Description
When a hook raises SerializeState exception, the state's Program Counter (PC) gets corrupted from the hook address to the _start routine address (0x400890) upon termination. This causes test failures and indicates a fundamental issue with state management after serialization.
Steps to Reproduce
Run the test:
pytest tests/native/test_resume.py::TestResume::test_resume -xvs
Current Behavior
- Hook at 0x4009AE (main) triggers and raises
SerializeState
- State is correctly serialized with PC=0x4009AE
- Hook triggers again at same PC and raises
TerminateState
- State terminates with corrupted PC=0x400890 (_start routine)
- Test fails with assertion:
4196496 != 4196782
Expected Behavior
After SerializeState exception:
- State should either be removed from execution queue, OR
- PC should advance past the hook to prevent re-triggering
- Terminated state should maintain correct PC value
Root Cause Analysis
The issue occurs in the worker's exception handling:
SerializeState is caught as a Concretize exception in worker.py
_fork() is called which serializes the state
- However, the state continues execution without PC advancement
- Hook re-triggers, raises
TerminateState
- During termination, PC is somehow reset to entry point
Investigation Details
Debug script output shows:
Hook #1 at PC: 0x4009ae
Raising SerializeState at PC: 0x4009ae
Hook #1 at PC: 0x4009ae # <-- Hook triggers again!
Terminating at PC: 0x4009ae
Terminated states: 1
PC: 0x400890 (expected 0x4009ae) # <-- PC corrupted!
Terminated by: None # <-- Should show TerminateState
Loaded saved state PC: 0x4009ae # <-- Saved state is correct
Suggested Fixes
Option 1: Prevent Re-execution (Recommended)
After handling SerializeState, mark the state to skip the current instruction or remove it from execution queue.
Option 2: Auto-advance PC
Automatically advance PC by one instruction after serialization to avoid re-triggering hooks.
Option 3: Fix State Management
Ensure _terminated_by is properly set and PC is preserved during termination.
Test Information
- Test: tests/native/test_resume.py::TestResume::test_resume
- Binary: examples/linux/binaries/multiple-styles
- Environment: Linux x86-64
Impact
- Breaks state serialization/resume functionality
- Causes CI failures
- Indicates potential corruption in state management
Additional Context
This bug was discovered during investigation of CI failures. The test has been temporarily disabled with pytest.mark.skip pending a fix.
Description
When a hook raises
SerializeStateexception, the state's Program Counter (PC) gets corrupted from the hook address to the _start routine address (0x400890) upon termination. This causes test failures and indicates a fundamental issue with state management after serialization.Steps to Reproduce
Run the test:
Current Behavior
SerializeStateTerminateState4196496 != 4196782Expected Behavior
After
SerializeStateexception:Root Cause Analysis
The issue occurs in the worker's exception handling:
SerializeStateis caught as aConcretizeexception in worker.py_fork()is called which serializes the stateTerminateStateInvestigation Details
Debug script output shows:
Suggested Fixes
Option 1: Prevent Re-execution (Recommended)
After handling
SerializeState, mark the state to skip the current instruction or remove it from execution queue.Option 2: Auto-advance PC
Automatically advance PC by one instruction after serialization to avoid re-triggering hooks.
Option 3: Fix State Management
Ensure
_terminated_byis properly set and PC is preserved during termination.Test Information
Impact
Additional Context
This bug was discovered during investigation of CI failures. The test has been temporarily disabled with pytest.mark.skip pending a fix.