search

DynamoRIO / drmemory

Memory Debugger for Windows, Linux, Mac, and Android
Other
2.44k stars 262 forks source link

many Android tests fail #1860

Open derekbruening opened 8 years ago

derekbruening commented 8 years ago

Split from #1726

These are tests I had to disable from the already-limited set of pattern-only tests we set up for x64, as it is non-trivial to get them working. After fixing these we should extend the set of tests for both x64 and Android.

*\ TODO fuzz tests fail with disturbing heap alloc failures

55: ~~Dr.M~~ Not tested - Save and restore shadow registers @/work/drmemory/git/src/drmemory/fuzzer.c:990

55: <Application /data/local/tmp/build_DRtoo_android_dbg/tests/fuzz_buffer (16809).  Internal Error: DynamoRIO debug check failure: /work/drmemory/git/src/dynamorio/core/heap.c:3298 size < MAX_VALID_HEAP_ALLOCATION && "potential integer overflow"

11: ~~Dr.M~~ ASSERT FAILURE (thread 20728): /work/drmemory/git/src/drmemory/fuzzer.c:1276: false (Failed to allocate fuzz input buffer
11: )

*\ TODO line numbers are off?

8:   /work/drmemory/git/build_DRtoo_android_dbg/tests/logs/DrMemory-malloc.pattern.17786.000/results.txt
8:   failed to match "malloc\.c:179", found "malloc.c:180" instead
8: 
8: 
 8/53 Test  #8: malloc.pattern ....................***Failed   10.67 sec

*\ TODO exitcode tests fail b/c adb shell doesn't return the code

This is a known bug in adb: https://code.google.com/p/android/issues/detail?id=3254

*\ TODO shell-interpreted chars in fuzz descriptors make running over adb shell very painful

61: Running |adb;shell;/data/local/tmp/build_DRtoo_android_dbg/bin/drmemory;-debug;-dr_debug;-dr;/data/local/tmp/build_DRtoo_android_dbg/dynamorio;-batch;-dr_ops;-dumpcore_mask;-dr_ops;0;-callstack_style;0x27;-no_results_to_stderr;-no_fuzz_dump_on_error;-fuzz_target;<main>!repeatme|2|0|1|10;-fuzz_mutator_alg;random;-fuzz_mutator_unit;num;-fuzz_mutator_flags;0x0;-fuzz_mutator_sparsity;0;--;/data/local/tmp/build_DRtoo_android_dbg/tests/fuzz_buffer;initialize|
61: STDOUT: /system/bin/sh: 2: not found
61: /system/bin/sh: can't open main: No such file or directory
61: /system/bin/sh: 0: not found
61: /system/bin/sh: 1: not found
61: /system/bin/sh: 10: not found

Actually it's quite difficult to escape all these chars through "adb shell" and "/system/bin/sh": I gave up after a few attempts.

*\ TODO unit_tests claims to pass but fails

1: Test command: /extsw/android/android-sdk-linux/platform-tools/adb "shell" "/data/local/tmp/build_DRtoo_android_dbg/bin/unit_tests"
1: Test timeout computed to be: 9.99988e+06
1: CANNOT LINK EXECUTABLE: library "libdynamorio.so" not found
 1/53 Test  #1: unit_tests ........................   Passed    0.07 sec
zhaoqin commented 8 years ago

For fuzz test, the error comes from the wrong fuzz target function size argument. We tries to get size info from repeatme(buffer, size). However, in get_priv_mcontext_from_dstack

gdb) p/x *(priv_mcontext_t *)(dcontext->dstack - sizeof(priv_mcontext_t))
$10 = {r0 = 0xbe8fca50, r1 = 0x55059c98, r2 = 0xb0850858, r3 = 0x10, r4 = 0x4, r5 = 0x2, r6 = 0xb0f59828, r7 = 0xbe8fca44, r8 = 0x2, r9 = 0xbe8fca50, r10 = 0x0, r11 = 0x0, r12 = 0x54e29000, {
    r13 = 0xbe8fca0c, sp = 0xbe8fca0c, xsp = 0xbe8fca0c}, {r14 = 0x7399e501, lr = 0x7399e501}, {r15 = 0x54e3aec4, pc = 0x54e3aec4}, {xflags = 0xb0f59a54, apsr = 0xb0f59a54, cpsr = 0xb0f59a54},
...

It looks like the value is off by two reg size, where r2 is holding the actual r0 value, and r3 is holding the r1 value. The cause is in insert_push_all_registers, which did not preserve the mcontext struct.