onStateForkDecide event for multi-thread programs

[Hongduo Zhao]

Hi, Vitaly!

Since I want to precisely control where to fork a new state, I have a custom plugin that relies on the onStateForkDecide event. However, for a multi-thread program, it seems that onStateForkDecide events are only received from the main thread, some conditional branches reached and executed by only the child thread trigger no onStateForkDecide event. Also, the tid of the child thread (0x3ad) is not present in the debug log (debug.txt), only the pid/tid (0x3ac) of the main thread is present.

I have attached the debug log, the exported project, and the log from my own hook (info.txt).

Could you please give me some advice on how can I trace the execution and receive onStateForkDecide events for the child thread or all threads?

Best regards, 

Hongduo

[Vitaly Chipounov]

Hi,

onStateForkDecide should always be triggered, as long as there is a branch that depends on a symbolic condition. Make sure there are no spurious concretizations.

Regarding child processes not being logged, that's because LinuxMonitor does not support the fork() syscall. It can't track child processes at this time. Note that this should not prevent symbolic execution from working in child processes, S2E can track symbolic values anywhere in the system (ram + cpu registers).

Vitaly

--
You received this message because you are subscribed to the Google Groups "S2E Developer Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to s2e-dev+u...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/s2e-dev/ece5607f-6da2-49b1-9d55-251b0961c9e1n%40googlegroups.com.