CASR: core dump analysis and severity reporter tool

Despite the fact that software development uses various technologies and approaches to diagnose errors in the early stages of development and testing, some errors are discovered during operation. To the user, errors often look like a program crash while running. To collect reports on program crashes, a special analysis component is built into the operating system. Such a component is present in both Windows OS and Linux-based OS, in particular Ubuntu. An important parameter is the severity of the error found, and this information is useful to both the developer of the distribution kit and the user. In particular, users with such diagnostics can take organizational and technical measures before the release of a bug fix from the software developer. The article introduces CASR: a tool for analyzing a memory image at the time of a process termination (coredump) and reporting errors. The tool allows you to assess the severity of the detected crash by analyzing the memory image, as well as collect the necessary information for the developer to help fix the defect. Such information is: OS distribution version, package version, process memory card, state of registers, values of environment variables, call stack, signal number that led to abnormal termination, etc. Severity assessment enables the software developer to correct errors, which are the most dangerous in the first place. CASR can detect files and network connections that were open at the time of the crash. This information will help reproduce the error, and will help users and administrators take action in the event of an attack on the system. The tool is designed to work on Linux OS and supports x86 / 64, armv7 architectures and can be supplied as a package for Debian-based distributions. The tool has been successfully tested with several open source bugs.

1. ГОСТ Р 56939-2016 Защита информации. Разработка безопасного программного обеспечения. Общие требования. / GOST R 56939-2016 Information protection. Secure software development. General requirements (in Russian).

2. Dang Y., Wu Rongxin, Zhang H., Zhang D., Nobel P. Rebucket: A method for clustering duplicate crash reports based on call stack similarity. In Proc. of the 34th International Conference on Software Engineering (ICSE), 2012, pp. 1084-1093.

3. Apport. URL: https://wiki.ubuntu.com/Apport, accessed 25.08.2020.

4. Mozilla crash reporter. URL: https://support.mozilla.org/en-US/kb/mozillacrashreporter, accessed 25.08.2020.

5. Gdb ‘exploitable’ plugin. URL: https://github.com/jfoote/exploitable, accessed 25.08.2020.

6. Glerum K., Glerum K., Kinshumann K., Greenberg S., Aul G., Orgovan V., Nichols G., Grant D., Loihle G. Debugging in the (very) large: ten years of implementation and experience. In Proc. of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, 2009, pp. 103-116.

7. libgoblin. URL: https://github.com/m4b/goblin, accessed 25.08.2020.

8. Capstone. URL: https://github.com/aquynh/capstone, accessed 25.08.2020.

9. Capstone-rust. URL: https://github.com/capstone-rust, accessed 25.08.2020.

10. Libunwind. URL: https://www.nongnu.org/libunwind/, accessed 25.08.2020.

11. libunwind-rs. URL: https://github.com/xcoldhandsx/libunwind-rs, accessed 25.08.2020.