Virtualization-for-validation-limitations
A note regarding the limitations of our virtualization based
validation scheme.
There are a number of limitations with the virtualization-for-validation system. Here, we document many of them.
The majority of them aren't inherent to the approach. Some wouldn't be too
difficult to fix, but weren't implemented since we didn't have need for
them.
- We only save the bottom 4 GB of memory to load into the VM. This is very
easy to change in the source for dump-virtualizable-state
- We only compare the GPRs. Comparing other registers would be pretty easy.
Comparing memory is far harder since we can't just send all the memory down the
wire, but could be handled by doing some trickery by not mapping memory into
the VM and mapping memory into the process when we VMEXIT because the
memory wasn't present.
- We can't easily step exactly one instruction at a time. For some reason,
even with setting the single step option in KVM, it often steps a handful of
instructions. Usually, this is a small enough number of instructions it doesn't
matter much.
- In KVM, we don't simulate the timer device, so if you take a timer
interrupt you will get out of sync.
- I think some page faults don't result in the model getting out of
sync with the VM, but many do.
- REP prefixed string operations cause the validation to stop since it
thinks it didn't do anything because the instruction pointer didn't change. In
GCC, compiling with the flag -mstringop-strategy=loop causes GCC not to
emit those instructions, which can be useful. Of course, if your bug is in the
REP operations, this won't help you.
