rr-debugger

The rr-debugger skill provides an interface to the rr (Record and Replay) framework, allowing developers and security researchers to perform deterministic debugging of C/C++ applications. Unlike traditional debuggers that move only forward, rr captures the entire execution of a program, enabling users to travel backward in time to inspect the state of registers, memory, and local variables exactly as they were at any previous point in the execution trace. This is particularly powerful for triaging non-deterministic bugs, race conditions, or complex software crashes where the root cause is difficult to reproduce.

• Enables deterministic record and replay of binary executions.

• Supports full reverse execution, including reverse-next, reverse-step, reverse-continue, and reverse-stepi commands.

• Simplifies the analysis of ASAN (AddressSanitizer) faults by allowing the user to step back from the point of failure to the precise instruction that triggered the memory violation.

• Facilitates memory inspection using GDB-compatible commands, including variable printing, pointer dereferencing, and hex-formatted memory examination.

• Provides both source code and assembly views for deep introspection of execution logic.

• Includes support for autonomous crash trace extraction via script automation, making it ideal for large-scale vulnerability research workflows.

• The tool is designed for advanced binary analysis and security research, best suited for Linux-based environments where rr is supported.

• Input requirements: The binary must be recorded using rr record before the debugger can be initialized with rr replay.

• Operational constraints: Requires a container or environment with specific Linux kernel configurations (e.g., --privileged mode in Docker) to enable performance counters for record-replay functionality.

• Ideal for root-cause analysis (RCA) of memory corruption, segmentation faults, and complex logic bugs where reproducing the exact crash sequence is otherwise tedious or impossible.