research-article

Dynamically Instrumenting the QEMU Emulator for Linux Process Trace Generation with the GDB Debugger

Authors:

Bojan Mihajlović,

Željko Žilić,

Warren J. GrossAuthors Info & Claims

ACM Transactions on Embedded Computing Systems (TECS), Volume 13, Issue 5s

Article No.: 167, Pages 1 - 18

https://doi.org/10.1145/2678022

Published: 15 December 2014 Publication History

Abstract

In software debugging, trace generation techniques are used to resolve highly complex bugs. However, the emulators increasingly used for embedded software development do not yet offer the types of trace generation infrastructure available in hardware. In this article, we make changes to the ARM ISA emulation of the QEMU emulator to allow for continuous instruction-level trace generation. Using a standard GDB client, tracepoints can be inserted to dynamically log registers and memory addresses without altering executing code. The ability to run trace experiments in five different modes allows the scope of trace generation to be narrowed as needed, down to the level of a single Linux process. Our scheme collects the execution traces of a Linux process on average between 9.6x--0.7x the speed of existing QEMU trace capabilities, with 96.7% less trace data volume. Compared to a software-instrumented tracing scheme, our method is both unobtrusive and performs on average between 3--4 orders of magnitude faster.

References

[1]

Javier Alonso, Michael Grottke, Allen P. Nikora, and Kishor S. Trivedi. 2013. An empirical investigation of fault repairs and mitigations in space mission system software. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'13). 1--8.

Digital Library

[2]

ARM. 2011. Embedded trace macrocell architecture specification. http://infocenter.arm.com/help/topic/com.arm.doc.ihi0014q/IHI0014Q etm architecture spec.pdf.

[3]

ARM. 2013. ARM fast models. http://www.arm.com/products/tools/models/fast-models.

[4]

ARM. 2001. ARM developer suite: Debug target guide. http://infocenter.arm.com/help/topic/com.arm.doc.dui0058d/DUI0058.pdf.

[5]

Fabrice Bellard. 2005. QEMU, a fast and portable dynamic translator. In Proceedings of the Annual USENIX Technical Conference (ATEC'05). 41--46.

Digital Library

[6]

Matteo Bordin, Cyrille Comar, Tristan Gingold, Jerome Guitton, Olivier Hainque, Thomas Quinot, Julien Delange, Jerome Hugues, and Laurent Pautet. 2009. Couverture: An innovative open framework for coverage analysis of safety critical applications. Ada User J. 30, 4, 248--255.

[7]

Ming-Chao Chiang, Tse-Chen Yeh, and Guo-Fu Tseng. 2011. A QEMU and SystemC-based cycle-accurate ISS for performance estimation on SoC development. IEEE Trans. Comput.-Aided Des. Integr. Circ. Syst. 30, 4, 593--606.

Digital Library

[8]

Mathieu Desnoyers and Michel R. Dagenais. 2006. The LTTng tracer: A low impact performance and behavior monitor for GNU/Linux. In Proceedings of the Ottawa Linux Symposium (OLS'06). 209--224.

[9]

Frank C. Eigler, Vara Prasad, Will Cohen, Hien Nguyen, Martin Hunt, Jim Keniston, and Brad Chen. 2005. Architecture of systemtap: A Linux trace/probe tool. http://sourceware.org/systemtap/archpaper.pdf.

[10]

Antonio Giovanazzi. 2010. Single process emulation with QEMU to support dynamic analysis. Master's thesis, Politecnico di Milano, Milan, Italy http://hdl.handle.net/10589/2241.

[11]

Patrice Godefroid and Nachiappan Nagappan. 2008. Concurrency at Microsoft: An exploratory survey. In Proceedings of the CAV Workshop on Exploiting Concurrency Efficiently and Correctly (CAV'08).

[12]

GNU. 2013. GDB: The GNU project debugger. http://www.gnu.org/software/gdb.

[13]

Giovani Gracioli and Sebastian Fischmeister. 2012. Tracing and recording interrupts in embedded software. J. Syst. Archit. 58, 9, 372--385.

Digital Library

[14]

Brendan Gregg and Jim Mauro. 2011. DTrace: Dynamic Tracing in Oracle Solaris, Mac OS X and FreeBSD. Prentice Hall.

Digital Library

[15]

Matthew R. Guthaus, Jeffrey S. Ringenberg, Dan Ernst, Todd M. Austin, Trevor Mudge, and Richard B. Brown. 2001. MiBench: A free, commercially representative embedded benchmark suite. In Proceedings of the IEEE International Workshop on Workload Characterization (WWC'01). 3--14.

Digital Library

[16]

Brent Hailpern and Padmanabhan Santhanam. 2002. Software debugging, testing, and verification. IBM Syst. J. 41, 1, 4--12.

Digital Library

[17]

IEEE. 2001. IEEE standard test access port and boundary-scan architecture. IEEE Std 1149.1-2001, 1--200. http://standards.ieee.org/findstds/standard/1149.1-2001.html.

[18]

Nicholas Mcguire and Wang Baojun. 2007. A hardware architecture independant implementation of GDB tracepoints for linux. In Proceedings of the 8^th Real-Time Linux Workshop. 105--114.

[19]

Bojan Mihajlovic, Warren J. Gross, and Zeljko Zilic. 2013. Software debugging infrastructure for multicore systems-on-chip. In Multicore Technology: Architecture, Reconfiguration, and Modeling, Muhammad Yasir Qadri and Stephen J. Sangwine, Eds., CRC Press, Boca Raton, FL, 259--284.

[20]

Bojan Mihajlovic and Zeljko Zilic. 2011. Real-time address trace compression for emulated and real system-on-chip processor core debugging. In Proceedings of the 21^st ACM Great Lakes Symposium on VLSI (GLSVLSI'11). 331--336.

Digital Library

[21]

Milena Milenkovic, Scott Jones, Frank Levine, and Enio Pineda. 2008. Performance inspector tools with instruction tracing and per-thread/function profiling. In Proceedings of the Ottawa Linux Symposium (OLS'08). 75--84.

[22]

Achim Nohl. 2012. Debugging embedded software using virtual prototypes. White paper, Synopsys. http://www.synopsys.com/cgi-bin/sld/pdfdla/docsdl/debugging/wp.pdf&quest;file=debugging/wp.pdf.

[23]

Myeong-Chul Park, Young-Joo Kim, In-Geol Chun, Seok-Wun Ha, and Yong-Kee Jun. 2007. A GDB-based real-time tracing tool for remote debugging of soc programs. In Proceedings of the 1^st International Conference on Advances in Hybrid Information Technology (ICHIT'07). 490--499.

Digital Library

[24]

Bernhard Plattner. 1984. Real-time execution monitoring. IEEE Trans. Softw. Engin. SE-10, 6, 756--764.

Digital Library

[25]

Aaron Spear, Markus Levy, and Mathieu Desnoyers. 2012. Using tracing to solve the multicore system debug problem. Comput. 45, 12, 60--64.

Digital Library

[26]

Min Xu, Vyacheslav Malyugin, Jeffrey Sheldon, Ganesh Venkitachalam, and Boris Weissman. 2007. Re-Trace: Collecting execution trace with virtual machine deterministic replay. In Proceedings of the Workshop on Modeling, Benchmarking and Simulation (MoBS'07).

[27]

Chi-Tsai Yeh, Chun Hao Wang, and Ing-Jer Huang. 2011. A VM-based HW/SW codesign platform with multiple teams for the development of 3D graphics application. In Proceedings of the IEEE International Symposium on Consumer Electronics (ISCE'11). 615--620.

Cited By

Shlingbaum EYehuda RKiperberg MZaidenberg N(2024)Virtualized network packet inspectionComputer Networks10.1016/j.comnet.2024.110619251(110619)Online publication date: Sep-2024
https://doi.org/10.1016/j.comnet.2024.110619
Gan C(2023)Research on High-Reliability and Portable Dynamic Binary Instrumentation for Linux Syscall2023 3rd International Symposium on Computer Technology and Information Science (ISCTIS)10.1109/ISCTIS58954.2023.10213099(725-729)Online publication date: 7-Jul-2023
https://doi.org/10.1109/ISCTIS58954.2023.10213099
Feng TLiu J(2022)Optimization Research of Directed Fuzzing Based on AFLElectronics10.3390/electronics1124406611:24(4066)Online publication date: 7-Dec-2022
https://doi.org/10.3390/electronics11244066
Show More Cited By

Index Terms

Dynamically Instrumenting the QEMU Emulator for Linux Process Trace Generation with the GDB Debugger
1. Computer systems organization
  1. Embedded and cyber-physical systems
    1. Embedded systems
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Process validation
        Traceability
      2. Software defect analysis
        Software testing and debugging
  2. Software organization and properties
    1. Contextual software domains
      1. Software infrastructure
        Virtual machines

Recommendations

Architecture-Aware Real-Time Compression of Execution Traces

In recent years, on-chip trace generation has been recognized as a solution to the debugging of increasingly complex software. An execution trace can be seen as the most fundamentally useful type of trace, allowing the execution path of software to be ...
Real-time address trace compression for emulated and real system-on-chip processor core debugging
GLSVLSI '11: Proceedings of the 21st edition of the great lakes symposium on Great lakes symposium on VLSI

In the multicore era, capturing execution traces of processors is indispensable to debugging complex software. The inability to transfer vast amounts of trace data off-chip without significant slow-down has impeded the debugging of such software, in ...
Kernel-Assisted Debugging of Linux Applications
ROOTS '18: Proceedings of the 2nd Reversing and Offensive-oriented Trends Symposium

On Linux, most---if not all---debuggers use ptrace debugging API to control their target processes. However, ptrace proves unsatisfactory for many malware analysis and reverse engineering tasks: So-called split-personality malware often adapts its ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Embedded Computing Systems

ACM Transactions on Embedded Computing Systems Volume 13, Issue 5s

Special Issue on Risk and Trust in Embedded Critical Systems, Special Issue on Real-Time, Embedded and Cyber-Physical Systems, Special Issue on Virtual Prototyping of Parallel and Embedded Systems (ViPES)

November 2014

501 pages

ISSN:1539-9087

EISSN:1558-3465

DOI:10.1145/2660459

Editor:
Sandeep K. Shukla
Virginia Tech, USA

Issue’s Table of Contents

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 15 December 2014

Accepted: 01 September 2014

Revised: 01 June 2014

Received: 01 June 2013

Published in TECS Volume 13, Issue 5s

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
486
Total Downloads

Downloads (Last 12 months)35
Downloads (Last 6 weeks)2

Reflects downloads up to 12 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Shlingbaum EYehuda RKiperberg MZaidenberg N(2024)Virtualized network packet inspectionComputer Networks10.1016/j.comnet.2024.110619251(110619)Online publication date: Sep-2024
https://doi.org/10.1016/j.comnet.2024.110619
Gan C(2023)Research on High-Reliability and Portable Dynamic Binary Instrumentation for Linux Syscall2023 3rd International Symposium on Computer Technology and Information Science (ISCTIS)10.1109/ISCTIS58954.2023.10213099(725-729)Online publication date: 7-Jul-2023
https://doi.org/10.1109/ISCTIS58954.2023.10213099
Feng TLiu J(2022)Optimization Research of Directed Fuzzing Based on AFLElectronics10.3390/electronics1124406611:24(4066)Online publication date: 7-Dec-2022
https://doi.org/10.3390/electronics11244066
Niu GZhang FLi XMalka MKolodner HBellosa FGabel M(2022)Eliminate the overhead of interrupt checking in full-system dynamic binary translatorProceedings of the 15th ACM International Conference on Systems and Storage10.1145/3534056.3534939(1-12)Online publication date: 6-Jun-2022
https://dl.acm.org/doi/10.1145/3534056.3534939
Gebai MDagenais M(2018)Survey and Analysis of Kernel and Userspace Tracers on LinuxACM Computing Surveys10.1145/315864451:2(1-33)Online publication date: 12-Mar-2018
https://dl.acm.org/doi/10.1145/3158644
Kim DKim SRyou J(2018)Design and implementation of user-level dynamic binary instrumentation on ARM architectureThe Journal of Supercomputing10.1007/s11227-016-1777-974:8(3583-3595)Online publication date: 1-Aug-2018
https://dl.acm.org/doi/10.1007/s11227-016-1777-9
Cunha MMatoussi OPétrot F(2017)Detecting Software Cache Coherence Violations in MPSoC Using Traces Captured on Virtual PlatformsACM Transactions on Embedded Computing Systems10.1145/299019316:2(1-21)Online publication date: 2-Jan-2017
https://dl.acm.org/doi/10.1145/2990193
Chang TKing CDas BLiao B(2017)Configurable Fast Cycle-Approximate Timing Estimation for Instruction-Level Emulators2017 Fifth International Symposium on Computing and Networking (CANDAR)10.1109/CANDAR.2017.32(271-276)Online publication date: Nov-2017
https://doi.org/10.1109/CANDAR.2017.32
Mihajlović BŽilić ŽGross W(2015)Architecture-Aware Real-Time Compression of Execution TracesACM Transactions on Embedded Computing Systems10.1145/276644914:4(1-24)Online publication date: 9-Sep-2015
https://dl.acm.org/doi/10.1145/2766449

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents