Convert Figma logo to code with AI

rr-debugger logorr

Record and Replay Framework

9,084
578
9,084
454
View on GitHub

Top Related Projects

rr-debugger's avatar

rr

9,081

Record and Replay Framework

frida's avatar

frida

15,995

Clone this repo to build Frida

hugsy's avatar

gef

6,915

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

Quick Overview

rr is a lightweight, record-and-replay debugging tool for Linux. It allows developers to record the execution of a program and then replay it later, providing deterministic debugging capabilities. rr aims to enhance the debugging experience by enabling reverse execution and efficient analysis of complex bugs.

Pros

  • Deterministic replay: Allows exact reproduction of bugs, even for race conditions and other timing-sensitive issues
  • Reverse execution: Enables stepping backwards through code execution, making it easier to trace the origin of bugs
  • Low overhead: Designed to have minimal impact on program performance during recording
  • Integration with GDB: Works seamlessly with the GNU Debugger, providing familiar debugging commands and workflows

Cons

  • Linux-only: Currently only supports Linux operating systems, limiting its use on other platforms
  • Limited hardware support: May not work optimally on all CPU architectures or with certain hardware features
  • Learning curve: Requires some time to understand and effectively use its unique features and commands
  • Potential compatibility issues: Some programs or libraries may not work correctly with rr due to its recording mechanism

Getting Started

To get started with rr, follow these steps:

  1. Install rr on your Linux system:

    sudo apt-get install rr  # For Ubuntu/Debian

  2. Record a program's execution:

    rr record ./your_program

  3. Replay the recorded execution:

    rr replay

  4. Use GDB commands to debug the program during replay:

    (rr) continue
(rr) break main
(rr) reverse-continue

For more detailed instructions and advanced usage, refer to the official rr documentation.

Competitor Comparisons

rr-debugger logo

rr

9,081

Record and Replay Framework

Pros of rr

  • More active development and maintenance
  • Larger community and contributor base
  • Better documentation and user guides

Cons of rr

  • Higher system requirements
  • Steeper learning curve for new users
  • Potentially slower performance in some scenarios

Code Comparison

rr:

void record_syscall(Task* t, int syscallno) {
  t->write_mem(REMOTE_PTR_VOID(t->regs().arg1()),
               &syscallno, sizeof(syscallno));
  t->record_event(EV_SYSCALL, HAS_EXEC_INFO);
}

rr>:

void record_syscall(Task* t, int syscallno) {
  t->write_mem(REMOTE_PTR_VOID(t->regs().arg1()),
               &syscallno, sizeof(syscallno));
  t->record_event(EV_SYSCALL);
}

The code comparison shows a minor difference in the record_syscall function. The rr version includes an additional parameter HAS_EXEC_INFO in the record_event call, which suggests more detailed execution information is recorded.

frida logo

frida

15,995

Clone this repo to build Frida

Pros of Frida

  • Cross-platform support (iOS, Android, Windows, macOS, Linux)
  • Dynamic instrumentation and code injection capabilities
  • Extensive API for runtime manipulation and analysis

Cons of Frida

  • Steeper learning curve due to its extensive features
  • May require more setup and configuration for complex scenarios
  • Can be detected by some anti-tampering mechanisms

Code Comparison

Frida (JavaScript)

Java.perform(function () {
  var MainActivity = Java.use("com.example.app.MainActivity");
  MainActivity.secretFunction.implementation = function () {
    console.log("secretFunction called");
    return this.secretFunction();
  };
});

rr (GDB-like commands)

rr record ./my_program
rr replay
break main
continue
watch some_variable
reverse-continue

Key Differences

  • Frida focuses on dynamic instrumentation and runtime manipulation, while rr is primarily a record-and-replay debugger
  • Frida uses JavaScript for scripting, whereas rr uses GDB-like commands
  • Frida works across multiple platforms and architectures, while rr is primarily for Linux x86/x86-64
  • rr excels at deterministic debugging and reverse execution, which Frida doesn't provide
  • Frida allows for real-time modification of running processes, while rr is used for post-mortem analysis
hugsy logo

gef

6,915

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

Pros of GEF

  • More feature-rich, with built-in exploit development and reverse engineering tools
  • Easier to set up and use for beginners in reverse engineering
  • Actively maintained with frequent updates and community support

Cons of GEF

  • Limited to GDB debugging, while rr supports record and replay debugging
  • May have performance overhead for large binaries or complex debugging scenarios
  • Lacks the ability to reverse-execute code, which rr provides

Code Comparison

GEF example (Python):

gef> python print("Hello from GEF!")
Hello from GEF!
gef> checksec
[+] checksec for '/path/to/binary'
Canary                        : ✓
NX                            : ✓
PIE                           : ✓
Fortify                       : ✓
RelRO                         : Full

rr example (Shell):

$ rr record ./my_program
$ rr replay
(rr) continue
(rr) reverse-continue
(rr) when
Current event: 12345
(rr) run

While GEF enhances GDB with additional features for exploit development and reverse engineering, rr focuses on record and replay debugging with the ability to move backwards in time. GEF is more accessible for beginners, while rr offers unique capabilities for complex debugging scenarios.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Overview

Build and test status

rr is a lightweight tool for recording, replaying and debugging execution of applications (trees of processes and threads). Debugging extends gdb with very efficient reverse-execution, which in combination with standard gdb/x86 features like hardware data watchpoints, makes debugging much more fun. More information about the project, including instructions on how to install, run, and build rr, is at https://rr-project.org. The best technical overview is currently the paper Engineering Record And Replay For Deployability: Extended Technical Report.

Or go directly to the installation and building instructions.

Please contribute! Make sure to review the pull request checklist before submitting a pull request.

If you find rr useful, please add a testimonial.

rr development is sponsored by Pernosco and was originated by Mozilla.

System requirements

  • Linux kernel >= 4.7 (for support of __WALL in waitid())
    • rr 5.6.0 worked with kernel 3.11 (requiring PTRACE_SETSIGMASK)
  • rr currently requires either:
  • Running in a VM guest is supported, as long as the VM supports virtualization of hardware performance counters. (VMware and KVM are known to work; Xen does not.)