Pavel Dovgalyuk
ABSTRACT
Debugging of device drivers' failures is a very tough task because of kernel panics, blue screens of death, hardware volatility, long periods of time required to expose the bug, perturbation of the drivers by the debugger, and non-determinism of multi-threaded environment. This paper shows how reverse debugging reduces the influence of these factors to the process of drivers debugging. We present reverse debugger as a practical tool, which was tested for i386, x86-64, and ARM platforms, for Windows and Linux guest operating systems. We show that our tool incurs very low overhead (about 10%), which allows using it for debugging of the time sensitive applications. The paper also presents the case study which demonstrates reverse debugging of the USB kernel drivers for Linux.
- F. Bellard. Qemu, a fast and portable dynamic translator. In Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC ’05, pages 41–41, Berkeley, CA, USA, 2005. USENIX Association. Google Scholar
Digital Library
- B. Boothe. Efficient algorithms for bidirectional debugging. SIGPLAN Not., 35(5):299–310, May 2000. Google ScholarDigital Library
- S. S. Chia-Wei Hsu. Free: A fine-grain replaying executions by using emulation. The 20th Cryptology and Information Security Conference (CISC 2010), 2010.Google Scholar
- J. Chow, T. Garfinkel, and P. M. Chen. Decoupling dynamic program analysis from execution in virtual environments. In USENIX 2008 Annual Technical Conference on Annual Technical Conference, ATC’08, pages 1–14, Berkeley, CA, USA, 2008. USENIX Association. Google ScholarDigital Library
- B. Dolan-Gavitt, J. Hodosh, P. Hulin, T. Leek, and R. Whelan. Repeatable reverse engineering for the greater good with panda. Oct. 2014.Google Scholar
- P. Dovgalyuk. Deterministic replay of system’s execution with multi-target qemu simulator for dynamic analysis and reverse debugging. In Proceedings of the 2012 16th European Conference on Software Maintenance and Reengineering, CSMR ’12, pages 553–556, Washington, DC, USA, 2012. IEEE Computer Society. Google ScholarDigital Library
- J. Engblom. A review of reverse debugging. In in S4D, 2012.Google Scholar
- J. Engblom, D. Aarno, and B. Werner. Full-system simulation from embedded to high-performance systems. In R. Leupers and O. Temam, editors, Processor and System-on-Chip Simulation, pages 25–45. Springer US, 2010.Google Scholar
- S. T. King, G. W. Dunlap, and P. M. Chen. Debugging operating systems with time-traveling virtual machines. In Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC ’05, pages 1–1, Berkeley, CA, USA, 2005. USENIX Association. Google ScholarDigital Library
- M. Rittinghaus, K. Miller, M. Hillenbrand, and F. Bellosa. Simuboost: Scalable parallelization of functional system simulation. In Proceedings of the 11th International Workshop on Dynamic Analysis (WODA 2013), Houston, Texas, Mar. 16 2013.Google Scholar
- M. Xu, V. Malyugin, J. Sheldon, G. Venkitachalam, B. Weissman, and V. Inc. Retrace: Collecting execution trace with virtual machine deterministic replay. In In Proceedings of the 3rd Annual Workshop on Modeling, Benchmarking and Simulation, 2007.Google Scholar
Index Terms
Don't panic: reverse debugging of kernel drivers
Recommendations
Platform-independent reverse debugging of the virtual machines
FRUCT '18: Proceedings of the 18th Conference of Open Innovations Association FRUCTPrototyping and debugging of operating systems and drivers are very tough tasks because of hardware volatility, kernel panics, blue screens of death, long periods of time required to expose the bug, perturbation of the drivers by the debugger, and non-...
Transparent mutable replay for multicore debugging and patch validation
ASPLOS '13: Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systemsWe present Dora, a mutable record-replay system which allows a recorded execution of an application to be replayed with a modified version of the application. This feature, not available in previous record-replay systems, enables powerful new ...
Transparent mutable replay for multicore debugging and patch validation
ASPLOS '13We present Dora, a mutable record-replay system which allows a recorded execution of an application to be replayed with a modified version of the application. This feature, not available in previous record-replay systems, enables powerful new ...
Comments