Empowering Software Debugging Through Architectural Support for - - PowerPoint PPT Presentation

Empowering Software Debugging Through Architectural Support for Program Rollback

Radu Teodorescu and Josep Torrellas University of Illinois at Urbana-Champaign http:/ /iacoma.cs.uiuc.edu

Radu Teodorescu - University of Illinois Software Debugging with Architectural Support for Program Rollback

• Motivation
• Production software is hard to debug
• Need lightweight, continuous monitoring

system

• We propose: hardware/software approach:
• Architectural support for program undo
• Monitoring and recovery from bugs in

production systems

2

Radu Teodorescu - University of Illinois Software Debugging with Architectural Support for Program Rollback

• Processor with

program undo support

• Rollback/re-play of

large code sections

• Very low overhead
• Speculation control:
• In software: spec

control instructions

• In hardware: dynamic

sliding window

3

Safe Code Begin Spec Safe Code End Spec Speculative code

Safe Speculative

Software control Hardware control

Speculative code Speculative code Speculative code Speculative code Speculative code Speculative code Speculative code

Radu Teodorescu - University of Illinois Software Debugging with Architectural Support for Program Rollback

• Contributions
• We implemented an FPGA-based prototype of

a processor with undo support

• We show that simple hardware can provide

powerful debugging tools

• We discuss possible applications to software

debugging

• Initial assessment using buggy programs

4

Radu Teodorescu - University of Illinois Software Debugging with Architectural Support for Program Rollback

• Debugging Production Code

5 p=m[a[*x]]+&y; ... if(pstate()==REEXEC) num++; num=1; exit_spec(flag);

Rollback

p=m[a[*x]]+&y; ... if(pstate()==REEXEC) { info_collect(); }

Replay

exit_spec(flag); enter_spec();

Re-execute Normal Speculative

Dynamic execution

num=1; ... p=m[a[*x]]+&y; ... num++;

Original code Instrumented code

num=1; p=m[a[*x]]+&y; ... num++; if(pstate()==REEXEC) { info_collect(); } exit_spec(flag); enter_spec();

Radu Teodorescu - University of Illinois Software Debugging with Architectural Support for Program Rollback

• Implementation

6

checkpointed state

CPU

Data Cache Memory

• Save/restore processor state:
• Register checkpointing and

restoration

• Data cache that buffers

speculative data (commit or invalidate)

• Instructions enable/disable

speculation on-the-fly

• Limits: cache size, I/O

Radu Teodorescu - University of Illinois Software Debugging with Architectural Support for Program Rollback

• Other uses of program

rollback support

7

Radu Teodorescu - University of Illinois Software Debugging with Architectural Support for Program Rollback

• Code versioning
• Binary keeps two versions:
• conservative - safer
• aggressively optimized -

potentially buggy

• Execute aggressive code

speculatively

• If test fails, fall back on

conservative version

8

Safe Code Safe Code Begin Spec End Spec AGGRESSIVE code Checking Code CONSERVATIVE code

Radu Teodorescu - University of Illinois Software Debugging with Architectural Support for Program Rollback

• Sandboxing OS drivers
• Buggy drivers - main cause of

OS crashes

• Kernel survival in the presence
• f faulty drivers
• Execute driver code

speculatively

• If crash, re-initialize driver

9

Kernel code Driver code

BUG!

CLEANUP code

Radu Teodorescu - University of Illinois Software Debugging with Architectural Support for Program Rollback

• Failure-oblivious computing
• Enables applications to execute beyond some

errors [Rinard04]

• Invalid memory accesses are caught
• write: ignore, continue execution
• read: manufacture value, continue
• After invalid access - speculative execution

for a certain duration

10

Radu Teodorescu - University of Illinois Software Debugging with Architectural Support for Program Rollback

• Evaluation

11

Radu Teodorescu - University of Illinois Software Debugging with Architectural Support for Program Rollback

• Hardware prototype
• LEON2 - SPARC V8 compliant processor
• In-order, single issue, 5-stage pipeline
• Windowed register file
• L1 instruction and data caches
• Synthesizable, open source VHDL code
• Fully functional, runs Linux embedded

12

Radu Teodorescu - University of Illinois Software Debugging with Architectural Support for Program Rollback

• System Deployment

13

Processor Image Control App. I/O Terminal Binaries PCI

C O M J T A G

Radu Teodorescu - University of Illinois Software Debugging with Architectural Support for Program Rollback

• Evaluation

14

• Applications with known bugs
• Manually instrument the code
• Detection window contains:
• bug location
• bug manifestation
• Determine if we can roll back the buggy code

section

DETECTION WINDOW bug manifestation bug location

Radu Teodorescu - University of Illinois Software Debugging with Architectural Support for Program Rollback

• Buggy applications

15

Application Bug Description Successful rollback Dynamic Instructions ncompress-4.2.4 Input file name longer than 1024 bytes corrupts stack Yes 10653 polymorph-0.4.0 Input file name longer than 2048 bytes corrupts stack No 103838 tar-1.13.25 Unexpected loop bounds causes heap object overflow Yes 193 man-1.5h1 Wrong bounds checking causes static object corruption Yes 54217 gzip-1.2.4 Input file name longer than 1024 bytes overflows a global variable Yes 17535

Radu Teodorescu - University of Illinois Software Debugging with Architectural Support for Program Rollback

• Conclusions
• Simple hardware can provide powerful

debugging support

• We built an FPGA-based prototype of a

processor with program undo support

• We describe a few possible applications to

software debugging

16

Radu Teodorescu - University of Illinois Software Debugging with Architectural Support for Program Rollback

• Thank you!

17

Discussions and demo