Компания Amazon открыла The initial texts of the tool synapchange with the implementation of the method of memory cuts, which allows you to organize verification of executable files without their modification and without the availability of the source of the initial code . Snapchange makes it possible to load the power of physical memory with a derived code and organize a cyclical execution of the code present in the dump with a KVM hypervisor, moving various combinations of input data, tracking the emerging malfunctions or abnormalities and restarting the check after the next iteration, resetting the memory cut and CPU registers each time In the original state. The project code is written in Rust and is distributed under the license Apache 2.0
Reset into the initial state and restart of iteration is carried out after an emergency completion, a timeout or the onset of a certain event. The input data is substituted directly in memory (the memory address is calculated where the variable parameters are recorded), and to save resources when initializing the initial state of memory after the next iteration, it is determined what data in memory changed and not all memory is restored, but only the changed areas.
The initial dump of memory is created through the preservation of the virtual machine snapshot, which is encircled with a tested application launched by Virtualbox or qemu . The logic of the substitution of input data is determined through the creation of special scenarios, and the position of the beginning of cyclic execution is set through the display of the stop point in the debugger.
For example, if it is necessary to check the processing of various states of the network request, the developer launches the application in the guest system
In Virtualbox or Qemu, the debugger finds the start of the request processing procedure (for example, following the call of the Recv function), puts the stop point on it and determines the memory area in which the resulting network bag is loaded. After that, the guest system is created and loaded into Snapchange. For verification, a script is written, which records data when interrupted directly into the buffer for the network package, which allows you to simulate the processing of real network packages. Snapchange cyclically resumes execution from an interrupted position, each time changing the contents of the data in the buffer and dumping the state of memory into the original state.
Various strategies for entry data generations are supported. It is possible to overcome with the parallel performance of several environment, tied to different CPU nuclei. In addition to identifying failures during the code execution, the collection of performance metrics, the accumulation of Covearage statistics to evaluate the coverage of the executable code or the step-by-step trace of the executable code.
is additionally supported.
simultaneously by Google published