From: "Pavel Dovgaluk" <Pavel.Dovgaluk@ispras.ru>
To: 'Mark Burton' <mark.burton@greensocs.com>,
'Peter Maydell' <peter.maydell@linaro.org>
Cc: "'Blue Swirl'" <blauwirbel@gmail.com>,
'qemu-devel' <qemu-devel@nongnu.org>,
"'KONRAD Frédéric'" <fred.konrad@greensocs.com>
Subject: Re: [Qemu-devel] [RFC] reverse execution.
Date: Wed, 29 May 2013 16:37:53 +0400 [thread overview]
Message-ID: <005a01ce5c69$571330c0$05399240$@Dovgaluk@ispras.ru> (raw)
In-Reply-To: <019C9E6F-6C2C-4D59-BB88-974F498337EB@greensocs.com>
Hello.
> Spot on Peter,
> The (simplistic) plan is simply to take a snapshot at regular intervals, when you want to step
> backwards, you return to a snapshot, and then re-run forwards to 'just before you started'.
>
> To answer Blauwirbel, we can't "approximate" this - or 'binary search' for the right place -
> we absolutely have to know exactly how to stop exactly 'just before'. To do that we need a
> measure of where we are. Time isn't really what we want (It has a nasty habit of moving
> forwards even when we are pretending to reverse it!). Ideally we need an instruction count. (I
> say ideally, we could actually get away with something like a block count, but if blocks are
> linked together etc, we would have to be careful).
>
> I still favor a dedicated counter for this, it seems to make more sense. But - I am wondering
> about a 'basic block counter' rather than an 'instruction counter'.
> Note - what I understand by a basic block is something that ends in a jump/branch of
> some description. Hence, one thing I think you can say about a basic block is that each PC
> value within it is unique. Hence, if I know the number of basic blocks executed, and the
> current PC, then I should be able to re-run to there (assuming a deterministic system of
> course).
>
> I'd be interested to know (a) if there is a sensible place for adding a basic block counter,
> and (b) if people like this route better or worse than an instruction counter?
We have implemented reverse debugging (through GDB) in QEMU. Translation of the instructions
was changed to increment a special instruction counter before execution of every instruction.
This counter is used to synchronize events that happen asynchronously in regular execution
mode (timers, disk operations, etc). Checkpointing is also used in our implementation to
rollback to previous state and then execute forward.
Trying to count basic blocks is much more complicated task, because they may be interrupted
with exceptions caused by MMU. Blocks' bounds are not deterministic because they
depend on additional code that you translate, instruction where you stopped (using single-step
or reverse-single-step commands).
You can find some details here:
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=6178942&contentType=Conferenc
e+Publications
Pavel Dovgaluk
prev parent reply other threads:[~2013-05-29 12:38 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-07 18:27 [Qemu-devel] [RFC] reverse execution KONRAD Frédéric
2013-05-09 17:54 ` Blue Swirl
2013-05-17 17:23 ` KONRAD Frédéric
2013-05-17 17:54 ` Peter Maydell
2013-05-17 19:16 ` Mark Burton
2013-05-23 1:57 ` Edgar E. Iglesias
2013-05-18 18:52 ` Blue Swirl
2013-05-22 16:14 ` KONRAD Frédéric
2013-05-19 4:37 ` Rob Landley
2013-05-19 7:21 ` Peter Maydell
2013-05-19 20:09 ` Mark Burton
2013-05-19 21:20 ` Peter Maydell
[not found] ` <CAD2=zRDphd7N5gCQeX6oVQP=HEbRRMpcwPKEVDj46DHKhgkKMw@mail.gmail.com>
2013-05-19 21:47 ` Brendan Dolan-Gavitt
2013-05-20 5:28 ` Mark Burton
2013-05-19 21:39 ` Rob Landley
2013-05-20 5:34 ` Mark Burton
2013-05-29 12:37 ` Pavel Dovgaluk [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='005a01ce5c69$571330c0$05399240$@Dovgaluk@ispras.ru' \
--to=pavel.dovgaluk@ispras.ru \
--cc=blauwirbel@gmail.com \
--cc=fred.konrad@greensocs.com \
--cc=mark.burton@greensocs.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).