improve I/O logic and tests
tracer: call unw_strerror correctly
node: add node_dump function
Fuzzers generate thousands of files, hundreds of which can be redundant. uc pares them down.
Example usage, in the case of an AFL++ parallel run:
for f in findings/*/crashes/id*; do
printf 'exec %s %s\n' "$TARGET" "$f"
done | ./uc
Output:
root
. gsignal() 0x40f35b 0xcb
. . halve() 0x401d07 0x22
. . . collatz() 0x401d7a 0x44
. . . . main() 0x401dea 0x6e
. . . . . "exec ./test/crasher 8 2" (Floating point exception)
. . . . . "exec ./test/crasher 6 2" (Aborted)
. . . . halve() 0x401d07 0x22
. . . . . collatz() 0x401d7a 0x44
. . . . . . main() 0x401dea 0x6e
. . . . . . . "exec ./test/crasher 4 4" (Illegal instruction)
. . . . . . halve() 0x401d07 0x22
. . . . . . . collatz() 0x401d7a 0x44
. . . . . . . . augment() 0x401d34 0x2b
. . . . . . . . . collatz() 0x401d6e 0x38
. . . . . . . . . . augment() 0x401d34 0x2b
. . . . . . . . . . . collatz() 0x401d6e 0x38
. . . . . . . . . . . . main() 0x401dea 0x6e
. . . . . . . . . . . . . "exec ./test/crasher 11 3" (Segmentation fault)
This program is a prototype and guaranteed to do something different in the future.
Your Linux system likely supports address space layout randomization (ASLR). It breaks uc by mapping functions to different addresses in each process invocation. There are a few ways around this:
echo 0 >/proc/sys/kernel/randomize_va_space
(haven't tried it)The first two are most accessible. uc does not subtract base addresses.
Evan Klitzke, the libunwind team, and Marek Majkowski provided helpful information. Thanks to Daniel Thompson for an adaptable starting point, on which uc is based.