Presentation is loading. Please wait.

Presentation is loading. Please wait.

Interactive Debugging QuickZoom: A State Alteration and Inspection-based Interactive Debugger 1.

Published byLoreen Bailey Modified over 9 years ago

Similar presentations

Presentation on theme: "Interactive Debugging QuickZoom: A State Alteration and Inspection-based Interactive Debugger 1."— Presentation transcript:

1 Interactive Debugging QuickZoom: A State Alteration and Inspection-based Interactive Debugger 1

2 QZ DB Goal  QUICK: 2 State Inspection—Source Code Modification — Compile —Run From Beginning State Inspection—State Rollback—State Alteration

3 3 Faulty Program Zoom Faulty Function Faulty Statement/ Variable Zoom  ZOOM: QZ DB Goal

4 QZ DB Overview 4  State Inspection  State Alteration  State Rollback ZOOM QUICK

5 Debugging Process Incorrect Output or Crash ERROR Correct? 5 State Rollback State Alteration State Inspection

6 QZ DB features  State Alteration  predicate switching [ICSE 2006]  execution suppression [TOPLAS 2010]  State Inspection  record  dynamic slice [TOPLAS 2005]  prune  sbreak  conditional breakpoint  State Rollback  checkpoint  rollback 6

7 Add State Inspection Enabling Commands Set Checkpoint Set Record region Set breakpoints Perform State Inspection Compute Slice Navigate Slice Prune Slice Introduce State Alteration Commands Switch Commands Suppress Commands Execute program from Begin point Introduce new State Inspection Enabling Commands Sbreak Set Record Region Set Checkpoints Select New Begin Point && Rollback Execution ZOOM QUICK QZ DB Program Start

8 Predicate Switching The predicate switching interface allows programmers to dynamically change the outcome of a branch.  Benefit  root cause speculation  avoid source code modification, recompilation and re- execution  Interface  switch fileName:lineNum [all|once|n] all: switch the result of all the execution instances of this predicate once: only switch the result of next execution instance n: only switch the result of N-th execution instance 8

9 Predicate Switching-Example (qzdb) 1: for(i=0; i<N; i++) 2: { 3: if(i>j) 4: j++; 5: else 6: k++; 7: } (qzdb) list switch 3 all/once/4 9

10 Execution Suppression The execution suppression interface allows programmers to dynamically suppress the execution of some statement or function invocation.  Benefit  bug isolation and root cause speculation  avoid repeated source code modification, recompilation and re-execution  Interface  suppress fileName:lineNum [all|once|n] all: suppress all the execution instances of this statement once: only suppress the next execution instance n: only suppress the N-th execution instance 10

11 Execution Suppression-Example (qzdb) 1: for(i=0; i<N; i++) 2: { 3 array[i]=NULL; 4: } 5: do(); list suppress 3 all/once/2 11 suppress 5 all/once/1 (qzdb)

12 Dynamic Slice based State Inspection The dynamic slice interface allows programmers to construct a backwards dynamic slice for the given criterion.  Benefit  Programmers can only focus and speculate(through predicate switching or execution suppression) on bug- related statements, which are much less compared to the whole execution trace with traditional debuggers.  Enhance debugging efficiency  Interface  slice statement i variable|address [size]|register  slice statement i  slice statement 12

13 Record on/off The record interface allows programmers to designate interesting/suspicious code regions for logging and dynamic slicing. Predicate switching and execution suppression can suggest smaller suspicious code regions for record interface.  Benefit  Enhance logging and slicing efficiency  save programmers’ time and effort to inspect the slice and reason about the root cause  Interface  record on/off  record fileName:lineNum instance on/off 13

14 Example 1: p=…; 2: i=0; 3: j=3; 4: sum=0; 5: p=i+j; 6: while(i<N) 7: { 8: w=p*2; 9: if(i>=1) 10: j++; 11: else 12: j--; 13: p+=j; 14: sum+=j; 15: i++; 16: } 17: k=sum; //wrong sum Control Flow Graph Execution with N=1

15 Compute Dynamic Slice - Example 15 ( qzdb ) 1: p=x; 2: i=0; 3: j=3; 4: sum=0; 5: p=i+j; 6: while(i<N) 7: { 8: w=p*2; 9: if(i>=1) 10: j++; 11: else 12: j--; 13: p+=j; 14: sum+=j; 15: i++; 16: } 17: k=sum; (qzdb) slice 17 1 sum record on record off 1: p=x; 2: i=0; 3: j=3; 4: sum=0; 5: p=i+j; 6: while(i<N) 7: { 8: w=p*2; 9: if(i>=1) 10: j++; 11: else 12: j--; 13: p+=j; 14: sum+=j; 15: i++; 16: } 17: k=sum; Dynamic Slice 1: 17 1  14 1 due to sum 2: 14 1  12 1 due to j 3: 12 1  9 1 due to CD 4: 14 1  6 1 due to CD 5: 9 1  6 1 due to CD 6: 14 1  4 1 due to sum 7: 12 1  3 1 due to j 8: 9 1  2 1 due to i 9: 6 1  2 1 due to i Dynamic Slice

16 Prune Slice The prune interface allows programmers to exclude dependence edges regarding user-specified confident variables from the generated slice. It is useful when programmers are pretty sure that the values of some variables are correct.  Benefit  Irrelevant or less important statements can be significantly suppressed.  save programmers’ time and effort to inspect the slice and reason about the root cause  Interface  prune slice_id variable list 16

17 Prune Slice - Example 17 (qzdb) 1: p=x; 2: i=0; 3: j=3; 4: sum=0; 5: p=i+j; 6: while(i<N) 7: { 8: w=p*2; 9: if(i>=1) 10: j++; 11: else 12: j--; 13: p+=j; 14: sum+=j; 15: i++; 16: } 17: k=sum; (qzdb) slice 17 1 sum list record off 1: p=x; 2: i=0; 3: j=3; 4: sum=0; 5: p=i+j; 6: while(i<N) 7: { 8: w=p*2; 9: if(i>=1) 10: j++; 11: else 12: j--; 13: p+=j; 14: sum+=j; 15: i++; 16: } 17: k=sum; Pruned Dynamic Slice Slice Id=2 prune 2 i, j 1: p=x; 2: i=0; 3: j=3; 4: sum=0; 5: p=i+j; 6: while(i<N) 7: { 8: w=p*2; 9: if(i>=1) 10: j++; 11: else 12: j--; 13: p+=j; 14: sum+=j; 15: i++; 16: } 17: k=sum; Dynamic Slice Slice Id =2

18 Sbreak The sbreak interface allows programmers to generate a breakpoint at the statements in the slice.  Benefit  set breakpoints more efficiently and easily  Interface  sbreak slice_id s1,s2,...  sbreak slice_id all 18

19 breakpoint Slice - Example 19 1: p=x; 2: i=0; 3: j=3; 4: sum=0; 5: p=i+j; 6: while(i<N) 7: { 8: w=p*2; 9: if(i>=1) 10: j++; 11: else 12: j--; 13: p+=j; 14: sum+=j; 15: i++; 16: } 17: k=sum; (qzdb) slice 17 1 sum record off 1: p=x; 2: i=0; 3: j=3; 4: sum=0; //insert a breakpoint 5: p=i+j; 6: while(i<N) //insert a breakpoint 7: { 8: w=p*2; 9: if(i>=1) 10: j++; 11: else 12: j--; 13: p+=j; 14: sum+=j; 15: i++; 16: } 17: k=sum; Pruned Dynamic Slice Slice Id =2 prune 2 i, j sbreak 2 s1, s2

20 Conditional Breakpoint The extended conditional breakpoint interface allows programmers to set conditional breakpoint for standard library functions, whose source code are often unavailable.  Benefit  Designed for memory-related bugs  selectively and efficiently capture critical library function invocations  Interface  breakpoint library function [if condition]  if write/read/access address [size] if argN|ret==value 20

21 Conditional Breakpoint-Example (qzdb) 1: str=malloc(N*sizeof(char)); //suppose checkpoint 3 is saved here 2: … 3: … 4: … 5: free(str); 6: … 7: p=str; 8: free(p); //suppose the address of p is Addr /*crash point*/ 21 rollback 3 list breakpoint malloc if ret==Addr breakpoint free if arg1==Addr breakpoint free if write Addr (qzdb)

22 State Rollback Interfaces The state rollback interfaces allows programmers to restore the program state to a previous point.  Benefit  useful for repeated debugging(repeated state inspection, state alteration in SAID)  avoid repeated execution from start  Interface  checkpoint  rollback checkpoint_id 22

23 Checkpoint & Rollback-Example (qzdb) 1: for(i=0; i<N; i++) 2: { 3 array[i]=NULL; 4: } 5: process(job); (qzdb) Checkpoint 2 at 0x80482b7: file tidy.c, line 1. You can rollback the program state to this checkpoint by rollback 2 list checkpoint (qzdb) 5: process(job); 6: … (qzdb) rollback 2 list 23

24 Case Studies Benchmark Overview

25 QZ DB Demo Stack Smashing bug in ncompress-4.2.4 25

26 Program Binary Programmer Remote Debugging Protocol KDbg GDB QZ DB – Implementation Dynamic Slicing Checkpoint &Rollback Other Commands Pin

27 QZ DB Implementation  GDB provides the monitor command for remote debugging. It can send arbitrary commands to the remote monitor and is designed for extending GDB. We use the monitor command to support the new commands implemented based on Pin.  monitor slice linenum instance variable  Modify GDB to preprocess the monitor command  mapping from source lines to program addresses (ref info line)  mapping from variable names to memory addresses(ref print &a)  Modify GDB to post-process the generated slice 27

28 Dynamic Slice Time &Space Overhead 28 ProgramMS/K instr.KB/K instr. tidy11.3 35.6 ncompress8.4 45.4 bc15.6 33.8 ghostscript11.4 53.9 tar58.6 40.4

29 Future Plan  More State Alteration features  Insert a statement  Replacement a statement  Automatic patch source code  Combination of Slice and Reversible Debugging  Allow reverse execution along dependence edge  Easy forward and backward source code navigation along slice  User Studies  Comparison of debugging efficiency between QZ DB and GDB 29

30 Question? 30

Download ppt "Interactive Debugging QuickZoom: A State Alteration and Inspection-based Interactive Debugger 1."

Similar presentations

Debugging operating systems with time-traveling virtual machines Sam King George Dunlap Peter Chen CoVirt Project, University of Michigan.

Debugging operating systems with time-traveling virtual machines Sam King George Dunlap Peter Chen CoVirt Project, University of Michigan.
Advanced Programming 15 Feb 2003. The “OI” Programming Process Reading the problem statement Thinking Coding + Compiling Testing + Debugging Finalizing.

Advanced Programming 15 Feb The “OI” Programming Process Reading the problem statement Thinking Coding + Compiling Testing + Debugging Finalizing.
Software & Services Group PinPlay: A Framework for Deterministic Replay and Reproducible Analysis of Parallel Programs Harish Patil, Cristiano Pereira,

Software & Services Group PinPlay: A Framework for Deterministic Replay and Reproducible Analysis of Parallel Programs Harish Patil, Cristiano Pereira,
IGOR: A System for Program Debugging via Reversible Execution Stuart I. Feldman Channing B. Brown slides made by Qing Zhang.

IGOR: A System for Program Debugging via Reversible Execution Stuart I. Feldman Channing B. Brown slides made by Qing Zhang.
Mehmet Can Vuran, Instructor University of Nebraska-Lincoln Acknowledgement: Overheads adapted from those provided by the authors of the textbook.

Mehmet Can Vuran, Instructor University of Nebraska-Lincoln Acknowledgement: Overheads adapted from those provided by the authors of the textbook.
RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.

RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.
Debugging What can debuggers do? Run programs Make the program stops on specified places or on specified conditions Give information about current variables’

Debugging What can debuggers do? Run programs Make the program stops on specified places or on specified conditions Give information about current variables’
Program Slicing. 2 CS510 S o f t w a r e E n g i n e e r i n g Outline What is slicing? Why use slicing? Static slicing of programs Dynamic Program Slicing.

Program Slicing. 2 CS510 S o f t w a r e E n g i n e e r i n g Outline What is slicing? Why use slicing? Static slicing of programs Dynamic Program Slicing.
Program Slicing Mark Weiser and Precise Dynamic Slicing Algorithms Xiangyu Zhang, Rajiv Gupta & Youtao Zhang Presented by Harini Ramaprasad.

Program Slicing Mark Weiser and Precise Dynamic Slicing Algorithms Xiangyu Zhang, Rajiv Gupta & Youtao Zhang Presented by Harini Ramaprasad.
Presented By: Krishna Balasubramanian

Presented By: Krishna Balasubramanian
1 Appendix A: Writing and Submitting SAS ® Programs A.1 Writing and Submitting SAS Programs.

1 Appendix A: Writing and Submitting SAS ® Programs A.1 Writing and Submitting SAS Programs.
Continuously Recording Program Execution for Deterministic Replay Debugging.

Continuously Recording Program Execution for Deterministic Replay Debugging.
CS 225 Lab #2 - Pointers, Copy Constructors, Destructors, and DDD.

CS 225 Lab #2 - Pointers, Copy Constructors, Destructors, and DDD.
2  Problem Definition  Project Purpose – Building Obfuscator  Obfuscation Quality  Obfuscation Using Opaque Predicates  Future Planning.

2  Problem Definition  Project Purpose – Building Obfuscator  Obfuscation Quality  Obfuscation Using Opaque Predicates  Future Planning.
Homework Reading –Finish K&R Chapter 1 (if not done yet) –Start K&R Chapter 2 for next time. Programming Assignments –DON’T USE and string library functions,

Homework Reading –Finish K&R Chapter 1 (if not done yet) –Start K&R Chapter 2 for next time. Programming Assignments –DON’T USE and string library functions,
Computer Programming and Basic Software Engineering 4. Basic Software Engineering 1 Writing a Good Program 4. Basic Software Engineering.

Computer Programming and Basic Software Engineering 4. Basic Software Engineering 1 Writing a Good Program 4. Basic Software Engineering.
P51UST: Unix and Software Tools Unix and Software Tools (P51UST) Compilers, Interpreters and Debuggers Ruibin Bai (Room AB326) Division of Computer Science.

P51UST: Unix and Software Tools Unix and Software Tools (P51UST) Compilers, Interpreters and Debuggers Ruibin Bai (Room AB326) Division of Computer Science.
Debugging Cluster Programs using symbolic debuggers.

Debugging Cluster Programs using symbolic debuggers.
The Art of Debugging Shlomy Gantz 02/13/01MDCFUG.

The Art of Debugging Shlomy Gantz 02/13/01MDCFUG.
Software (Program) Analysis. Automated Static Analysis Static analyzers are software tools for source text processing They parse the program text and.

Software (Program) Analysis. Automated Static Analysis Static analyzers are software tools for source text processing They parse the program text and.

Similar presentations

Ads by Google