OS-HW2 Summary

HW 2

First of all, it was the first assignment that I have not completed since I have start Computer Science Major… I slept 11 hours for 4 days.

• Delta debugging:
  • a test input minimization technique that takes a target program together with a crashing test input, and then automatically derives a part of the test input that still makes the program crash.
  • This algorithm receives three inputs: (1) 𝑝, an executable binary of a target program, (2) 𝑡, a test input that crashes the target program, and (3) 𝑐, a condition to determine the crash.

• Overall requirement

  it checks if the regions of size 𝑠 (Line 13) crash 𝑝 while preserving the crash behavior. If found, the algorithm updates 𝑡𝑚 and continues the reduction with it (Lines 14-17). If the algorithm could not find a reduced crashing input with 𝑠, it decrements s by one (Line 19), and repeats the input subsequence exploration until 𝑠 becomes zero (Line 3)

  • User interface:
    • must return an error message if a given argument is invalid
    • option arguments
      • I option: receive full path of the crashing input
      • m option: string appeared in the standard error
      • o option: new file to store the reduced crashing input
    • After the option arguments
      • executable binary of the target program
      • If the target program needs to receive its own command-line arguments, multiple arguments must be given.
    • User interrupt
      • Ctrl+C: for this case, cimin must stop the running test if exists, and prints out the size of the shortest crashing input found so far, produces the output with it, and terminates the execution.
  • System Design
    • Running the target program
      • To run the target program, cimin must use fork() to create a new process, and exec() (or its variants) to load the target program in the created process.
      • Assumption: receives input via standard input and sends out crash message to standard error
    • Using Pipe
      • Target program receives input via standard input and sends out crash message to standard error. To pass input to the target program, cimin must use unnamed pipe (i.e., pipe()) to redirect standard input.
      • Also, it use to redirect the standard error to receive the error message from the target program execution
      • Assumption: We assume that the target program produces crash message to standard error, and we can find a keyword to determine if the same crash happens with reduced inputs.
    • Using signal
      • cimin must reject the initial crashing input if its execution takes more than 3 seconds.
  • Buggy Programs
    • jsmn
      • Bug with heap-buffer overflow errors
      • LLVM AddressSanitizer → explicitly detect an occurrence of heap-buffer overflow buffer
      • You can characterize this crashing message by checking if it has “AddressSanitizer: heap-buffer-overflow”.
    • libxml2
      • Bugs with null pointer deference errors.
      • You can trigger this bug by executing xmllint with option “–recover –postvalid -” and passing libxml2/testcases/crash.xml to standard input.
      • The crashing symptom can be identified by checking if “SEGV on unknown address” is printed to standard error. This error message is produced by LLVM AddressSanitizer when a crash occurs by null pointer dereference.
    • balance
      • balance is a toy example program that checks if the given input has well-balanced parenthesis or not.
      • When this program receives balance/testcases/fail via standard input, it will fall into infinite loop.
  • Report writing
    • Must not exceed 3 pages
    • Note that the evaluation is primary based on your report, and your implementation will be tested to check whether it consistently works as described in the report
  • Submission
    • Report → PDF
    • Makefile
    • README.md
    • Runnable at the peace.handong.edu

  Crash_copy.json

  → Only with the new line character → no output