igor's Issues
A broken link
The link to the benchmark in README.md is empty.
Here are the links to our ground-truth benchmark:
benchmark
Looking forward to a more complete tutorial
I tried to test my own program following the provided tutorial. However, the are inconsistencies between the program parameters and the description in README. Besides, I also have some questions. Therefore, I am looking forward to a more complete tutorial as soon as possible.
For example, the trace_pruner.py
run sample given in the README pointed out that -a
parameter is a hexadecimal number indicating the address of "the breakpoint in the ASAN enabled environment" here in an ASAN disabled environment.
You can prune redundant trace entries(those recorded after the binary's crashing address) by using:
$ python3 trace_pruner.py -i /path/to/trace/files -c /breakpoint/hit/count/dir -o /path/to/result/dir -a $breakpoint_addr
Hint:
The /breakpoint/hit/count/dir is produced by breakpoint_hit_counter.py in an ASAN enabled environment.
The -a parameter is a hexadecimal number indicating the address of "the breakpoint in the ASAN enabled environment" here in an ASAN disabled environment.
But the help text of trace_pruner.py
points out that -a
points to the argument file path.
usage: trace_pruner.py [-h] [-i I] [-c C] [-o O] [-b B] [-a A]
Prune trace files according to a designated address and its breakpoint hit
count
optional arguments:
-h, --help show this help message and exit
-i I trace file dir
-c C breakpoint hit count file
-o O result output dir (auto create if not exists)
-b B target binary
-a A the path of argument file
According to my rough understanding, find_crashing_addr.py
runs PoC to get the crash and analyze the crash point. breakpoint_hit_counter.py
parses the call stack recovered from the error dump and counts the hit count of each address in the call stack. So, I want to know where the Debug the binary under test, find the last function the binary calls before crashing, take down its caller's address(usually, the call instruction's address).
mentioned in README has been executed. Do I have to do this step manually? Where should I store the results for use in the subsequent processes?
trace_pruner.py
finds the address of the next call instruction through self._find_call_ins_addrs(breakpoint_addrs)
, and then writes trace_file_lines[:stop_idx]
to output_file
, which does not seem to reduce the trace.
I'm not sure if I have correctly interpreted the tutorial and documents, so I am looking forward to your help to make this process work.
Cannot run the smart tracer tool
When using the smart tracer tool with the latest IntelPin 3.30 toolkit I get the following error.
dlopen failed: library "libpin3dwarf.so" not found
I also cannot find the mentioned library in the IntelPin 3.30 toolkit.
However, I do find it in IntelPin 3.20.
$ find ./pin-3.20-98437-gf02b61307-gcc-linux | grep -i libpin3dwarf
./pin-3.20-98437-gf02b61307-gcc-linux/intel64/lib-ext/libpin3dwarf.so.sig
./pin-3.20-98437-gf02b61307-gcc-linux/intel64/lib-ext/libpin3dwarf.so
./pin-3.20-98437-gf02b61307-gcc-linux/ia32/lib-ext/libpin3dwarf.so.sig
./pin-3.20-98437-gf02b61307-gcc-linux/ia32/lib-ext/libpin3dwarf.so
Unfortunately, when using IntelPin 3.20, I get another error.
dlopen failed: cannot locate symbol "xed_encoder_request_operands_const" referenced by "/magma/fuzzers/aflplusplus/smart_tracer/pintool/calltrace.so"
What version of IntelPin should I use and is there any additional setup required?
Thanks!
Processing of Constraint Expressions
How did you implement the cleaning of constraint expressions mentioned in your work and ultimately compare their similarity in the form of AST? I couldn't find it in the complex warehouse code, and if possible, I hope you can give me a chance to learn this part of the code.Thanks!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.