This is a draft of a control flow tracer based on source code instrumentation with a low overhead.
Instrument your software with instrumenter.py. When running instrumented software, the trace is written into a file.
The format is basically one character (plus an optional number)
for each source code block on the trace.
For accurate retracing, retrace.py uses symbolic execution.
Any software which is written in C/C++, with the source code available.
- python3
- libclang (
pip install libclang)
- C compiler (or your build system at choice) to compile the instrumented software
- C compiler (or your build system at choice) to compile the instrumented software
- python3
- angr for symbolic execution (
pip install angr)
- Run make
make - Install the python package
pip install .
-
Optionally: Change configuration in
include/src_tracer/constants.h. The following assumes the standard-configuration. -
First run the pre-processor
cd examples/ cpp -I../include checksum.c -o checksum_inst.c -
Instrument it (the pre-processed version)
python ../instrumenter.py checksum_inst.cFor a list of functions together with the
numgenerated by the instrumenter, have a look at the newly createdfunctions_database.db.
- Compile it with
_TRACE_MODE(you might also want different compiler optimizations for recording/replaying)(note: if you enabledgcc -D_TRACE_MODE -O3 -I../include -L../lib checksum_inst.c -o checksum_trace -lsrc_tracerTRACEFORK_ZSTDininclude/src_tracer/constants.h, you would need-lzstdhere) - Run it (replace
42to get another trace)The name of the recorded trace corresponds to the current time, e.g../checksum_trace 422023-04-28-143402-checksum.c.trace. - Display the trace (replace the trace name with the correct one!)
(note: if you enabled
python ../print_trace.py 2023-04-28-143402-checksum.c.traceTRACEFORK_ZSTDininclude/src_tracer/constants.h, you would need to decompress the trace first usingzstd -d)
- Compile it with
_RETRACE_MODE(you might also want different compiler optimizations for recording/replaying)gcc -D_RETRACE_MODE -g -I../include -L../lib checksum_inst.c -o checksum_retrace -lsrc_tracer - Retrace it (use
python -ito work with the tracedstatein the interactive shell)The last one just retraces functionpython ../retrace.py checksum_retrace 2023-04-28-143402-checksum.c.trace echo "F1 IIO" > sub.trace.txt python ../retrace.py checksum_retrace sub.trace.txtchecksum.
An example to instrument and retrace busybox with musl-libc can be found in the wiki
You can do it manually as for the checksum.c example.
For a more automatic way that works well with make scripts, make use of cc_wrapper/.
- Set some envirenmental variables. There are some variations, for example you might also add
-save-tempstoCFLAGS.(note: in addition toexport SRC_TRACER_DIR=......... export CC="gcc" export CFLAGS="-Wno-error -L${SRC_TRACER_DIR}/lib -I${SRC_TRACER_DIR}/include -no-integrated-cpp -B${SRC_TRACER_DIR}/cc_wrapper" export LIBS="-lsrc_tracer" export SRC_TRACER=""-lsrc_traceryou might not need-lzstdif you configuredinclude/src_tracer/constant.h) - Now you can ./configure your project...
- You can copy the build directory here, if you want to reuse the configuration for retracing.
- Before the actual compilation:
export SRC_TRACER="-D_TRACE_MODE" - Then build your project with make, gcc, whatever
- Same envirenmental variables as before. Only if you want to change some variables (e.g.
CFLAGSwith-g) make sure to setSRC_TRACER=(as empty string) before you./configureyour project again. - Before the actual compilation:
export SRC_TRACER="-D_RETRACE_MODE" - Then build your project with make, gcc, whatever
It can be a bit tricky to get the binary linking correctly, make sure that the record/replay executable includes the record/replay version of the app and its libraries.