[panda-users] Minimal variation in replays
Brendan Dolan-Gavitt
brendandg at nyu.edu
Tue Nov 20 08:54:57 EST 2018
Hi Felix,
I think this may be related to this issue:
https://github.com/panda-re/panda/issues/315
Basically, during replay QEMU periodically pops out of execution to check
for pending input to the monitor, gdb stub, etc. Unfortunately, this can
happen after the basic block callback has fired (but before any code in a
basic block has executed), which could lead to a block callback executing
twice.
One solution to the basic block callback issue might be to inline the
callback into the generated TCG and ensure that it only happens *after* the
check of exit_request at the start of the block.
-Brendan
On Thu, Nov 15, 2018 at 9:38 AM Felix Eberstaller <
felix.eberstaller at students.fh-hagenberg.at> wrote:
> Hi :),
>
> First of all, thank you for the great work on panda. It is truly amazing!
>
> The problem:
> It seems that the callback PANDA_CB_BEFORE_BLOCK_EXEC or
> PANDA_CB_AFTER_BLOCK_EXEC sometimes is being called too often during
> replay ?
> Running the same replay and printing out the blocks (pc) leads to
> different traces (see appendix).
> The variation between the traces is minimal and this has been tested
> with the current docker image and r-18-06.
> Is this a problem with my setup and is this the recommended way to track
> basic block execution during replay ?
>
> Best,
> Felix Eberstaller
>
> Appendix:
>
> Bash snippet:
>
> for i in {1..10}; do /panda/build/i386-softmmu/qemu-system-i386 -m 256
> -replay ii_01 -panda dumper | grep "PC >>" > /tmp/log$i; done ; md5sum
> /tmp/log*
>
> Initializing plugin dumper
> Initializing plugin dumper
> Initializing plugin dumper
> Initializing plugin dumper
> Initializing plugin dumper
> Initializing plugin dumper
> Initializing plugin dumper
> Initializing plugin dumper
> Initializing plugin dumper
> Initializing plugin dumper
> 2c0c8bd2c3ebe82bbc657f78905ac60a /tmp/log1
> b1cfdd0d7ca41c669d765ed12452b276 /tmp/log10
> 2c0c8bd2c3ebe82bbc657f78905ac60a /tmp/log2
> 4217cd4699f4322c40b873213f84a518 /tmp/log3
> 3d619029a54bd5a9507bbf876ee6d809 /tmp/log4
> ee27f65e1ca86cce4e3d792cb78c0a20 /tmp/log5
> 4217cd4699f4322c40b873213f84a518 /tmp/log6
> 2c0c8bd2c3ebe82bbc657f78905ac60a /tmp/log7
> 4217cd4699f4322c40b873213f84a518 /tmp/log8
> 3db131b965c8445d4c91aade227af439 /tmp/log9
>
>
> Diff between two traces:
> diff log1 log10
> 22336a22337
> > PC >> c116b903
> 22339d22339
> < PC >> c116b870
> 70987d70986
> < PC >> c12cfadc
>
> diff log6 log9
> 70987a70988
> > PC >> c12cfadc
>
>
> Code for dumper:
>
> #define __STDC_FORMAT_MACROS
> #include "panda/plugin.h"
> extern "C" {
> bool init_plugin(void *);
> void uninit_plugin(void *);
> }
>
> int before_block(CPUState* env, TranslationBlock* tb){
> printf("PC >> " TARGET_FMT_lx "\n", tb->pc);
> return 0x1;
> }
>
> bool init_plugin(void *self) {
> panda_cb pcb;
> pcb.before_block_exec = before_block;
> panda_register_callback(self, PANDA_CB_BEFORE_BLOCK_EXEC, pcb);
> return true;
> }
>
> void uninit_plugin(void *self) { }
>
>
> _______________________________________________
> panda-users mailing list
> panda-users at mit.edu
> http://mailman.mit.edu/mailman/listinfo/panda-users
>
--
Brendan Dolan-Gavitt
Assistant Professor, Department of Computer Science and Engineering
NYU Tandon School of Engineering
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20181120/db1db5f3/attachment.html
More information about the panda-users
mailing list