How to recover from stack-corruption with reversible debugging

If a program overwrites its own program counter register, it is almost impossible to recover using a conventional debugger — without the program counter, the debugger cannot figure out which function the program was running, and so cannot even give any useful information about what is on the stack or where the code was immediately before the stack was corrupted. This makes debugging pretty much impossible.

With a reverse debugger however, recovery is almost comically simple. You can simply do:

- to rewind one instruction, and the state of the program will move back to the instruction that corrupted the program counter, allowing you to see what’s gone wrong. This will also allow the debugger to know what function was running and so be able to interpret the stack and display it to you in a useful way. You can replay your code and subsequently find the issue in order to then debug and fix it quickly.

For example, in this program, the function foo overwrites its stack with zeros and then attempts to return, which results in the program counter registers being set to zero.

The program crashes when run:

Looking at the core file with gdb doesn’t give us much information because the program counter register has been trashed, so there’s no usable backtrace:

Running under gdb doesn’t help either — there’s still no backtrace after the program crashes:

However, with UDB (formerly known as UndoDB), we can quickly figure out what has gone wrong:

Do the reverse-stepi trick to recover from the program counter corruption:

Now we know where we are, we can step back and figure out what went wrong:

So UDB has enabled us to figure out exactly what has gone wrong in seconds.

We hope you found this example useful. And if you’re interested in trying UDB, help yourself to a free trial.

Also visit the UDB technical documentation pages.

RELATED CONTENT

You may also be interested in reading this post on Why it’s time to debug different with time travel debugging.

Originally published at https://undo.io.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Undo Bytes

Undo is the time travel debugging company for Linux. We equip developers with the technology to understand complex code and fix bugs faster. https://undo.io