Even a static binary might still get linked to vdso.so. This is a linux kernel library which provides a more efficient replacement to around 3 system calls, notably gettimeofday.
The problem: The tracer does not record such calls. Thus the retracer gets stuck with unconstrained states.
Even a static binary might still get linked to
vdso.so. This is a linux kernel library which provides a more efficient replacement to around 3 system calls, notablygettimeofday.The problem: The tracer does not record such calls. Thus the retracer gets stuck with unconstrained states.
The solution: Disable vdso when in trace mode. See: https://stackoverflow.com/questions/8280014/disabling-vsyscalls-in-linux
The advanced solution would be to instrument the vdso library, maybe this could help: https://unix.stackexchange.com/questions/482964/create-a-vdso-in-linux