Enabling --catch-trap makes sure tracing aborts with an error message
in case a CPU exception/trap is observed in the fault-free golden run.
In most cases, this is an indication the analyzed program is broken in
the first place, which should be detected early in the FI process.
This is a refurbished version of a commit by Marcel Johannfunke.
Change-Id: I50cc8e12e0986d3623a1be78259cfad13dc56205
This fixes a bug (uninitialized member variable check_bounds)
introduced in commit 43ebf3e, which led to bounds checking sometimes
being accidentally enabled.
Change-Id: Ia2992a38dd83416ce0ec2a9d845d7827617cbd89
As the outerspace listeners catch read and write accesses, this must
be documented in the help message. The old parameter name is now marked as
deprecated and can be removed in 2022.
Furthmore, the experiment now has the combined command line argument
--catch-outerspace, which enables catching accesses below and above
the ELF.
During the trace generation, we can enable the bounds check, which
catches all events that are monitored by the generic-experiement
options:
--catch-write-textsegment
--catch-upper-outerspace
--catch-lower-outerspace
The generic experiment set the TriggerAccessType not the
WatchAccessType. Therefore, the text segment listener fired on write
AND read events. The watch access type can only be set in the constructor.
This patch uses ELF segments instead of section for determining the
extent of the binary in memory. Consequently, the outerspace listener
was modified to use these new bounds. Additionally, the generic
experiment was changed to include a lowerspace listener, which listens
for write access below the physical memory location of the ELF.
If the user enabled multiple experiments, it does not make sense to
execute them concurrently. Therefore, we now only register all enabled
experiments and choose one experiment on fail-client startup. For this
selection, the user can either set the FAIL_EXPERIMENT environment
variable or invoke the tool with a specific argv[0]. For the
bin/-folder, we create symlinks for this mechanism.
With this change, the generic-tracing and generic-experiment can be
compiled into the same executable and we could distribute a "standard"
version of FAIL*.
The previous path google::protobuf::Message::Reflection was deprecated
in 2008 (779f61c6a3ce02a119e28e802f229e61b69b9046), and we only used
it here. With newer versions of proto-c, this breaks the build.
This is an API breaking change. Nevertheless, help text and
command-line parser were out of sync and the variant of the help-text
does make much more sense.
Symbol type FUNC (STT_FUNC, "code object") seems not to suffice when parts
of the disassembled binary come from assembler source files. We try to
disassemble STT_NOTYPE (symbol type "unspecified") as well now.
Change-Id: I582190900e66d6af0779dfaf3b569f0e157e9ce7
Especially for dynamically linked ELF binaries (such as those in the
testing/ subdirectory), symbols with a start address outside the .text
section may exist. This change skips any symbol that is not fully within
this section (and assigns a reasonable size to a zero-sized last symbol
within the symbol table), and turns green all Capstone-related test cases.
Change-Id: I2b51d0f21f325e6052ebc36d9533621bdf9aa38d
This version check could (and probably should) also be done in the cmake
scripts. However, this check in CapstoneDisassembler.cpp catches another
failure mode: When a cmake script is missing a include_directories()
directive pointing to capstone.h -- resulting in a missing -I parameter to
gcc -- accidentally a system-wide 3.x capstone.h may get #included,
providing the wrong definitions and prototypes to some translation units.
Change-Id: Id30f77a47e38f4e892b92189bcce9119bf03918c
The switch to MariaDB Connector/C 3.0 involves some subtle API
changes, including the fact that "~" is not expanded to the user's
home directory anymore. This change expands the HOME environment
variable within our code base.
Change-Id: I30bc0d4fba6f0c8001832a981aa99af7e6f2a369
Some libraries, e.g. protobuf, depend on C++11 now. As they are
(indirectly) included in some .ah aspect headers, everything has to be
compiled with C++11 enabled now.
This change switches to C++14 globally.
Change-Id: I56a802bd510704d668a2b2c8957e11725fbe98b7
Due to a typo (cast to regwidth_t instead of regdata_t), accesses to
register content beyond an offset of 32 bits via
LLVMtoFailTranslator::reginfo_t did not work correctly. Additionally, this
change fixes constructing reginfo_t with a bit width >= 64 (e.g. the whole
RAX register).
Change-Id: I24914cd64fa51118eeac38cc3fb47b76790d3aac
Using switch/case instead of an if cascade is more readable and has a
better chance to be optimized.
Change-Id: I41dc2cbdf8c14bd35c91520d74b476d7b522a3a4
The "--[Server] No workload, come again..." appears every time a
larger job set is loaded from the database, once for every client that
knocks. This isn't helpful and scrolls out relevant information,
hence I'm removing it for now.
Change-Id: Ic7ca5b3a0c096b384ba4803df5b482a96bf803b1
