s2e
s2e copied to clipboard
S2E
libs2ecore: remove pinned states from child instance
The pinned states should only be kept in the parent instance, therefore we kill them in the child instance after forking.
Signed-off-by: Zhongjie Wang [email protected]
Are you working on state merging by any chance? That's the only place where this feature is used.
I think that it would be better to remove the pinned property from S2EExecutionState and instead let plugins decide what they want to do with the states. The isPinned() feature could be implemented by subscribing to the onStatesSplit event and moving the state from the child set to the parent set [1].
[1] https://github.com/S2E/s2e/blob/bebe76f6ffd2c8bc3ac2b3d800d7bc05826b9dfe/libs2ecore/src/S2EExecutor.cpp#L702
Yes, I'm using the MergingSearcher so that's why I came across this problem. :) That sounds good. I think using onStateSplit would be a better idea, since it can achieve the same results as using isPinned() :+1:
Any progress on this? I'll apply the patch after you address the feedback.
Sorry about the late reply. Because the current MergingSearcher still has some other issues, for example, the ones mentioned in S2E/s2e-env#434. Besides, I've encounter other issues, such as packet receiving during merging will invoke direct memory write (transferRam) into the guest memory and cause troubles. So I need to disable packet receiving with some ugly hacks in qemu. I don't think they are ideal solutions. So fixing the "pinned state" issue alone will not make MergingSearcvher work. You may close this pull request for now if you want.