CN101241444B - Debugging method for dynamic binary translation - Google Patents

Debugging method for dynamic binary translation Download PDF

Info

Publication number
CN101241444B
CN101241444B CN 200810033743 CN200810033743A CN101241444B CN 101241444 B CN101241444 B CN 101241444B CN 200810033743 CN200810033743 CN 200810033743 CN 200810033743 A CN200810033743 A CN 200810033743A CN 101241444 B CN101241444 B CN 101241444B
Authority
CN
China
Prior art keywords
program
machine
source
execution
source machine
Prior art date
Application number
CN 200810033743
Other languages
Chinese (zh)
Other versions
CN101241444A (en
Inventor
梁阿磊
管海兵
郑举育
Original Assignee
上海交通大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海交通大学 filed Critical 上海交通大学
Priority to CN 200810033743 priority Critical patent/CN101241444B/en
Publication of CN101241444A publication Critical patent/CN101241444A/en
Application granted granted Critical
Publication of CN101241444B publication Critical patent/CN101241444B/en

Links

Abstract

The present invention provides a debug method for active binary translation, providing a debug method for active binary translation. The invention improves the basic function such as breakpoint, single step of general debugger, making it more proper for debug of active binary translation; The improved viewport function of the invention can monitor inrernal access and read-write, having a complexmethod and strong function contrast to the method of the traditional debugger viewport, observing the inner activity when is executed, finding problem when the program goes wrong, locating the faultsin the program; the invention introduces new function of retroversion execution to the debugger, providing a binary inaccurating retroversion execution algorithm, capable of retroversion execution arbitrary binary code in the binary translation plane, saving the debug time of the longer executing time program, great enhancing the speed of alignment error of programmer, it is a powerful tool of alignment error of developer.

Description

用于动态二进制翻译的调试方法 Debugging method for dynamic binary translation

技术领域 FIELD

[0001] 本发明涉及一种用于动态二进制翻译的调试方法,用于在动态二进制翻译器中调试动态翻译的代码。 [0001] The present invention relates to a debugging method of dynamic binary translation for debugging code for dynamically translated in a dynamic binary translator. 本发明属于二进制翻译技术领域。 The present invention belongs to the technical field of binary translation.

背景技术 Background technique

[0002] 动态二进制翻译是虚拟机技术中应用最广泛的一种方法,是解决遗留代码和提高软件平台适应性的一种有效手段,它在不需要可执行程序的源代码的情况下,可以动态地将源机器平台上的二进制程序经过转换,运行于其他目标机器平台上。 [0002] dynamic binary translation virtual machine is the most widely used technology in a way to solve the legacy code and software platform an effective means of improving adaptability, which in the case of the source code does not require an executable program, you can dynamic binaries on the platform on the source machine after the conversion, run the machine platform to other targets. 为动态二进制翻译平台提供调试器,一方面可以用来调试运行在其上的程序,有助于程序的开发,特别是当该平台用于模拟实际机器,来开发系统程序如操作系统时,对于操作系统的开发有更大的促进作用,现代操作系统的开发一般都是在模拟器中开发的,例如x86平台的模拟器Bochs和Arm平台的模拟器Skyeye,其中一个主要原因就是模拟器提供了强大的调试支持,而这正是实际机器无法提供的;另一方面也有利于发现动态二进制翻译平台本身的实现错误。 Providing debugger to dynamic binary translation platform, on the one hand can be used to debug a program running on it, contribute to the development of the program, especially when the platform for simulating an actual machine, such as an operating system program to develop a system for development of the operating system have a greater role in promoting the development of modern operating systems are generally developed in the simulator, such as simulator Bochs emulator Skyeye Arm platform and x86 platform, one of the main reasons is to provide a simulator powerful debugging support, which is the actual machine can not provide; on the other hand is also conducive to find dynamic binary translation platform itself is wrong.

[0003] 现有动态二进制翻译器提供了一定的调试支持,例如Tdb为动态翻译程序提供的一个源代码级调试器,Qemu实现了⑶B的基本调试协议,Dynamo和DynamoRIO实现了一个底层调试支持,还有Java的JPDACJava平台调试器架构),但这些调试器有一个共同缺点, 所提供的功能过于简单,只有设置断点,单步,执行和查看寄存器与内存等基本功能,其中Qemu和Dynamo的调试器仅适用于它们自身的平台,JPDA更是只为Java平台JIT (Java语言编译器)所设计。 [0003] Existing dynamic binary translator provides some debugging support, for example, a source-level debugger for the dynamic translator Tdb provided, to achieve the basic Qemu ⑶B the debugging protocol, and Dynamo DynamoRIO implement a low-level debugging support, there's JPDACJava Java platform debugger architecture), but these debugger have a common drawback, provided too simple, just set breakpoints, single-step, the basic functions of executing and viewing the register and memory, etc., in which the Dynamo and Qemu the debugger only for their own platform, JPDA is only for the Java platform JIT (Java language compiler) design. 只有这些基本功能的调试器的定位错误能力显得有点不足,在程序中产生错误数据的地方一般在程序失败之前,这类调试器只能通过设置断点,从后往前查找错误之处,多次重新执行程序来定位产生错误的地方,如果程序执行时间较长的话,这个过程将会消耗大量的时间。 Only the ability to locate the error debugger these basic functions seemed a bit inadequate, local produce erroneous data in the program before the general procedure fails, the debugger only through this kind of set breakpoints, look forward from the mistakes, and more times re-run the program to locate a wrong place, if the program execution for a long time, then this process will consume a lot of time.

[0004] 现有具有回退执行功能的调试器大都与语言紧密相关,利用特殊的编译支持来达到逆向执行的目的,比如PROVIDE支持C语言程序的逆向执行,但它只支持C语言的一个子集,Cook只支持Java字节码的回退执行,这些方法在动态二进制翻译中都不适用。 [0004] with a rollback of existing executive function debugger most closely related to the language, we use special compiler support to achieve the purpose of reverse execution, such as reverse PROVIDE support C language program execution, but it only supports a subset of the C language set, Cook only supports rollback execution of Java byte code, these methods are not applicable in dynamic binary translation.

[0005] 动态二进制翻译器的一般执行过程:被执行到的二进制程序由二进制翻译器以代码块为单位翻译为本地代码,翻译好的本地代码被存储在代码Cache中,下一次被执行到时就直接从代码Cache中获取翻译好的本地代码来执行,要运行的二进制代码所对应的本地代码是动态生成的,其所在地址也是运行时分配的,这使得现有调试静态生成代码的调试器无法调试运行在动态二进制翻译平台上的程序。 [0005] The general process for performing dynamic binary translator: the program is executed by a binary to binary translator code block in units of translation to native code, is translated native code in the code Cache, the next time is stored to perform directly from the Cache translated the code to execute native code, binary code corresponding to run native code is dynamically generated, it is assigned an address in the run-time, which makes the current generation of static debugging code debugger You can not debug a program running on a platform of dynamic binary translation.

[0006] 因此需要发明一种新的用于动态二进制翻译的调试方法,用于在动态二进制翻译器中调试动态翻译的代码。 [0006] Thus the need to invent a new debugging method for dynamic binary translation, dynamic translation for code debugging in a dynamic binary translator.

[0007] 发明内容 [0007] SUMMARY OF THE INVENTION

[0008] 本发明的目的在于针对现有技术的不足和动态二进制翻译器的特点,提供一种用于动态二进制翻译的调试方法,提高程序员定位程序错误的速度,节省执行时间较长的程序的调试时间。 [0008] The object of the present invention to the prior art lack the characteristics and the dynamic binary translator, the debugging method of dynamic binary translation provides a method for improving the speed error locator programmer, saving program execution time longer debugging time. [0009] 为实现这一目的,本发明改进了通用调试器的断点,单步执行等基本功能,使之更适合于动态二进制翻译器的调试;改进观察点功能用来监视内存的访问与读写,观察程序在执行时的内部活动,在程序出错时及时发现问题,定位错误在程序中的位置;在动态二进制翻译器的调试器引入回退执行的新功能,采用二进制级别的非精确回退执行算法,回退执行在二进制翻译平台中运行的任意二进制代码,以节省执行时间较长的程序的调试时间。 [0009] To achieve this object, the present invention improves the basic functions of breakpoints, single-step execution universal debugger, making it more suitable for debugging a dynamic binary translator; improve the viewing point used to monitor memory access function and read and write, to observe activities in the implementation of internal procedures, and when the program error to find problems, locate the error location in the program; the introduction of new back-off functions executed in the debugger dynamic binary translator, using the binary level of inexact backoff algorithm execution, rollback execute arbitrary binary code running in the binary translation platform to save debugging time longer execution time of the program.

[0010] 本发明的用于动态二进制翻译的调试方法的具体步骤如下: [0010] Specific steps for debugging method of dynamic binary translation of the present invention is as follows:

[0011] 1.通过断点暂停源机器程序执行 [0011] 1. Perform source machine program breakpoints pause

[0012] 利用动态二进制翻译器运行源机器程序,当遇到源机器程序中设置的断点暂停源机器程序的执行时,利用二进制翻译器将断点位置的源机器指令翻译为目的机器中的异常指令,在目的机器代码的执行过程中遇到该异常指令时就暂停执行,使用一个映射表支持源机器地址与物理机器动态地址的映射关系,通过查找该映射表来确定源机器程序暂停的位置。 [0012] using a dynamic binary translator operating program source machine, when the machine halted at a breakpoint source program source machine program execution set, the binary translator to translate the source machine instruction at the breakpoint location for the purpose of the machine instruction exception, the exception is encountered during execution of instructions in machine code on the object suspended, using a dynamic address mapping table mapping relationship of the physical address of the source machine to support the machine, is determined by looking up the source machine program mapping table suspended position.

[0013] 2.通过观察点暂停源机器程序执行 [0013] 2. By observation point source machine program execution suspended

[0014] 当遇到源机器程序中设置的用以跟踪源机器程序变量值或表达式值的变化的观察点时,二进制翻译器在支持硬件内存断点的机器上通过内存断点来暂停程序执行,或者利用内存映射过程来暂停程序执行。 [0014] When confronted with a machine to track the source of the process variable values ​​or observation point change expression values ​​set in the program source machine, binary translator in the support hardware breakpoints machine memory through the memory breakpoint to pause the program execution, or use memory-mapped process to suspend program execution.

[0015] 3.查看源机器程序在断点处的运行状态 [0015] 3. Check the state of the source machine running at a breakpoint

[0016] 在源机器程序暂停位置,通过读取模拟的源机器地址空间中的内存数据和模拟的中央处理单元寄存器的数据,检查源机器程序在断点处运行结果是否正确,如果运行结果不正确则记录下错误在源机器程序中的位置,停止源机器程序运行并对错误进行修正,然后返回步骤1继续查找错误,直到在源机器程序中查找不到错误为止,结束调试;如果运行结果正确,则继续往下检查源机器程序。 [0016] In the source machine program pause position, the central processing unit data register and the analog memory data by reading an analog source machine address space, the machine checks the source program running results breakpoint is correct, if the result does not run correct the error in the source machine program is recorded, the source machine stops running and error correction, and then return to step 1 continues to find errors, until you find no error in the source machine until the program ended debugging; if operating results correct, then continue down the source machine inspection program.

[0017] 4.继续执行源机器程序 [0017] 4. Continue source machine program

[0018] 继续检查源机器程序时,采用逐条检查或检查下一个断点或回退方式进行;采用逐条检查断点之后源机器程序时,从暂停位置单步执行源机器程序,二进制翻译器创建一个仅包含当前指令的基本块,然后执行该基本块,该基本块执行结束后在源机器程序下一条指令处暂停,重复步骤3 ;采用检查下一个断点处源机器程序运行状态时,从当前暂停位置继续执行源机器程序,遇到下一个断点时暂停源机器程序,重复步骤3 ;采用回退方式时,从暂停位置回退执行源机器程序,定义块上下文数据结构由程序寄存器当前值、当前栈顶的数据、基本块所用到的全局地址和动态分配的内存地址四部分组成,在基本块执行之前将程序的运行状态和机器状态保存到该基本块的块上下文结构中,且保存最近被执行到的基本块的块上下文链表且按执行顺序存放;二 [0018] To check the source machine program, using a fallback mode or breakpoint carried out by one inspection or inspection; employed when one by one after checking the source machine breakpoint, single-step execution program from the pause position of the source machine, create binary translator a basic block that contains only the current instruction and then executes the basic blocks, the basic block in execution after the pause at the next instruction program source machine, repeating step 3; the source state machine program running at a breakpoint using the inspection, from pause, continue the current source machine programs, suspended from a breakpoint is encountered the next machine program source, repeating step 3; with fallback mode, from the suspended position of the source machine performs a fallback procedure, by the context data structure definition block register this program value, the current top of the stack data, a global address used in the basic block and dynamically allocated memory addresses of four parts, a basic block is executed prior to save the machine state and the operating state of the program to block the context of the structure of basic blocks, and block recently stored basic block to be executed and a context list stored in order of execution; Second 制翻译器从块上下文链表中取出最近被执行的基本块的块上下文,根据该块上下文将源机器状态和源机器程序状态还原到执行该基本块之前的状态,然后利用单步执行,执行到暂停位置的上一条指令为止,暂停源机器程序,重复步骤3。 Prepared translator out of the block context list block context basic block has recently been performed, according to the context of the source machine state and the source program of machine state restoration of the block to the state prior to performing the basic block, then using a single-step execution, perform a Until the position of a pause command, suspend the source machine program, step 3 is repeated.

[0019] 本发明的调试方法具有显著的优点。 [0019] The debugging method of the present invention has significant advantages. 本发明改进了现有通用调试器的断点,单步等基本功能,使之更适合于动态二进制翻译器的调试,并在这些基本功能的基础上,引入了回退执行的新功能,能回退执行在二进制翻译平台中运行的任意二进制代码,节省了执行时间较长的程序的调试时间;本发明改进的观察点功能用来监视内存的访问与读写,比传统调试器观察点的实现方法复杂但功能更强大,可以观察程序在执行时的内部活动,在程序出错时及时发现问题。 The present invention improves the existing universal debugger breakpoint, single-step and other basic functions, make it more suitable for dynamic binary translator debugging, and on the basis of these basic functions, new features introduced rollback execution, can rollback execution of arbitrary binary code running in binary translation platform, save execution time longer debugging program; the invention features an improved viewing point used to monitor read and write access to memory than conventional debugger watchpoints implementation of complex but more powerful, it can be observed in the implementation of activities within the program, and when the program error to detect problems. 本发明大大提高了定位程序错误位置的速度,是虚拟机开发人员排错定错的有力工具。 The present invention greatly improves the speed error position locator, a virtual machine developers debug wrongly powerful tool.

具体实施方式 Detailed ways

[0020] 为更好地理解本发明的技术方案,以下通过具体的实施例作进一步描述。 [0020] To better understand the technical solutions of the present invention, the following through specific embodiments described further. 以下实施例不构成对本发明的限定。 The following examples are not to limit the present invention.

[0021] 动态二进制翻译器中通用的调试器架构一般具有断点,单步,查看寄存器与内存值等基本功能,本发明在动态二进制翻译器的调试器中实现了回退执行,观察点与调试脚本的功能。 [0021] Dynamic binary translator in common with the general architecture debugger breakpoint, single step, see basic function registers and memory values, etc., the present invention achieves a rollback execution, the debugger watchpoints with a dynamic binary translator in the script debugging functions.

[0022] 1.通过断点暂停源机器程序执行 [0022] 1. Perform source machine program breakpoints pause

[0023] 设置断点是调试器的基本功能之一,在传统调试器中,断点可以分为“硬件”断点和“软件”断点两大类,“硬件”断点的实现需要处理器的特殊支持,它的缺点是断点数目有限,过分依赖于计算机体系结构;“软件”断点的实现一般是将程序指令替换为陷入指令、非法的除法指令或者其它一些会产生异常的指令,然后执行到该地址之后,就会产生异常,再由调试器来处理该异常,例如Linux下的调试器⑶B和Windows的调试器01 IyDbg都是采用这种方法。 [0023] set a breakpoint is one of the basic functions of the debugger in the traditional debugger, breakpoints can be divided achieve the "hardware" breakpoints and "software" break into two categories, the "hardware" breakpoints need to be addressed special holder, its disadvantage is the limited number of breakpoints, over-reliance on computer architecture; Breakpointing "software" generally fall into the alternative instruction to the instruction, an illegal instruction or some other division produces abnormal program instructions after then performed to this address, an exception is thrown, then the debugger to handle the exception, for example, the debugger ⑶B Linux and Windows debugger 01 IyDbg are using this method. 动态二进制翻译器的调试器一般采用软件断点方式,但与传统的方法有所不同, 二进制翻译器将源机器程序以代码块为单位翻译成目的机器代码,因此目的机器代码也是以代码块为单位生成的,它们的地址是动态的,在源机器代码段中设置断点,翻译后的目标机器的可执行代码中也必须有相应的断点。 Dynamic binary translator software debugger breakpoint manner commonly used, but different from the conventional methods, the binary translator source machine program code is translated into the target block unit machine code, the machine code is therefore an object of codeblock generating units, their address is dynamic, the machine set a breakpoint in the source code segment, the translated target machine-executable code must also have a corresponding breakpoint.

[0024] 首先利用动态二进制翻译器运行源机器程序,动态二进制翻译器将源程序的代码和数据段分别加载到本地地址空间,并对源机器地址与目标机器地址进行映射,二进制翻译器用一个映射表来支持源机器程序地址与目标机器动态地址的映射关系,当在源机器程序中设置断点暂停源机器程序的执行时,利用二进制翻译器将断点位置的源机器指令翻译为目的机器中的异常指令,在目的机器代码的执行过程中遇到该异常指令时就暂停执行, 通过查找上述映射表来确定源机器程序暂停的位置。 [0024] Firstly, a dynamic binary translator run the source machine programs, dynamic binary translator to the source code and data segments are loaded into the local address space, the source machine and the target machine address mapping address, a binary translation mapping Used tables to support mapping between a source machine and the target machine program address dynamic address, the source when a breakpoint is paused in the source machine program execution in a machine program, using the binary translator to translate the source machine instruction at the breakpoint location for the purpose of machine instruction exception, the exception instruction is encountered during the execution of the machine code object suspends execution, to determine the source machine program halted by the above-described mapping table lookup.

[0025] 2.通过观察点暂停源机器程序执行 [0025] 2. By observation point source machine program execution suspended

[0026] 观察点是一种特殊的断点,观察点根据是否对内存读写而暂停程序执行,因此可以在源机器程序中设置观察点来跟踪源机器程序变量值或表达式值的变化,当源机器程序变量值或表达式值的变化时,其相应的内存也发生变化,就引发观察而暂停程序执行,观察点可用来监视程序内存的访问与读写。 [0026] is a special observation point breakpoints, watchpoints memory write according to whether the program execution is suspended, can be provided at the observation point in the source machine application program to track changes in the source machine variable value or expression value, when the source values ​​or machine process variable values ​​change in expression, the corresponding memory also changes, to suspend program execution initiator observation, observation points can be used to monitor and read-write access to the memory.

[0027] 在动态二进制翻译器中,必须将源机器状态映射到目标机器中,包括寄存器映射和内存映射,其中内存映射为观察点的实现增加了难度。 [0027] In a dynamic binary translator, the source must be mapped to the target machine state machine, including mapped and memory-mapped registers, wherein the memory mapping observation points to achieve more difficult. 本发明提供了两种实现观察点的方法: The present invention provides a method implemented in two observation points:

[0028] 一、在支持硬件内存断点的机器上,例如IA32,可以采用硬件内存断点暂停源机器程序。 [0028] First, on a memory support hardware breakpoints machines such as the IA32, memory hardware breakpoint can pause a machine program source employed. 当在源机器程序中设置观察点时,二进制翻译器利用内存映射表将源机器的内存地址转换为目标机器的内存地址,然后在目标机器相应的内存地址上设置内存断点,当源机器程序中被监视的内存发生改变时,就会在相应的目标机器的内存地址上产生异常,二进制翻译器捕获该异常暂停程序执行。 When the observation point is provided in the source program in the machine, using memory-mapped binary translator to convert the source machine table memory addresses to a memory address of the target machine, and then set a breakpoint at the corresponding memory address of the target machine memory, when the source machine program when the monitored change memory, an exception is thrown in the corresponding memory address of the target machine, binary translation captures the exception suspend program execution.

[0029] 二、利用内存映射过程暂停源机器程序。 [0029] Second, the use of memory mapping process to suspend the source machine program. 动态二进制翻译系统可以通过软件地址转换缓的方式来实现内存映射,二进制翻译器使用一个表格记录已设置的观察点,软件地址转换缓在翻译过程中查找该表,如果有匹配项就说明某个观察点被触发了,二进制翻译器就暂停源机器程序。 Dynamic binary translation memory mapping system may be implemented by software conversion address slow way, binary translation uses a form to record the observation point has been set, the software looks up the address translation table in the slow process of translation, if there is a match on a description observation points are triggered, binary translator on the source machine to pause the program.

[0030] 第一种方法效率最高,但只能在特定机器上实现;第二种方法只能在使用了软件地址转换缓的二进制翻译器上实现。 [0030] The first method the highest efficiency, but can only be achieved on a particular machine; the second method can only be used on slow realization address translation software binary translator.

[0031] 3.查看源机器程序在断点处的运行状态 [0031] 3. Check the state of the source machine running at a breakpoint

[0032] 当源机器程序暂停执行后,从模拟的内存地址空间中读取数据和从模拟的中央处理单元寄存器中读取数据,从而得到源机器程序的表达式值、程序变量值、内存值和寄存器值等,通过这些值来判断源机器程序在断点处运行结果是否正确,如果运行结果不正确则记录下错误在源机器程序中的位置,停止源机器程序运行并对错误进行修正,然后返回步骤1继续查找错误,直到在源机器程序中查找不到错误为止,结束调试;如果运行结果正确,则继续执行源机器程序。 [0032] When the source machine programs suspended, read from the analog memory address space read data from the analog data and a central processing unit registers, thereby obtaining the expression values ​​of the source machine program, the program variable values, memory values register values ​​and the like, these values ​​to determine the source machine program breakpoint operation results are correct, then the result is incorrect if the run an error record in the source machine program, the source machine stops running and error correction, then return to step 1 continues to find errors, until you find no error in the source machine until the program ended debugging; if you run result is correct, proceed to the source machine program.

[0033] 4.继续执行源机器程序 [0033] 4. Continue source machine program

[0034] 从暂停位置继续检查源机器程序时,采用逐条检查或检查下一个断点或回退方式进行。 [0034] To examine the source program from the paused position of the machine, one by one under examination or inspection using a breakpoint or fallback manner.

[0035] 1)从暂停位置逐条执行源机器程序 [0035] 1) one by one from the suspended program execution location of the source machine

[0036] 当逐条执行源机器程序指令,以检查单条指令的运行结果或跟踪源机器程序的执行流程时,从暂停位置单步执行源机器程序,这时二进制翻译器创建一个仅包含当前指令的一个基本块,然后翻译并执行该基本块,该基本块执行结束后暂停源机器程序的执行,这时源机器程序暂停在下一条指令处,然后重复步骤3。 [0036] When the source machine program instructions executed one by one, when a single instruction to perform a process of checking the results of running the program source machine or trace, stepping source machine program from the paused position where binary translator creates a current instruction contains only a basic block, and then performs the translation of the basic block to suspend the source machine program after execution of the basic block, then the source machine program pauses at the next instruction, and then repeat step 3.

[0037] 2)检查源机器程序中一个断点 [0037] 2) Check the source machine program a breakpoint

[0038] 当检查下一个断点处源机器程序运行状态时,从暂停位置继续执行源机器程序, 将控制权交给二进制翻译器,二进制翻译器续翻译源机器程序,推动源机器程序继续执行, 直到遇到下一个断点暂停源机器程序,然后重复步骤3。 [0038] When a breakpoint when checking the source machine running state continues from the paused position of the source machine program that will control to the binary translator, translator continued binary source machine translation program, the program continues to promote the source machine , pause until the next breakpoint source machine programs, then repeat step 3.

[0039] 3)从暂停位置回退执行源机器程序 [0039] 3) from the suspended position of the source machine program execution fallback

[0040] 当检查断点之前的指令运行结果时,从暂停位置执行回退。 [0040] When the previous inspection result of the instruction breakpoint, a rollback from the suspended position. 当本发明实现了一种非精确回退执行源机器程序的方法。 When the present invention is to realize a method of non-exact source machine performs a fallback procedure. 所谓非精确是指回退执行在大部分情况得到正确的结果,而某些情况下回退执行得到的数据可能不正确,但它却可以大大提高调试过程的效率。 The so-called non-precision refers to the implementation of the fallback get the right results in most cases, and in some cases executed next time to get back the data may be incorrect, but it can greatly improve the efficiency of the debugging process.

[0041] 回退执行需要解决两个难点问题:一是如何保存程序状态;二是确定当前指令的前驱指令地址,因为当前指令不一定是顺序执行的结果,也可能是从某个跳转语句跳转而来的。 [0041] rollback execution need to solve two difficult problems: how to save the program status; the second is to determine the address of the current instruction preceding instructions, because the current instruction is not necessarily the result of the execution of the order, it could be from a jump statement Jump came. 为了解决这两个问题,本发明为每一基本块保存一个叫块上下文的结构,它由四部分组成,一是程序寄存器当前值;二是当前栈顶数据,在翻译基本块时,就能很容易地确定该基本块访问的堆栈内存范围,这是因为对堆栈数据的访问都是基于堆栈指针与栈框指针的;三是该基本块所用到的全局地址,它以常数形式或者以全局寄存器加上常数地址形式使用;四是动态分配的内存地址。 To solve these two problems, the present invention is stored for each basic block is called a context block structure which consists of four parts, one is the current value of the program register; two current stack data, when translated basic blocks, can easily determine the basic block of stack memory access range, because the access is based on the data stack pointer and stack frame pointer stack; three global address is used in the basic block, which in the form of a constant or globally register address plus a constant used in the form; Fourth dynamically allocated memory address. 分为以下三步实现回退执行: Divided into the following three steps to achieve rollback execution:

[0042] a)将基本块执行之前的程序运行状态保存到该基本块的块上下文结构中,并且保存最近被执行到的基本块的块上下文结构的链表,且按执行顺序存放。 [0042] a) The saved state before running basic block to block execution context of the structure of basic blocks, basic blocks and a block list stored context structure to the most recently executed and stored in order of execution. 如果为每一条指令都保存程序状态的话,会大量消耗时间与空间,其问题的根源在于保存状态的粒度太小。 If the instructions are stored for each program state, it will consume a lot of time and space, which is the root of the problem is that the size of the state of preservation is too small. 本发明实现了一种新的解决办法——扩大保存粒度,正向执行。 The present invention implements a new solution - to expand the size save, forward execution. 扩大保存粒度就是以基本块为单位,只在基本块执行前保存程序状态;正向执行就是从前驱指令所在那个基本块开始, 逐条执行,一直到前驱指令停止。 Save to expand the size is a basic block units, only the basic block executes before saving the program status; forward is the implementation of the basic block from the preceding instructions where to start, executed one by one, until the predecessor instructions to stop. 本方法的难点在于确定基本块内会修改的内存的地址,特别是对于一些只有到执行时才能确定地址的内存,例如对局部变量的访问就是通过堆栈指针的简单运算而得到的地址。 Difficulties of this method is to determine the memory address of the basic block will be modified, especially for some time to determine the memory address to the execution only, such as access to local variables is obtained by a simple operation of the stack pointer address. 当检测到这种指令时,就用该指令做为起点构建新的基本块。 When detecting such an instruction, as a starting point to construct a new basic block with the instruction. 前一个基本块执行结束时,该指令所用到的内存地址也就可以计算出来,也就可以将之保存在块上下文中。 When the front end of a basic block is executed, the memory address used by the instruction will be calculated, it can be stored in the block of context.

[0043] b)确定当前指令的前驱指令所在块地址。 [0043] b) determining the current instruction block address where the preceding instructions. 二进制翻译器保存了最近被执行到的基本块的块上下文结构,并且按执行顺序存放,那么前驱指令就在最近的那个基本块中。 Binary translator context save block structure of the basic block to be executed recently, and stored in the execution order, the most recent preceding instructions in the basic block.

[0044] c)回退执行。 [0044] c) fallback execution. 二进制翻译器从该链表中取出最近被执行的基本块,根据它的块上下文还原数据,然后用单步执行的方法执行到前驱指令,然后重复步骤3。 Binary translator basic block taken from recently performed the linked list, based on its context restored block data, then the instruction execution method of the precursor to the single-step and repeat step 3. 由于基本块较小, 单步执行所用的时间也比较少,每执行一条指令就检查一下所修改的内存地址,如果该地址不在保存的内存行列,就提示用户该地址的内存值可能不准确,由用户决定是否采用该结果;如果当前指令恰好是该基本块的第一条指令,就将该基本块从链表中删除,重新取出最近的基本块;如果程序中出现循环,可能会造成实际可逆向执行的指令数大大减少,对此需做一定的优化:在块上下文管理中,增加了对循环的处理,如果连续保存的两个块上下文属于同一个基本块,那么就将第二个舍弃,并在前一个块上下文中记录被舍弃的数量,当回退时,该基本块必须被执行相应的次数。 Since the basic block is small, the time used in the single-step is relatively small, each execution of an instruction to check the modified memory address, the memory ranks if the address is not stored, it prompts the memory value of the user of the address may be inaccurate, the user determines whether to use the result; If the current instruction is exactly the first instruction of basic block, the basic block will be removed from the list, the retrieval of the most recent basic block; if the cycle occurs in a program, may cause the actual the number of instructions executed reverse greatly reduced this to be done a certain optimization: block management context, increasing the processing cycle, if two consecutive blocks stored contexts belong to the same basic block, then the second will be discarded and a block number of the previous context record is discarded, when the back-off, the basic block must be a corresponding number of executions.

[0045] 本发明的这种回退方法存在一定的局限性,一是系统调用与IO操作无法恢复;二是不可无限制回退执行,被称为非精确回退执行的原因就在于此。 [0045] The presence of such back-off method of the present invention certain limitations, one system call and IO operation can not be restored; two are not unlimited rollback execution, referred to as non-exact reason backoff performed in this. 但本发明提供回退执行功能主要是为调试服务,而不是提供完全的正确的逆向执行功能,因此本发明已经足以满足大部分程序的调试需求,这是逆向执行与调试目的的一个折衷。 However, the present invention provides a fallback executive function is used for debugging services, rather than providing a complete right to perform the reverse function, and therefore the invention has been sufficient to meet the needs of most debugging program, which is the reverse execution and debugging purposes a compromise.

Claims (1)

1. 一种用于动态二进制翻译的调试方法,其特征在于包括如下步骤:1)利用动态二进制翻译器运行源机器程序,当遇到源机器程序中设置的断点暂停源机器程序的执行时,利用二进制翻译器将断点位置的源机器指令翻译为目的机器中的异常指令,在目的机器代码的执行过程中遇到该异常指令时就暂停执行,使用一个映射表支持源机器地址与物理机器动态地址的映射关系,通过查找该映射表来确定源机器程序暂停的位置;2)当遇到源机器程序中设置的用以跟踪源机器程序变量值或表达式值的变化的观察点时,二进制翻译器在支持硬件内存断点的机器上通过内存断点来暂停程序执行,或者利用内存映射过程来暂停程序执行;3)在源机器程序暂停位置,通过读取模拟的源机器地址空间中的内存数据和模拟的中央处理单元寄存器的数据,检查源机器程序在断 A debugging method for dynamic binary translation, comprising the steps of: 1) using a dynamic binary translator operating program source machine when it encounters a breakpoint to pause execution of source machine program set in the program source machine using the binary translator to translate the source machine instruction at the breakpoint location of the machine for the purpose of the exception instruction, to suspend execution instruction encountered during the execution of the exception object machine code using a mapping table with the physical address of the source machine support machine dynamic address mapping relation to determine the source machine program halted by looking up the mapping table; 2) changes when the observation point encounters machine process variable values ​​or to track the source of the expression values ​​set in the program source machine , binary translator in the support hardware breakpoints machine memory through the memory breakpoint to pause execution, or by memory mapping process to suspend program execution; 3) in the source machine program pause position, by reading the analog source machine address space a central processing unit registers the data in the memory data and the simulation, the program checks the source machine off 处运行结果是否正确,如果运行结果不正确则记录下错误在源机器程序中的位置,停止源机器程序运行并对错误进行修正,然后返回步骤1)继续查找错误,直到在源机器程序中查找不到错误为止,结束调试;如果运行结果正确,则继续往下检查源机器程序;4)继续检查源机器程序时,采用逐条检查或检查下一个断点或回退方式进行;采用逐条检查断点之后源机器程序时,从暂停位置单步执行源机器程序,二进制翻译器创建一个仅包含当前指令的基本块,然后执行该基本块,该基本块执行结束后在源机器程序下一条指令处暂停,重复步骤3);采用检查下一个断点处源机器程序运行状态时,从当前暂停位置继续执行源机器程序,遇到下一个断点时暂停源机器程序,重复步骤3);采用回退方式时,从暂停位置回退执行源机器程序,定义块上下文数据结构由 Run at the results are correct, incorrect results if run at the wrong location in the source machine program is recorded, the source machine stops running and error correction, and then return to step 1) continues to find errors, until you find the source machine program no error This completes commissioning; if you run result is correct, then continue down the source machine inspection procedures; 4) To examine the source machine programs, one by one under examination or inspection using a breakpoint or rollback way; the use of check off one by one after the point source machine programs, machine programs executed from the suspended position of the source single step, binary translator creates a basic block that contains only the current instruction and then executes the basic block, the next instruction of the source machine program after execution of the basic block pause, repeat step 3); the next inspection when using a source breakpoint state machine program running, paused continue from the current position of the source machine program, a breakpoint is suspended next machine program source, repeating step 3); back using when back mode from the pause position of the source machine performs a fallback procedure, by the context data structure definition block 程序寄存器当前值、当前栈顶的数据、基本块所用到的全局地址和动态分配的内存地址四部分组成,在基本块执行之前将程序的运行状态和机器状态保存到该基本块的块上下文结构中,且保存最近被执行到的基本块的块上下文链表且按执行顺序存放;二进制翻译器从块上下文链表中取出最近被执行的基本块的块上下文,根据该块上下文将源机器状态和源机器程序状态还原到执行该基本块之前的状态,然后利用单步执行,执行到暂停位置的上一条指令为止,暂停源机器程序,重复步骤3)。 The current value of the program memory, the data of the current top of the stack, the global address used basic block and an address dynamically allocated memory composed of four parts, a basic block is executed prior to save the machine state and the operating state of the program to the basic block, the block context structure , and the block is saved substantially blocks most recently executed to context list and stored in the execution order; binary translator extraction block context substantially blocks most recently executed from the block context the list, based on the block context source machine status and source state machine program revert to the state before execution of the basic block, then using a single-step execution, an instruction execution suspended until the position of the source machine program pause, repeat step 3).
CN 200810033743 2008-02-21 2008-02-21 Debugging method for dynamic binary translation CN101241444B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200810033743 CN101241444B (en) 2008-02-21 2008-02-21 Debugging method for dynamic binary translation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200810033743 CN101241444B (en) 2008-02-21 2008-02-21 Debugging method for dynamic binary translation

Publications (2)

Publication Number Publication Date
CN101241444A CN101241444A (en) 2008-08-13
CN101241444B true CN101241444B (en) 2011-06-15

Family

ID=39932994

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200810033743 CN101241444B (en) 2008-02-21 2008-02-21 Debugging method for dynamic binary translation

Country Status (1)

Country Link
CN (1) CN101241444B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101452396B (en) 2008-12-25 2012-04-25 上海交通大学 Binary translation method combining static optimization
CN101539867B (en) 2009-04-23 2011-07-20 上海交通大学 Retargetable register allocation method in dynamic binary translation system
US8832672B2 (en) * 2011-01-28 2014-09-09 International Business Machines Corporation Ensuring register availability for dynamic binary optimization
CN102880457B (en) * 2012-08-13 2018-08-10 南京中兴新软件有限责任公司 Method and apparatus for data processing
CN103885886B (en) * 2012-12-20 2016-08-24 华为技术有限公司 Address allocation method for global data and related devices
US9207914B2 (en) * 2013-12-20 2015-12-08 Microsoft Technology Licensing, Llc Execution guards in dynamic programming
CN105630479A (en) * 2014-11-28 2016-06-01 中兴通讯股份有限公司 Processing method and apparatus for exception in program running process
CN105912468A (en) * 2016-04-11 2016-08-31 华为软件技术有限公司 Method of operating scripts by open platform and open platform system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6704925B1 (en) 1998-09-10 2004-03-09 Vmware, Inc. Dynamic binary translator with a system and method for updating and maintaining coherency of a translation cache
CN1746849A (en) 2004-09-10 2006-03-15 中国科学院计算技术研究所 Translation method in dynamic binary translation

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6704925B1 (en) 1998-09-10 2004-03-09 Vmware, Inc. Dynamic binary translator with a system and method for updating and maintaining coherency of a translation cache
CN1746849A (en) 2004-09-10 2006-03-15 中国科学院计算技术研究所 Translation method in dynamic binary translation

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
吴昊等.用户级动态二进制翻译系统设计.计算机应用与软件24 10.2007,44(6),全文.
梁阿磊等.动态二进制翻译中的跳转优化技术.四川大学学报(自然科学版)44 6.2007,44(6),全文.

Also Published As

Publication number Publication date
CN101241444A (en) 2008-08-13

Similar Documents

Publication Publication Date Title
Altekar et al. ODR: output-deterministic replay for multicore debugging
US6430741B1 (en) System and method for data coverage analysis of a computer program
US7516441B2 (en) Method and system for program editing and debugging in a common language runtime environment
US7685570B2 (en) Error/exception helper
Zhou et al. AccMon: Automatically detecting memory-related bugs via program counter-based invariants
EP1475714B1 (en) Just-my-code debugging
Bedichek Some efficient architecture simulation techniques
Bach et al. Analyzing parallel programs with pin
Nethercote et al. Valgrind: A program supervision framework
US8832682B2 (en) Trace collection for a virtual machine
US6718485B1 (en) Software emulating hardware for analyzing memory references of a computer program
US7844954B2 (en) Using branch instruction counts to facilitate replay of virtual machine instruction execution
King et al. Debugging operating systems with time-traveling virtual machines
US7107585B2 (en) Compilation of application code in a data processing apparatus
Saito Jockey: a user-space library for record-replay debugging
US6634020B1 (en) Uninitialized memory watch
US7533246B2 (en) Application program execution enhancing instruction set generation for coprocessor and code conversion with marking for function call translation
Bruening et al. Practical memory checking with Dr. Memory
Boothe Efficient algorithms for bidirectional debugging
US20040205720A1 (en) Augmenting debuggers
Bungale et al. PinOS: a programmable framework for whole-system dynamic instrumentation
Arnold et al. QVM: an efficient runtime for detecting defects in deployed systems
US20020162051A1 (en) Synchronous breakpoint system and method
US6862694B1 (en) System and method for setting and executing breakpoints
Lienhard et al. Practical object-oriented back-in-time debugging

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C14 Grant of patent or utility model
CF01