1

I read on this page that they were going to add revese execution support to existing simulators such as qemu. Since this page has been last edited since 2012, I would like to know if the current version of qemu supports this functionnality. If so, how to use it?

Mahouk
  • 902
  • 9
  • 28

2 Answers2

0

There are some patches, but AFAIK not yet merged: http://lists.gnu.org/archive/html/qemu-devel/2014-11/msg03947.html

In the mean-time (shameless plug), if it's a user-mode Linux application you're looking to debug, you could always try http://undo-software.com/

Greg Law
  • 79
  • 1
0

Pavel's patchset

Here is a serious 2018 patchset https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg00478.html which I find will likely get merged at some point.

It works simply by restoring the most recent checkpoint before the reverse break. You have to do the checkpoint manually, but it is a good first step towards something more automatic.

mozilla/rr

https://github.com/mozilla/rr is an open source alternative to UndoDB, and it is mentioned at https://www.linaro.org/blog/core-dump/tricks-for-debugging-qemu-rr/

rr's website specifically claims it can reverse debug QEMU and most complex Linux applications.

Of course, with either rr or UndoDB you will be reverse walking QEMU source directly.

But maybe it is simple to put breakpoints on the main CPU loop inside QEMU, and then somehow observe machine state (memory and registers) conveniently with the QEMU monitor's stop, registers, x and xp commands?

Simuliks

http://simulics.com/index_en.php is a commercial solution, but as mentioned at http://jakob.engbloms.se/archives/2452#more-2452 it is unlikely to be QEMU based due to ISA support and Java-basedness.

Userland reverse debugging

This would be even cooler, but it is even less likely to be present, since I don't see simple support even for forward QEMU userland debugging: Is it possible to use gdb and qemu to debug linux user space programs and kernel space simultaneously?

One naive implementation possibility would be to put QEMU on a mode that skips ring 0.

Ciro Santilli OurBigBook.com
  • 347,512
  • 102
  • 1,199
  • 985