rr icon indicating copy to clipboard operation
rr copied to clipboard
verified publisher icon rr-debugger

Virtual Machine Introspection (of QEMU) with rr

Open deliciouslytyped opened this issue 3 years ago • 4 comments

VMI (Virtual Machine Introspection) is a term (among other things) for inspecting the state of virtual machines meaningfully from an external point of view. (see e.g. https://libvmi.com , https://drakvuf.com/ , https://en.wikipedia.org/wiki/Virtual_machine_introspection)

Given that rr enables reversible debugging of QEMU, it would be very Cool and Good (TM) if there was a way to use it to directly inspect guest state without forcing the user to handle stepping through the QEMU layer as well. It has really been bothering me for a while that this does not seem to be a thing, because it sounds so good. :)

What would it take to do something like this?

I'm (edit:) NOT well versed in these things, however:

I imagine the minimum intuitive requirements for this, depending on the information desired (several levels could be supported) are

backend:

  • the ability to understand the exposed guest machine model, for low level debugging (hardware threads, etc)
  • the ability to understand the guest OS (processes, kernel debugging)

frontend:

  • possibly, exposing user-facing access methods to the above functionality

If this was possible, it might also be reasonably generalized to other situations where a general reverse execution framework is useful to implement a more domain specific debugger.

deliciouslytyped avatar Oct 29 '22 21:10 deliciouslytyped

This sounds doable. Would be an interesting framework for someone.

https://pernos.co/about/javascript/ is a little bit related (different kind of "VM" though).

rocallahan avatar Oct 30 '22 00:10 rocallahan

Bonus?: If you can rr a QEMU VM, and you can debug processes as if you were debugging them natively, you can rr anything? :)

deliciouslytyped avatar Oct 30 '22 01:10 deliciouslytyped

Why do all this spooky action at a distance? If you want to debug guests running in QEMU use it's own record/replay facility and reverse debugging to do it.

stsquad avatar Jan 18 '23 19:01 stsquad

Why do all this spooky action at a distance? If you want to debug guests running in QEMU use it's own record/replay facility and reverse debugging to do it.

QEMU only supports record/replay on single CPU. It'd be helpful when the bug is reproduced only on SMP.

hygoni avatar Jan 19 '23 04:01 hygoni