search

rr-debugger / rr

Record and Replay Framework
http://rr-project.org/
Other
9.2k stars 585 forks source link

rr replay + QBDI / Frida #3340

Open vjpr opened 2 years ago

vjpr commented 2 years ago

I would like to record some function calls and their params, and maybe some other variable assignments inside the function.

As I understand it, to retrieve this information, rr must re-execute the application, and gdb must then break on every instruction for which I want to examine memory. This would be slow I imagine.

I believe that Pernosco (rr remix) uses binary instrumentation during a replay to store the state of the program after every instruction, at the trade-off of taking a lot of CPU, time, and space to achieve this.

I would like to use binary dynamic instrumentation to record only certain function calls and assignments to avoid these costs.

From the rr remix article:

We plan to follow up with some more posts documenting interesting design decisions in remix and how they contribute to these results. Probable topics:

  • The basic remix architecture and how it integrates into rr
  • Fixing regular rr's limitations on trace portability and target hardware
  • Leveraging knowledge of the future to improve the efficiency of binary rewriting
  • The mystery of efficient branch-and-link instructions on x86-64
  • Optimizing non-optimized code: leveraging hardware return address prediction in binary instrumentation
  • Optimizing non-optimized code: dataflow analysis

Have there been any more details on rr remix released?

Any further thoughts on open-sourcing?

Would using a framework like QBDI / Frida be the right approach or would something more low-level be needed to work with rr replay?

rocallahan commented 2 years ago

I haven't published more about remix, no.

Pernosco doesn't have any plans to open-source remix at this time. If you're using it for work we might be able license it to you for money though.

Someone might be able to extend Frida to work with rr replays but it would be a lot of work. rr remix is optimized for high performance and it's not very easy to add new instrumentation tools. Ignoring the licensing issues, the best technological approach would probably be to take rr remix and build an rr tool that provides Frida integration.