Docstoc

interactive

Document Sample
interactive Powered By Docstoc
					       Interactive Debugging

  QuickZoom: A State Alteration and
Inspection-based Interactive Debugger




                                        1
QZDB Goal
 QUICK:



    State Inspection—Source Code Modification — Compile —Run
                          From Beginning




         State Inspection—State Rollback—State Alteration




                                                               2
QZDB Goal
  ZOOM:



                                         Faulty
    Faulty           Faulty
             Zoom              Zoom   Statement/
   Program          Function
                                       Variable




                                                   3
QZDB Overview

           State Inspection

                   ZOOM


           State Alteration

                   QUICK

           State Rollback




                               4
Debugging Process


                    ERROR


                                    State
                                  Alteration
         State
        Rollback
                                               State
                                            Inspection


               Correct?   Incorrect Output or Crash


                                                         5
QZDB features
 State Alteration
   predicate switching [ICSE 2006]
   execution suppression [TOPLAS 2010]

 State Inspection
    record
    dynamic slice [TOPLAS 2005]
    prune
    sbreak
    conditional breakpoint


 State Rollback
   checkpoint
   rollback


                                          6
QZDB                                  Program Start
              Add State Inspection Enabling Commands
                  Set Checkpoint     Set Record region
                            Set breakpoints
  QUICK
                 Execute program from Begin point


                       Perform State Inspection
                             Compute Slice
                               Navigate Slice                  ZOOM
                               Prune Slice


     Introduce new State
                                         Introduce State Alteration
     Inspection Enabling
                                                Commands
     Commands
                                                 Switch Commands
     Sbreak Set Record Region
                                                Suppress Commands
     Set Checkpoints
                                                                ZOOM

          Select New Begin Point && Rollback Execution
Predicate Switching
 The predicate switching interface allows programmers to
 dynamically change the outcome of a branch.
 Benefit
     root cause speculation
    avoid source code modification, recompilation and re-
    execution
 Interface
   switch fileName:lineNum [all|once|n]
     all: switch the result of all the execution instances of
      this predicate
     once: only switch the result of next execution instance

     n: only switch the result of N-th execution instance

                                                                 8
Predicate Switching-Example
 (qzdb)      list

  1: for(i=0; i<N; i++)
  2: {
  3:    if(i>j)
  4:          j++;
  5:    else
  6:          k++;
  7: }
 (qzdb) switch 3 all/once/4
                              9
Execution Suppression
 The execution suppression interface allows programmers to
 dynamically suppress the execution of some statement or
 function invocation.
 Benefit
     bug isolation and root cause speculation
    avoid repeated source code modification, recompilation and
    re-execution
 Interface
   suppress fileName:lineNum [all|once|n]
     all: suppress all the execution instances of this
      statement
     once: only suppress the next execution instance
     n: only suppress the N-th execution instance


                                                              10
Execution Suppression-Example

 (qzdb)       list

 1: for(i=0; i<N; i++)
 2: {
 3         array[i]=NULL;
 4: }
  5: do();
 (qzdb)   suppress 3 all/once/2
 (qzdb)   suppress 5 all/once/1




                                  11
Dynamic Slice based State Inspection
 The dynamic slice interface allows programmers to
 construct a backwards dynamic slice for the given
 criterion.
 Benefit
   Programmers can only focus and speculate(through
    predicate switching or execution suppression) on bug-
    related statements, which are much less compared to
    the whole execution trace with traditional debuggers.
   Enhance debugging efficiency
 Interface
   slice statement i variable|address [size]|register
   slice statement i
   slice statement
                                                            12
Record on/off
 The record interface allows programmers to designate
 interesting/suspicious code regions for logging and
 dynamic slicing .
  Predicate switching and execution suppression can suggest
 smaller suspicious code regions for record interface.
 Benefit
   Enhance logging and slicing efficiency
   save programmers’ time and effort to inspect the slice and
    reason about the root cause
 Interface
   record on/off
   record fileName:lineNum instance on/off



                                                                 13
                         Control
                                   Execution
Example                   Flow
                         Graph
                                   with N=1




  1: p=…;
  2: i=0;
  3: j=3;
  4: sum=0;
  5: p=i+j;
  6: while(i<N)
  7: {
  8:    w=p*2;
  9:    if(i>=1)
10:          j++;
11:    else
12:         j--;
13:    p+=j;
14:    sum+=j;
15:    i++;
16: }
17: k=sum; //wrong sum
Compute Dynamic Slice - Example
 (qzdb) record on          Dynamic Slice              Dynamic Slice
   1: p=x;
   2: i=0;                 1:    p=x;
   3: j=3;                 2:    i=0;            1: 17 1  14 1 due to sum
   4: sum=0;               3:    j=3;
   5: p=i+j;               4:    sum=0;
                                                 2: 14 1  12 1 due to j
   6: while(i<N)           5:    p=i+j;          3: 12 1  9 1 due to CD
   7: {                    6:    while(i<N)
   8:    w=p*2;                                  4: 14 1  6 1 due to CD
                           7:    {
   9:    if(i>=1)          8:       w=p*2;       5: 9 1  6 1 due to CD
 10:          j++;         9:       if(i>=1)
 11:    else                                     6: 14 1  4 1 due to sum
                          10:            j++;
 12:         j--;          11:      else         7: 12 1 3 1 due to j
 13:       p+=j;           12:            j--;
 14:    sum+=j;                                  8: 9 1  2 1 due to i
                           13:         p+=j;
 15:    i++;               14:       sum+=j;     9: 6 1  2 1 due to i
 16: }                     15:       i++;
 17: k=sum;                16:    }
 (qzdb) record off
                           17:   k=sum;
  (qzdb) slice 17 1 sum

                                                                        15
Prune Slice
 The prune interface allows programmers to exclude
 dependence edges regarding user-specified confident
 variables from the generated slice.
  It is useful when programmers are pretty sure that the
 values of some variables are correct.
 Benefit
   Irrelevant or less important statements can be
   significantly suppressed.
   save programmers’ time and effort to inspect the slice
   and reason about the root cause
 Interface
   prune slice_id variable list

                                                             16
Prune Slice - Example
                           Dynamic Slice        Pruned Dynamic Slice
 (qzdb) list                Slice Id =2              Slice Id=2
   1: p=x;
   2: i=0;
   3: j=3;                1:    p=x;              1:    p=x;
   4: sum=0;              2:    i=0;              2:    i=0;
   5: p=i+j;              3:    j=3;              3:    j=3;
   6: while(i<N)          4:    sum=0;            4:    sum=0;
   7: {                   5:    p=i+j;            5:    p=i+j;
   8:    w=p*2;           6:    while(i<N)        6:    while(i<N)
   9:    if(i>=1)         7:    {                 7:    {
 10:          j++;        8:       w=p*2;         8:       w=p*2;
 11:    else              9:       if(i>=1)       9:       if(i>=1)
 12:         j--;        10:            j++;     10:            j++;
 13:       p+=j;          11:      else           11:      else
 14:    sum+=j;           12:            j--;     12:            j--;
 15:    i++;              13:         p+=j;       13:         p+=j;
 16: }                    14:       sum+=j;       14:       sum+=j;
 17: k=sum;               15:       i++;          15:       i++;
 (qzdb) record off        16:    }                16:    }
 (qzdb) slice 17 1 sum    17:   k=sum;            17:   k=sum;
 (qzdb) prune 2 i, j
                                                                        17
Sbreak
  The sbreak interface allows programmers to
  generate a breakpoint at the statements in the slice.

 Benefit
   set breakpoints more efficiently and easily


 Interface
   sbreak slice_id s1,s2, ...
   sbreak slice_id all



                                                          18
breakpoint Slice - Example Dynamic Slice
                       Pruned
    1: p=x;
    2: i=0;                              Slice Id =2
    3: j=3;
    4: sum=0;              1:    p=x;
    5: p=i+j;              2:    i=0;
    6: while(i<N)          3:    j=3;
    7: {                   4:    sum=0; //insert a breakpoint
    8:    w=p*2;           5:    p=i+j;
    9:    if(i>=1)         6:    while(i<N) //insert a breakpoint
  10:          j++;        7:    {
  11:    else              8:       w=p*2;
  12:         j--;         9:       if(i>=1)
  13:       p+=j;         10:            j++;
  14:    sum+=j;           11:      else
  15:    i++;              12:            j--;
  16: }                    13:         p+=j;
  17: k=sum;               14:       sum+=j;
 (qzdb) record off         15:       i++;
 (qzdb) slice 17 1 sum     16:    }
 (qzdb) prune 2 i, j       17:   k=sum;
 (qzdb) sbreak 2 s1, s2
                                                                    19
Conditional Breakpoint
 The extended conditional breakpoint interface allows
 programmers to set conditional breakpoint for
 standard library functions, whose source code are
 often unavailable.
 Benefit
   Designed for memory-related bugs
   selectively and efficiently capture critical library
        function invocations
 Interface
   breakpoint library function [if condition]
     if write/read/access address [size]

       if argN|ret==value
                                                           20
Conditional Breakpoint-Example
(qzdb)      rollback 3
              list
(qzdb)
 1: str=malloc(N*sizeof(char)); //suppose checkpoint 3 is saved here
 2: …
 3: …
 4: …
 5: free(str);
 6: …
 7: p=str;
 8: free(p); //suppose the address of p is Addr /*crash point*/
(qzdb)   breakpoint malloc if ret==Addr
(qzdb)   breakpoint free if arg1==Addr
(qzdb)   breakpoint free if write Addr

                                                                  21
State Rollback Interfaces
 The state rollback interfaces allows programmers to
 restore the program state to a previous point.
 Benefit
   useful for repeated debugging(repeated state
    inspection, state alteration in SAID)
   avoid repeated execution from start
 Interface
   checkpoint
   rollback checkpoint_id




                                                       22
Checkpoint & Rollback-Example
(qzdb) list
 1: for(i=0; i<N; i++)
 2: {
 3         array[i]=NULL;
 4: }
 5: process(job);
(qzdb) checkpoint
 Checkpoint 2 at 0x80482b7: file tidy.c, line 1. You can rollback
 the program state to this checkpoint by rollback 2


(qzdb) list
 5:   process(job);
 6:   …
(qzdb) rollback 2

                                                                    23
Case Studies


               Benchmark Overview
QZDB Demo


   Stack Smashing bug in ncompress-4.2.4




                                            25
QZDB – Implementation

                           Program
                            Binary



Programmer
                                          Dynamic Slicing
             KDbg




                    GDB
                          Remote
                          Debugging   Checkpoint           Other
                          Protocol    &Rollback          Commands


                                                   Pin
QZDB Implementation
 GDB provides the monitor command for remote
 debugging. It can send arbitrary commands to the
 remote monitor and is designed for extending GDB.
 We use the monitor command to support
 the new commands implemented based on Pin.
   monitor slice linenum instance variable
 Modify GDB to preprocess the monitor command
   mapping from source lines to program addresses (ref
   info line)
   mapping from variable names to memory
   addresses(ref print &a)
 Modify GDB to post-process the generated slice

                                                          27
Dynamic Slice Time &Space
Overhead

          Program   MS/K instr.   KB/K instr.

   tidy                11.3           35.6

   ncompress           8.4            45.4

   bc                  15.6           33.8

   ghostscript         11.4           53.9

   tar                 58.6          40.4




                                                28
Future Plan
More State Alteration features
   Insert a statement
   Replacement a statement
   Automatic patch source code
Combination of Slice and Reversible Debugging
   Allow reverse execution along dependence edge
   Easy forward and backward source code navigation
    along slice
User Studies
   Comparison of debugging efficiency between QZDB and
    GDB

                                                          29
Question?


            30

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:6/7/2013
language:Unknown
pages:30
jiang lifang jiang lifang
About