1 / 30

Interactive Debugging QuickZoom : A State Alteration and Inspection-based Interactive Debugger

Interactive Debugging QuickZoom : A State Alteration and Inspection-based Interactive Debugger. QZ DB Goal. QUICK:. State Inspection—Source Code Modification — Compile —Run From Beginning. State Inspection—State Rollback—State Alteration. QZ DB Goal. ZOOM:. Faulty Program.

maylin
Download Presentation

Interactive Debugging QuickZoom : A State Alteration and Inspection-based Interactive Debugger

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Interactive Debugging QuickZoom: A State Alteration and Inspection-based Interactive Debugger

  2. QZDB Goal • QUICK: State Inspection—Source Code Modification — Compile —Run From Beginning • State Inspection—State Rollback—State Alteration

  3. QZDB Goal • ZOOM: Faulty Program Faulty Function Faulty Statement/Variable Zoom Zoom

  4. QZDB Overview • State Inspection • State Alteration • State Rollback ZOOM QUICK

  5. Debugging Process ERROR State Alteration State Rollback State Inspection Correct? Incorrect Output or Crash

  6. QZDB features • State Alteration • predicate switching [ICSE 2006] • execution suppression [TOPLAS 2010] • State Inspection • record • dynamic slice [TOPLAS 2005] • prune • sbreak • conditional breakpoint • State Rollback • checkpoint • rollback

  7. Program Start QZDB QUICK ZOOM ZOOM

  8. Predicate Switching The predicate switching interface allows programmers to dynamically change the outcome of a branch. • Benefit • root cause speculation • avoid source code modification, recompilation and re-execution • Interface • switch fileName:lineNum [all|once|n] • all: switch the result of all the execution instances of this predicate • once: only switch the result of next execution instance • n: only switch the result of N-th execution instance

  9. Predicate Switching-Example (qzdb) 1: for(i=0; i<N; i++) 2: { 3: if(i>j) 4: j++; 5: else 6: k++; 7: } (qzdb) list switch 3 all/once/4

  10. Execution Suppression The execution suppression interface allows programmers to dynamically suppress the execution of some statement or function invocation. • Benefit • bug isolation and root cause speculation • avoidrepeated source code modification, recompilation and re-execution • Interface • suppress fileName:lineNum [all|once|n] • all: suppress all the execution instances of this statement • once: only suppress the next execution instance • n: only suppress the N-th execution instance

  11. Execution Suppression-Example (qzdb) 1: for(i=0; i<N; i++) 2: { 3 array[i]=NULL; 4: } 5: do(); list (qzdb) suppress 3 all/once/2 (qzdb) suppress 5 all/once/1

  12. Dynamic Slice based State Inspection The dynamic slice interface allows programmers to construct a backwards dynamic slice for the given criterion. • Benefit • Programmers can only focus and speculate(through predicate switching or execution suppression) on bug-related statements, which are much less compared to the whole execution trace with traditional debuggers. • Enhance debugging efficiency • Interface • slice statement ivariable|address [size]|register • slice statement i • slice statement

  13. Record on/off The record interface allows programmers to designate interesting/suspicious code regions for logging and dynamic slicing . Predicate switching and execution suppression can suggest smaller suspicious code regions for record interface. • Benefit • Enhance logging and slicing efficiency • save programmers’ time and effort to inspect the slice and reason about the root cause • Interface • record on/off • record fileName:lineNum instance on/off

  14. Control Flow Graph Execution with N=1 Example 1: p=…; 2: i=0; 3: j=3; 4: sum=0; 5: p=i+j; 6: while(i<N) 7: { 8: w=p*2; 9: if(i>=1) 10: j++; 11: else 12: j--; 13: p+=j; 14: sum+=j; 15: i++; 16: } 17: k=sum; //wrong sum

  15. Dynamic Slice Dynamic Slice Compute Dynamic Slice - Example • (qzdb) 1: p=x; 2: i=0; 3: j=3; 4: sum=0; 5: p=i+j; 6: while(i<N) 7: { 8: w=p*2; 9: if(i>=1) 10: j++; 11: else 12: j--; 13: p+=j; 14: sum+=j; 15: i++; 16: } 17: k=sum; (qzdb) (qzdb) record on 1: p=x; 2: i=0; 3: j=3; 4: sum=0; 5: p=i+j; 6: while(i<N) 7: { 8: w=p*2; 9: if(i>=1) 10: j++; 11: else 12: j--; 13: p+=j; 14: sum+=j; 15: i++; 16: } 17: k=sum; 1: 17 1  14 1 due to sum 2: 14 1  12 1 due to j • 3: 12 1  9 1 due to CD 4: 14 1  6 1 due to CD 5: 9 1  6 1 due to CD 6: 14 1  4 1 due to sum 7: 12 1 3 1 due to j 8: 9 1  2 1 due to i • 9: 6 1  2 1 due to i record off slice 17 1 sum

  16. Prune Slice The prune interface allows programmers to exclude dependence edges regarding user-specified confident variables from the generated slice. It is useful when programmers are pretty sure that the values of some variables are correct. • Benefit • Irrelevant or less important statements can be significantly suppressed. • save programmers’ time and effort to inspect the slice and reason about the root cause • Interface • prune slice_id variable list

  17. Dynamic Slice Slice Id =2 Pruned Dynamic Slice Slice Id=2 Prune Slice - Example (qzdb) 1: p=x; 2: i=0; 3: j=3; 4: sum=0; 5: p=i+j; 6: while(i<N) 7: { 8: w=p*2; 9: if(i>=1) 10: j++; 11: else 12: j--; 13: p+=j; 14: sum+=j; 15: i++; 16: } 17: k=sum; (qzdb) (qzdb) (qzdb) list 1: p=x; 2: i=0; 3: j=3; 4: sum=0; 5: p=i+j; 6: while(i<N) 7: { 8: w=p*2; 9: if(i>=1) 10: j++; 11: else 12: j--; 13: p+=j; 14: sum+=j; 15: i++; 16: } 17: k=sum; 1: p=x; 2: i=0; 3: j=3; 4: sum=0; 5: p=i+j; 6: while(i<N) 7: { 8: w=p*2; 9: if(i>=1) 10: j++; 11: else 12: j--; 13: p+=j; 14: sum+=j; 15: i++; 16: } 17: k=sum; record off slice 17 1 sum prune 2 i, j

  18. Sbreak The sbreakinterface allows programmers to generate a breakpoint at the statements in the slice. • Benefit • set breakpoints more efficiently and easily • Interface • sbreakslice_id s1,s2, ... • sbreakslice_id all

  19. Pruned Dynamic Slice Slice Id =2 1: p=x; 2: i=0; 3: j=3; 4: sum=0; 5: p=i+j; 6: while(i<N) 7: { 8: w=p*2; 9: if(i>=1) 10: j++; 11: else 12: j--; 13: p+=j; 14: sum+=j; 15: i++; 16: } 17: k=sum; (qzdb) • (qzdb) (qzdb) • (qzdb) breakpoint Slice - Example 1: p=x; 2: i=0; 3: j=3; 4: sum=0; //insert a breakpoint 5: p=i+j; • 6: while(i<N) //insert a breakpoint 7: { 8: w=p*2; 9: if(i>=1) 10: j++; 11: else 12: j--; 13: p+=j; 14: sum+=j; 15: i++; 16: } 17: k=sum; record off slice 17 1 sum prune 2 i, j sbreak 2 s1, s2

  20. Conditional Breakpoint The extended conditional breakpoint interface allows programmers to set conditional breakpoint for standard library functions, whose source code are often unavailable. • Benefit • Designed for memory-related bugs • selectively and efficiently capture critical library function invocations • Interface • breakpoint library function [if condition] • if write/read/access address [size] • if argN|ret==value

  21. Conditional Breakpoint-Example rollback 3 list (qzdb) (qzdb) 1: str=malloc(N*sizeof(char)); //suppose checkpoint 3 is saved here 2: … 3: … 4: … 5: free(str); 6: … 7: p=str; 8: free(p); //suppose the address of p is Addr /*crash point*/ (qzdb) breakpoint malloc if ret==Addr (qzdb) breakpoint free if arg1==Addr (qzdb) breakpoint free if write Addr

  22. State Rollback Interfaces The state rollback interfaces allows programmers to restore the program state to a previous point. • Benefit • useful for repeated debugging(repeated state inspection, state alteration in SAID) • avoid repeated execution from start • Interface • checkpoint • rollback checkpoint_id

  23. Checkpoint & Rollback-Example list (qzdb) 1: for(i=0; i<N; i++) 2: { 3 array[i]=NULL; 4: } 5: process(job); (qzdb) Checkpoint 2 at 0x80482b7: file tidy.c, line 1. You can rollback the program state to this checkpoint by rollback 2 checkpoint (qzdb) 5: process(job); 6: … (qzdb) list rollback 2

  24. Case Studies Benchmark Overview

  25. QZDB Demo • Stack Smashing bug in ncompress-4.2.4

  26. QZDB– Implementation Program Binary Programmer Dynamic Slicing KDbg GDB Remote Debugging Protocol Checkpoint&Rollback Other Commands Pin

  27. QZDB Implementation • GDB provides the monitor command for remote debugging. It can send arbitrary commands to the remote monitor and is designed for extending GDB. We use the monitor command to support the new commands implemented based on Pin. • monitor slice linenum instance variable • Modify GDB to preprocess the monitor command • mapping from source lines to program addresses (ref info line) • mapping from variable names to memory addresses(ref print &a) • Modify GDB to post-process the generated slice

  28. Dynamic Slice Time &Space Overhead

  29. Future Plan • More State Alteration features • Insert a statement • Replacement a statement • Automatic patch source code • Combination of Slice and Reversible Debugging • Allow reverse execution along dependence edge • Easy forward and backward source code navigation along slice • User Studies • Comparison of debugging efficiency between QZDB and GDB

  30. Question?

More Related