[panda-users] about scissors

Manolis Stamatogiannakis mstamat at gmail.com
Wed Apr 22 20:16:06 EDT 2015 

Works like a charm. Thanks!

2015-04-22 12:21 GMT-07:00 Brendan Dolan-Gavitt <brendandg at gatech.edu>:

> Ending a replay with rr_do_end_replay() from within the CPU thread
> does bad things (don't know why precisely). The solution is to instead
> just set the rr_end_replay_requested flag to 1. Fix pushed.
>
> I think there are still problems with the scissors though. I just
> tried to snip the win7iessl replay at start=181577170 end=318079730,
> and only got 24 instructions in the log...
>
> -Brendan
>
> On Wed, Apr 22, 2015 at 2:53 PM, Manolis Stamatogiannakis
> <mstamat at gmail.com> wrote:
> > I also had a segfault with scissors. The trimmed trace looks alright,
> > despite the segfault.
> >
> > My command line was:  ./i386-softmmu/qemu-system-i386 -panda
> > scissors:start=17401969,end=47488576,name=vlassis_vi -replay vlassis
> >
> > I added -g to the plugin flags, and here is the stack trace from the
> core:
> > http://pastebin.com/y6Dzr6YH
> > I may have sometime to further look this next week.
> >
> > M.
> >
> > 2015-04-22 8:36 GMT-07:00 Brendan Dolan-Gavitt <brendandg at gatech.edu>:
> >>
> >> Hi,
> >>
> >> >From the output you posted it looks like you also have the
> >> stringsearch plugin enabled ("stringsearch: added string of length 14
> >> to search set"). Could you try again with that turned off?
> >>
> >> -Brendan
> >>
> >> On Wed, Apr 22, 2015 at 2:01 AM, xiaojuan Li <xiaotan6666 at gmail.com>
> >> wrote:
> >> > Hi,
> >> > i want to reflect a problem about scissor plugin:
> >> > I found that scissor plugin did not work, cannot extract a part from
> the
> >> > original snp.
> >> > i use the command line:
> >> > scissors:start=4335499535,end=5244538335,name=api21-256-scissor...
> >> >
> >> > Adding PANDA arg scissors:start=4335499535.
> >> > Adding PANDA arg scissors:end=5244538335.
> >> > Adding PANDA arg scissors:name=api21-256-scissor.
> >> > adding
> >> >
> >> >
> /home/shentanli/pandanew/qemu/arm-softmmu/panda_plugins/panda_scissors.so to
> >> > panda_plugin_files 0
> >> > Adding PANDA arg stringsearch:name=test.
> >> > adding
> >> >
> >> >
> /home/shentanli/pandanew/qemu/arm-softmmu/panda_plugins/panda_stringsearch.so
> >> > to panda_plugin_files 1
> >> > emulator: registered 'boot-properties' qemud service
> >> > emulator: Adding boot property: 'dalvik.vm.heapsize' = '48m'
> >> > emulator: Adding boot property: 'qemu.sf.fake_camera' = 'both'
> >> > emulator: Adding boot property: 'qemu.hw.mainkeys' = '0'
> >> > loading
> >> >
> >> >
> /home/shentanli/pandanew/qemu/arm-softmmu/panda_plugins/panda_scissors.so
> >> > Success
> >> > loading
> >> >
> >> >
> /home/shentanli/pandanew/qemu/arm-softmmu/panda_plugins/panda_stringsearch.so
> >> > Initializing plugin stringsearch
> >> > panda_require: callstack_instr
> >> > loading
> >> >
> >> >
> /home/shentanli/pandanew/qemu/arm-softmmu/panda_plugins/panda_callstack_instr.so
> >> > Initializing plugin callstack_instr
> >> > Success
> >> > stringsearch: added string of length 14 to search set
> >> > Success
> >> >
> >> >
> >> >  when it reaches the 4335499535,it prints:
> >> >
> >> > api214-20-256:  4335499535 ( 62.00%) instrs.  296.73 sec.  0.89 GB
> ram.
> >> > Original ending prog point: {guest_instr_count=6992494441
> pc=0xc00158c4,
> >> > secondary=0x00000000}
> >> > Saving snapshot at instr count 4335499535...
> >> > Beginning cut-and-paste process at prog point:
> >> > {guest_instr_count=4335499535 pc=0xc000db0c, secondary=0x00000000}
> >> > Writing entries to api21-256-scissor-rr-nondet.log...
> >> > Reached end of old nondet log.
> >> > Continuing with replay.
> >> >
> >> > then when it reaches the end, it shows:
> >> >
> >> > api214-20-256:  5244538335 ( 75.00%) instrs.  377.58 sec.  1.09 GB
> ram.
> >> > Ending cut-and-paste on prog point:
> >> > {guest_instr_count=5244538336 pc=0xffff0008, secondary=0x00000000}
> >> > api214-20-256:  5244538336 ( 75.00%) instrs.  377.59 sec.  1.09 GB
> ram.
> >> > Replay completed successfully.
> >> > Time taken was: 380 seconds.
> >> > Stats:
> >> > RR_INPUT_1 number = 634, size = 17118 bytes
> >> > RR_INPUT_2 number = 237, size = 6636 bytes
> >> > RR_INPUT_4 number = 659406, size = 19782180 bytes
> >> > RR_INPUT_8 number = 0, size = 0 bytes
> >> > RR_INTERRUPT_REQUEST number = 1343219, size = 37610132 bytes
> >> > RR_EXIT_REQUEST number = 0, size = 0 bytes
> >> > RR_SKIPPED_CALL number = 424454, size = 238156678 bytes
> >> > RR_DEBUG number = 0, size = 0 bytes
> >> > max_queue_len = 747
> >> > 746 items on recycle list, 65648 bytes total
> >> > Replay terminated at user request.
> >> >
> >> > Logging all cpu states
> >> >
> >> >
> >> > it exits.and when i check the scissor file, it is the same size as the
> >> > original one.
> >> >
> >> >
> >> >
> >> > Please correct me!
> >> > Thanks a lot!
> >> >
> >> >
> >> > 2015-04-21 7:48 GMT-04:00 xiaojuan Li <xiaotan6666 at gmail.com>:
> >> >
> >> >> excuse me,  scissors failed again:
> >> >> api214-20-256:  4268808000 ( 61.05%) instrs.  329.84 sec.  0.88 GB
> ram.
> >> >> api214-20-256:  4335499535 ( 62.00%) instrs.  335.77 sec.  0.89 GB
> ram.
> >> >> Original ending prog point: {guest_instr_count=6992494441
> >> >> pc=0xc00158c4,
> >> >> secondary=0x00000000}
> >> >> Saving snapshot at instr count 4335499535...
> >> >> Beginning cut-and-paste process at prog point:
> >> >> {guest_instr_count=4335499535 pc=0xc000db0c, secondary=0x00000000}
> >> >> Writing entries to api4-21-rr-nondet.log...
> >> >> Assertion failure @ count 2656994906!
> >> >> api214-20-256:  4335499535 ( 62.00%) instrs.  336.32 sec.  1.08 GB
> ram.
> >> >> ERROR: replay failed!
> >> >> Time taken was: 337 seconds.
> >> >> Stats:
> >> >>
> >> >>
> >> >> now i use taint encounter 2 errors:aborted and killed.
> >> >>
> >> >> the first one may caused malloc(),but i donnot know why killed.
> >> >>
> >> >> so i want to scissor it to a smaller one (just use the stringseach)
> and
> >> >> then use the smaller to taint, but scissor failed too.
> >> >>
> >> >>
> >> >> 2015-04-20 22:06 GMT-04:00 Brendan Dolan-Gavitt <mooyix at gmail.com>:
> >> >>>
> >> >>> This might be caused by a bug that was just fixed today:
> >> >>>
> >> >>> https://github.com/moyix/panda/issues/58
> >> >>>
> >> >>> Could you do a git pull and try again?
> >> >>>
> >> >>> -Brendan
> >> >>>
> >> >>> On Sun, Apr 19, 2015 at 8:29 AM, xiaojuan Li <xiaotan6666 at gmail.com
> >
> >> >>> wrote:
> >> >>> > HI,Brendan,
> >> >>> > I am the one sending emails asking for help about the taint
> >> >>> > segfault.
> >> >>> > Till
> >> >>> > now, it haven't been fixed.(have tried your suggestions,but seems
> >> >>> > does
> >> >>> > not
> >> >>> > work)
> >> >>> > during my solving this problem,i find another problem about
> scissors
> >> >>> > plugin:
> >> >>> > using qemu-system-arm  *** -replay ***** -panda
> >> >>> > "scissor:start=*,end=**,name=name" failed to get the cut one. does
> >> >>> > it
> >> >>> > have
> >> >>> > something wrong?
> >> >>> >
> >> >>> > Thanks for your patience.
> >> >>> > Best wishes.
> >> >>> >
> >> >>> >
> >> >>> > --
> >> >>> > wait and hope~~
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> wait and hope~~
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > wait and hope~~
> >> _______________________________________________
> >> panda-users mailing list
> >> panda-users at mit.edu
> >> http://mailman.mit.edu/mailman/listinfo/panda-users
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20150422/7457c7e4/attachment.htm

More information about the panda-users mailing list