assembly instruction level reverse execution for debugging
play

Assembly Instruction Level Reverse Execution for Debugging PhD - PowerPoint PPT Presentation

Assembly Instruction Level Reverse Execution for Debugging PhD Dissertation Defense by Tankut Akgul Advisor: Vincent J. Mooney School of Electrical and Computer Engineering Georgia Institute of Technology March 2004 Outline Background


  1. Assembly Instruction Level Reverse Execution for Debugging PhD Dissertation Defense by Tankut Akgul Advisor: Vincent J. Mooney School of Electrical and Computer Engineering Georgia Institute of Technology March 2004

  2. Outline � Background � Reverse Execution � Definition � Previous Work � Reverse Execution Methodology � Program Slicing � Definition � Previous Work � Program Slicing Methodology � Experimental Results 2

  3. Background Determine Start the Detect an the bug program error location(s) Remove the Error-free Restart the bug(s) and program program recompile the program Debugging is a repetitive process! 3

  4. Outline � Background � Reverse Execution � Definition � Previous Work � Reverse Execution Methodology � Program Slicing � Definition � Previous Work � Program Slicing Methodology � Experimental Results 4

  5. Definition of Reverse Execution � Reverse execution : Taking a program T from its current state S i to a previous state S j � Source code level reverse execution : Reverse execution where S j can be as early as one source code statement before state S i � Instruction level reverse execution : Reverse execution where S j can be as early as one assembly instruction before state S i 5

  6. Previous Work � Debugging � Optimistic Simulations � Database Applications � Interactive Systems � Editors � Program development environments 6

  7. Previous Work in Reverse Execution � Restore earlier state � Periodic checkpointing � Incremental checkpointing � Regenerate part of earlier state � Source transformation � Build a reversible processor with reversible circuit elements (Pendulum) 7

  8. Previous Work in Reverse Execution Periodic checkpointing checkpointing: : Periodic Memory usage for state saving: 12KB + 12KB 12KB + 12KB + 12KB = 60KB + Incremental checkpointing Incremental checkpointing: : Memory usage for state saving: 4KB + 8KB + 4KB + 4KB + 4KB = 24KB = 4KB 8

  9. Previous Work in Reverse Execution Source Transformation: Source Transformation: Sample () { Sample () { Sample_rev () { int x, y; int x, y; int x, y; y = 0; save y; if (b == 0) x += 10; y = 0; y--; if (x > 15) x += 10; else y++; if (x > 15) { y++; else b = 0; x -= 10; y--; y++; restore y; } } else { } b = 1; Source code Reverse code y--; } } Transformed code State saved for each destructive operation Destructive operation : An operation whose target operand is different than its source operands C. Carothers, K. Perumalla and R. Fujimoto, “Efficient Optimistic Parallel Simulations using Reverse Computation,” in Proceedings of ACM/IEEE/SCS Workshop on Parallel and Distributed Simulation ( PADS ), Atlanta, USA, May 1999. 9

  10. Previous Work in Reverse Execution � Heavy use of state saving � State saving = memory and time overheads during forward execution � No direct instruction level reverse execution support 10

  11. Outline � Background � Reverse Execution � Definition � Previous Work � Reverse Execution Methodology � Program Slicing � Definition � Previous Work � Program Slicing Methodology � Experimental Results 11

  12. Reverse Execution Methodology Assumptions: Assumptions: � State that cannot be modified directly does not include debugging information � E.g., condition status register � Physical memory is treated as a uniform entity � Exact physical memory state is not preserved � E.g., a value not in cache can be brought into cache after recovery � Sequential execution model � Indirect calls are made to well-defined target points 12

  13. Reverse Execution Methodology We define the state of a processor as follows: S = ( PC , M' , R' ) PC : program counter M' : directly modified memory values R' : directly modified register values In order to reverse execute a program, do the following: � Construct a reverse program RT for an input program T � Recover M' and R' by executing RT in place of T � Recover the program counter value by using the correspondence between T and RT 13

  14. Reverse Execution Methodology Reverse Code Generation ( RCG ) steps: 1. Divide the original program into program partitions 2. Generate the reverse of the instructions. The reverse of an instruction is called a Reverse Instruction Group ( RIG ) 3. Combine the RIGs 3.a Combine the RIGs to generate the reverse of each basic block ( RBB ) 3.b Combine the RBBs to generate the reverse of each partition 3.c Combine the reverse partitions to generate the reverse of whole program 14

  15. Reverse Execution Methodology start Partition the input program while constructing a call graph Build a modified value graph for current partition Read an instruction α from current partition Generate a RIG for α N Y Connect the RBB to reverse program end of BB? end of partition? N Y N Connect the reverse partition to reverse end of program? program, go to next partition Y end 15

  16. Step 1: Program Partitioning � Partitions are regions of code delimited by “ function call ” or “ indirect branch ” instructions that may exist within the original code e.g., in PowerPC instruction set: bl : function call instruction blr : branch to link register instruction (indirect) 16

  17. Step1: Program Partitioning first partition main : main : of main li r 3 ,0x5 li r 3 ,0x5 bl foo bl foo second partition addi r 12 , r 12 , 1 addi r 12 , r 12 , 1 of main blr blr single partition foo : foo : li r 11 , 3 of foo li r 11 , 3 ori r 12 , r 3 , 15 ori r 12 , r 3 , 15 divw r 10 , r 3 , r 11 divw r 10 , r 3 , r 11 cmpwi r 10 , 100 cmpwi r 10 , 100 bg L1 bg L1 sub r 11 , r 3 , r 12 sub r 11 , r 3 , r 12 b L2 b L2 L1: addi r 12 , r 10 , 1 L1: addi r 12 , r 10 , 1 sub r 11 , r 12 , r 3 sub r 11 , r 12 , r 3 L2: mullw r 12 , r 11 , r 10 L2: mullw r 12 , r 11 , r 10 blr blr 17

  18. Methodology (Continued) Reverse Code Generation ( RCG ) steps: 1. Divide the program into program partitions (single entry- single exit regions). 2. Generate the reverse of the instructions. The reverse of an instruction is called a Reverse Instruction Group ( RIG ) 3. Combine the RIGs 3.a Combine the RIGs to generate the reverse of each basic block ( RBB ) 3.b Combine the RBBs to generate the reverse of each partition 3.c Combine the reverse partitions to generate the reverse of whole program 18

  19. Step 2: RIG Generation � Three techniques to generate a RIG: 1. Re-define technique 2. Extract-from-use technique 3. State saving technique 19

  20. Step 2: RIG Generation (Cont.) start � Find the definitions of r 1 reaching P P r 2 < 0 � Recover r 1 by selectively re-executing the found definitions or by selectively false true extracting the found definitions out of r 1 = r 2 + r 3 r 1 = r 2 later uses of those definitions r 4 = r 1 + r 3 if r 2 < 0 P P RIG for α : r 1 = r 4 – r 3 or r 1 = r 2 α r 1 = r 2 - 4 else r 1 = r 2 + r 3 Extract-from-use Re-define exit 20

  21. Step2: RIG Generation (Cont.) � Rename Values start � Generate a directed graph called modified value graph ( MVG ) r 2 < 0 � Find the definition of r 1 reaching P P false true � Recover r 1 using available nodes r 1 1 r 1 = r 2 + r 3 r 1 = r 2 at P P' ' r 1 2 r 4 1 + 3 = Φ ( r 1 r 1 1 ,r 1 2 ) r 1 3 r 2 0 0 ≥ 0 1 r 4 r 4 = r 1 + r 3 < 0 Φ r P P 2 α 4 r 1 = r 2 - 4 r 1 1 r 1 2 r 1 4 r 1 Select P' ' P + operator r 1 0 r 4 0 0 r 2 r 3 0 exit if r 2 < 0 RIG for α : r 1 = r 4 – r 3 or r 1 = r 2 else r 1 = r 2 + r 3 21

  22. Methodology (Continued) Three steps to generate a complete reverse program: 1. Divide the program into program partitions (single entry- single exit regions). 2. Generate the reverse of the instructions. The reverse of an instruction is called a Reverse Instruction Group ( RIG ) 3. Combine the RIGs 3.a Combine the RIGs to generate the reverse of each basic block ( RBB ) 3.b Combine the RBBs to generate the reverse of each partition 3.c Combine the reverse partitions to generate the reverse of whole program 22

  23. Step 3.a: Constructing the RBBs RBB 1 RIG 2 BB 1 i 1 RIG 1 i 2 RBB 3 RIG 7 RBB 2 RIG 4 BB 2 i 3 i 5 BB 3 RIG 6 RIG 3 i 4 i 6 RIG 5 i 7 RBB 4 RIG 8 BB 4 i 8 Bottom-up placement order within BBs 23

  24. Step 3.b: Combining the RBBs start start ? BB 1 α 1 RBB 6 RIG 9 α 2 cb α 3 BB 2 α 5 BB 3 RBB 5 RBB 4 RIG 8 RIG 7 α 4 α 6 ? BB 4 cb RBB 3 RBB 2 BB 5 RIG 4 RIG 6 α 8 α 7 RIG 3 RIG 5 ? BB 6 RBB 1 RIG 2 α 9 RIG 1 BB: Basic Block cb RBB: Reverse of a BB exit exit cb: Conditional branch 24

  25. Step 3.c: Combining the Reverse Partitions m 1 start m main: 1 A 2 cmp r1, r2 A 2 A 0 bl g; // call g g 1 m 1 … m 2 m A 0 2 A 1 blr // return A 2 A 0 A 2 A 2 h g 1 g g: 1 A 1 A 4 … g 2 m 2 mtlr r0 // set a func. ptr. A 3 A 2 bclrl // call by the func. ptr. A 3 g 2 g end 2 … blr // return A 3 Push addresses on the � dynamically taken edges into h: h h stack … Pop the addresses from stack � blr // return A 4 during reverse execution and branch to reverses of popped addresses 25

  26. Recovering the Program Counter RCG Reverse of the algorithm Input Input Reverse Reverse input program Program Program Program Program Input Input RIG RIG instruction instruction address address Program being address address debugged Inversion Inversion 0x0 0x4000 Table Table 0x4 0x3FFC 0x8 0x3FE0 Designates the entry point into the reverse program for every … … instruction in the input program 26

Recommend


More recommend