© 2006 Andrew R. BernatMarch 2006Generalized Code Relocation Generalized Code Relocation for Instrumentation and Efficiency Andrew R. Bernat University.

Slides:



Advertisements
Similar presentations
School of EECS, Peking University “Advanced Compiler Techniques” (Fall 2011) SSA Guo, Yao.
Advertisements

Course Outline Traditional Static Program Analysis Software Testing
Evaluating Indirect Branch Handling Mechanisms in Software Dynamic Translation Systems Jason D. Hiser, Daniel Williams, Wei Hu, Jack W. Davidson, Jason.
Compiler-Based Register Name Adjustment for Low-Power Embedded Processors Discussion by Garo Bournoutian.
Architecture-dependent optimizations Functional units, delay slots and dependency analysis.
ECE 454 Computer Systems Programming Compiler and Optimization (I) Ding Yuan ECE Dept., University of Toronto
University of Maryland Smarter Code Generation for Dyninst Nick Rutar.
Register Allocation CS 671 March 27, CS 671 – Spring Register Allocation - Motivation Consider adding two numbers together: Advantages: Fewer.
Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.
Program Representations. Representing programs Goals.
Pin : Building Customized Program Analysis Tools with Dynamic Instrumentation Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff.
Paradyn Project Paradyn / Dyninst Week College Park, Maryland March 26-28, 2012 Paradyn Project Upcoming Features in Dyninst and its Components Bill Williams.
Chapter 12 CPU Structure and Function. CPU Sequence Fetch instructions Interpret instructions Fetch data Process data Write data.
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-3, 2011 Introduction to the PatchAPI Wenbin Fang, Drew Bernat.
© 2006 Barton P. MillerFebruary 2006Binary Code Analysis and Editing A Framework for Binary Code Analysis, and Static and Dynamic Patching Barton P. Miller.
From AST to Code Generation Professor Yihjia Tsai Tamkang University.
Common Sub-expression Elim Want to compute when an expression is available in a var Domain:
VLIW Compilation Techniques in a Superscalar Environment Kemal Ebcioglu, Randy D. Groves, Ki- Chang Kim, Gabriel M. Silberman and Isaac Ziv PLDI 1994.
Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.
Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.
Peephole Optimization Final pass over generated code: examine a few consecutive instructions: 2 to 4 See if an obvious replacement is possible: store/load.
PSUCS322 HM 1 Languages and Compiler Design II Basic Blocks Material provided by Prof. Jingke Li Stolen with pride and modified by Herb Mayer PSU Spring.
Honors Compilers Addressing of Local Variables Mar 19 th, 2002.
1 CS 201 Compiler Construction Lecture 1 Introduction.
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.
Improving IPC by Kernel Design Jochen Liedtke Shane Matthews Portland State University.
Incremental Path Profiling Kevin Bierhoff and Laura Hiatt Path ProfilingIncremental ApproachExperimental Results Path profiling counts how often each path.
San Diego Supercomputer Center Performance Modeling and Characterization Lab PMaC Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation.
Intermediate Code. Local Optimizations
Direction of analysis Although constraints are not directional, flow functions are All flow functions we have seen so far are in the forward direction.
Flexicache: Software-based Instruction Caching for Embedded Processors Jason E Miller and Anant Agarwal Raw Group - MIT CSAIL.
Precision Going back to constant prop, in what cases would we lose precision?
Chapter 7: Runtime Environment –Run time memory organization. We need to use memory to store: –code –static data (global variables) –dynamic data objects.
Programmer's view on Computer Architecture by Istvan Haller.
CSC 310 – Imperative Programming Languages, Spring, 2009 Virtual Machines and Threaded Intermediate Code (instead of PR Chapter 5 on Target Machine Architecture)
Andrew Bernat, Bill Williams Paradyn / Dyninst Week Madison, Wisconsin April 29-May 1, 2013 New Features in Dyninst
CSc 453 Final Code Generation Saumya Debray The University of Arizona Tucson.
1 Code Generation Part II Chapter 9 COP5621 Compiler Construction Copyright Robert van Engelen, Florida State University, 2005.
Auther: Kevian A. Roudy and Barton P. Miller Speaker: Chun-Chih Wu Adviser: Pao, Hsing-Kuo.
COP4020 Programming Languages Subroutines and Parameter Passing Prof. Xin Yuan.
1 CS 201 Compiler Construction Introduction. 2 Instructor Information Rajiv Gupta Office: WCH Room Tel: (951) Office.
Limits of Instruction-Level Parallelism Presentation by: Robert Duckles CSE 520 Paper being presented: Limits of Instruction-Level Parallelism David W.
1 Control Flow Analysis Topic today Representation and Analysis Paper (Sections 1, 2) For next class: Read Representation and Analysis Paper (Section 3)
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 12-14, 2010 Binary Rewriting with Dyninst Madhavi Krishnan and Dan McNulty.
University of Maryland Instrumentation with Relocatable Program Code Tugrul Ince Department of Computer Science University of Maryland, College Park, MD.
CS412/413 Introduction to Compilers Radu Rugina Lecture 18: Control Flow Graphs 29 Feb 02.
1 Control Flow Graphs. 2 Optimizations Code transformations to improve program –Mainly: improve execution time –Also: reduce program size Can be done.
April 2007The Deconstruction of Dyninst: Part 1- the SymtabAPI The Deconstruction of Dyninst Part 1: The SymtabAPI Giridhar Ravipati University of Wisconsin,
Efficient Software-Based Fault Isolation Authors: Robert Wahbe Steven Lucco Thomas E. Anderson Susan L. Graham Presenter: Gregory Netland.
1 Xen and the Art of Binary Modification Lies, Damn Lies, and Page Frame Addresses Greg Cooksey and Nate Rosenblum, March 2007.
1 ROGUE Dynamic Optimization Framework Using Pin Vijay Janapa Reddi PhD. Candidate - Electrical And Computer Engineering University of Colorado at Boulder.
Correct RelocationMarch 20, 2016 Correct Relocation: Do You Trust a Mutated Binary? Drew Bernat
LECTURE 19 Subroutines and Parameter Passing. ABSTRACTION Recall: Abstraction is the process by which we can hide larger or more complex code fragments.
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 12-14, 2010 Paradyn Project Safe and Efficient Instrumentation Andrew Bernat.
Efficient Instrumentation for Code Coverage Testing
Kernel Code Coverage Nilofer Motiwala Computer Sciences Department
Code Optimization Overview and Examples
Performance Optimizations in Dyninst
Microcomputer Programming
For Example: User level quicksort program Three address code.
CS 201 Compiler Construction
Code Optimization Overview and Examples Control Flow Graph
Static Single Assignment Form (SSA)
Efficient x86 Instrumentation:
Lecture 16: Register Allocation
Procedure Linkages Standard procedure linkage Procedure has
Dynamic Binary Translators and Instrumenters
Spring 2019 Prof. Eric Rotenberg
Code Optimization.
Presentation transcript:

© 2006 Andrew R. BernatMarch 2006Generalized Code Relocation Generalized Code Relocation for Instrumentation and Efficiency Andrew R. Bernat University of Wisconsin

– 2 –© 2006 Andrew R. Bernat Generalized Code Relocation Design Objectives  Whole-program instrumentation Instrument every instruction in the program … and all control flow edges as well  Efficient instrumentation No traps! Minimize extraneous jumps Restrict register save/restores  Flexible, extensible instrumentation system Laying the groundwork for binary rewriting

– 3 –© 2006 Andrew R. Bernat Generalized Code Relocation Multitramps  Whole-program instrumentation All instructions, including neighbors All control flow edges  One trampoline per basic block Reduces number of extra branches  Hierarchical code generation Extensible Allows for a variety of optimizations

– 4 –© 2006 Andrew R. Bernat Generalized Code Relocation Function Relocation  Efficient instrumentation Blocks too small for branch to instrumentation Instrumentation too far away No traps!  Shared functions Copy to remove sharing  Function rewriting Undo optimizations

– 5 –© 2006 Andrew R. Bernat Generalized Code Relocation Old Instrumentation Overview Application Program Function foo Base Trampoline Save Regs instr2 Mini Trampolines Instrumentation Code Instrumentation Code instr1 instr2 instr3 Restore Regs Save Regs Restore Regs

– 6 –© 2006 Andrew R. Bernat Generalized Code Relocation Old Instrumentation - Consecutive Application Program Function foo Multiple Base Trampolines Multiple Base Trampolines Mini Trampolines instr2 instr1 instr2 instr3 instr1

– 7 –© 2006 Andrew R. Bernat Generalized Code Relocation Old Instrumentation – Uninstrumentable Neighbors Application Program Function foo Base Trampoline Save Regs instr2 Mini Trampolines Instrumentation Code Instrumentation Code instr1 instr2 instr3 instr1 instr3 Restore Regs Save Regs Restore Regs

– 8 –© 2006 Andrew R. Bernat Generalized Code Relocation Edge instrumentation Application Program Function foo Base Trampolines branch ‘Edge’ Trampoline save/restore branch Instrument edges via another level of indirection (plus extra branches) pre-branch fallthrough jump taken

– 9 –© 2006 Andrew R. Bernat Generalized Code Relocation Limitations of Old Instrumentation  Incomplete instrumentation coverage Often could not instrument “near-by” instructions  Inefficient instrumentation Edges, consecutive instructions require extra branches  Platform specific implementation Inextensible and bug-prone

– 10 –© 2006 Andrew R. Bernat Generalized Code Relocation Multitramp Principles  Basic-block instrumentation One jump to/from per block Efficient instrumentation of neighbor instructions  Logical view: a control flow graph Relocated instructions + instrumentation Apply compiler techniques to dynamic instrumentation

– 11 –© 2006 Andrew R. Bernat Generalized Code Relocation Multitramps Application Program Function foo Multitramp Basic Block Base Tramp Instruction Base Tramp Branch Fallthrough Target

– 12 –© 2006 Andrew R. Bernat Generalized Code Relocation Multitramp Implementation  A multitramp is a tree of code objects  Code objects provide the following: Maximum space required (worst case) Generate, install, and link callbacks Map relocated to original address  Single mechanism for both instruction and edge instrumentation

– 13 –© 2006 Andrew R. Bernat Generalized Code Relocation Multitramp Example Base Tramp 1 Instruction Base Tramp 2 Branch Mini Tramp 4 Base Tramp 3 Mini Tramp 3 Mini Tramp 1 Mini Tramp 2 save ; BT 1 branch restore ; BT 1 branch save ; BT 2 branch restore ; BT 2 return save ; BT 3 branch restore ; BT 3 return

– 14 –© 2006 Andrew R. Bernat Generalized Code Relocation In-Line Instrumentation  Current out-of-line model is based on the requirements of Paradyn Frequent insertion/removal of instrumentation  Limited opportunity for optimization Particularly register saves and restores  What about long-lived instrumentation?

– 15 –© 2006 Andrew R. Bernat Generalized Code Relocation In-Line Instrumentation  In-line instrumentation into a single code sequence: Relocated instructions Save/restore code Instrumentation  Replace entire sequence when something changes! BPatch::setMergeTramp(true)

– 16 –© 2006 Andrew R. Bernat Generalized Code Relocation Multitramp Status  Extensible implementation Can add new code objects to multitramp CFG: –Raw binary sections. –Control flow-altering code  In-line instrumentation POWER, x86-64  Platform-independent design Encapsulated platform-dependent sections Included with all platforms in Dyninst 5.0

– 17 –© 2006 Andrew R. Bernat Generalized Code Relocation Multitramp Results Whole-program instrumentation Instrument every instruction in the program … and all control flow edges as well Efficient instrumentation No traps! Minimize extraneous jumps Restrict register save/restores Flexible, extensible instrumentation system Laying the groundwork for binary rewriting

– 18 –© 2006 Andrew R. Bernat Generalized Code Relocation Function Relocation  The basic block may be too small to contain a branch to instrumentation IA-32, x86-64  We may not have the available registers to construct a long branch POWER, SPARC  Solution: relocate on a function level Sufficient space to fit large branches Dead registers that can be used to branch

– 19 –© 2006 Andrew R. Bernat Generalized Code Relocation Old Approach  One-time relocation Preemptively expand possible instrumentation sites: –Function entry, exit, call sites; loop entry, exits –But what about everything else?  Linear scan of the function, ignoring control flow. Dangerous with in-lined data

– 20 –© 2006 Andrew R. Bernat Generalized Code Relocation Incremental Function Relocation  A function is a list of basic blocks  Accumulate modifications to each block Ex: block must be 5 bytes long  Generate relocated versions on-the-fly Only modify what is necessary  Add instrumentation to the new function

– 21 –© 2006 Andrew R. Bernat Generalized Code Relocation Function Relocation - Example Block 2 is too small to patch in a jump block 1 block 5 block 4 block 3 block 2 block 1 block 5 block 4 block 3 block 2 1.Copy the function 2.Enlarge block 2 3.Replace Add modification

– 22 –© 2006 Andrew R. Bernat Generalized Code Relocation Other Uses for Relocation  Overlapping functions Relocation disambiguates code Instrument unique per-function copy  Undo optimizations Rewrite the function during relocation Example: unwinding a tail call

– 23 –© 2006 Andrew R. Bernat Generalized Code Relocation Function Relocation Status  Platform-independent function relocation engine IA-32, x86-64, POWER, SPARC  Support for multiple relocated versions On-the-fly code relocation  Extensible modification interface Block must be 5 bytes long Modify the instructions in the block

– 24 –© 2006 Andrew R. Bernat Generalized Code Relocation Design Objectives Whole-program instrumentation Instrument every instruction in the program … and all control flow edges as well Efficient instrumentation No traps! Minimize extraneous jumps Restrict register save/restores Flexible, extensible instrumentation system Laying the groundwork for binary rewriting

– 25 –© 2006 Andrew R. Bernat Generalized Code Relocation Conclusion  Multitramps Whole-program instrumentation approach  Function relocation Instrument everywhere (without traps)  People Drew Bernat – Multitramps Nate Rosenblum – Function relocation Nick Rutar – Register optimizations

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.