<div dir="ltr">Works like a charm. Thanks!<br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-22 12:21 GMT-07:00 Brendan Dolan-Gavitt <span dir="ltr"><<a href="mailto:brendandg@gatech.edu" target="_blank">brendandg@gatech.edu</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Ending a replay with rr_do_end_replay() from within the CPU thread<br>
does bad things (don't know why precisely). The solution is to instead<br>
just set the rr_end_replay_requested flag to 1. Fix pushed.<br>
<br>
I think there are still problems with the scissors though. I just<br>
tried to snip the win7iessl replay at start=181577170 end=318079730,<br>
and only got 24 instructions in the log...<br>
<span class="HOEnZb"><font color="#888888"><br>
-Brendan<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
On Wed, Apr 22, 2015 at 2:53 PM, Manolis Stamatogiannakis<br>
<<a href="mailto:mstamat@gmail.com">mstamat@gmail.com</a>> wrote:<br>
> I also had a segfault with scissors. The trimmed trace looks alright,<br>
> despite the segfault.<br>
><br>
> My command line was: ./i386-softmmu/qemu-system-i386 -panda<br>
> scissors:start=17401969,end=47488576,name=vlassis_vi -replay vlassis<br>
><br>
> I added -g to the plugin flags, and here is the stack trace from the core:<br>
> <a href="http://pastebin.com/y6Dzr6YH" target="_blank">http://pastebin.com/y6Dzr6YH</a><br>
> I may have sometime to further look this next week.<br>
><br>
> M.<br>
><br>
> 2015-04-22 8:36 GMT-07:00 Brendan Dolan-Gavitt <<a href="mailto:brendandg@gatech.edu">brendandg@gatech.edu</a>>:<br>
>><br>
>> Hi,<br>
>><br>
>> >From the output you posted it looks like you also have the<br>
>> stringsearch plugin enabled ("stringsearch: added string of length 14<br>
>> to search set"). Could you try again with that turned off?<br>
>><br>
>> -Brendan<br>
>><br>
>> On Wed, Apr 22, 2015 at 2:01 AM, xiaojuan Li <<a href="mailto:xiaotan6666@gmail.com">xiaotan6666@gmail.com</a>><br>
>> wrote:<br>
>> > Hi,<br>
>> > i want to reflect a problem about scissor plugin:<br>
>> > I found that scissor plugin did not work, cannot extract a part from the<br>
>> > original snp.<br>
>> > i use the command line:<br>
>> > scissors:start=4335499535,end=5244538335,name=api21-256-scissor...<br>
>> ><br>
>> > Adding PANDA arg scissors:start=4335499535.<br>
>> > Adding PANDA arg scissors:end=5244538335.<br>
>> > Adding PANDA arg scissors:name=api21-256-scissor.<br>
>> > adding<br>
>> ><br>
>> > /home/shentanli/pandanew/qemu/arm-softmmu/panda_plugins/panda_scissors.so to<br>
>> > panda_plugin_files 0<br>
>> > Adding PANDA arg stringsearch:name=test.<br>
>> > adding<br>
>> ><br>
>> > /home/shentanli/pandanew/qemu/arm-softmmu/panda_plugins/panda_stringsearch.so<br>
>> > to panda_plugin_files 1<br>
>> > emulator: registered 'boot-properties' qemud service<br>
>> > emulator: Adding boot property: 'dalvik.vm.heapsize' = '48m'<br>
>> > emulator: Adding boot property: 'qemu.sf.fake_camera' = 'both'<br>
>> > emulator: Adding boot property: 'qemu.hw.mainkeys' = '0'<br>
>> > loading<br>
>> ><br>
>> > /home/shentanli/pandanew/qemu/arm-softmmu/panda_plugins/panda_scissors.so<br>
>> > Success<br>
>> > loading<br>
>> ><br>
>> > /home/shentanli/pandanew/qemu/arm-softmmu/panda_plugins/panda_stringsearch.so<br>
>> > Initializing plugin stringsearch<br>
>> > panda_require: callstack_instr<br>
>> > loading<br>
>> ><br>
>> > /home/shentanli/pandanew/qemu/arm-softmmu/panda_plugins/panda_callstack_instr.so<br>
>> > Initializing plugin callstack_instr<br>
>> > Success<br>
>> > stringsearch: added string of length 14 to search set<br>
>> > Success<br>
>> ><br>
>> ><br>
>> > when it reaches the 4335499535,it prints:<br>
>> ><br>
>> > api214-20-256: 4335499535 ( 62.00%) instrs. 296.73 sec. 0.89 GB ram.<br>
>> > Original ending prog point: {guest_instr_count=6992494441 pc=0xc00158c4,<br>
>> > secondary=0x00000000}<br>
>> > Saving snapshot at instr count 4335499535...<br>
>> > Beginning cut-and-paste process at prog point:<br>
>> > {guest_instr_count=4335499535 pc=0xc000db0c, secondary=0x00000000}<br>
>> > Writing entries to api21-256-scissor-rr-nondet.log...<br>
>> > Reached end of old nondet log.<br>
>> > Continuing with replay.<br>
>> ><br>
>> > then when it reaches the end, it shows:<br>
>> ><br>
>> > api214-20-256: 5244538335 ( 75.00%) instrs. 377.58 sec. 1.09 GB ram.<br>
>> > Ending cut-and-paste on prog point:<br>
>> > {guest_instr_count=5244538336 pc=0xffff0008, secondary=0x00000000}<br>
>> > api214-20-256: 5244538336 ( 75.00%) instrs. 377.59 sec. 1.09 GB ram.<br>
>> > Replay completed successfully.<br>
>> > Time taken was: 380 seconds.<br>
>> > Stats:<br>
>> > RR_INPUT_1 number = 634, size = 17118 bytes<br>
>> > RR_INPUT_2 number = 237, size = 6636 bytes<br>
>> > RR_INPUT_4 number = 659406, size = 19782180 bytes<br>
>> > RR_INPUT_8 number = 0, size = 0 bytes<br>
>> > RR_INTERRUPT_REQUEST number = 1343219, size = 37610132 bytes<br>
>> > RR_EXIT_REQUEST number = 0, size = 0 bytes<br>
>> > RR_SKIPPED_CALL number = 424454, size = 238156678 bytes<br>
>> > RR_DEBUG number = 0, size = 0 bytes<br>
>> > max_queue_len = 747<br>
>> > 746 items on recycle list, 65648 bytes total<br>
>> > Replay terminated at user request.<br>
>> ><br>
>> > Logging all cpu states<br>
>> ><br>
>> ><br>
>> > it exits.and when i check the scissor file, it is the same size as the<br>
>> > original one.<br>
>> ><br>
>> ><br>
>> ><br>
>> > Please correct me!<br>
>> > Thanks a lot!<br>
>> ><br>
>> ><br>
>> > 2015-04-21 7:48 GMT-04:00 xiaojuan Li <<a href="mailto:xiaotan6666@gmail.com">xiaotan6666@gmail.com</a>>:<br>
>> ><br>
>> >> excuse me, scissors failed again:<br>
>> >> api214-20-256: 4268808000 ( 61.05%) instrs. 329.84 sec. 0.88 GB ram.<br>
>> >> api214-20-256: 4335499535 ( 62.00%) instrs. 335.77 sec. 0.89 GB ram.<br>
>> >> Original ending prog point: {guest_instr_count=6992494441<br>
>> >> pc=0xc00158c4,<br>
>> >> secondary=0x00000000}<br>
>> >> Saving snapshot at instr count 4335499535...<br>
>> >> Beginning cut-and-paste process at prog point:<br>
>> >> {guest_instr_count=4335499535 pc=0xc000db0c, secondary=0x00000000}<br>
>> >> Writing entries to api4-21-rr-nondet.log...<br>
>> >> Assertion failure @ count 2656994906!<br>
>> >> api214-20-256: 4335499535 ( 62.00%) instrs. 336.32 sec. 1.08 GB ram.<br>
>> >> ERROR: replay failed!<br>
>> >> Time taken was: 337 seconds.<br>
>> >> Stats:<br>
>> >><br>
>> >><br>
>> >> now i use taint encounter 2 errors:aborted and killed.<br>
>> >><br>
>> >> the first one may caused malloc(),but i donnot know why killed.<br>
>> >><br>
>> >> so i want to scissor it to a smaller one (just use the stringseach) and<br>
>> >> then use the smaller to taint, but scissor failed too.<br>
>> >><br>
>> >><br>
>> >> 2015-04-20 22:06 GMT-04:00 Brendan Dolan-Gavitt <<a href="mailto:mooyix@gmail.com">mooyix@gmail.com</a>>:<br>
>> >>><br>
>> >>> This might be caused by a bug that was just fixed today:<br>
>> >>><br>
>> >>> <a href="https://github.com/moyix/panda/issues/58" target="_blank">https://github.com/moyix/panda/issues/58</a><br>
>> >>><br>
>> >>> Could you do a git pull and try again?<br>
>> >>><br>
>> >>> -Brendan<br>
>> >>><br>
>> >>> On Sun, Apr 19, 2015 at 8:29 AM, xiaojuan Li <<a href="mailto:xiaotan6666@gmail.com">xiaotan6666@gmail.com</a>><br>
>> >>> wrote:<br>
>> >>> > HI,Brendan,<br>
>> >>> > I am the one sending emails asking for help about the taint<br>
>> >>> > segfault.<br>
>> >>> > Till<br>
>> >>> > now, it haven't been fixed.(have tried your suggestions,but seems<br>
>> >>> > does<br>
>> >>> > not<br>
>> >>> > work)<br>
>> >>> > during my solving this problem,i find another problem about scissors<br>
>> >>> > plugin:<br>
>> >>> > using qemu-system-arm *** -replay ***** -panda<br>
>> >>> > "scissor:start=*,end=**,name=name" failed to get the cut one. does<br>
>> >>> > it<br>
>> >>> > have<br>
>> >>> > something wrong?<br>
>> >>> ><br>
>> >>> > Thanks for your patience.<br>
>> >>> > Best wishes.<br>
>> >>> ><br>
>> >>> ><br>
>> >>> > --<br>
>> >>> > wait and hope~~<br>
>> >><br>
>> >><br>
>> >><br>
>> >><br>
>> >> --<br>
>> >> wait and hope~~<br>
>> ><br>
>> ><br>
>> ><br>
>> ><br>
>> > --<br>
>> > wait and hope~~<br>
>> _______________________________________________<br>
>> panda-users mailing list<br>
>> <a href="mailto:panda-users@mit.edu">panda-users@mit.edu</a><br>
>> <a href="http://mailman.mit.edu/mailman/listinfo/panda-users" target="_blank">http://mailman.mit.edu/mailman/listinfo/panda-users</a><br>
><br>
><br>
</div></div></blockquote></div><br></div>