rub-syssec / aurora Goto Github PK
View Code? Open in Web Editor NEWUsenix Security 2021 - AURORA: Statistical Crash Analysis for Automated Root Cause Explanation
License: GNU Affero General Public License v3.0
Usenix Security 2021 - AURORA: Statistical Crash Analysis for Automated Root Cause Explanation
License: GNU Affero General Public License v3.0
Hello aurora team!
I seem to have some issues when I try to run some projects with aurora other than mruby.
The tracing output was like this:
python3 tracing.py /home/inspur/Desktop/aurora-master/aurora-master/evaluation/gpac-1.0.1/bin/gcc/MP4Box $EVAL_DIR/inputs $EVAL_DIR/traces
INFO: Using files at /home/inspur/Desktop/aurora-master/aurora-master/evaluation/inputs
INFO: Generating temporary directory at /tmp/tm/
INFO: Processing 1732 files in 2 subdirs at /home/inspur/Desktop/aurora-master/aurora-master/evaluation/inputs
INFO: Done processing 1732 files in 77.40813875198364s (on average 2.860346928479765s per input)
INFO: STATS: traced 1732/1732 files in 77.40813875198364s with 64 cores for /home/inspur/Desktop/aurora-master/aurora-master/evaluation/inputs
INFO: killall MP4Box
MP4Box: no process found
INFO: Moving files from /tmp/tm/ to /home/inspur/Desktop/aurora-master/aurora-master/evaluation/traces
INFO: Deleting temporary directory /tmp/tm/
INFO: Cleanup time: 0.002581357955932617s
INFO: Total execution time: 77.4329948425293s
INFO: Finished tracing run
inspur@NF5270M5:~/Desktop/aurora-master/aurora-master/tracing/scripts$ python3 addr_ranges.py --eval_dir $EVAL_DIR $EVAL_DIR/traces
{"heap_start": 93824992624640, "heap_end": 93824993013760, "stack_start": 140737488211968, "stack_end": 140737488351232}
It doesn't look like it's running correctly because the ranked_predicates_verbose file I get is empty in the next RCA step.
Is it because I didn't set the parameters for MP4Box to run correctly? When I run with afl its parameter is ./MP4Box -hint poc -out /dev/null. If so, at which step should I set the parameters?
When I use aurora for python(bug 17, bug 9 in the Paper), I find that the root cause seems undiscovered by the pintool.
For example, in the bug 9, the root cause is in the function "getdata" of /Mouldes/zipimport.c", but none of the instructions in "getdata" is recorded by the pintool.
When I use gdb to debug the bug, I set breakpoint at "getdata", gdb prints using host libthread_db library "lib/x86_64-linux-gnu/libthread_db.so.1".
So It seems that the get_data function is not recorded in the trace.
Sorry to bother. When I'm doing the experiment of screen heap buffer overflow, the fourth test case in the paper, I don't know how to fuzz the program.
Would you please show me the cmd line to fuzz it?
Thanks for your help
Hi, This project is really great!
I want to run aurora using examples other than mruby. Can I access the scripts to build the targets used in the paper evaluation? Or do I have to reproduce the environment myself?
It would be helpful if you could share steps or scripts to reproduce other examples. Thank you in advance for your time.
Hi there,
we are going to implement the following features for Aurora:
Tracer - support for x86 applications
Root cause analysis - support for x86 trace files and applications.
IDA Pro plugin to navigate through predicates
Could it be useful for community? We need your opinion/feedback.
In case of any questions, feel free to ask.
Advanced Software Technology Laboratory
Huawei
I downloaded the php-8.0.0 source.
Use the following commands
"CC=afl-clang ./configure --prefix=/dir_name/install --enable-gd --enable-cli --enable-debug --without-pear".
"export AFL_USE_MSAN=1"
"make -j"
to build php.
when I run "./php xbm.php", the program doesn't crash. So I can't fuzz it.
But If I run "valgrind ./php xbm.php", It crashes. But I don't know how to fuzz with valgrind.
Is there a solution to the problem? Thank you so mush.
Hi, I have a question regarding predicates:
In you paper you are talking about two predicates for testing for valid addresses: "Additionally, we have two fixed predicates
testing whether expressions are valid heap or stack pointers, respectively: is_heap_ptr(r) and is_stack_ptr(r)." However, I cant seem to find this functionality in the code. Am I missing sth or did you remove these predicates ? If yes, why ?
Cheers
When I run
cargo build --release --bin monitor
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /home/sioyoo/tools/aurora/root_cause_analysis/predicate_monitoring/Cargo.toml
workspace: /home/sioyoo/tools/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /home/sioyoo/tools/aurora/root_cause_analysis/trace_analysis/Cargo.toml
workspace: /home/sioyoo/tools/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /home/sioyoo/tools/aurora/root_cause_analysis/root_cause_analysis/Cargo.toml
workspace: /home/sioyoo/tools/aurora/root_cause_analysis/Cargo.toml
Compiling serde v1.0.144
Compiling zstd-safe v4.1.6+zstd.1.5.2
Compiling zstd-sys v1.6.3+zstd.1.5.2
Compiling structopt v0.3.26
Compiling zydis v3.1.3
error: failed to run custom build command for `zydis v3.1.3`
Caused by:
process didn't exit successfully: `/home/sioyoo/tools/aurora/root_cause_analysis/target/release/build/zydis-857f52bd3ebbfdfc/build-script-build` (exit status: 101)
--- stdout
cargo:rerun-if-changed=zydis-c
cargo:rerun-if-changed=src/ZycoreExportConfig.h
cargo:rerun-if-changed=src/ZydisExportConfig.h
CMAKE_TOOLCHAIN_FILE_x86_64-unknown-linux-gnu = None
CMAKE_TOOLCHAIN_FILE_x86_64_unknown_linux_gnu = None
HOST_CMAKE_TOOLCHAIN_FILE = None
CMAKE_TOOLCHAIN_FILE = None
CMAKE_GENERATOR_x86_64-unknown-linux-gnu = None
CMAKE_GENERATOR_x86_64_unknown_linux_gnu = None
HOST_CMAKE_GENERATOR = None
CMAKE_GENERATOR = None
CMAKE_PREFIX_PATH_x86_64-unknown-linux-gnu = None
CMAKE_PREFIX_PATH_x86_64_unknown_linux_gnu = None
HOST_CMAKE_PREFIX_PATH = None
CMAKE_PREFIX_PATH = None
CMAKE_x86_64-unknown-linux-gnu = None
CMAKE_x86_64_unknown_linux_gnu = None
HOST_CMAKE = None
CMAKE = None
running: "cmake" "/home/sioyoo/.cargo/registry/src/github.com-1ecc6299db9ec823/zydis-3.1.3/zydis-c" "-DZYDIS_BUILD_EXAMPLES=OFF" "-DZYDIS_BUILD_TOOLS=OFF" "-DCMAKE_INSTALL_PREFIX=/home/sioyoo/tools/aurora/root_cause_analysis/target/release/build/zydis-4ae735aa84d7c2cb/out" "-DCMAKE_C_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64" "-DCMAKE_C_COMPILER=/usr/bin/cc" "-DCMAKE_CXX_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64" "-DCMAKE_CXX_COMPILER=/usr/bin/c++" "-DCMAKE_ASM_FLAGS= -ffunction-sections -fdata-sections -fPIC -m64" "-DCMAKE_ASM_COMPILER=/usr/bin/cc" "-DCMAKE_BUILD_TYPE=Release"
-- Configuring done
-- Generating done
-- Build files have been written to: /home/sioyoo/tools/aurora/root_cause_analysis/target/release/build/zydis-4ae735aa84d7c2cb/out/build
running: "cmake" "--build" "." "--target" "install" "--config" "Release" "--parallel" "32"
--- stderr
You have called ADD_LIBRARY for library Zycore without any source files. This typically indicates a problem with your CMakeLists.txt file
You have called ADD_LIBRARY for library Zydis without any source files. This typically indicates a problem with your CMakeLists.txt file
Unknown argument --parallel
Unknown argument 32
Usage: cmake --build <dir> [options] [-- [native-options]]
Options:
<dir> = Project binary directory to be built.
--target <tgt> = Build <tgt> instead of default targets.
May only be specified once.
--config <cfg> = For multi-configuration tools, choose <cfg>.
--clean-first = Build target 'clean' first, then build.
(To clean only, use --target 'clean'.)
--use-stderr = Ignored. Behavior is default in CMake >= 3.0.
-- = Pass remaining options to the native tool.
thread 'main' panicked at '
command did not execute successfully, got: exit status: 1
build script failed, must exit now', /home/sioyoo/.cargo/registry/src/github.com-1ecc6299db9ec823/cmake-0.1.48/src/lib.rs:975:5
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
warning: build failed, waiting for other jobs to finish...
error: build failed
It seems there is some problem with the library, however I am not sure, is there any solution to fix this problem?
I ran 02_tracing.sh and obtained address.json file. But without "heap_start" and "heap_end". Could you give me some advice?
01_afl.sh
timeout 600 $AFL_DIR/afl-fuzz -C -d -m none -i $EVAL_DIR/POC -o $AFL_WORKDIR -- $EVAL_DIR/SRC_afl/build/bin/demo
02_tracing.sh
user@9ab1c4006dca:~/share/test/test/demo_ctf$ ./rca/02_tracing.sh
INFO: Using files at /home/user/share/test/test/demo_ctf/inputs
INFO: Generating temporary directory at /tmp/tm/
INFO: Processing 1529 files in 2 subdirs at /home/user/share/test/test/demo_ctf/inputs
INFO: Done processing 1529 files in 30.105374813079834s (on average 0.6300667063561509s per input)
INFO: STATS: traced 1529/1529 files in 30.105374813079834s with 32 cores for /home/user/share/test/test/demo_ctf/inputs
INFO: killall demo_trace
sh: 1: killall: not found
INFO: Moving files from /tmp/tm/ to /home/user/share/test/test/demo_ctf/traces
INFO: Deleting temporary directory /tmp/tm/
INFO: Cleanup time: 0.1406869888305664s
INFO: Total execution time: 30.2633535861969s
INFO: Finished tracing run
{"stack_start": 140737488216064, "stack_end": 140737488351232}
Dumping to /home/user/share/test/test/demo_ctf/addresses.json
03_rca.sh
user@9ab1c4006dca:~/share/test/test/demo_ctf/rca$ RUST_BACKTRACE=1 ./03_rca.sh
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /home/user/aurora/root_cause_analysis/root_cause_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
Finished release [optimized] target(s) in 0.04s
Running `target/release/rca --eval-dir /home/user/share/test/test/demo_ctf --trace-dir /home/user/share/test/test/demo_ctf --monitor --rank-predicates`
analyzing traces
reading crashes
reading non-crashes
146 crashes and 1383 non-crashes
thread 'main' panicked at 'Could not deserialize file /home/user/share/test/test/demo_ctf/addresses.json: Error("missing field `heap_start`", line: 1, column: 62)', trace_analysis/src/trace_analyzer.rs:39:40
stack backtrace:
0: rust_begin_unwind
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:515:5
1: core::panicking::panic_fmt
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/core/src/panicking.rs:92:14
2: core::result::unwrap_failed
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/core/src/result.rs:1355:5
3: trace_analysis::trace_analyzer::MemoryAddresses::read_from_file
4: trace_analysis::trace_analyzer::TraceAnalyzer::new
5: root_cause_analysis::traces::analyze_traces
6: rca::main
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
Hello, thank you for releasing this tool.
I was reading the usenix paper and saw the table 5 with a summary of time spent on each phase of the pipeline, but I could not determine if these times are measured as wall clock time using all 32 cores of the machine or cpu time.
I have also a similar question about the fuzzing time for each target, are the time values in the paper measured as cpu time or wall clock time for 32 cores?
Thank you
Hi, thanks for sharing your excellent code on Aurora.
Could you please add a list giving the ground truth (i.e. root cause) of the vulnerabilities you tested? The root cause of some testcases in the paper are complicated to determine, so I would like to know how you determine which instruction (among the top-50) is the actual root cause. For example, the use-after-free vulnerability in NASM(Table 1, #23) seems to have multiple root causes (its patch has patched multiple locations), which one do you consider as its root cause?
Looking forward to hearing back from you at your earliest convenience.
Regards
Hello there,
I run the rca component on MP4Box_trace and get the bellow error, could you give me some advice?
analyzing traces
reading crashes
reading non-crashes
4619 crashes and 9855 non-crashes
filling cfg
calculating scores
dumping linear scores
trace analysis time: 199.559767595 seconds
monitoring predicates
monitoring time: 14.35331191 seconds
ranking predicates
thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', root_cause_analysis/src/rankings.rs:20:14
stack backtrace:
0: 0x555555671eb6 - std::backtrace_rs::backtrace::libunwind::trace::hf2f6aa11f15afae5
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/../../backtrace/src/backtrace/libunwind.rs:90:5
1: 0x555555671eb6 - std::backtrace_rs::backtrace::trace_unsynchronized::hfc44a6226fb5d219
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
2: 0x555555671eb6 - std::sys_common::backtrace::_print_fmt::h70bd032f952cf459
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/sys_common/backtrace.rs:67:5
3: 0x555555671eb6 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h49e1a23a5054c758
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/sys_common/backtrace.rs:46:22
4: 0x55555569fb5c - core::fmt::write::h182b3dab33fa727d
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/core/src/fmt/mod.rs:1163:17
5: 0x555555660205 - std::io::Write::write_fmt::h5ea7b9894bff0939
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/io/mod.rs:1696:15
6: 0x555555660d30 - std::sys_common::backtrace::_print::hb75c2175482624d1
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/sys_common/backtrace.rs:49:5
7: 0x555555660d30 - std::sys_common::backtrace::print::h335deda6566a1328
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/sys_common/backtrace.rs:36:9
8: 0x555555660d30 - std::panicking::default_hook::{{closure}}::h6173da6e0942ed8a
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:210:50
9: 0x5555556608d1 - std::panicking::default_hook::h611c2dce9a02b0de
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:227:9
10: 0x55555566137b - std::panicking::rust_panic_with_hook::h00e530dc19739cc5
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:624:17
11: 0x555555672372 - std::panicking::begin_panic_handler::{{closure}}::h0f0f2898d10c9bce
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:519:13
12: 0x555555672004 - std::sys_common::backtrace::__rust_end_short_backtrace::hf8ad41e55ac21c53
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/sys_common/backtrace.rs:139:18
13: 0x555555660e22 - rust_begin_unwind
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:517:5
14: 0x555555573a11 - core::panicking::panic_fmt::hbfd18ed1d8ed03e1
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/core/src/panicking.rs:100:14
15: 0x55555557395d - core::panicking::panic::ha5ca6c77bd7d16db
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/core/src/panicking.rs:50:5
16: 0x55555557be85 - root_cause_analysis::rankings::predicate_order::h3106c8c2d59e51d5
17: 0x5555555868d4 - rayon::slice::mergesort::mergesort::hc5ddbf587b20072f
18: 0x555555585fa1 - rayon::slice::mergesort::par_mergesort::hd570bcd01ab5225c
19: 0x55555557bfd3 - root_cause_analysis::rankings::rank_predicates::h720fd279e4ff408e
20: 0x555555574724 - rca::main::hb338cbb4eaa87785
21: 0x5555555740c3 - std::sys_common::backtrace::__rust_begin_short_backtrace::h42056a659e48d476
22: 0x555555574099 - std::rt::lang_start::{{closure}}::h1ad688fef5c12277
23: 0x55555565cc71 - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::h40ff753a84ffa5fb
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/core/src/ops/function.rs:259:13
24: 0x55555565cc71 - std::panicking::try::do_call::h18ca85146b2c97eb
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:403:40
25: 0x55555565cc71 - std::panicking::try::he1f6b82ce0566f45
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:367:19
26: 0x55555565cc71 - std::panic::catch_unwind::h305fd36a040bbd45
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panic.rs:133:14
27: 0x55555565cc71 - std::rt::lang_start_internal::{{closure}}::h978c2fbb45d5a4b4
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/rt.rs:128:48
28: 0x55555565cc71 - std::panicking::try::do_call::h8123cbc0366d0ace
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:403:40
29: 0x55555565cc71 - std::panicking::try::h821570f729a702fd
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panicking.rs:367:19
30: 0x55555565cc71 - std::panic::catch_unwind::hc178b81e7693b509
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/panic.rs:133:14
31: 0x55555565cc71 - std::rt::lang_start_internal::h64a8327b226752c1
at /build/rustc-6496Ax/rustc-1.57.0+dfsg1+llvm/library/std/src/rt.rs:128:20
32: 0x555555574912 - main
33: 0x7ffff7c540b3 - __libc_start_main
34: 0x555555573fce - _start
35: 0x0 - <unknown>
Hi,
I ran the mruby example in the given docker. When I ran the /home/user/aurora/docker/example_scripts/03_rca.sh
I got the errors as below. And, I couldn't get predicates.json, ranked_predicates.txt, ranked_predicates_verbose.txt, rankings.json scores_linear.csv
files.
Can you give me some advice?
Finished release [optimized] target(s) in 52.66s
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /home/user/aurora/root_cause_analysis/predicate_monitoring/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /home/user/aurora/root_cause_analysis/trace_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /home/user/aurora/root_cause_analysis/root_cause_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
Compiling itertools v0.9.0
Compiling root_cause_analysis v0.1.0 (/home/user/aurora/root_cause_analysis/root_cause_analysis)
Finished release [optimized] target(s) in 3.33s
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /home/user/aurora/root_cause_analysis/predicate_monitoring/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /home/user/aurora/root_cause_analysis/trace_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /home/user/aurora/root_cause_analysis/root_cause_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
Finished release [optimized] target(s) in 0.04s
Running `target/release/rca --eval-dir /home/user/evaluation --trace-dir /home/user/evaluation --monitor --rank-predicates`
analyzing traces
reading crashes
reading non-crashes
./03_rca.sh: line 13: 3335 Killed cargo run --release --bin rca -- --eval-dir $EVAL_DIR --trace-dir $EVAL_DIR --monitor --rank-predicates
Hi Aurora team,
I came across a panic thread 'main' panicked at 'No rankings in rankings.json', root_cause_analysis/src/rankings.rs:26:5
when running the command cargo run --release --bin rca -- --eval-dir $EVAL_DIR --trace-dir $EVAL_DIR --monitor --rank-predicates
in README file.
Here is how I build the system:
In a docker running Ubuntu 18.04, I follow the README instructions for Preparation
, Tracing
, and Root Cause Analysis
sections. For a quick testing, I simply unzip the example.zip, setup the $EVAL_DIR and copy the crashes and non_crashes dirs into it.
At first, the same problem occurs as #8. So I switched to the develop branch. Then a panic of thread 'main' panicked at 'No rankings in rankings.json', root_cause_analysis/src/rankings.rs:26:5
occurs, when running cargo run --release --bin rca -- --eval-dir $EVAL_DIR --trace-dir $EVAL_DIR --monitor --rank-predicates
Here is the full backtrace:
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /home/user/aurora/root_cause_analysis/predicate_monitoring/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /home/user/aurora/root_cause_analysis/trace_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /home/user/aurora/root_cause_analysis/root_cause_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: use of deprecated associated function `zip::read::ZipFile::<'a>::sanitized_name`: by stripping `..`s from the path, the meaning of paths can change.
`mangled_name` can be used if this behaviour is desirable
--> trace_analysis/src/trace.rs:282:42
|
282 | let trace_file_path = trace_file.sanitized_name().to_str().unwrap().to_string();
| ^^^^^^^^^^^^^^
|
= note: `#[warn(deprecated)]` on by default
warning: for loop over an `Option`. This is more readably written as an `if let` statement
--> trace_analysis/src/control_flow_graph.rs:178:31
|
178 | for successors in self.successors.get(&node) {
| ^^^^^^^^^^^^^^^^^^^^^^^^^^
|
= note: `#[warn(for_loops_over_fallibles)]` on by default
help: to check pattern in a loop use `while let`
|
178 | while let Some(successors) = self.successors.get(&node) {
| ~~~~~~~~~~~~~~~ ~~~
help: consider using `if let` to clear intent
|
178 | if let Some(successors) = self.successors.get(&node) {
| ~~~~~~~~~~~~ ~~~
warning: `trace_analysis` (lib) generated 2 warnings
Finished release [optimized] target(s) in 0.09s
warning: the following packages contain code that will be rejected by a future version of Rust: nom v5.1.2
note: to see what the problems were, use the option `--future-incompat-report`, or run `cargo report future-incompatibilities --id 64`
Running `target/release/rca --eval-dir /home/user/aurora/evaluation_origin --monitor --rank-predicates`
thread 'main' panicked at 'No rankings in rankings.json', root_cause_analysis/src/rankings.rs:26:5
stack backtrace:
0: 0x55555558a6fa - std::backtrace_rs::backtrace::libunwind::trace::ha271a8a7e1f3d4ef
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/../../backtrace/src/backtrace/libunwind.rs:93:5
1: 0x55555558a6fa - std::backtrace_rs::backtrace::trace_unsynchronized::h85739da0352c791a
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
2: 0x55555558a6fa - std::sys_common::backtrace::_print_fmt::hbc6ebcfb2910b329
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/sys_common/backtrace.rs:65:5
3: 0x55555558a6fa - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::he1c117e52d53614f
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/sys_common/backtrace.rs:44:22
4: 0x5555555ae1fe - core::fmt::write::h25eb51b9526b8e0c
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/core/src/fmt/mod.rs:1213:17
5: 0x555555587c25 - std::io::Write::write_fmt::ha9edec5fb1621933
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/io/mod.rs:1682:15
6: 0x55555558a4c5 - std::sys_common::backtrace::_print::hf8657cd429fc3452
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/sys_common/backtrace.rs:47:5
7: 0x55555558a4c5 - std::sys_common::backtrace::print::h41b9b18ed86f86bd
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/sys_common/backtrace.rs:34:9
8: 0x55555558bcaf - std::panicking::default_hook::{{closure}}::h22a91871f4454152
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panicking.rs:267:22
9: 0x55555558b9eb - std::panicking::default_hook::h21ddc36de0cd4ae7
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panicking.rs:286:9
10: 0x55555558c3b9 - std::panicking::rust_panic_with_hook::h5059419d6d59b3d0
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panicking.rs:688:13
11: 0x555555442eea - std::panicking::begin_panic::{{closure}}::hb75ff785e4da62b4
12: 0x555555442ebc - std::sys_common::backtrace::__rust_end_short_backtrace::hf00f73ef884ccdd2
13: 0x55555541608a - std::panicking::begin_panic::h192eb58691437ec3
14: 0x5555554343a8 - root_cause_analysis::rankings::rank_predicates::hd90177f577ea8e2b
15: 0x555555424890 - rca::main::h97f8ab931b39245d
16: 0x555555424553 - std::sys_common::backtrace::__rust_begin_short_backtrace::hc386a1fb90cdfa8a
17: 0x555555424c79 - std::rt::lang_start::{{closure}}::hba7c4263a55a9f7a
18: 0x55555558317c - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::h203afb3af230319a
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/core/src/ops/function.rs:287:13
19: 0x55555558317c - std::panicking::try::do_call::hf68e87013b70f3c5
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panicking.rs:483:40
20: 0x55555558317c - std::panicking::try::h040ea8f298390ba2
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panicking.rs:447:19
21: 0x55555558317c - std::panic::catch_unwind::h1e17b198887a05fa
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panic.rs:140:14
22: 0x55555558317c - std::rt::lang_start_internal::{{closure}}::hfb902d8927e51b86
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/rt.rs:148:48
23: 0x55555558317c - std::panicking::try::do_call::h354e6eb41f2e7d42
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panicking.rs:483:40
24: 0x55555558317c - std::panicking::try::h4a39749cd018228c
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panicking.rs:447:19
25: 0x55555558317c - std::panic::catch_unwind::h30bce83b8de61cca
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/panic.rs:140:14
26: 0x55555558317c - std::rt::lang_start_internal::h8f7e70b1a2558118
at /rustc/9eb3afe9ebe9c7d2b84b71002d44f4a0edac95e0/library/std/src/rt.rs:148:20
27: 0x555555424aa5 - main
28: 0x7ffff6e22c87 - __libc_start_main
29: 0x55555542446a - _start
30: 0x0 - <unknown>
Finally I found that it is the panic thread 'main' panicked at 'failed to read memory: Sys(EPERM)', predicate_monitoring/src/lib.rs:24:55
in /home/user/aurora/root_cause_analysis/predicate_monitoring/src/lib.rs
.
In $EVAL_DIR, the addresses.json, mnemonics.json, predicates.json, scores_linear_serialized.json and scores_linear.csv files are all not empty. The $EVAL_DIR/traces directory is also properly filled with *.zip files in $EVAL_DIR/traces/crashes and $EVAL_DIR/traces/non_crashes.
The content in $EVAL_DIR/traces/stat.txt is:
STATS: traced 5991/5991 files in 1733.535923242569s with 160 cores for /home/user/aurora/evaluation_origin/inputs
However, the ranking.json is simply filled with "[]". It really confuses me a lot.
Could you please give me some advice? We would be grateful for any guidance you can offer.
Hi, I run the rca component and get the bellow error, could you give me some advice?
Thanks
package: /home/user/aurora/root_cause_analysis/predicate_monitoring/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /home/user/aurora/root_cause_analysis/trace_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
warning: profiles for the non root package will be ignored, specify profiles at the workspace root:
package: /home/user/aurora/root_cause_analysis/root_cause_analysis/Cargo.toml
workspace: /home/user/aurora/root_cause_analysis/Cargo.toml
Finished release [optimized] target(s) in 0.04s
Running `target/release/rca --eval-dir /home/user/test/gpac_4c19ae5 --trace-dir /home/user/test/gpac_4c19ae5 --monitor --rank-predicates`
analyzing traces
reading crashes
reading non-crashes
204 crashes and 900 non-crashes
filling cfg
calculating scores
dumping linear scores
trace analysis time: 3.171809017 seconds
monitoring predicates
thread 'main' panicked at 'assertion failed: `(left == right)`
left: `0`,
right: `1`', root_cause_analysis/src/monitor.rs:114:5
stack backtrace:
0: 0x555555665540 - std::backtrace_rs::backtrace::libunwind::trace::h1a39bd9a98540471
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/../../backtrace/src/backtrace/libunwind.rs:90:5
1: 0x555555665540 - std::backtrace_rs::backtrace::trace_unsynchronized::h21a1eeae7103ab3f
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
2: 0x555555665540 - std::sys_common::backtrace::_print_fmt::hc9ffbae9ed6a9871
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:67:5
3: 0x555555665540 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h17510753a34a3f09
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:46:22
4: 0x55555568975c - core::fmt::write::h1e5a1f350e43b10f
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/core/src/fmt/mod.rs:1110:17
5: 0x555555662b35 - std::io::Write::write_fmt::h06ec27c6d028baf1
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/io/mod.rs:1588:15
6: 0x5555556675eb - std::sys_common::backtrace::_print::h1a02603349b1dc60
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:49:5
7: 0x5555556675eb - std::sys_common::backtrace::print::h0fc317d31c48cd9b
right: `1`', root_cause_analysis/src/monitor.rs:114:5
stack backtrace:
0: 0x555555665540 - std::backtrace_rs::backtrace::libunwind::trace::h1a39bd9a98540471
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/../../backtrace/src/backtrace/libunwind.rs:90:5
1: 0x555555665540 - std::backtrace_rs::backtrace::trace_unsynchronized::h21a1eeae7103ab3f
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
2: 0x555555665540 - std::sys_common::backtrace::_print_fmt::hc9ffbae9ed6a9871
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:67:5
3: 0x555555665540 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h17510753a34a3f09
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:46:22
4: 0x55555568975c - core::fmt::write::h1e5a1f350e43b10f
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/core/src/fmt/mod.rs:1110:17
5: 0x555555662b35 - std::io::Write::write_fmt::h06ec27c6d028baf1
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/io/mod.rs:1588:15
6: 0x5555556675eb - std::sys_common::backtrace::_print::h1a02603349b1dc60
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:49:5
7: 0x5555556675eb - std::sys_common::backtrace::print::h0fc317d31c48cd9b
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:36:9
8: 0x5555556675eb - std::panicking::default_hook::{{closure}}::ha522601c22d7057b
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:208:50
9: 0x5555556670c1 - std::panicking::default_hook::hd50ab173af9a3ce8
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:225:9
10: 0x555555667c91 - std::panicking::rust_panic_with_hook::hb5a01416e02405ad
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:622:17
11: 0x555555667797 - std::panicking::begin_panic_handler::{{closure}}::hf1dda5d5c0706ee0
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:519:13
12: 0x555555665a1c - std::sys_common::backtrace::__rust_end_short_backtrace::h56c02e9609085b17
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/sys_common/backtrace.rs:141:18
13: 0x5555556676f9 - rust_begin_unwind
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:515:5
14: 0x555555573491 - core::panicking::panic_fmt::hc774f6c679779106
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/core/src/panicking.rs:92:14
15: 0x555555688078 - core::panicking::assert_failed_inner::hf344cab8a95f284d
16: 0x55555556851b - core::panicking::assert_failed::h02097acf3d38c072
17: 0x55555558624b - root_cause_analysis::monitor::executable::h62166ffef4ddce96
18: 0x555555585ef5 - root_cause_analysis::monitor::cmd_line::h446164ae153890dc
19: 0x555555584e7a - root_cause_analysis::monitor::monitor_predicates::h0d0a1f658c7216e4
20: 0x5555555742a0 - rca::main::h215c2f82f7fcaa9d
21: 0x555555573d33 - std::sys_common::backtrace::__rust_begin_short_backtrace::h076879d3a1d184b9
22: 0x5555555745a9 - std::rt::lang_start::{{closure}}::h889b99bfec037d3e
23: 0x555555668289 - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::ha2e6a00894110f5e
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/core/src/ops/function.rs:259:13
24: 0x555555668289 - std::panicking::try::do_call::h2aa095b10fbe4433
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:401:40
25: 0x555555668289 - std::panicking::try::h342ee7e6dfa7b563
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panicking.rs:365:19
26: 0x555555668289 - std::panic::catch_unwind::ha70b20d9f0bb209a
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/panic.rs:434:14
27: 0x555555668289 - std::rt::lang_start_internal::hf51cfe9f287a8911
at /rustc/657bc01888e6297257655585f9c475a0801db6d2/library/std/src/rt.rs:34:21
28: 0x555555574592 - main
29: 0x7ffff7c660b3 - __libc_start_main
30: 0x555555573c6e - _start
31: 0x0 - <unknown>
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.