[GNUnet-SVN] r25664 - monkey/trunk/pathologist/src/pathologist

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r25664 - monkey/trunk/pathologist/src/pathologist

From:	gnunet
Subject:	[GNUnet-SVN] r25664 - monkey/trunk/pathologist/src/pathologist
Date:	Fri, 28 Dec 2012 18:33:32 +0100

Author: teichm
Date: 2012-12-28 18:33:32 +0100 (Fri, 28 Dec 2012)
New Revision: 25664

Modified:
   monkey/trunk/pathologist/src/pathologist/action_api.c
   monkey/trunk/pathologist/src/pathologist/pathologist.c
Log:
bug 2658 should be fixed, distinguish Null- and BADF00D-Pointer via 
disassembling

Modified: monkey/trunk/pathologist/src/pathologist/action_api.c
===================================================================
--- monkey/trunk/pathologist/src/pathologist/action_api.c       2012-12-28 
12:59:28 UTC (rev 25663)
+++ monkey/trunk/pathologist/src/pathologist/action_api.c       2012-12-28 
17:33:32 UTC (rev 25664)
@@ -18,8 +18,6 @@
 
 static int crashExpressionFoundInEDB = MONKEY_YES;
 static int async_c = 0;
-static char *signalMeaning = NULL;
-static char *signalName = NULL;
 static int stoppedInSharedLib = MONKEY_NO;
 static int failureFunctionStartLine = 0;       // start line number of the 
function in which the failure occurs
 static struct WatchInfo *watchInfoListHead = NULL;
@@ -541,14 +539,8 @@
     struct Trace *trace = NULL;
 
     /* Variables used across recursive calls */
-    static int isBugClassified = MONKEY_NO;
     static struct MONKEY_EDB_Context *edbCntxt;
 
-    if (NULL == signalMeaning) {
-       signalMeaning = cntxt->gdb_stop_reason->signal_meaning;
-       signalName = cntxt->gdb_stop_reason->signal_name;
-    }
-
     if (NULL == epoch) {
                epoch = MONKEY_malloc(sizeof(struct Epoch));
                epoch->traceListHead = NULL;
@@ -597,28 +589,6 @@
                // Do value analysis for relevant expressions
                analyzeExpressionValues(function, cntxt);
 
-               //TODO Evil, bring it out of the loop!
-               if (MONKEY_NO == isBugClassified) {
-                       if ((strcasecmp(signalMeaning, "Segmentation fault") == 
0)
-                       || (strcasecmp(signalMeaning, "Signal 0") == 0)) {
-                               if (MONKEY_YES ==       cntxt->has_null) {
-                                       cntxt->bug_detected = BUG_NULL_POINTER;
-                               }
-                               else {
-                                       cntxt->bug_detected = 
BUG_BAD_MEM_ACCESS;
-                               }
-                       }
-                       else if (strcasecmp(signalMeaning, "Aborted") == 0) {
-                               cntxt->bug_detected = BUG_ABORT;
-                       }
-                       else if (strcasecmp(signalMeaning, "Arithmetic 
exception") == 0) {
-                                       cntxt->bug_detected = BUG_ARITHMETIC;
-                       }
-                       else if (strcasecmp(signalName, "SIGBUS") == 0) {
-                               cntxt->bug_detected = BUG_SIG_BUS;
-                       }
-                       isBugClassified = MONKEY_YES;
-               }
 
                /* Now, dive deeper into the stack trace */
                cntxt->gdb_frames = cntxt->gdb_frames->next;
@@ -1010,6 +980,24 @@
 }
 
 
+int MONKEY_ACTION_is_Nullpointer(struct MONKEY_ACTION_Context* cntxt)
+{
+       mi_asm_insns* disassembled_code = 
gmi_data_disassemble_se(cntxt->gdb_handle, "$pc", "$pc+1", 0);
+       char* reg;
+       while(reg = strstr(disassembled_code->ins->inst, "(%")) {
+               //printf("%s\n", reg);
+               reg++;
+               size_t len = strcspn(reg, "),");
+               reg[0]='$';
+               reg[len]='\0';
+               char* val = gmi_data_evaluate_expression(cntxt->gdb_handle, 
reg);
+               //printf("%s\n", val);
+               if( !strcmp(val, "0") ) return 1;
+       }
+       return 0;
+}
+
+
 int MONKEY_ACTION_format_report_xml(struct MONKEY_ACTION_Context
                                    *cntxt)
 {

Modified: monkey/trunk/pathologist/src/pathologist/pathologist.c
===================================================================
--- monkey/trunk/pathologist/src/pathologist/pathologist.c      2012-12-28 
12:59:28 UTC (rev 25663)
+++ monkey/trunk/pathologist/src/pathologist/pathologist.c      2012-12-28 
17:33:32 UTC (rev 25664)
@@ -195,7 +195,20 @@
                fprintf (stderr, "Debug with gdb, program exited normally!\n");
                break;
        case GDB_STATE_STOPPED:
+               //categorize bug
+               if ((strcasecmp(cntxt->gdb_stop_reason->signal_meaning, 
"Segmentation fault") == 0)
+                || (strcasecmp(cntxt->gdb_stop_reason->signal_meaning, "Signal 
0") == 0))
+                       cntxt->bug_detected = 
MONKEY_ACTION_is_Nullpointer(cntxt) ? BUG_NULL_POINTER : BUG_BAD_MEM_ACCESS;
+               else if (strcasecmp(cntxt->gdb_stop_reason->signal_meaning, 
"Aborted") == 0)
+                       cntxt->bug_detected = BUG_ABORT;
+               else if (strcasecmp(cntxt->gdb_stop_reason->signal_meaning, 
"Arithmetic exception") == 0)
+                       cntxt->bug_detected = BUG_ARITHMETIC;
+               else if (strcasecmp(cntxt->gdb_stop_reason->signal_name, 
"SIGBUS") == 0)
+                       cntxt->bug_detected = BUG_SIG_BUS;
+
+               // get relevant expressions
                retVal = MONKEY_ACTION_inspect_expression_database (cntxt);
+
                if (MONKEY_NO == retVal)
                {
                        fprintf( stderr,

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] r25664 - monkey/trunk/pathologist/src/pathologist, gnunet <=

Prev by Date: [GNUnet-SVN] r25663 - gnunet/src/testbed
Next by Date: [GNUnet-SVN] r25665 - gnunet/src/vpn
Previous by thread: [GNUnet-SVN] r25663 - gnunet/src/testbed
Next by thread: [GNUnet-SVN] r25665 - gnunet/src/vpn
Index(es):
- Date
- Thread