Engineering
rr-debugger avatar

rr-debugger

Deterministic record-replay debugging using rr. Enables reverse execution, crash trace extraction, and GDB-based root cause analysis for software and binary vulnerabilities.

CourseVibe Coding & Tech Startup CourseTurn ideas into shipped products with AI-assisted coding and startup essentials—structured lessons, hands-on builds, and a clear path from prototype to launch. Open the course page for the full syllabus, format, and how to join.View syllabus & course details

Introduction

The rr-debugger skill provides an advanced interface for deterministic debugging, centered around the 'rr' (record-replay) framework. It is designed for security researchers, software engineers, and vulnerability analysts who need to inspect complex execution paths in C/C++ programs, particularly when dealing with crashes, memory corruption, or elusive ASAN (AddressSanitizer) faults. By recording a program's execution once and allowing infinite replays, this skill eliminates the non-determinism that often plagues debugging of race conditions and intermittent software defects.

  • Enables full reverse execution control using commands such as reverse-next, reverse-step, reverse-continue, and reverse-stepi, allowing developers to move backward through the instruction stream to identify the exact moment state corruption occurs.
  • Automates crash trace extraction, providing specific workflows for both standard crashes and complex ASAN reports, including automated frame jumping to the last application instruction before a fault occurs.
  • Offers comprehensive memory and variable inspection capabilities, including GDB-style printing of local variables, pointer dereferencing, and hex-format memory dumping.
  • Supports both source-level debugging through 'list' and 'layout src' commands and low-level assembly analysis using 'disassemble' and 'layout asm' to verify binary behavior.
  • Integrates with RAPTOR's autonomous research workflow, allowing researchers to transition from crash detection (e.g., via AFL++ fuzzing) to deep root-cause analysis without manually reconstructing the execution state.

When using this skill, ensure that the target environment supports the required ptrace capabilities, as rr requires specific kernel configurations (often requiring --privileged mode in Docker containers). The workflow typically begins by recording the execution with 'rr record', followed by an interactive 'rr replay' session. Users are encouraged to utilize the provided crash_trace.py helper for automated trace extraction. The tool is optimized for Linux-based environments and is highly effective for auditing binaries where traditional debuggers fail to provide sufficient context or repeatability. It serves as a vital component in the RAPTOR pipeline for validating vulnerabilities and crafting precise security patches.

Repository Stats

Stars
2,385
Forks
367
Open Issues
17
Language
Python
Default Branch
main
Sync Status
Idle
Last Synced
Apr 29, 2026, 07:42 AM
View on GitHub