I encountered some issues while measuring the line coverage of Linux binaries!

[Jay Ironman]

Hello Vitaly：

  I encountered some issues while measuring the line coverage of Linux binaries!，Below, I will provide a detailed explanation of my testing process and send the test results as an attachment：

1. First of all, I referred to this article（http://s2e.systems/docs/Howtos/Coverage/index.html）
2. I followed the following steps to install coreutils-8.26, and there were no issues with this step：

wget https://ftp.gnu.org/gnu/coreutils/coreutils-8.26.tar.xz tar xf coreutils-8.26.tar.xz cd coreutils-8.26 mkdir build cd build ../configure CFLAGS="-g -m32" --prefix=$(pwd) make make install

1. Then create a new project using the following command：
   

s2e new_project --image ubuntu-22.04-x86_64 /home/iie-iisd/coreutils-8.26/build/bin/cat /etc/fstab

1. Then enter the project directory and start s2e for analysis：

       cd /home/iie-iisd/s2e/projects/cat/ && ./launch-s2e.sh

1. After executing the above command, the console will output the following information,If you don't like reading text, there are also corresponding screenshots  ：

     ……

     28 [State 0] LinuxMonitor: mmap pid=0x845 addr=0x5a0000 size=0x6a000 prot=0x1 flag=0x1812       pgoff=0x1a0
     28 [State 0] LinuxMonitor: mmap pid=0x845 addr=0x60b000 size=0xe000 prot=0x3 flag=0x1812 pgoff=0x20a
    28 [State 0] LinuxMonitor: ModuleDescriptor Name=s2ecmd Path=./s2ecmd Size=0x215c78 AddressSpace=0xe7fb000 Pid=0x845 EntryPoint=0x4069f0 Checksum=0x0
    28 [State 0] LinuxMonitor: mprotect pid=0x845 start=0x60b000 size=0xb000 prot=0x1
    28 [State 0] BaseInstructions: Killing state 0
    28 [State 0] Terminating state: State was terminated by opcode
            message: "bootstrap terminated"
            status: 0x0
    28 [State 0] TestCaseGenerator: generating test case at address 0x40718d
    28 [State 0] TestCaseGenerator: All states were terminated
    qemu-system-x86_64: terminating on signal 15 from pid 23653 (/home/iie-iisd/s2e/install/bin/qemu-system-x86_64)
    s2e-block: dirty sectors on close:10424
    Terminating node id 0 (instance slot 0)
    Engine terminated.

1. I think there is no problem with the information above，So I use the following command to measure coverage：

s2e coverage lcov --html cat

1. Then there was a problem, as shown below. If you don't like reading text, there are also corresponding screenshots：
   

    INFO: [lcov] Extracting coverage info from /home/iie-iisd/s2e/projects/cat/s2e-last...
     INFO: [lcov] Generating translation block coverage information
     INFO: [lcov] Writing line coverage to /home/iie-iisd/s2e/projects/cat/s2e-last/cat.info
     SUCCESS: [lcov] Line coverage saved to /home/iie-iisd/s2e/projects/cat/s2e-last/cat.info
     INFO: [sh.command] <Command '/usr/bin/genhtml /home/iie-iisd/s2e/projects/cat/s2e-last/cat.info --output-directory=/home/iie-iisd/s2e/projects/cat/s2e-last/cat_lcov', pid 23675>: process started
    Reading data file /home/iie-iisd/s2e/projects/cat/s2e-last/cat.info
     genhtml: ERROR: no valid records found in tracefile /home/iie-iisd/s2e/projects/cat/s2e-last/cat.info
ERROR: [lcov]

       RAN: /usr/bin/genhtml /home/iie-iisd/s2e/projects/cat/s2e-last/cat.info --output-directory=/home/iie-iisd/s2e/projects/cat/s2e-last/cat_lcov

       STDOUT:


       STDERR: 

1. It can be very certain that I used '- g' for compilation and there were no issues with the S2E tool
   
2. I have sent all the data you may need as attachments, including 'cat. tar. gz' (which is the file of the entire cat project) and 's2e last. tar. gz' (which is the output file of the cat project)
   
3. I don't have a clue about this issue at the moment, and I really need your help. If you could spare some time to help me solve this problem, thank you very much
   

       Jay

[Vitaly Chipounov]

Hi,

I see that tbcoverage-0.json contains some information, that means coverage was recorded. Something is failing in s2e-env scripts when translating that to lcov format.

I suggest you go through the s2e-env scripts to see where that fails.

Vitaly

--
You received this message because you are subscribed to the Google Groups "S2E Developer Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to s2e-dev+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/s2e-dev/77761f2e-b1a7-4e4f-893b-2775801ce922n%40googlegroups.com.

[Jay Ironman]

Where should I check specifically? I checked the source code of s2e env regarding line coverage and didn't seem to find any issues. Do you need any more information? I can send it to you in the form of an attachment
I really need your help. Currently, I am not very familiar with s2e, but I am very interested and hope to receive your help to continue my research

[Jay Ironman]

This is the binary file I compiled after adding the '- g' parameter. I hope it will be useful to you

[Jay Ironman]

We now suspect that there is an issue with the gcc version. The gcc version we are using is 11.4, which may have caused address mapping failures due to the high gcc version. So, may I ask what version of gcc you are using?

[Jay Ironman]

Hello, we have found through experiments that if it can run successfully on gcc 7.5.0, but we are still not sure why it cannot run on gcc 11.4. What is the reason for this? We speculate that it is due to the issue of address randomization. Can you provide some suggestions? Or has S2E considered compatibility with higher versions of gcc?

[Vitaly Chipounov]

Hi,

Please use s2e export_project to generate the archive.

Thanks,
Vitaly

On Wed, Oct 25, 2023 at 4:26 PM Jay Ironman <ironman...@gmail.com> wrote:

--