rub-syssec / aurora Goto Github PK

View Code? Open in Web Editor NEW

145.0 145.0 20.0 4.78 MB

Usenix Security 2021 - AURORA: Statistical Crash Analysis for Automated Root Cause Explanation

License: GNU Affero General Public License v3.0

Dockerfile 1.60% Shell 2.12% Rust 77.68% Makefile 0.37% C++ 10.77% Python 7.48%

aurora's People

Contributors

Stargazers

Watchers

aurora's Issues

Questiones about aurora

Hello aurora team!
I seem to have some issues when I try to run some projects with aurora other than mruby.
The tracing output was like this:

python3 tracing.py /home/inspur/Desktop/aurora-master/aurora-master/evaluation/gpac-1.0.1/bin/gcc/MP4Box $EVAL_DIR/inputs $EVAL_DIR/traces
INFO: Using files at /home/inspur/Desktop/aurora-master/aurora-master/evaluation/inputs
INFO: Generating temporary directory at /tmp/tm/
INFO: Processing 1732 files in 2 subdirs at /home/inspur/Desktop/aurora-master/aurora-master/evaluation/inputs
INFO: Done processing 1732 files in 77.40813875198364s (on average 2.860346928479765s per input)
INFO: STATS: traced 1732/1732 files in 77.40813875198364s with 64 cores for /home/inspur/Desktop/aurora-master/aurora-master/evaluation/inputs
INFO: killall MP4Box
MP4Box: no process found
INFO: Moving files from /tmp/tm/ to /home/inspur/Desktop/aurora-master/aurora-master/evaluation/traces
INFO: Deleting temporary directory /tmp/tm/
INFO: Cleanup time: 0.002581357955932617s
INFO: Total execution time: 77.4329948425293s
INFO: Finished tracing run
inspur@NF5270M5:~/Desktop/aurora-master/aurora-master/tracing/scripts$ python3 addr_ranges.py --eval_dir $EVAL_DIR $EVAL_DIR/traces
{"heap_start": 93824992624640, "heap_end": 93824993013760, "stack_start": 140737488211968, "stack_end": 140737488351232}

It doesn't look like it's running correctly because the ranked_predicates_verbose file I get is empty in the next RCA step.
Is it because I didn't set the parameters for MP4Box to run correctly? When I run with afl its parameter is ./MP4Box -hint poc -out /dev/null. If so, at which step should I set the parameters?

aurora for python not working

When I use aurora for python(bug 17, bug 9 in the Paper), I find that the root cause seems undiscovered by the pintool.
For example, in the bug 9, the root cause is in the function "getdata" of /Mouldes/zipimport.c", but none of the instructions in "getdata" is recorded by the pintool.
When I use gdb to debug the bug, I set breakpoint at "getdata", gdb prints using host libthread_db library "lib/x86_64-linux-gnu/libthread_db.so.1".
So It seems that the get_data function is not recorded in the trace.

Help for fuzzing screen

Sorry to bother. When I'm doing the experiment of screen heap buffer overflow, the fourth test case in the paper, I don't know how to fuzz the program.
Would you please show me the cmd line to fuzz it？
Thanks for your help

Are there any public examples other than mruby?

Hi, This project is really great!

I want to run aurora using examples other than mruby. Can I access the scripts to build the targets used in the paper evaluation? Or do I have to reproduce the environment myself?

It would be helpful if you could share steps or scripts to reproduce other examples. Thank you in advance for your time.

Support for 32bits programs plus IDA pro plugin

Hi there,
we are going to implement the following features for Aurora:
Tracer - support for x86 applications
Root cause analysis - support for x86 trace files and applications.
IDA Pro plugin to navigate through predicates
Could it be useful for community? We need your opinion/feedback.
In case of any questions, feel free to ask.

Tarakanov Nikita

Advanced Software Technology Laboratory
Huawei

Fuzz PHP uninitialized variable (CVE-2019-11038)(bug 20 in aurora)

I downloaded the php-8.0.0 source.
Use the following commands
"CC=afl-clang ./configure --prefix=/dir_name/install --enable-gd --enable-cli --enable-debug --without-pear".
"export AFL_USE_MSAN=1"
"make -j"
to build php.
when I run "./php xbm.php", the program doesn't crash. So I can't fuzz it.
But If I run "valgrind ./php xbm.php", It crashes. But I don't know how to fuzz with valgrind.
Is there a solution to the problem? Thank you so mush.

is_heap_ptr(), is_stack_ptr() predicates

Hi, I have a question regarding predicates:

In you paper you are talking about two predicates for testing for valid addresses: "Additionally, we have two fixed predicates
testing whether expressions are valid heap or stack pointers, respectively: is_heap_ptr(r) and is_stack_ptr(r)." However, I cant seem to find this functionality in the code. Am I missing sth or did you remove these predicates ? If yes, why ?

Cheers

encountered library issue when try to do root cause analysis

When I run

cargo build --release --bin monitor
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/sioyoo/tools/aurora/root_cause_analysis/predicate_monitoring/Cargo.toml
workspace: /home/sioyoo/tools/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/sioyoo/tools/aurora/root_cause_analysis/trace_analysis/Cargo.toml
workspace: /home/sioyoo/tools/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/sioyoo/tools/aurora/root_cause_analysis/root_cause_analysis/Cargo.toml
workspace: /home/sioyoo/tools/aurora/root_cause_analysis/Cargo.toml
   Compiling serde v1.0.144
   Compiling zstd-safe v4.1.6+zstd.1.5.2
   Compiling zstd-sys v1.6.3+zstd.1.5.2
   Compiling structopt v0.3.26
   Compiling zydis v3.1.3
error: failed to run custom build command for `zydis v3.1.3`

Caused by:
  process didn't exit successfully: `/home/sioyoo/tools/aurora/root_cause_analysis/target/release/build/zydis-857f52bd3ebbfdfc/build-script-build` (exit status: 101)
  --- stdout
  cargo:rerun-if-changed=zydis-c
  cargo:rerun-if-changed=src/ZycoreExportConfig.h
  cargo:rerun-if-changed=src/ZydisExportConfig.h
  CMAKE_TOOLCHAIN_FILE_x86_64-unknown-linux-gnu = None
  CMAKE_TOOLCHAIN_FILE_x86_64_unknown_linux_gnu = None
  HOST_CMAKE_TOOLCHAIN_FILE = None
  CMAKE_TOOLCHAIN_FILE = None
  CMAKE_GENERATOR_x86_64-unknown-linux-gnu = None
  CMAKE_GENERATOR_x86_64_unknown_linux_gnu = None
  HOST_CMAKE_GENERATOR = None
  CMAKE_GENERATOR = None
  CMAKE_PREFIX_PATH_x86_64-unknown-linux-gnu = None
  CMAKE_PREFIX_PATH_x86_64_unknown_linux_gnu = None
  HOST_CMAKE_PREFIX_PATH = None
  CMAKE_PREFIX_PATH = None
  CMAKE_x86_64-unknown-linux-gnu = None
  CMAKE_x86_64_unknown_linux_gnu = None
  HOST_CMAKE = None
  CMAKE = None
  running: "cmake" "/home/sioyoo/.cargo/registry/src/github.com-1ecc6299db9ec823/zydis-3.1.3/zydis-c" "-DZYDIS_BUILD_EXAMPLES=OFF" "-DZYDIS_BUILD_TOOLS=OFF" "-DCMAKE_INSTALL_PREFIX=/home/sioyoo/tools/aurora/root_cause_analysis/target/release/build/zydis-4ae735aa84d7c2cb/out" "-DCMAKE_C_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64" "-DCMAKE_C_COMPILER=/usr/bin/cc" "-DCMAKE_CXX_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64" "-DCMAKE_CXX_COMPILER=/usr/bin/c++" "-DCMAKE_ASM_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64" "-DCMAKE_ASM_COMPILER=/usr/bin/cc" "-DCMAKE_BUILD_TYPE=Release"
  -- Configuring done
  -- Generating done
  -- Build files have been written to: /home/sioyoo/tools/aurora/root_cause_analysis/target/release/build/zydis-4ae735aa84d7c2cb/out/build
  running: "cmake" "--build" "." "--target" "install" "--config" "Release" "--parallel" "32"

  --- stderr
  You have called ADD_LIBRARY for library Zycore without any source files. This typically indicates a problem with your CMakeLists.txt file
  You have called ADD_LIBRARY for library Zydis without any source files. This typically indicates a problem with your CMakeLists.txt file
  Unknown argument --parallel
  Unknown argument 32
  Usage: cmake --build <dir> [options] [-- [native-options]]
  Options:
    <dir>          = Project binary directory to be built.
    --target <tgt> = Build <tgt> instead of default targets.
                     May only be specified once.
    --config <cfg> = For multi-configuration tools, choose <cfg>.
    --clean-first  = Build target 'clean' first, then build.
                     (To clean only, use --target 'clean'.)
    --use-stderr   = Ignored.  Behavior is default in CMake >= 3.0.
    --             = Pass remaining options to the native tool.
  thread 'main' panicked at '
  command did not execute successfully, got: exit status: 1

  build script failed, must exit now', /home/sioyoo/.cargo/registry/src/github.com-1ecc6299db9ec823/cmake-0.1.48/src/lib.rs:975:5
  note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
warning: build failed, waiting for other jobs to finish...
error: build failed

It seems there is some problem with the library, however I am not sure, is there any solution to fix this problem?

02_tracing.sh obtain address.json without "heap_start" and "heap_end"

I ran 02_tracing.sh and obtained address.json file. But without "heap_start" and "heap_end".  Could you give me some advice?

01_afl.sh
timeout 600 $AFL_DIR/afl-fuzz -C -d -m none -i $EVAL_DIR/POC -o $AFL_WORKDIR -- $EVAL_DIR/SRC_afl/build/bin/demo

02_tracing.sh
user@9ab1c4006dca:~/share/test/test/demo_ctf$ ./rca/02_tracing.sh 
INFO: Using files at /home/user/share/test/test/demo_ctf/inputs
INFO: Generating temporary directory at /tmp/tm/
INFO: Processing 1529 files in 2 subdirs at /home/user/share/test/test/demo_ctf/inputs
INFO: Done processing 1529 files in 30.105374813079834s (on average 0.6300667063561509s per input)
INFO: STATS: traced 1529/1529 files in 30.105374813079834s with 32 cores for /home/user/share/test/test/demo_ctf/inputs
INFO: killall demo_trace
sh: 1: killall: not found
INFO: Moving files from /tmp/tm/ to /home/user/share/test/test/demo_ctf/traces
INFO: Deleting temporary directory /tmp/tm/
INFO: Cleanup time: 0.1406869888305664s
INFO: Total execution time: 30.2633535861969s
INFO: Finished tracing run
{"stack_start": 140737488216064, "stack_end": 140737488351232}
Dumping to /home/user/share/test/test/demo_ctf/addresses.json

03_rca.sh
user@9ab1c4006dca:~/share/test/test/demo_ctf/rca$ RUST_BACKTRACE=1 ./03_rca.sh 
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/user/aurora/root_cause_analysis/root_cause_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
    Finished release [optimized] target(s) in 0.04s
     Running `target/release/rca --eval-dir /home/user/share/test/test/demo_ctf --trace-dir /home/user/share/test/test/demo_ctf --monitor --rank-predicates`
analyzing traces
reading crashes
reading non-crashes
146 crashes and 1383 non-crashes
thread 'main' panicked at 'Could not deserialize file /home/user/share/test/test/demo_ctf/addresses.json: Error("missing field `heap_start`", line: 1, column: 62)', trace_analysis/src/trace_analyzer.rs:39:40
stack backtrace:
   0: rust_begin_unwind
             at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:515:5
   1: core::panicking::panic_fmt
             at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/core/src/panicking.rs:92:14
   2: core::result::unwrap_failed
             at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/core/src/result.rs:1355:5
   3: trace_analysis::trace_analyzer::MemoryAddresses::read_from_file
   4: trace_analysis::trace_analyzer::TraceAnalyzer::new
   5: root_cause_analysis::traces::analyze_traces
   6: rca::main
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.

Question: Are the running times in Table 5 of the paper obtained running on a single core or on 32?

Hello, thank you for releasing this tool.

I was reading the usenix paper and saw the table 5 with a summary of time spent on each phase of the pipeline, but I could not determine if these times are measured as wall clock time using all 32 cores of the machine or cpu time.

I have also a similar question about the fuzzing time for each target, are the time values in the paper measured as cpu time or wall clock time for 32 cores?

Thank you

Question on the root cause of the testcases in the paper

Hi, thanks for sharing your excellent code on Aurora.

Could you please add a list giving the ground truth (i.e. root cause) of the vulnerabilities you tested? The root cause of some testcases in the paper are complicated to determine, so I would like to know how you determine which instruction (among the top-50) is the actual root cause. For example, the use-after-free vulnerability in NASM(Table 1, #23) seems to have multiple root causes (its patch has patched multiple locations), which one do you consider as its root cause?

Looking forward to hearing back from you at your earliest convenience.
Regards

thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', root_cause_analysis/src/rankings.rs:20:14

Hello there,
I run the rca component on MP4Box_trace and get the bellow error, could you give me some advice?

analyzing traces
reading crashes
reading non-crashes
4619 crashes and 9855 non-crashes
filling cfg
calculating scores
dumping linear scores
trace analysis time: 199.559767595 seconds
monitoring predicates
monitoring time: 14.35331191 seconds
ranking predicates
thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', root_cause_analysis/src/rankings.rs:20:14
stack backtrace:
   0:     0x555555671eb6 - std::backtrace_rs::backtrace::libunwind::trace::hf2f6aa11f15afae5
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/../../backtrace/src/backtrace/libunwind.rs:90:5
   1:     0x555555671eb6 - std::backtrace_rs::backtrace::trace_unsynchronized::hfc44a6226fb5d219
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x555555671eb6 - std::sys_common::backtrace::_print_fmt::h70bd032f952cf459
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/sys_common/backtrace.rs:67:5
   3:     0x555555671eb6 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h49e1a23a5054c758
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/sys_common/backtrace.rs:46:22
   4:     0x55555569fb5c - core::fmt::write::h182b3dab33fa727d
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/core/src/fmt/mod.rs:1163:17
   5:     0x555555660205 - std::io::Write::write_fmt::h5ea7b9894bff0939
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/io/mod.rs:1696:15
   6:     0x555555660d30 - std::sys_common::backtrace::_print::hb75c2175482624d1
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/sys_common/backtrace.rs:49:5
   7:     0x555555660d30 - std::sys_common::backtrace::print::h335deda6566a1328
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/sys_common/backtrace.rs:36:9
   8:     0x555555660d30 - std::panicking::default_hook::{{closure}}::h6173da6e0942ed8a
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:210:50
   9:     0x5555556608d1 - std::panicking::default_hook::h611c2dce9a02b0de
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:227:9
  10:     0x55555566137b - std::panicking::rust_panic_with_hook::h00e530dc19739cc5
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:624:17
  11:     0x555555672372 - std::panicking::begin_panic_handler::{{closure}}::h0f0f2898d10c9bce
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:519:13
  12:     0x555555672004 - std::sys_common::backtrace::__rust_end_short_backtrace::hf8ad41e55ac21c53
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/sys_common/backtrace.rs:139:18
  13:     0x555555660e22 - rust_begin_unwind
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:517:5
  14:     0x555555573a11 - core::panicking::panic_fmt::hbfd18ed1d8ed03e1
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/core/src/panicking.rs:100:14
  15:     0x55555557395d - core::panicking::panic::ha5ca6c77bd7d16db
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/core/src/panicking.rs:50:5
  16:     0x55555557be85 - root_cause_analysis::rankings::predicate_order::h3106c8c2d59e51d5
  17:     0x5555555868d4 - rayon::slice::mergesort::mergesort::hc5ddbf587b20072f
  18:     0x555555585fa1 - rayon::slice::mergesort::par_mergesort::hd570bcd01ab5225c
  19:     0x55555557bfd3 - root_cause_analysis::rankings::rank_predicates::h720fd279e4ff408e
  20:     0x555555574724 - rca::main::hb338cbb4eaa87785
  21:     0x5555555740c3 - std::sys_common::backtrace::__rust_begin_short_backtrace::h42056a659e48d476
  22:     0x555555574099 - std::rt::lang_start::{{closure}}::h1ad688fef5c12277
  23:     0x55555565cc71 - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::h40ff753a84ffa5fb
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/core/src/ops/function.rs:259:13
  24:     0x55555565cc71 - std::panicking::try::do_call::h18ca85146b2c97eb
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:403:40
  25:     0x55555565cc71 - std::panicking::try::he1f6b82ce0566f45
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:367:19
  26:     0x55555565cc71 - std::panic::catch_unwind::h305fd36a040bbd45
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panic.rs:133:14
  27:     0x55555565cc71 - std::rt::lang_start_internal::{{closure}}::h978c2fbb45d5a4b4
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/rt.rs:128:48
  28:     0x55555565cc71 - std::panicking::try::do_call::h8123cbc0366d0ace
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:403:40
  29:     0x55555565cc71 - std::panicking::try::h821570f729a702fd
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:367:19
  30:     0x55555565cc71 - std::panic::catch_unwind::hc178b81e7693b509
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panic.rs:133:14
  31:     0x55555565cc71 - std::rt::lang_start_internal::h64a8327b226752c1
                               at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/rt.rs:128:20
  32:     0x555555574912 - main
  33:     0x7ffff7c540b3 - __libc_start_main
  34:     0x555555573fce - _start
  35:                0x0 - <unknown>

03_rca.sh killed

Hi,
I ran the mruby example in the given docker. When I ran the /home/user/aurora/docker/example_scripts/03_rca.sh I got the errors as below. And, I couldn't get predicates.json, ranked_predicates.txt, ranked_predicates_verbose.txt, rankings.json scores_linear.csv files.
Can you give me some advice?

Finished release [optimized] target(s) in 52.66s
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/user/aurora/root_cause_analysis/predicate_monitoring/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/user/aurora/root_cause_analysis/trace_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/user/aurora/root_cause_analysis/root_cause_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
   Compiling itertools v0.9.0
   Compiling root_cause_analysis v0.1.0 (/home/user/aurora/root_cause_analysis/root_cause_analysis)
    Finished release [optimized] target(s) in 3.33s
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/user/aurora/root_cause_analysis/predicate_monitoring/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/user/aurora/root_cause_analysis/trace_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/user/aurora/root_cause_analysis/root_cause_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
    Finished release [optimized] target(s) in 0.04s
     Running `target/release/rca --eval-dir /home/user/evaluation --trace-dir /home/user/evaluation --monitor --rank-predicates`
analyzing traces
reading crashes
reading non-crashes
./03_rca.sh: line 13:  3335 Killed                  cargo run --release --bin rca -- --eval-dir $EVAL_DIR --trace-dir $EVAL_DIR --monitor --rank-predicates

thread 'main' panicked at 'No rankings in rankings.json', root_cause_analysis/src/rankings.rs:26:5

Hi Aurora team,

I came across a panic thread 'main' panicked at 'No rankings in rankings.json', root_cause_analysis/src/rankings.rs:26:5 when running the command cargo run --release --bin rca -- --eval-dir $EVAL_DIR --trace-dir $EVAL_DIR --monitor --rank-predicates in README file.

Here is how I build the system:
In a docker running Ubuntu 18.04, I follow the README instructions for Preparation, Tracing, and Root Cause Analysis sections. For a quick testing, I simply unzip the example.zip, setup the $EVAL_DIR and copy the crashes and non_crashes dirs into it.
At first, the same problem occurs as #8. So I switched to the develop branch. Then a panic of thread 'main' panicked at 'No rankings in rankings.json', root_cause_analysis/src/rankings.rs:26:5 occurs, when running cargo run --release --bin rca -- --eval-dir $EVAL_DIR --trace-dir $EVAL_DIR --monitor --rank-predicates

Here is the full backtrace:

warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/user/aurora/root_cause_analysis/predicate_monitoring/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/user/aurora/root_cause_analysis/trace_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/user/aurora/root_cause_analysis/root_cause_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: use of deprecated associated function `zip::read::ZipFile::<'a>::sanitized_name`: by stripping `..`s from the path, the meaning of paths can change.
                         `mangled_name` can be used if this behaviour is desirable
   --> trace_analysis/src/trace.rs:282:42
    |
282 |         let trace_file_path = trace_file.sanitized_name().to_str().unwrap().to_string();
    |                                          ^^^^^^^^^^^^^^
    |
    = note: `#[warn(deprecated)]` on by default

warning: for loop over an `Option`. This is more readably written as an `if let` statement
   --> trace_analysis/src/control_flow_graph.rs:178:31
    |
178 |             for successors in self.successors.get(&node) {
    |                               ^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = note: `#[warn(for_loops_over_fallibles)]` on by default
help: to check pattern in a loop use `while let`
    |
178 |             while let Some(successors) = self.successors.get(&node) {
    |             ~~~~~~~~~~~~~~~          ~~~
help: consider using `if let` to clear intent
    |
178 |             if let Some(successors) = self.successors.get(&node) {
    |             ~~~~~~~~~~~~          ~~~

warning: `trace_analysis` (lib) generated 2 warnings
    Finished release [optimized] target(s) in 0.09s
warning: the following packages contain code that will be rejected by a future version of Rust: nom v5.1.2
note: to see what the problems were, use the option `--future-incompat-report`, or run `cargo report future-incompatibilities --id 64`
     Running `target/release/rca --eval-dir /home/user/aurora/evaluation_origin --monitor --rank-predicates`
thread 'main' panicked at 'No rankings in rankings.json', root_cause_analysis/src/rankings.rs:26:5
stack backtrace:
   0:     0x55555558a6fa - std::backtrace_rs::backtrace::libunwind::trace::ha271a8a7e1f3d4ef
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/../../backtrace/src/backtrace/libunwind.rs:93:5
   1:     0x55555558a6fa - std::backtrace_rs::backtrace::trace_unsynchronized::h85739da0352c791a
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x55555558a6fa - std::sys_common::backtrace::_print_fmt::hbc6ebcfb2910b329
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/sys_common/backtrace.rs:65:5
   3:     0x55555558a6fa - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::he1c117e52d53614f
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/sys_common/backtrace.rs:44:22
   4:     0x5555555ae1fe - core::fmt::write::h25eb51b9526b8e0c
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/core/src/fmt/mod.rs:1213:17
   5:     0x555555587c25 - std::io::Write::write_fmt::ha9edec5fb1621933
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/io/mod.rs:1682:15
   6:     0x55555558a4c5 - std::sys_common::backtrace::_print::hf8657cd429fc3452
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/sys_common/backtrace.rs:47:5
   7:     0x55555558a4c5 - std::sys_common::backtrace::print::h41b9b18ed86f86bd
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/sys_common/backtrace.rs:34:9
   8:     0x55555558bcaf - std::panicking::default_hook::{{closure}}::h22a91871f4454152
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panicking.rs:267:22
   9:     0x55555558b9eb - std::panicking::default_hook::h21ddc36de0cd4ae7
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panicking.rs:286:9
  10:     0x55555558c3b9 - std::panicking::rust_panic_with_hook::h5059419d6d59b3d0
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panicking.rs:688:13
  11:     0x555555442eea - std::panicking::begin_panic::{{closure}}::hb75ff785e4da62b4
  12:     0x555555442ebc - std::sys_common::backtrace::__rust_end_short_backtrace::hf00f73ef884ccdd2
  13:     0x55555541608a - std::panicking::begin_panic::h192eb58691437ec3
  14:     0x5555554343a8 - root_cause_analysis::rankings::rank_predicates::hd90177f577ea8e2b
  15:     0x555555424890 - rca::main::h97f8ab931b39245d
  16:     0x555555424553 - std::sys_common::backtrace::__rust_begin_short_backtrace::hc386a1fb90cdfa8a
  17:     0x555555424c79 - std::rt::lang_start::{{closure}}::hba7c4263a55a9f7a
  18:     0x55555558317c - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::h203afb3af230319a
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/core/src/ops/function.rs:287:13
  19:     0x55555558317c - std::panicking::try::do_call::hf68e87013b70f3c5
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panicking.rs:483:40
  20:     0x55555558317c - std::panicking::try::h040ea8f298390ba2
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panicking.rs:447:19
  21:     0x55555558317c - std::panic::catch_unwind::h1e17b198887a05fa
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panic.rs:140:14
  22:     0x55555558317c - std::rt::lang_start_internal::{{closure}}::hfb902d8927e51b86
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/rt.rs:148:48
  23:     0x55555558317c - std::panicking::try::do_call::h354e6eb41f2e7d42
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panicking.rs:483:40
  24:     0x55555558317c - std::panicking::try::h4a39749cd018228c
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panicking.rs:447:19
  25:     0x55555558317c - std::panic::catch_unwind::h30bce83b8de61cca
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panic.rs:140:14
  26:     0x55555558317c - std::rt::lang_start_internal::h8f7e70b1a2558118
                               at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/rt.rs:148:20
  27:     0x555555424aa5 - main
  28:     0x7ffff6e22c87 - __libc_start_main
  29:     0x55555542446a - _start
  30:                0x0 - <unknown>

Finally I found that it is the panic thread 'main' panicked at 'failed to read memory: Sys(EPERM)', predicate_monitoring/src/lib.rs:24:55 in /home/user/aurora/root_cause_analysis/predicate_monitoring/src/lib.rs.

In $EVAL_DIR, the addresses.json, mnemonics.json, predicates.json, scores_linear_serialized.json and scores_linear.csv files are all not empty. The $EVAL_DIR/traces directory is also properly filled with *.zip files in $EVAL_DIR/traces/crashes and $EVAL_DIR/traces/non_crashes.
The content in $EVAL_DIR/traces/stat.txt is:

STATS: traced 5991/5991 files in 1733.535923242569s with 160 cores for /home/user/aurora/evaluation_origin/inputs

However, the ranking.json is simply filled with "[]". It really confuses me a lot.

Could you please give me some advice? We would be grateful for any guidance you can offer.

thread 'main' panicked at 'assertion failed: `(left == right)`

Hi, I run the rca component  and get the bellow error, could you give me some advice?
Thanks

package:   /home/user/aurora/root_cause_analysis/predicate_monitoring/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/user/aurora/root_cause_analysis/trace_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package:   /home/user/aurora/root_cause_analysis/root_cause_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
    Finished release [optimized] target(s) in 0.04s
     Running `target/release/rca --eval-dir /home/user/test/gpac_4c19ae5 --trace-dir /home/user/test/gpac_4c19ae5 --monitor --rank-predicates`
analyzing traces
reading crashes
reading non-crashes
204 crashes and 900 non-crashes
filling cfg
calculating scores
dumping linear scores
trace analysis time: 3.171809017 seconds
monitoring predicates
thread 'main' panicked at 'assertion failed: `(left == right)`
  left: `0`,
 right: `1`', root_cause_analysis/src/monitor.rs:114:5
stack backtrace:
   0:     0x555555665540 - std::backtrace_rs::backtrace::libunwind::trace::h1a39bd9a98540471
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/../../backtrace/src/backtrace/libunwind.rs:90:5
   1:     0x555555665540 - std::backtrace_rs::backtrace::trace_unsynchronized::h21a1eeae7103ab3f
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x555555665540 - std::sys_common::backtrace::_print_fmt::hc9ffbae9ed6a9871
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:67:5
   3:     0x555555665540 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h17510753a34a3f09
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:46:22
   4:     0x55555568975c - core::fmt::write::h1e5a1f350e43b10f
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/core/src/fmt/mod.rs:1110:17
   5:     0x555555662b35 - std::io::Write::write_fmt::h06ec27c6d028baf1
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/io/mod.rs:1588:15
   6:     0x5555556675eb - std::sys_common::backtrace::_print::h1a02603349b1dc60
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:49:5
   7:     0x5555556675eb - std::sys_common::backtrace::print::h0fc317d31c48cd9b
 right: `1`', root_cause_analysis/src/monitor.rs:114:5
stack backtrace:
   0:     0x555555665540 - std::backtrace_rs::backtrace::libunwind::trace::h1a39bd9a98540471
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/../../backtrace/src/backtrace/libunwind.rs:90:5
   1:     0x555555665540 - std::backtrace_rs::backtrace::trace_unsynchronized::h21a1eeae7103ab3f
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x555555665540 - std::sys_common::backtrace::_print_fmt::hc9ffbae9ed6a9871
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:67:5
   3:     0x555555665540 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h17510753a34a3f09
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:46:22
   4:     0x55555568975c - core::fmt::write::h1e5a1f350e43b10f
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/core/src/fmt/mod.rs:1110:17
   5:     0x555555662b35 - std::io::Write::write_fmt::h06ec27c6d028baf1
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/io/mod.rs:1588:15
   6:     0x5555556675eb - std::sys_common::backtrace::_print::h1a02603349b1dc60
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:49:5
   7:     0x5555556675eb - std::sys_common::backtrace::print::h0fc317d31c48cd9b
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:36:9
   8:     0x5555556675eb - std::panicking::default_hook::{{closure}}::ha522601c22d7057b
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:208:50
   9:     0x5555556670c1 - std::panicking::default_hook::hd50ab173af9a3ce8
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:225:9
  10:     0x555555667c91 - std::panicking::rust_panic_with_hook::hb5a01416e02405ad
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:622:17
  11:     0x555555667797 - std::panicking::begin_panic_handler::{{closure}}::hf1dda5d5c0706ee0
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:519:13
  12:     0x555555665a1c - std::sys_common::backtrace::__rust_end_short_backtrace::h56c02e9609085b17
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:141:18
  13:     0x5555556676f9 - rust_begin_unwind
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:515:5
  14:     0x555555573491 - core::panicking::panic_fmt::hc774f6c679779106
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/core/src/panicking.rs:92:14
  15:     0x555555688078 - core::panicking::assert_failed_inner::hf344cab8a95f284d
  16:     0x55555556851b - core::panicking::assert_failed::h02097acf3d38c072
  17:     0x55555558624b - root_cause_analysis::monitor::executable::h62166ffef4ddce96
  18:     0x555555585ef5 - root_cause_analysis::monitor::cmd_line::h446164ae153890dc
  19:     0x555555584e7a - root_cause_analysis::monitor::monitor_predicates::h0d0a1f658c7216e4
  20:     0x5555555742a0 - rca::main::h215c2f82f7fcaa9d
  21:     0x555555573d33 - std::sys_common::backtrace::__rust_begin_short_backtrace::h076879d3a1d184b9
  22:     0x5555555745a9 - std::rt::lang_start::{{closure}}::h889b99bfec037d3e
  23:     0x555555668289 - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::ha2e6a00894110f5e
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/core/src/ops/function.rs:259:13
  24:     0x555555668289 - std::panicking::try::do_call::h2aa095b10fbe4433
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:401:40
  25:     0x555555668289 - std::panicking::try::h342ee7e6dfa7b563
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:365:19
  26:     0x555555668289 - std::panic::catch_unwind::ha70b20d9f0bb209a
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panic.rs:434:14
  27:     0x555555668289 - std::rt::lang_start_internal::hf51cfe9f287a8911
                               at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/rt.rs:34:21
  28:     0x555555574592 - main
  29:     0x7ffff7c660b3 - __libc_start_main
  30:     0x555555573c6e - _start
  31:                0x0 - <unknown>

rub-syssec / aurora Goto Github PK

aurora's People

Contributors

Stargazers

Watchers

Forkers

aurora's Issues

Tarakanov Nikita

Recommend Projects

Recommend Topics

Recommend Org