How to distinguish if a jump was taken?

[Phasip]

Looking at the generated trace I realize we can see if it is a branch instruction by checking if R_RIP has the written flag. But how can we identify if the jump was taken?
Looking at the next frame is not reliable if taint analysis is used.

Currently it seems like my only option is to parse the instruction and execute it with the logged rflags. Would it be possible to store the information on if a branch was taken?

If it doesn't cause too much overhead while executing, a logical solution could be never to have a value flagged as both read and written, and instead break this up into two values one for read and one for write. This would also solve the ambiguity whether the value represents the value that was read or the value that was written. If this is done, a simple solution is to check the written R_RIP

[ivg]

Before I will write a detailed answer, can I ask you what version of bap are you using? Because,it looks like, that you're using legacy bap that is less then < 0.9.9.

[Phasip]

Everything was cloned from git last week, bap was installed using opam install bap (according to https://github.com/BinaryAnalysisPlatform/bap ).

Though the version of bap seems less important as I am looking directly at the output of the readtrace program ( https://github.com/BinaryAnalysisPlatform/bap-frames/tree/master/libtrace/src )