1 JIFL: JIT Instrumentation Framework for Linux Marek Olszewski Adam Czajkowski Keir Mierle University of Toronto.

Slides:

Advertisements

Similar presentations

Debugging operating systems with time-traveling virtual machines Sam King George Dunlap Peter Chen CoVirt Project, University of Michigan.

Advertisements

Profiler In software engineering, profiling ("program profiling", "software profiling") is a form of dynamic program analysis that measures, for example,

DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Kwong Yan, and Heng Yin Syracuse University.

Operating Systems Lecture 10 Issues in Paging and Virtual Memory Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard. Zhiqing.

Comprehensive Kernel Instrumentation via Dynamic Binary Translation Peter Feiner, Angela Demke Brown, Ashvin Goel University of Toronto Presenter: Chuong.

4/14/2017 Discussed Earlier segmentation - the process address space is divided into logical pieces called segments. The following are the example of types.

Pin : Building Customized Program Analysis Tools with Dynamic Instrumentation Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff.

Enabling Efficient On-the-fly Microarchitecture Simulation Thierry Lafage September 2000.

Figure 2.8 Compiler phases Compiling. Figure 2.9 Object module Linking.

CSE451 Section 7: Virtual memory. Table of content Real address space Process creation optimization Debugging: watch point.

Threads 1 CS502 Spring 2006 Threads CS-502 Spring 2006.

Code Coverage Testing Using Hardware Performance Monitoring Support Alex Shye, Matthew Iyer, Vijay Janapa Reddi and Daniel A. Connors University of Colorado.

Virtualization Technology Prof. Dan Connors. Copyright © 2006, Intel Corporation. All rights reserved. Prices and availability subject to change without.

Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.

Virtual Machine Monitors CSE451 Andrew Whitaker. Hardware Virtualization Running multiple operating systems on a single physical machine Examples:  VMWare,

LINUX Virtualization Running other code under LINUX.

Qin Zhao (MIT) Derek Bruening (VMware) Saman Amarasinghe (MIT) Umbra: Efficient and Scalable Memory Shadowing CGO 2010, Toronto, Canada April 26, 2010.

Fast Dynamic Binary Translation for the Kernel Piyus Kedia and Sorav Bansal IIT Delhi.

CSE 451: Operating Systems Autumn 2013 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.

Operating System Support for Virtual Machines Samuel T. King, George W. Dunlap,Peter M.Chen Presented By, Rajesh 1 References [1] Virtual Machines: Supporting.

Analyzing parallel programs with Pin Moshe Bach, Mark Charney, Robert Cohn, Elena Demikhovsky, Tevi Devor, Kim Hazelwood, Aamer Jaleel, Chi- Keung Luk,

1 Dimension: An Instrumentation Tool for Virtual Execution Environments Jing Yang, Shukang Zhou and Mary Lou Soffa Department of Computer Science University.

KGuard: Lightweight Kernel Protection against Return-to-User Attacks Authors: Vasileios P. Kemerlis Georgios Portokalidis Angelos D. Keromytis Presenter:

PROTECTING THE KERNEL FROM UNTRUSTED MODULES Akshay Kumar, Peter Goodman, Peter Feiner, Ashvin Goel, Angela Demke Brown University of Toronto.

1 Fast and Efficient Partial Code Reordering Xianglong Huang (UT Austin, Adverplex) Stephen M. Blackburn (Intel) David Grove (IBM) Kathryn McKinley (UT.

Our work on virtualization Chen Haogang, Wang Xiaolin {hchen, Institute of Network and Information Systems School of Electrical Engineering.

Lecture 3 Process Concepts. What is a Process? A process is the dynamic execution context of an executing program. Several processes may run concurrently,

Page 110/20/2015 CSE 30341: Operating Systems Principles So far…  Page  Fixed size pages solve page allocation problem (and external fragmentation) 

Performance of mathematical software Agner Fog Technical University of Denmark

Plug-In Architecture Pattern. Problem The functionality of a system needs to be extended after the software is shipped The set of possible post-shipment.

G53SEC 1 Reference Monitors Enforcement of Access Control.

Environment Selection Application  Firefox 1.0 or 2.0  Apache Operating System  Linux  Windows XP Instrumentation Package  JIT (DynamoRio,

Instrumentation in Software Dynamic Translators for Self-Managed Systems Bruce R. Childers Naveen Kumar, Jonathan Misurda and Mary.

 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.

Scalable Support for Multithreaded Applications on Dynamic Binary Instrumentation Systems Kim Hazelwood Greg Lueck Robert Cohn.

JIT Instrumentation – A Novel Approach To Dynamically Instrument Operating Systems Marek Olszewski Keir Mierle Adam Czajkowski Angela Demke Brown University.

Processes and Virtual Memory

© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems Operating Systems Processes and Threads.

© 1999 Ariel TamchesFebruary 19, 1999OSDI ‘99 Fine-Grained Dynamic Instrumentation of Commodity Operating System Kernels Ariel Tamches Barton P. Miller.

A Survey on Runtime Smashed Stack Detection 坂井研究室 M 豊島隆志.

Making the “Box” Transparent: System Call Performance as a First-class Result Yaoping Ruan, Vivek Pai Princeton University.

CSE 451: Operating Systems Winter 2015 Module 25 Virtual Machine Monitors Mark Zbikowski Allen Center 476 © 2013 Gribble, Lazowska,

Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).

QEMU, a Fast and Portable Dynamic Translator Fabrice Bellard (affiliation?) CMSC 691 talk by Charles Nicholas.

A Dynamic Binary-Rewriting Approach to Software Transactional Memory appeared in PACT 2007, Brasov, Romania University of Toronto Marek Olszewski Jeremy.

Processes David Ferry, Chris Gill CSE 522S - Advanced Operating Systems Washington University in St. Louis St. Louis, MO

Qin Zhao1, Joon Edward Sim2, WengFai Wong1,2 1SingaporeMIT Alliance 2Department of Computer Science National University of Singapore

Virtualization.

Virtual Machine Monitors

Efficient Software-Based Fault Isolation

iProbe: A Lightweight User- Space Instrumentation Tool

Presented by Mike Marty

Debugging Memory Issues

Chapter 11: File System Implementation

CS352H: Computer Systems Architecture

Day 21 Virtual Memory.

Day 22 Virtual Memory.

MobiSys 2017 Symbolic Execution of Android Framework with Applications to Vulnerability Discovery and Exploit Generation Qiang Zeng joint work with Lannan.

Processes David Ferry, Chris Gill

Running other code under LINUX

Introduction to Operating Systems

OS Virtualization.

CSE 451: Operating Systems Spring 2012 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.

System Calls David Ferry CSCI 3500 – Operating Systems

CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors

Lecture 7: Flexible Address Translation

System calls….. C-program->POSIX call

CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors

Adaptive Operating Systems: An Architecture for Evolving Systems

Presentation transcript:

1 JIFL: JIT Instrumentation Framework for Linux Marek Olszewski Adam Czajkowski Keir Mierle University of Toronto

2 Instrumenting Operating Systems  Operating systems are growing in complexity Becoming harder to understand  Kernel instrumentation is a well know method of combating this problem Used for: debugging, profiling, monitoring, coverage testing, security auditing...  Dynamic instrumentation is especially useful No recompilation & no reboot Good for debugging systemic problems Feasible in production settings

3 Dynamic Instrumentation  All dynamic instrumentation tools for operating systems are probe based Overwrite existing code with jump/trap instructions  Efficient on fixed length architectures  Slow on variable length architectures Must use trap instruction (and hash table lookup)  JIT-based instrumentation can be more efficient Proven itself for user space (Pin, Valgrind) Probe-based instrumentation is seldom used in user-space

4 Probe-based Instrumentation OS Code Instrumentation Code Instrumentation Code Trap Handler 1.Look up which instrumentation to call 2.Call instrumentation 3.Emulate overwritten instruction

5 JIT Instrumentation  JIT instrumentation rewrites the OS code with calls to instrumentation code Creates a duplicate instrumented copy of the OS Called the code-cache  Since instrumentation is dynamic, it is not feasible to rewrite the entire operating system up-front Instrumentation is performed just-in-time, basic block by basic block, right before each new basic block is executed.  The resulting code is fast No hash table lookup required Though there is some cost in executing in the code- cache

6 JIT Instrumentation OS Code Instrumentation Code Instrumentation Code Duplicate Copy of OS

7 Software Architecture

8 Using JIFL  Use JIFLs API and build system to easily write loadable instrumentation “plugins”  Start by implementing four key functions: plugin_init plugin_exit plugin_start plugin_stop  Load/Unload plugin with Linux’s insmod/rmmod tools  Start/Stop instrumentation with the JIFL starter tool

9 Example Plugin #include "jifl.h" syscall_t syscall; long long count; // Executed for every instrumented basic block static void inc_count(long long *counter_ptr, long size) { *counter_ptr += size; } // Called for every newly discovered basic block static void bb_inst(bb_t *bb, void *arg) { long bb_size = bb_size(bb); bb_insertcall(bb, inc_count, ARG_VOID_PTR, &count, ARG_INT32, bb_size, ARG_END); } // Start instrumentation of clone system call static void plugin_start() { syscall_init(&syscall, __NR_clone); Syscall_add_bb_instrumentation(&syscall, bb_inst, NULL); syscall_start_instrumenting(&syscall); } // Stop instrumentation of clone system call static void plugin_stop() { syscall_stop_instrumenting(&syscall); printk("Clone system call executed %lld instructions\n", count); }

10 Performance Evaluation Apache Web Server Throughput

11 Conclusions  JIT instrumentation viable for operating systems  Fine grained instrumentation now possible for kernel space on variable length architectures Intel’s x86 AMD’s AMD64  Great performance Though it comes with a fixed cost