DOCSLIB.ORG

Ninja: Towards Transparent Tracing and Debugging On

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Ninja: Towards Transparent Tracing and Debugging On Ninja: Towards Transparent Tracing and Debugging on ARM Zhenyu Ning and Fengwei Zhang, Wayne State University https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/ning This paper is included in the Proceedings of the 26th USENIX Security Symposium August 16–18, 2017 • Vancouver, BC, Canada ISBN 978-1-931971-40-9 Open access to the Proceedings of the 26th USENIX Security Symposium is sponsored by USENIX Ninja: Towards Transparent Tracing and Debugging on ARM Zhenyu Ning and Fengwei Zhang Wayne State University fzhenyu.ning, [email protected] Abstract lar hardware components, and performance slowdown. The hardware-assisted virtualization technique [17, 50] Existing malware analysis platforms leave detectable fin- can improve the transparency of the virtualization-based gerprints like uncommon string properties in QEMU, systems; however, this approach still leaves artifacts on signatures in Android Java virtual machine, and arti- basic instruction execution semantics that could be easily facts in Linux kernel profiles. Since these fingerprints detected by malware [39]. provide the malware a chance to split its behavior de- To address this challenge, researchers study the mal- pending on whether the analysis system is present or ware on bare-metal devices via modifying the system not, existing analysis systems are not sufficient to ana- software [22, 37, 44, 55] or leveraging OS APIs [15, 56] lyze the sophisticated malware. In this paper, we pro- to monitor the runtime behavior of malware. Although pose NINJA, a transparent malware analysis framework bare-metal based approaches eliminate the detection of on ARM platform with low artifacts. NINJA leverages a the emulator or hypervisor, the artifacts introduced by the hardware-assisted isolated execution environment Trust- analysis tool itself are still detectable by malware. More- Zone to transparently trace and debug a target applica- over, privileged malware can even manipulate the anal- tion with the help of Performance Monitor Unit and Em- ysis tool since they run in the same environment. How bedded Trace Macrocell. NINJA does not modify system to build a transparent mobile malware analysis system is software and is OS-agnostic on ARM platform. We im- still a challenging problem. plement a prototype of NINJA (i.e., tracing and debug- This transparency problem has been well studied in ging subsystems), and the experiment results show that the traditional x86 architecture, and similar milestones NINJA is efficient and transparent for malware analysis. have been made from emulation-based analysis sys- tems [2, 40] to hardware-assisted virtualization analysis 1 Introduction systems [19, 20, 32], and then to bare-metal analysis sys- tems [30, 31, 41, 54]. However, this problem still chal- Malware on the mobile platform exhibits an explosive lenges the state-of-the-art malware analysis systems. growth in recent years. To solve the threat of the mali- We consider that an analysis system consists of an En- cious applications, a variety of tools have been proposed vironment (e.g., operating system, emulator, hypervisor, for malware detection and analysis [18, 22, 37, 44, 45, or sandbox) and an Analyzer (e.g., instruction analyzer, 52, 55, 56]. However, sophisticated malware, which is API tracer, or application debugger). The Environment also known as evasive malware, is able to evade the anal- provides the Analyzer with the access to the states of the ysis by collecting the artifacts of the execution environ- target malware, and the Analyzer is responsible for the ment or the analysis tool, and refuses to perform any ma- further analysis of the states. Consider an analysis sys- licious behavior if an analysis system is detected. tem that leverages the emulator to record the system call As most of the existing mobile malware analysis sys- sequence and sends the sequence to a remote server for tems [18, 45, 52] are based on emulation or virtual- further analysis. In this system, the Environment is the ization technology, a series of anti-emulation and anti- emulator, which provides access to the system call se- virtualization techniques [29, 36, 48] have been devel- quence, and both the system call recorder and the remote oped to challenge them. These techniques show that server belong to the Analyzer. Evasive malware can de- the emulation or virtualization can be easily detected tect this analysis system via anti-emulation techniques by footprints like string properties, absence of particu- and evade the analysis. USENIX Association 26th USENIX Security Symposium 33 To build a transparent analysis system, we propose 64-bit ARMv8 Exception Levels ARMv7 modes and PLs three requirements. Firstly, the Environment must be iso- Non-Secure state Secure state EL0 EL0 lated. Otherwise, the Environment itself can be manip- usr mode (PL0) ulated by the malware. Secondly, the Environment ex- Applications Applications EL1 EL1 fiq/irq/svc/abt/und/sys mode (PL1) ists on an off-the-shelf (OTS) bare-metal platform with- Rich OS Secure OS EL2 hyp mode (PL2) out modifying the software or hardware (e.g., emulation Hypervisor EL3 and virtualization are not). Although studying the anti- fiq/irq/svc/mon/abt/und/sys mode (PL3) emulation and anti-virtualization techniques [29, 36, 39, Secure monitor 48] helps us to build a more transparent system by fix- ing the imperfections of the Environment, we consider Figure 1: The ARMv8 and ARMv7 Architectures. perfect emulation or virtualization is impractical due to the complexity of the software. Instead, if the Environ- • We implement debugging and tracing subsystems ment already exists in the OTS bare-metal platform, mal- with a variety of program analysis functionalities. ware cannot detect the analysis system by the presence of NINJA is capable of studying kernel- or hypervisor- the Environment. Finally, the Analyzer should not leave level malware. The tracing subsystem exhibits a low any detectable footprints (e.g., files, memory, registers, performance overhead and the instruction and sys- or code) to the outside of the Environment. An Analyzer tem call tracing is immune to timing attacks. violating this requirement can be detected. 1 In light of the three requirements, we present NINJA , 2 Background a transparent malware analysis framework on ARM plat- form based on hardware features including TrustZone 2.1 TrustZone and Trusted Firmware technology, Performance Monitoring Unit (PMU), and Embedded Trace Macrocell (ETM). We implement a ARM TrustZone technology [12] introduces a hardware- prototype of NINJA that embodies a trace subsystem assisted security concept that divides the execution envi- with different tracing granularities and a debug subsys- ronment into two isolated domains, i.e., secure domain tem with a GDB-like debugging protocol on ARM Juno and non-secure domain. Due to security concerns, the development board. Additionally, hardware-based traps secure domain could access the resources (e.g., mem- and memory protection are leveraged to keep the use of ory and registers) of the non-secure domain, but not vice system registers transparent to the target application. The versa. In ARMv8 architecture, the only way to switch experimental results show that our framework can trans- from normal domain to secure domain is to trigger a parently monitor and analyze the behavior of the mal- secure exception [8], and the exception return instruc- ware samples. Moreover, NINJA introduces reasonable tion eret is used to switch back to the normal domain overhead. We evaluate the performance of the trace sub- from the secure domain after the exception is handled. system with several popular benchmarks, and the result Figure 1 shows the difference between the ARMv8 shows that the overheads of the instruction trace and sys- and the ARMv7 architectures. In the new architecture, tem call trace are less than 1% and the Android API trace ARM removes the execution modes in ARMv7 and re- introduces 4 to 154 times slowdown. names the Privilege Level (PL) to Exception Level (EL). The main contributions of this work include: The term EL indicates the level where an exception can be handled and all ELs except EL0 can handle excep- • We present a hardware-assisted analysis framework, tions. Any exception occurs in a certain level could only named NINJA, on ARM platform with low artifacts. be handled in the same level or a higher level. It does not rely on emulation, virtualization, or sys- The names of the system registers in 64-bit ARMv8 tem software, and is OS-agnostic. NINJA resides architecture contain a suffix that indicating the lowest in a hardware isolation execution environment, and EL at which the register can be accessed. For example, thus is transparent to the analyzed malware. the name of the PMEVCNTR EL0 register indicates that the lowest EL to access this register is EL0. Similarly, the • NINJA eliminates its footprints by novel techniques registers with suffix EL3 can only be accessed in EL3. including hardware traps, memory mapping inter- ARM Trusted Firmware [7] (ATF) is an official im- ception, and timer adjusting. The evaluation result plementation of secure domain provided by ARM, and demonstrates the effectiveness of the mitigation and it supports an array of hardware platforms and emula- NINJA achieves a high level of transparency. More- tors. While entering the secure domain, the ATF saves over, we evaluate the instruction-skid problem and the context of the normal domain and dispatches the se- show that it has little influence on our system. cure exception to the corresponding exception handler. 1ANINJA in feudal Japan has invisibility and transparency ability After the handler finishes the handling process, the ATF 34 26th USENIX Security Symposium USENIX Association restores the context of the normal domain and switches checking the values of these registers. By leveraging back with eret instruction. ATF also provides a trusted TrustZone technology, NINJA configures needed PMU boot path by authenticating the firmware image with sev- registers as secure ones so that even the privileged mal- eral approaches like signatures and public keys.
Load more

Recommended publications
  • Drilling Network Stacks with Packetdrill
    Drilling Network Stacks with packetdrill NEAL CARDWELL AND BARATH RAGHAVAN Neal Cardwell received an M.S. esting and troubleshooting network protocols and stacks can be in Computer Science from the painstaking. To ease this process, our team built packetdrill, a tool University of Washington, with that lets you write precise scripts to test entire network stacks, from research focused on TCP and T the system call layer down to the NIC hardware. packetdrill scripts use a Web performance. He joined familiar syntax and run in seconds, making them easy to use during develop- Google in 2002. Since then he has worked on networking software for google.com, the ment, debugging, and regression testing, and for learning and investigation. Googlebot web crawler, the network stack in Have you ever had the experience of staring at a long network trace, trying to figure out what the Linux kernel, and TCP performance and on earth went wrong? When a network protocol is not working right, how might you find the testing. [email protected] problem and fix it? Although tools like tcpdump allow us to peek under the hood, and tools like netperf help measure networks end-to-end, reproducing behavior is still hard, and know- Barath Raghavan received a ing when an issue has been fixed is even harder. Ph.D. in Computer Science from UC San Diego and a B.S. from These are the exact problems that our team used to encounter on a regular basis during UC Berkeley. He joined Google kernel network stack development. Here we describe packetdrill, which we built to enable in 2012 and was previously a scriptable network stack testing.
    [Show full text]
  • Navigating the Next Evolution of Application Development Using Distributed Tracing
    Navigating the Next Evolution of Application Development Using Distributed Tracing Navigating the Next Evolution of Application Development 1 Table of Contents Introduction ...........................................................................................................................................................................................3 How has software been built? Waterfall vs. DevOps ................................................................................. ............................. 4 The next evolution: Microservices ................................................................................................................................................5 What will you need to do differently to capitalizeon modern application development? ..........................................6 Get started with Epsagon on AWS ...............................................................................................................................................8 Case Study: Bastian Solutions .......................................................................................................................................................9 Learn More ..........................................................................................................................................................................................10 Navigating the Next Evolution of Application Development 2 Introduction Building and maintaining a competitive edge often requires you to evolve with your customers’
    [Show full text]
  • Traceability Establishment and Visualization of Software Artefacts in Devops Practice: a Survey
    (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 10, No. 7, 2019 Traceability Establishment and Visualization of Software Artefacts in DevOps Practice: A Survey D. A. Meedeniya1, I. D. Rubasinghe2, I. Perera3 Dept. of Computer Science and Engineering, University of Moratuwa, Sri Lanka Abstract—DevOps based software process has become the artefacts in the SDLC [2][3]. There are different forms of popular with the vision of an effective collaboration between the relationships between the homogeneous and heterogeneous development and operations teams that continuously integrates software artefacts. Some artefacts may be highly coupled, and the frequent changes. Traceability manages the artefact some may depend on other artefacts in different degrees, consistency during a software process. This paper explores the unidirectionally or bidirectionally. Thus, software artefacts trace-link creation and visualization between software artefacts, consistency management helps to fine-tune the software existing tool support, quality aspects and the applicability in a process. The incomplete, outdated software artefacts and their DevOps environment. As the novelty of this study, we identify the inconsistencies mislead both the development and maintenance challenges that limit the traceability considerations in DevOps process. Thus, artefact management is essential such that the and suggest research directions. Our methodology consists of changes are accurately propagated to the impacted artefacts concept identification, state-of-practice exploration and analytical review. Despite the existing related work, there is a without creating inconsistencies. Traceability is the potential to lack of tool support for the traceability management between relate artefacts considering their relationships [4][5]; thus, a heterogeneous artefacts in software development with DevOps solution for artefact management.
    [Show full text]
  • ARM Assembly Shellcode from Zero to ARM Assembly Bind Shellcode
    Lab: ARM Assembly Shellcode From Zero to ARM Assembly Bind Shellcode HITBSecConf2018 - Amsterdam 1 Learning Objectives • ARM assembly basics • Writing ARM Shellcode • Registers • System functions • Most common instructions • Mapping out parameters • ARM vs. Thumb • Translating to Assembly • Load and Store • De-Nullification • Literal Pool • Execve() shell • PC-relative Addressing • Reverse Shell • Branches • Bind Shell HITBSecConf2018 - Amsterdam 2 Outline – 120 minutes • ARM assembly basics • Reverse Shell • 15 – 20 minutes • 3 functions • Shellcoding steps: execve • For each: • 10 minutes • 10 minutes exercise • Getting ready for practical part • 5 minutes solution • 5 minutes • Buffer[10] • Bind Shell • 3 functions • 25 minutes exercise HITBSecConf2018 - Amsterdam 3 Mobile and Iot bla bla HITBSecConf2018 - Amsterdam 4 It‘s getting interesting… HITBSecConf2018 - Amsterdam 5 Benefits of Learning ARM Assembly • Reverse Engineering binaries on… • Phones? • Routers? • Cars? • Intel x86 is nice but.. • Internet of Things? • Knowing ARM assembly allows you to • MACBOOKS?? dig into and have fun with various • SERVERS?? different device types HITBSecConf2018 - Amsterdam 6 Benefits of writing ARM Shellcode • Writing your own assembly helps you to understand assembly • How functions work • How function parameters are handled • How to translate functions to assembly for any purpose • Learn it once and know how to write your own variations • For exploit development and vulnerability research • You can brag that you can write your own shellcode instead
    [Show full text]
  • Hardware-Driven Evolution in Storage Software by Zev Weiss A
    Hardware-Driven Evolution in Storage Software by Zev Weiss A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Computer Sciences) at the UNIVERSITY OF WISCONSIN–MADISON 2018 Date of final oral examination: June 8, 2018 ii The dissertation is approved by the following members of the Final Oral Committee: Andrea C. Arpaci-Dusseau, Professor, Computer Sciences Remzi H. Arpaci-Dusseau, Professor, Computer Sciences Michael M. Swift, Professor, Computer Sciences Karthikeyan Sankaralingam, Professor, Computer Sciences Johannes Wallmann, Associate Professor, Mead Witter School of Music i © Copyright by Zev Weiss 2018 All Rights Reserved ii To my parents, for their endless support, and my cousin Charlie, one of the kindest people I’ve ever known. iii Acknowledgments I have taken what might be politely called a “scenic route” of sorts through grad school. While Ph.D. students more focused on a rapid graduation turnaround time might find this regrettable, I am glad to have done so, in part because it has afforded me the opportunities to meet and work with so many excellent people along the way. I owe debts of gratitude to a large cast of characters: To my advisors, Andrea and Remzi Arpaci-Dusseau. It is one of the most common pieces of wisdom imparted on incoming grad students that one’s relationship with one’s advisor (or advisors) is perhaps the single most important factor in whether these years of your life will be pleasant or unpleasant, and I feel exceptionally fortunate to have ended up iv with the advisors that I’ve had.
    [Show full text]
  • Proceedings of the Linux Symposium
    Proceedings of the Linux Symposium Volume One June 27th–30th, 2007 Ottawa, Ontario Canada Contents The Price of Safety: Evaluating IOMMU Performance 9 Ben-Yehuda, Xenidis, Mostrows, Rister, Bruemmer, Van Doorn Linux on Cell Broadband Engine status update 21 Arnd Bergmann Linux Kernel Debugging on Google-sized clusters 29 M. Bligh, M. Desnoyers, & R. Schultz Ltrace Internals 41 Rodrigo Rubira Branco Evaluating effects of cache memory compression on embedded systems 53 Anderson Briglia, Allan Bezerra, Leonid Moiseichuk, & Nitin Gupta ACPI in Linux – Myths vs. Reality 65 Len Brown Cool Hand Linux – Handheld Thermal Extensions 75 Len Brown Asynchronous System Calls 81 Zach Brown Frysk 1, Kernel 0? 87 Andrew Cagney Keeping Kernel Performance from Regressions 93 T. Chen, L. Ananiev, and A. Tikhonov Breaking the Chains—Using LinuxBIOS to Liberate Embedded x86 Processors 103 J. Crouse, M. Jones, & R. Minnich GANESHA, a multi-usage with large cache NFSv4 server 113 P. Deniel, T. Leibovici, & J.-C. Lafoucrière Why Virtualization Fragmentation Sucks 125 Justin M. Forbes A New Network File System is Born: Comparison of SMB2, CIFS, and NFS 131 Steven French Supporting the Allocation of Large Contiguous Regions of Memory 141 Mel Gorman Kernel Scalability—Expanding the Horizon Beyond Fine Grain Locks 153 Corey Gough, Suresh Siddha, & Ken Chen Kdump: Smarter, Easier, Trustier 167 Vivek Goyal Using KVM to run Xen guests without Xen 179 R.A. Harper, A.N. Aliguori & M.D. Day Djprobe—Kernel probing with the smallest overhead 189 M. Hiramatsu and S. Oshima Desktop integration of Bluetooth 201 Marcel Holtmann How virtualization makes power management different 205 Yu Ke Ptrace, Utrace, Uprobes: Lightweight, Dynamic Tracing of User Apps 215 J.
    [Show full text]
  • Linuxcon North America 2012
    LinuxCon North America 2012 LTTng 2.0 : Tracing, Analysis and Views for Performance and Debugging. E-mail: [email protected] Mathieu Desnoyers August 29th, 2012 1 > Presenter ● Mathieu Desnoyers ● EfficiOS Inc. ● http://www.efficios.com ● Author/Maintainer of ● LTTng, LTTng-UST, Babeltrace, Userspace RCU Mathieu Desnoyers August 29th, 2012 2 > Content ● Tracing benefits, ● LTTng 2.0 Linux kernel and user-space tracers, ● LTTng 2.0 usage scenarios & viewers, ● New features ready for LTTng 2.1, ● Conclusion Mathieu Desnoyers August 29th, 2012 3 > Benefits of low-impact tracing in a multi-core world ● Understanding interaction between ● Kernel ● Libraries ● Applications ● Virtual Machines ● Debugging ● Performance tuning ● Monitoring Mathieu Desnoyers August 29th, 2012 4 > Tracing use-cases ● Telecom ● Operator, engineer tracing systems concurrently with different instrumentation sets. ● In development and production phases. ● High-availability, high-throughput servers ● Development and production: ensure high performance, low-latency in production. ● Embedded ● System development and production stages. Mathieu Desnoyers August 29th, 2012 5 > LTTng 2.0 ● Rich ecosystem of projects, ● Key characteristics of LTTng 2.0: – Small impact on the traced system, fast, user- oriented features. ● Interfacing with: Common Trace Format (CTF) Interoperability Between Tracing Tools Tracing Well With Others: Integration with the Common Trace Format (CTF), of GDB Tracepoints Into Trace Tools, Mathieu Desnoyers, EfficiOS, Stan Shebs, Mentor Graphics,
    [Show full text]
  • “Out-Of-VM” Approach for Fine-Grained Process Execution Monitoring
    Workshop for Frontiers of Cloud Computing, Dec 1, 2011, IBM T.J. Watson Research Center, NY Process Out-Grafting: An Efficient “Out-of-VM” Approach for Fine-Grained Process Execution Monitoring Deepa Srinivasan, Zhi Wang, Xuxian Jiang, Dongyan Xu * North Carolina State University, Purdue University* Malware Infection Trend New malware samples collected by McAfee Labs, by month* *Figure source: McAfee Threats Report: Second Quarter 2011, McAfee Labs 2 Anti-Malware Isolation Traditional anti-malware tools are not well-isolated Virtual Machine (VM) introspection Isolate tool by placing it outside a VM Analyze states and events externally User-mode Applications Monitor Virtual Machine … OS Kernel Hypervisor 3 Anti-Malware Isolation Traditional anti-malware tools are not well-isolated Virtual Machine (VM) introspection Isolate tool by placing it outside a VM Analyze states and events externally User-mode Applications Monitor VM Virtual Introspection Machine … OS Kernel Hypervisor 4 Out-of-VM Solutions Livewire (Garfinkel et al. , NDSS ‘03) XenAccess (Payne et al. , ACSAC ‘07) VMScope (Jiang et al. , RAID ‘07) Lares (Payne et al. , Oakland ‘08) … 5 Semantic Gap in Introspection What we want to observe High-level states and events (e.g. system calls, processes) What we can observe Low-level states and events (e.g. raw memory, interrupts) Internal User-mode Applications Monitor … External Monitor Semantic Virtual Machine Gap OS Kernel Hypervisor 6 Addressing the Semantic Gap Guest view casting VMWatcher (Jiang et al. , CCS
    [Show full text]
  • System Wide Tracing and Profiling in Linux
    SYSTEM WIDE TRACING AND PROFILING IN LINUX Nadav Amit Agenda • System counters inspection • Profiling with Linux perf tool • Tracing using ftrace Disclaimer • Introductory level presentation • We are not going to cover many tools • We are not going to get deep into the implementation of the tools • I am not an expert on many of the issues Collect Statistics • First step in analyzing the system behavior • Option 1: Resource statistics tools • iostat, vmstat, netstat, ifstat • dstat Examples: dstat --vm --aio • dstat • dstat --udp --tcp --socket • dstat --vm --aio dstat --udp --tcp --socket Watch system behavior online • Option 2: Sample the counter • top • Use –H switch for thread specific • Use ‘f’ to choose additional fields: page faults, last used processor • Use ‘1’ to turn off cumulative mode • iotop • Remember to run as sudoer top Inspect Raw Counters • Option 3: Go to the raw counters • General • /proc/stat • /proc/meminfo • /proc/interrupts • Process specific • /proc/[pid]/statm – process memory • /proc/[pid]/stat – process execution times • /proc/[pid]/status – human readable • Device specific • /sys/block/[dev]/stat • /proc/dev/net • Hardware • smartctl /proc/interrupts /sys/block/[dev]/stat Name units description ---- ----- ----------- read I/Os requests number of read I/Os processed read merges requests number of read I/Os merged with in-queue I/O read sectors sectors number of sectors read read ticks milliseconds total wait time for read requests write I/Os requests number of write I/Os processed write merges requests number
    [Show full text]
  • Debugging and Profiling with Arm Tools
    Debugging and Profiling with Arm Tools [email protected] • Ryan Hulguin © 2018 Arm Limited • 4/21/2018 Agenda • Introduction to Arm Tools • Remote Client Setup • Debugging with Arm DDT • Other Debugging Tools • Break • Examples with DDT • Lunch • Profiling with Arm MAP • Examples with MAP • Obtaining Support 2 © 2018 Arm Limited Introduction to Arm HPC Tools © 2018 Arm Limited Arm Forge An interoperable toolkit for debugging and profiling • The de-facto standard for HPC development • Available on the vast majority of the Top500 machines in the world • Fully supported by Arm on x86, IBM Power, Nvidia GPUs and Arm v8-A. Commercially supported by Arm • State-of-the art debugging and profiling capabilities • Powerful and in-depth error detection mechanisms (including memory debugging) • Sampling-based profiler to identify and understand bottlenecks Fully Scalable • Available at any scale (from serial to petaflopic applications) Easy to use by everyone • Unique capabilities to simplify remote interactive sessions • Innovative approach to present quintessential information to users Very user-friendly 4 © 2018 Arm Limited Arm Performance Reports Characterize and understand the performance of HPC application runs Gathers a rich set of data • Analyses metrics around CPU, memory, IO, hardware counters, etc. • Possibility for users to add their own metrics Commercially supported by Arm • Build a culture of application performance & efficiency awareness Accurate and astute • Analyses data and reports the information that matters to users insight • Provides simple guidance to help improve workloads’ efficiency • Adds value to typical users’ workflows • Define application behaviour and performance expectations Relevant advice • Integrate outputs to various systems for validation (e.g.
    [Show full text]
  • Postmodern Strace Dmitry Levin
    Postmodern strace Dmitry Levin Brussels, 2020 Traditional strace [1/30] Printing instruction pointer and timestamps print instruction pointer: -i option print timestamps: -r, -t, -tt, -ttt, and -T options Size and format of strings string size: -s option string format: -x and -xx options Verbosity of syscall decoding abbreviate output: -e abbrev=set, -v option dereference structures: -e verbose=set print raw undecoded syscalls: -e raw=set Traditional strace [2/30] Printing signals print signals: -e signal=set Dumping dump the data read from the specified descriptors: -e read=set dump the data written to the specified descriptors: -e write=set Redirecting output to files or pipelines write the trace to a file or pipeline: -o filename option write traces of processes to separate files: -ff -o filename Traditional strace [3/30] System call filtering trace only the specified set of system calls: -e trace=set System call statistics count time, calls, and errors for each system call: -c option sort the histogram printed by the -c option: -S sortby option Tracing control attach to existing processes: -p pid option trace child processes: -f option Modern strace [4/30] Tracing output format pathnames accessed by name or descriptor: -y option network protocol associated with descriptors: -yy option stack of function calls: -k option System call filtering pathnames accessed by name or descriptor: -P option regular expressions: -e trace=/regexp optional specifications: -e trace=?spec new syscall classes: %stat, %lstat, %fstat, %statfs, %fstatfs, %%stat, %%statfs
    [Show full text]
  • Bidirectional Tracing of Requirements in Embedded Software Development
    Bidirectional Tracing of Requirements in Embedded Software Development Barbara Draxler _________________________________ Fachbereich Informatik Universität Salzburg Abstract Nowadays, the increased complexity of embedded systems applications re- quires a systematic process of software development for embedded systems. An important difficulty in applying classical software engineering processes in this respect is ensuring that specific requirements of safety and real-time properties, which are usually posed at the beginning of the development, are met in the final implementation. This difficulty stems from the fact that requirements engineering in general is not mature in the established soft- ware development models. Nevertheless, several manufacturers have recently started to employ available requirements engineering methods for embedded software. The aim of this report is to provide insight into manufacturer practices in this respect. The report provides an analysis of the current state-of-art of requirements engineering in embedded real-time systems with respect to re- quirements traceability. Actual examples of requirements traceability and requirements engineering are analyzed against current research in require- ments traceability and requirements engineering. This report outlines the principles and the problems of traceability. Fur- thermore, current research on new traceability methods is presented. The importance of requirements traceability in real-time systems is highlighted and related significant research issues in requirements engineering are out- lined. To gain an insight in how traceability can aid process improvement, the viewpoint of CMMI towards requirements engineering and traceability is described. A short introduction in popular tracing tools that support require- ments engineering and especially traceability is given. Examples of traceabil- ity in the development of real-time systems at the Austrian company AVL are presented.
    [Show full text]