> From: Alex Bennée [mailto:alex.ben...@linaro.org]
> Pavel Dovgalyuk <pavel.dovga...@gmail.com> writes:
>
> > GDB remote protocol supports reverse debugging of the targets.
> > It includes 'reverse step' and 'reverse continue' operations.
> > The first one finds the previous step of the execution,
> > and the second one is intended to stop at the last breakpoint that
> > would happen when the program is executed normally.
> >
> > Reverse debugging is possible in the replay mode, when at least
> > one snapshot was created at the record or replay phase.
> > QEMU can use these snapshots for travelling back in time with GDB.
> >
> > Running the execution in replay mode allows using GDB reverse debugging
> > commands:
> > - reverse-stepi (or rsi): Steps one instruction to the past.
> > QEMU loads on of the prior snapshots and proceeds to the desired
> > instruction forward. When that step is reaches, execution stops.
> > - reverse-continue (or rc): Runs execution "backwards".
> > QEMU tries to find breakpoint or watchpoint by loaded prior snapshot
> > and replaying the execution. Then QEMU loads snapshots again and
> > replays to the latest breakpoint. When there are no breakpoints in
> > the examined section of the execution, QEMU finds one more snapshot
> > and tries again. After the first snapshot is processed, execution
> > stops at this snapshot.
> >
> > The set of patches include the following modifications:
> > - gdbstub update for reverse debugging support
> > - functions that automatically perform reverse step and reverse
> > continue operations
> > - hmp/qmp commands for manipulating the replay process
> > - improvement of the snapshotting for saving the execution step
> > in the snapshot parameters
> >
> > The patches are available in the repository:
> > https://github.com/ispras/qemu/tree/rr-191223
>
> So I tried with your additional patch. Launching QEMU as:
>
> ./aarch64-softmmu//qemu-system-aarch64 -monitor none \
> -display none -M virt -cpu max -display none \
> -semihosting-config enable=on \
> -kernel ./tests/tcg/aarch64-softmmu/memory \
> -icount shift=5,rr=replay,rrfile=record.bin \
> -s -S -d trace:gdbstub\*
>
> And gdb:
>
> gdb tests/tcg/aarch64-softmmu/memory \
> -ex "target remote localhost:1234"
>
> I get the following log:
>
> (gdb) x/3i $pc
> => 0x400037b0 <__start>: adr x0, 0x40003000 <vector_table>
> 0x400037b4 <__start+4>: msr vbar_el1, x0
> 0x400037b8 <__start+8>: adrp x0, 0x40200000
> (gdb) p/x $x0
> $1 = 0x0
> (gdb) si
> 92 msr vbar_el1, x0
> (gdb) p/x $x0
> $2 = 0x40003000
> (gdb) rsi
> warning: Remote failure reply: E14
>
> Program stopped.
> __start () at
> /home/alex.bennee/lsrc/qemu.git/tests/tcg/aarch64/system/boot.S:92
> 92 msr vbar_el1, x0
> (gdb) p/x $x0
> $3 = 0x40003000
>
> So it doesn't seem to be working.
That's ok, you'll need at least one VM snapshot available to recover the
initial VM state.
Try changing the command lines in the following way:
First, create empty.qcow2 which will be used for saving the snapshots.
Then record with initial snapshot and attached empty.qcow2:
./aarch64-softmmu//qemu-system-aarch64 -monitor none \
-display none -M virt -cpu max \
-kernel ./tests/tcg/aarch64-softmmu/memory \
-icount shift=5,rr=record,rrfile=record.bin,rrsnapshot=init \
-drive file=empty.qcow2
After that you can replay the execution with the support of reverse debugging:
./aarch64-softmmu//qemu-system-aarch64 -monitor none \
-display none -M virt -cpu max \
-kernel ./tests/tcg/aarch64-softmmu/memory \
-icount shift=5,rr=replay,rrfile=record.bin,rrsnapshot=init \
-drive file=empty.qcow2
I removed "-semihosting-config enable=on", because I'm not sure what is it for.
It may break the replay, because there is no implementation of
semihosting input record/replay.
Pavel Dovgalyuk
