters [/home/detter/Workspace/dyninst/parseAPI/src/Parser.C] Fixed point reached (0 funcs with unknown return status) )[Parser.C:224] entered parse_at(8052a3d) [Parser.C:180] entered parse_at([804ccd0,80549c4),8052a3d) function at 8052a3d already parsed, status 3 00000000080521fb : [Parser.C] finalizing test1_33_func3 (80521fb) Considering target block [0x805234e,0x8052354) from edge 0x1de61a0 Adding target block [805234e,8052354) to worklist according to edge from 805220e, type 1 Considering target block [0x8052214,0x8052225) from edge 0x1dc8730 Adding target block [8052214,8052225) to worklist according to edge from 805220e, type 2 Considering target block [0xffffffffffffffff,0xffffffffffffffff) from edge 0x1dd6190 Sink edge, skipping Considering target block [0xffffffffffffffff,0xffffffffffffffff) from edge 0x1dd1830 Block has return edge Adding block 0x805234e as exit 80521fb extent [80521fb,8052225) 80521fb extent [805234e,8052354) 0x80521fb 55 push EBP, ESP 0x80521fc 89 e5 mov EBP, ESP 0x80521fe 53 push EBX, ESP 0x80521ff e8 fc aa ff ff call ffffaafc + EIP + 5 0x8052204 81 c3 fc 9d 0 0 add EBX, 9dfc 0x805220a 83 7d 8 13 cmp [EBP + 8], 13 0x805220e f 87 3a 1 0 0 jnbe 13a + EIP + 6 0x8052214 8b 45 8 mov EAX, [EBP + 8] 0x8052217 c1 e0 2 shl/sal EAX, 2 0x805221a 8b 84 18 0 b7 ff ff mov EAX, [EAX + EBX * 1 + ffffb700] 0x8052221 1 d8 add EAX, EBX 0x8052223 ff e0 jmp EAX 0x805234e 8b 45 8 mov EAX, [EBP + 8] 0x8052351 5b pop EBX, ESP 0x8052352 5d pop EBP, ESP 0x8052353 c3 ret near [ESP]