Adam Meily

I am still seeing this intermittently on multiple samples, seemingly at random. So this, along with trailofbits/binrec-tob#33, are still present.

If I encountered this again I'll check to see if this is actually a side-effect of inconsistent trace info (#170)

I briefly started looking into this. Nothing jumped out immediately that would cause this difference some of the time and I confirmed that it's happening in the case where the...

I've added more logging to the `FunctionLog` plugin and it appears that some calls are not reaching the plugin when an incorrect trace is produced. ``` #### These 2 calls...

Digging into this further, I initially thought calls were being missed prior to the module load signal being triggered by S2E. So I tried moving the hook on function call...

Upgrading S2E to `master` did not fix the issue. I did a fresh clone, verified that the latest S2E was pulled, and still encountered the issue. ``` $ git -C...

I've verified that the `bootstrap.sh` and `s2e-config.lua` files are the same between a working and broken trace. I was thinking that the plugins were potentially being loaded in an incorrect...

I added logging to [`FunctionMonitor::onTranslateBlockEnd()`](https://github.com/S2E/s2e/blob/0be5c89df54b534025ea078488889ccbf20d6344/libs2eplugins/src/s2e/Plugins/ExecutionMonitors/FunctionMonitor.cpp#L146), which hooks the function call signal. I am not seeing this function get hit when a call is missed. So, the problem could be further...

My thought was that the sample may be exiting early on bad traces, which would explain the missing calls. So, I removed the `> /dev/null 2>&1` in the `bootstrap.sh` script...

Looking at the control flow addresses that are missing in a broken trace: - functionLog.callerToFollowUp (`0x18282`, `0x8049160`) - functionLog.callerToFollowUp (`0x18212`, `0x8049196`) - functionLog.entryToCaller (`0x8049210`, `0x18212`) - functionLog.entryToCaller (`0x8049196`, `0x18282`) -...