search

DependableSystemsLab / LLFI

LLFI is an LLVM based fault injection tool, that injects faults into the LLVM IR of the application source code. The faults can be injected into specific program points, and the effect can be easily tracked back to the source code. Please refer to the paper below. NOTE: If you publish a paper using LLFI, please add it to PaperLLFI.bib
http://blogs.ubc.ca/karthik/2014/02/23/quantifying-the-accuracy-of-high-level-fault-injection-techniques/
Other
68 stars 35 forks source link

Inst Trace causes crashes in LLFI ( version for LLVM 3.3) #2

Closed flyree closed 10 years ago

flyree commented 10 years ago

The crash happens when the instruction trace is enabled. The program didn't crash when it was small, meaning the amount of dynamic number of instructions are small, but it crashes if you increase the size of the problem.

A simple program would show this issue:

For a piece of code likes this:

include

int main() { int i; for(i= 0; i< 100; i++){ i = i +1; } printf("i is %d\n",i); return 0; }

There won't be a crash. But if we increase the size of the for loop to say, 1000000, the crash will happen.

An initial idea is that it can be related to the number of "Alloc" that LLFI creates to log the opcode for each instruction.

Bo

ShadenSmith commented 10 years ago

I am able to reproduce this bug. Source code:

#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv) {
  int i;
  int N = atoi(argv[1]);
  for(i= 0; i< N; i++){
    i = i +1;
  }
  printf("i is %d\n",i);
  return 0;
}

With a small input:

> $LLFI/bin/profile out_crash/crash-profiling.exe 5
        <>/out_crash/crash-profiling.exe 5
         program finish 0
         time taken 1

With a large input:

> $LLFI/bin/profile out_crash/crash-profiling.exe 100000
        <>/out_crash/crash-profiling.exe 100000
         program finish -11
         time taken 1

This is using the current LLFI 3.3 build (commit 644c7d38c78ea1b8565eccdc4dbc436c0c9e7d9e).

flyree commented 10 years ago

I already fixed this. Will upload it once somebody review my code. Thanks!

Bo

On Tue, Jan 14, 2014 at 11:10 AM, Shaden Smith notifications@github.comwrote:

I am able to reproduce this bug. Source code:

include #include int main(int argc, char **argv) {

int i; int N = atoi(argv[1]); for(i= 0; i< N; i++){

i = i +1;

} printf("i is %d\n",i); return 0;}

With a small input:

$LLFI/bin/profile out_crash/crash-profiling.exe 5 <>/out_crash/crash-profiling.exe 5 program finish 0 time taken 1

With a large input:

$LLFI/bin/profile out_crash/crash-profiling.exe 100000 <>/out_crash/crash-profiling.exe 100000 program finish -11 time taken 1

— Reply to this email directly or view it on GitHubhttps://github.com/DependableSystemsLab/LLFI/issues/2#issuecomment-32296415 .

ShadenSmith commented 10 years ago

Great, thanks! I am encountering this issue, so a fix is appreciated.

tmm77 commented 10 years ago

@flyree I am working on a project that requires results within the next two weeks, and I would like to use the trace functionality. Is there anyway you could send me the bug fix for the trace crash?

ShadenSmith commented 10 years ago

Even better, create a new branch for this bugfix and then merge with master once it has passed review. That way nothing on master breaks and those needing the fix can get it quickly.

ShadenSmith commented 10 years ago

@flyree Is there any news on this fix? Thanks,

flyree commented 10 years ago

My work is actually an extension to the current LLFI, so it won't be easy to merge my fix. I can send you the files that are affected individually. Is this OK?

P.S. the reason that it crashes is that the program runs out of memory because the trace is stored in stack. To get rid of that, we cannot store the name of each opcode (which was a string),but just storing the ID of that opcode.

ShadenSmith commented 10 years ago

Sure, that's fine. If you send me the affected files I can look into merging them with the current codebase.

tmm77 commented 10 years ago

Could you also send me a copy of the affected files?

From: flyree notifications@github.com<mailto:notifications@github.com> Reply-To: DependableSystemsLab/LLFI reply@reply.github.com<mailto:reply@reply.github.com> Date: Wednesday, February 19, 2014 at 1:30 AM To: DependableSystemsLab/LLFI LLFI@noreply.github.com<mailto:LLFI@noreply.github.com> Cc: "Mintz, Tiffany M." mintztm@ornl.gov<mailto:mintztm@ornl.gov> Subject: Re: [LLFI] Inst Trace causes crashes in LLFI ( version for LLVM 3.3) (#2)

My work is actually an extension to the current LLFI, so it won't be easy to merge my fix. I can send you the files that are affected individually. Is this OK?

P.S. the reason that it crashes is that the program runs out of memory because the trace is stored in stack. To get rid of that, we cannot store the name of each opcode (which was a string),but just storing the ID of that opcode.

— Reply to this email directly or view it on GitHubhttps://github.com/DependableSystemsLab/LLFI/issues/2#issuecomment-35470240.

syltaxue commented 10 years ago

Previously, it crashes because the program runs out of memory as the trace is stored in stack. The fix is not to store the name of each opcode; instead, we store the ID of the opcode.

See the fix here #39

Issue closed.