|
2 | 2 |
|
3 | 3 | ## Memory Analyzer |
4 | 4 |
|
5 | | -The memory analyzer is a front-end for running and querying GDB in order to |
6 | | -obtain a state of the input program. The GDB is not needed to be executed |
7 | | -directly but is rather used as a back-end for the memory analysis. A common |
8 | | -application would be to obtain a snapshot of a program under analysis at a |
9 | | -particular state of execution. Such a snapshot could be useful on its own: to |
10 | | -query about values of particular variables. Furthermore, since that snapshot is |
11 | | -a state of a valid concrete execution, it can also be used for subsequent |
12 | | -analyses. |
| 5 | +The memory analyzer is a front-end that runs and queries GDB in order to obtain |
| 6 | +a snapshot of the state of the input program at a particular program location. |
| 7 | +Such a snapshot could be useful on its own: to check the values of variables at |
| 8 | +a particular program location. Furthermore, since the snapshot is a state of a |
| 9 | +valid concrete execution, it can also be used for subsequent analyses. |
13 | 10 |
|
14 | 11 | ## Usage |
15 | 12 |
|
16 | | -We assume that the user wants to inspect a binary executable compiled with |
17 | | -debugging symbols and a symbol table information understandable by CBMC, e.g. |
18 | | -(having `goto-gcc` on the `PATH`): |
| 13 | +In order to analyze a program with `memory-analyzer` it needs to be compiled |
| 14 | +with `goto-gcc` (assuming `goto-gcc` is on the `PATH`): |
19 | 15 |
|
20 | 16 | ```sh |
21 | 17 | $ goto-gcc -g input_program.c -o input_program_exe |
22 | 18 | ``` |
23 | 19 |
|
24 | | -Calling `goto-gcc` instead of simply compiling with `gcc` produces an ELF binary |
25 | | -with a goto section that contains the goto model (goto program + symbol table) |
26 | | -[goto-cc-variants](../goto-cc/variants/). |
| 20 | +Calling `goto-gcc` instead of simply compiling with `gcc` or `goto-cc` produces |
| 21 | +an ELF binary with a goto section that contains the goto model (goto program + |
| 22 | +symbol table) [goto-cc-variants](../goto-cc/variants/). |
27 | 23 |
|
28 | | -The memory analyzer supports two workflows to initiate the GDB with user code: |
29 | | -either to run the code from a core-file or up to a break-point. If the user |
30 | | -already has a core-file, they can specify it with the option `--core-file cf`. |
31 | | -If the user knows the point of their program from where they want to run the |
32 | | -analysis, they can specify it with the option `--breakpoint bp`. Only one of |
| 24 | +The memory analyzer supports two ways of running GDB on the user code: either to |
| 25 | +run the code from a core-file or up to a break-point. If the user already has a |
| 26 | +core-file, they can specify it with the option `--core-file cf`. If the user |
| 27 | +knows the point of their program from where they want to run the analysis, they |
| 28 | +can specify it with the option `--breakpoint bp`. Only one of |
33 | 29 | core-file/break-point option can be used. |
34 | 30 |
|
35 | 31 | The tool also expects a comma-separated list of symbols to be analysed |
36 | | -`--symbols s1, s2, ..`. Given its dependence on GDB, `memory-analyzer` is a |
| 32 | +`--symbols s1, s2, ...`. Given its dependence on GDB, `memory-analyzer` is a |
37 | 33 | Unix-only tool. The tool calls `gdb` to obtain the snapshot which is why the |
38 | | -`-g` option is necessary for the program symbols to be visible. |
| 34 | +`-g` option is necessary when compiling for the program symbols to be visible. |
39 | 35 |
|
40 | 36 | Take for example the following program: |
41 | 37 |
|
@@ -77,11 +73,11 @@ to obtain as output the human readable list of values for each requested symbol: |
77 | 73 | ``` |
78 | 74 |
|
79 | 75 | The above option is useful for the user and their preliminary analysis but does |
80 | | -not contain enough information for further computer-based analyses. To that end, |
81 | | -memory analyzer has an option to request the result to be a snapshot of the |
82 | | -whole symbol table `--symtab-snapshot`. Finally, to obtain an output in JSON |
83 | | -format, e.g. for further analyses by `goto-harness` pass the additional option |
84 | | -`--json-ui`. |
| 76 | +not contain enough information for further automated analyses. To that end, |
| 77 | +memory analyzer has an option for the snapshot to be represented in the format |
| 78 | +of a symbol table (with `--symtab-snapshot`). Finally, to obtain an output in |
| 79 | +JSON format, e.g., for further analyses by `goto-harness` the additional option |
| 80 | +`--json-ui` needs to be passed to `memory-analyzer`. |
85 | 81 |
|
86 | 82 | ```sh |
87 | 83 | $ memory-analyzer --symtab-snapshot --json-ui \ |
|
0 commit comments