����� ������� Empowering Software Debugging Through Architectural Support for Program Rollback Radu Teodorescu and Josep Torrellas University of Illinois at Urbana-Champaign http:/ /iacoma.cs.uiuc.edu
������� ����� Motivation • Production software is hard to debug • Need lightweight, continuous monitoring system • We propose: hardware/software approach: • Architectural support for program undo • Monitoring and recovery from bugs in production systems Software Debugging with Architectural Radu Teodorescu - University of Illinois Support for Program Rollback 2
������� ����� Processor with Safe Speculative program undo support • Rollback/re-play of Software control Hardware control large code sections • Very low overhead Safe Code • Speculation control: Begin Spec Speculative Speculative code • In software: spec Speculative code Speculative Speculative code code Speculative code control instructions Speculative code Speculative code • In hardware: dynamic code End Spec sliding window Safe Code Software Debugging with Architectural Radu Teodorescu - University of Illinois Support for Program Rollback 3
������� ����� Contributions • We implemented an FPGA-based prototype of a processor with undo support • We show that simple hardware can provide powerful debugging tools • We discuss possible applications to software debugging • Initial assessment using buggy programs Software Debugging with Architectural Radu Teodorescu - University of Illinois Support for Program Rollback 4
������� ����� Debugging Production Code Original code Instrumented code Dynamic execution num=1; num=1; num=1; ... Replay p=m[a[*x]]+&y; enter_spec(); enter_spec(); ... p=m[a[*x]]+&y; num++; p=m[a[*x]]+&y; p=m[a[*x]]+&y; ... ... ... if(pstate()==REEXEC) if(pstate()==REEXEC) Rollback { if(pstate()==REEXEC) info_collect(); { exit_spec(flag); } info_collect(); } exit_spec(flag); exit_spec(flag); num++; Normal num++; Speculative Re - execute Software Debugging with Architectural Radu Teodorescu - University of Illinois Support for Program Rollback 5
������� ����� Implementation • Save/restore processor state: checkpointed state • Register checkpointing and CPU restoration • Data cache that buffers speculative data (commit or Data Cache invalidate) • Instructions enable/disable speculation on-the-fly Memory • Limits: cache size, I/O Software Debugging with Architectural Radu Teodorescu - University of Illinois Support for Program Rollback 6
������� ����� Other uses of program rollback support Software Debugging with Architectural Radu Teodorescu - University of Illinois Support for Program Rollback 7
������� ����� Code versioning • Binary keeps two versions: Safe Code • conservative - safer Begin Spec • aggressively optimized - potentially buggy CONSERVATIVE AGGRESSIVE code code • Execute aggressive code speculatively Checking Code Safe Code • If test fails, fall back on End Spec conservative version Software Debugging with Architectural Radu Teodorescu - University of Illinois Support for Program Rollback 8
������� ����� Sandboxing OS drivers • Buggy drivers - main cause of OS crashes Kernel code • Kernel survival in the presence of faulty drivers CLEANUP Driver code BUG! code • Execute driver code speculatively • If crash, re-initialize driver Software Debugging with Architectural Radu Teodorescu - University of Illinois Support for Program Rollback 9
������� ����� Failure-oblivious computing • Enables applications to execute beyond some errors [Rinard04] • Invalid memory accesses are caught • write: ignore, continue execution • read: manufacture value, continue • After invalid access - speculative execution for a certain duration Software Debugging with Architectural Radu Teodorescu - University of Illinois Support for Program Rollback 10
������� ����� Evaluation Software Debugging with Architectural Radu Teodorescu - University of Illinois Support for Program Rollback 11
������� ����� Hardware prototype • LEON2 - SPARC V8 compliant processor • In-order, single issue, 5-stage pipeline • Windowed register file • L1 instruction and data caches • Synthesizable, open source VHDL code • Fully functional, runs Linux embedded Software Debugging with Architectural Radu Teodorescu - University of Illinois Support for Program Rollback 12
������� ����� System Deployment J T A Processor G Image C O M PCI I/O Terminal Binaries Control App. Software Debugging with Architectural Radu Teodorescu - University of Illinois Support for Program Rollback 13
������� ����� Evaluation • Applications with known bugs DETECTION WINDOW • Manually instrument the code bug location • Detection window contains: • bug location bug manifestation • bug manifestation • Determine if we can roll back the buggy code section Software Debugging with Architectural Radu Teodorescu - University of Illinois Support for Program Rollback 14
������� ����� Buggy applications Successful Dynamic Application Bug Description rollback Instructions Input file name longer than 1024 ncompress-4.2.4 Yes 10653 bytes corrupts stack polymorph-0.4.0 Input file name longer than 2048 No 103838 bytes corrupts stack Unexpected loop bounds causes tar-1.13.25 Yes 193 heap object overflow Wrong bounds checking causes man-1.5h1 Yes 54217 static object corruption Input file name longer than 1024 gzip-1.2.4 Yes 17535 bytes overflows a global variable Software Debugging with Architectural Radu Teodorescu - University of Illinois Support for Program Rollback 15
������� ����� Conclusions • Simple hardware can provide powerful debugging support • We built an FPGA-based prototype of a processor with program undo support • We describe a few possible applications to software debugging Software Debugging with Architectural Radu Teodorescu - University of Illinois Support for Program Rollback 16
������� ����� Thank you! Discussions and demo Software Debugging with Architectural Radu Teodorescu - University of Illinois Support for Program Rollback 17
Recommend
More recommend
