qemu

replay.rst (9591B)

---

 .. _replay:
 
 ..
     Copyright (c) 2010-2022 Institute for System Programming
                         of the Russian Academy of Sciences.
 
     This work is licensed under the terms of the GNU GPL, version 2 or later.
     See the COPYING file in the top-level directory.
 
 Record/replay
 =============
 
 Record/replay functions are used for the deterministic replay of qemu execution.
 Execution recording writes a non-deterministic events log, which can be later
 used for replaying the execution anywhere and for unlimited number of times.
 It also supports checkpointing for faster rewind to the specific replay moment.
 Execution replaying reads the log and replays all non-deterministic events
 including external input, hardware clocks, and interrupts.
 
 Deterministic replay has the following features:
 
  * Deterministically replays whole system execution and all contents of
    the memory, state of the hardware devices, clocks, and screen of the VM.
  * Writes execution log into the file for later replaying for multiple times
    on different machines.
  * Supports i386, x86_64, ARM, AArch64, Risc-V, MIPS, MIPS64, S390X, Alpha,
    PowerPC, PowerPC64, M68000, Microblaze, OpenRISC, Nios II, SPARC,
    and Xtensa hardware platforms.
  * Performs deterministic replay of all operations with keyboard and mouse
    input devices, serial ports, and network.
 
 Usage of the record/replay:
 
  * First, record the execution with the following command line:
 
     .. parsed-literal::
         |qemu_system| \\
         -icount shift=auto,rr=record,rrfile=replay.bin \\
         -drive file=disk.qcow2,if=none,snapshot,id=img-direct \\
         -drive driver=blkreplay,if=none,image=img-direct,id=img-blkreplay \\
         -device ide-hd,drive=img-blkreplay \\
         -netdev user,id=net1 -device rtl8139,netdev=net1 \\
         -object filter-replay,id=replay,netdev=net1
 
  * After recording, you can replay it by using another command line:
 
     .. parsed-literal::
         |qemu_system| \\
         -icount shift=auto,rr=replay,rrfile=replay.bin \\
         -drive file=disk.qcow2,if=none,snapshot,id=img-direct \\
         -drive driver=blkreplay,if=none,image=img-direct,id=img-blkreplay \\
         -device ide-hd,drive=img-blkreplay \\
         -netdev user,id=net1 -device rtl8139,netdev=net1 \\
         -object filter-replay,id=replay,netdev=net1
 
    The only difference with recording is changing the rr option
    from record to replay.
  * Block device images are not actually changed in the recording mode,
    because all of the changes are written to the temporary overlay file.
    This behavior is enabled by using blkreplay driver. It should be used
    for every enabled block device, as described in :ref:`block-label` section.
  * ``-net none`` option should be specified when network is not used,
    because QEMU adds network card by default. When network is needed,
    it should be configured explicitly with replay filter, as described
    in :ref:`network-label` section.
  * Interaction with audio devices and serial ports are recorded and replayed
    automatically when such devices are enabled.
 
 Core idea
 ---------
 
 Record/replay system is based on saving and replaying non-deterministic
 events (e.g. keyboard input) and simulating deterministic ones (e.g. reading
 from HDD or memory of the VM). Saving only non-deterministic events makes
 log file smaller and simulation faster.
 
 The following non-deterministic data from peripheral devices is saved into
 the log: mouse and keyboard input, network packets, audio controller input,
 serial port input, and hardware clocks (they are non-deterministic
 too, because their values are taken from the host machine). Inputs from
 simulated hardware, memory of VM, software interrupts, and execution of
 instructions are not saved into the log, because they are deterministic and
 can be replayed by simulating the behavior of virtual machine starting from
 initial state.
 
 Instruction counting
 --------------------
 
 QEMU should work in icount mode to use record/replay feature. icount was
 designed to allow deterministic execution in absence of external inputs
 of the virtual machine. Record/replay feature is enabled through ``-icount``
 command-line option, making possible deterministic execution of the machine,
 interacting with user or network.
 
 .. _block-label:
 
 Block devices
 -------------
 
 Block devices record/replay module intercepts calls of
 bdrv coroutine functions at the top of block drivers stack.
 To record and replay block operations the drive must be configured
 as following:
 
 .. parsed-literal::
     -drive file=disk.qcow2,if=none,snapshot,id=img-direct
     -drive driver=blkreplay,if=none,image=img-direct,id=img-blkreplay
     -device ide-hd,drive=img-blkreplay
 
 blkreplay driver should be inserted between disk image and virtual driver
 controller. Therefore all disk requests may be recorded and replayed.
 
 .. _snapshotting-label:
 
 Snapshotting
 ------------
 
 New VM snapshots may be created in replay mode. They can be used later
 to recover the desired VM state. All VM states created in replay mode
 are associated with the moment of time in the replay scenario.
 After recovering the VM state replay will start from that position.
 
 Default starting snapshot name may be specified with icount field
 rrsnapshot as follows:
 
 .. parsed-literal::
     -icount shift=auto,rr=record,rrfile=replay.bin,rrsnapshot=snapshot_name
 
 This snapshot is created at start of recording and restored at start
 of replaying. It also can be loaded while replaying to roll back
 the execution.
 
 ``snapshot`` flag of the disk image must be removed to save the snapshots
 in the overlay (or original image) instead of using the temporary overlay.
 
 .. parsed-literal::
     -drive file=disk.ovl,if=none,id=img-direct
     -drive driver=blkreplay,if=none,image=img-direct,id=img-blkreplay
     -device ide-hd,drive=img-blkreplay
 
 Use QEMU monitor to create additional snapshots. ``savevm <name>`` command
 created the snapshot and ``loadvm <name>`` restores it. To prevent corruption
 of the original disk image, use overlay files linked to the original images.
 Therefore all new snapshots (including the starting one) will be saved in
 overlays and the original image remains unchanged.
 
 When you need to use snapshots with diskless virtual machine,
 it must be started with "orphan" qcow2 image. This image will be used
 for storing VM snapshots. Here is the example of the command line for this:
 
 .. parsed-literal::
     |qemu_system| \\
       -icount shift=auto,rr=replay,rrfile=record.bin,rrsnapshot=init \\
       -net none -drive file=empty.qcow2,if=none,id=rr
 
 ``empty.qcow2`` drive does not connected to any virtual block device and used
 for VM snapshots only.
 
 .. _network-label:
 
 Network devices
 ---------------
 
 Record and replay for network interactions is performed with the network filter.
 Each backend must have its own instance of the replay filter as follows:
 
 .. parsed-literal::
     -netdev user,id=net1 -device rtl8139,netdev=net1
     -object filter-replay,id=replay,netdev=net1
 
 Replay network filter is used to record and replay network packets. While
 recording the virtual machine this filter puts all packets coming from
 the outer world into the log. In replay mode packets from the log are
 injected into the network device. All interactions with network backend
 in replay mode are disabled.
 
 Audio devices
 -------------
 
 Audio data is recorded and replay automatically. The command line for recording
 and replaying must contain identical specifications of audio hardware, e.g.:
 
 .. parsed-literal::
     -soundhw ac97
 
 Serial ports
 ------------
 
 Serial ports input is recorded and replay automatically. The command lines
 for recording and replaying must contain identical number of ports in record
 and replay modes, but their backends may differ.
 E.g., ``-serial stdio`` in record mode, and ``-serial null`` in replay mode.
 
 Reverse debugging
 -----------------
 
 Reverse debugging allows "executing" the program in reverse direction.
 GDB remote protocol supports "reverse step" and "reverse continue"
 commands. The first one steps single instruction backwards in time,
 and the second one finds the last breakpoint in the past.
 
 Recorded executions may be used to enable reverse debugging. QEMU can't
 execute the code in backwards direction, but can load a snapshot and
 replay forward to find the desired position or breakpoint.
 
 The following GDB commands are supported:
 
  - ``reverse-stepi`` (or ``rsi``) - step one instruction backwards
  - ``reverse-continue`` (or ``rc``) - find last breakpoint in the past
 
 Reverse step loads the nearest snapshot and replays the execution until
 the required instruction is met.
 
 Reverse continue may include several passes of examining the execution
 between the snapshots. Each of the passes include the following steps:
 
  #. loading the snapshot
  #. replaying to examine the breakpoints
  #. if breakpoint or watchpoint was met
 
     * loading the snapshot again
     * replaying to the required breakpoint
 
  #. else
 
     * proceeding to the p.1 with the earlier snapshot
 
 Therefore usage of the reverse debugging requires at least one snapshot
 created. This can be done by omitting ``snapshot`` option
 for the block drives and adding ``rrsnapshot`` for both record and replay
 command lines.
 See the :ref:`snapshotting-label` section to learn more about running record/replay
 and creating the snapshot in these modes.
 
 When ``rrsnapshot`` is not used, then snapshot named ``start_debugging``
 created in temporary overlay. This allows using reverse debugging, but with
 temporary snapshots (existing within the session).