Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cache Wrap-up, System Control Flow CSE 410 Winter 2017

Published byErnest Roberts Modified over 6 years ago

Similar presentations

Presentation on theme: "Cache Wrap-up, System Control Flow CSE 410 Winter 2017"— Presentation transcript:

1 Cache Wrap-up, System Control Flow CSE 410 Winter 2017
Instructor: Teaching Assistants: Justin Hsia Kathryn Chan, Kevin Bi, Ryan Wong, Waylon Huang, Xinyu Sui Incident report on memory leak caused by Cloudflare parser bug [S]ervers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines. Many of Cloudflare’s services rely on parsing and modifying HTML pages as they pass through our edge servers. The C code uses, in the classic C manner, pointers to the HTML document being parsed. The root cause of the bug was that reaching the end of a buffer was checked using the equality operator and a pointer was able to step past the end of the buffer. This is known as a buffer overrun. parser-bug/ /* generated code */ if ( ++p == pe ) goto _test_eof;

2 Administrivia Homework 4 due Tuesday (2/28) Lab 4 released today
Cache runtimes and parameter puzzles

3 Anatomy of a Cache Question
Cache questions come in a few flavors: TIO Address Breakdown For fixed cache parameters, analyze the performance of the given code/sequence For fixed cache parameters, find best/worst case scenarios For given code/sequence, how does changing your cache parameters affect performance? Average Memory Access Time (AMAT)

4 The Cache What are the important cache parameters?
Must figure these out from problem description Address size, cache size, block size, associativity, replacement policy Solve for TIO address breakdown, # of sets, management bits What starts in the cache? Not always specified (best/worst case)

5 Code: Arrays Elements stored contiguously in memory
Ideal for spatial locality – if used properly Different arrays not necessarily next to each other Remember to account for data size! char is 1 B, int/float is 4 B, long/double is 8 B Pay attention to access pattern Touch all elements (e.g. shift, sum) Touch some elements (e.g. histogram, stride) How many times do we touch each element?

6 Code: Linked Lists/Structs
Nodes stored separately in memory Addresses of nodes may be very different Method of linking and ordering of nodes are important Remember to account for size/ordering of struct elements Pay attention to access pattern Generally must start from “head” How many struct elements are touched?

7 Access Patterns How many hits within a single block once it is loaded into cache? Will block still be in cache when you revisit its elements? Are there special/edge cases to consider? Usually edge of block boundary or edge of cache size boundary

8 Cache Example Problem (1/3)
1 MiB address space, 125 cycles to go to memory. Fill in the following table: Cache Size 16 KiB Block Size 16 B Associativity 4-way Hit Time 3 cycles Miss Rate 20% Write Policy Write-through Replacement Policy LRU Tag Bits Index Bits Offset Bits AMAT 8 4 AMAT = * 125 = 28

9 Cache Example Problem (2/3)
Assuming the cache starts cold (all blocks invalid), calculate the hit rate for the following loop: 𝑚 = 20 bits, 𝐶 = 16 KiB, 𝐾 = 16 B, 𝐸 = 4 #define AR_SIZE 8192 int int_ar[AR_SIZE]; // &int_ar=0x80000 for (int i = 0; i < AR_SIZE/2; i++) { int_ar[i] *= int_ar[ i + AR_SIZE/2 ]; }

10 Cache Example Problem (3/3)
For each of the proposed changes below, write U for “increase”, N for “no change”, or D for “decrease” to indicate the effect on the hit rate for the loop: Direct-mapped cache: ____ Increase cache size: ____ Double AR_SIZE: ____

11 Roadmap C: Java: Assembly language: OS: Machine code: Computer system:
Memory & data Integers & floats x86 assembly Procedures & stacks Executables Arrays & structs Memory & caches Processes Virtual memory Operating Systems car *c = malloc(sizeof(car)); c->miles = 100; c->gals = 17; float mpg = get_mpg(c); free(c); Car c = new Car(); c.setMiles(100); c.setGals(17); float mpg = c.getMPG(); Assembly language: get_mpg: pushq %rbp movq %rsp, %rbp ... popq %rbp ret OS: Machine code: Computer system:

12 Leading Up to Processes
System Control Flow Control flow Exceptional control flow Asynchronous exceptions (interrupts) Synchronous exceptions (traps & faults)

13 Control Flow So far: we’ve seen how the flow of control changes as a single program executes Reality: multiple programs running concurrently How does control flow across the many components of the system? In particular: More programs running than CPUs Exceptional control flow is basic mechanism used for: Transferring control between processes and OS Handling I/O and virtual memory within the OS Implementing multi-process apps like shells and web servers Implementing concurrency

14 Control Flow Processors do only one thing:
From startup to shutdown, a CPU simply reads and executes (interprets) a sequence of instructions, one at a time This sequence is the CPU’s control flow (or flow of control) <startup> instr1 instr2 instr3 instrn <shutdown> Physical control flow time

15 Altering the Control Flow
Up to now, two ways to change control flow: Jumps (conditional and unconditional) Call and return Both react to changes in program state Processor also needs to react to changes in system state Unix/Linux user hits “Ctrl-C” at the keyboard User clicks on a different application’s window on the screen Data arrives from a disk or a network adapter Instruction divides by zero System timer expires Can jumps and procedure calls achieve this? No – the system needs mechanisms for “exceptional” control flow!

16 Exceptional Control Flow
Exists at all levels of a computer system Low level mechanisms Exceptions Change in processor’s control flow in response to a system event (i.e. change in system state, user-generated interrupt) Implemented using a combination of hardware and OS software Higher level mechanisms Process context switch Implemented by OS software and hardware timer Signals Implemented by OS software Covered briefly later

17 Exceptions An exception is transfer of control to the operating system (OS) kernel in response to some event (i.e. change in processor state) Kernel is the memory-resident part of the OS Examples: division by 0, page fault, I/O request completes, Ctrl-C How does the system know where to jump to in the OS? User Code OS Kernel Code exception event current_instr next_instr exception processing by exception handler, then: return to current_instr, return to next_instr, OR abort

18 Exception Table A jump table for exceptions (also called Interrupt Vector Table) Each type of event has a unique exception number 𝑘 𝑘 = index into exception table (a.k.a interrupt vector) Handler 𝑘 is called each time exception 𝑘 occurs code for exception handler 0 Exception Table code for exception handler 1 1 (Jump tables for switch statements: x86 Programming III slides) The book calls this an Exception table. I am using that at the top of the slide to be consistent with the book and with the previous slide. code for exception handler 2 2 ... n-1 ... Exception numbers code for exception handler n-1

19 Exception Table (Excerpt)
Exception Number Description Exception Class Divide error Fault 13 General protection fault 14 Page fault 18 Machine check Abort 32-255 OS-defined Interrupt or trap According to the book: Ones in gray are Intel-defined, Others are OS-defined Intel® 64 and IA-32 Architectures Software Developer's Manual, Volume 1: Basic Architecture - Describes the architecture and programming environment of processors supporting IA-32 and Intel 64 Architectures. “Systems often use an interrupt controller to group the device interrupts together before passing on the signal to a single interrupt pin on the CPU. This saves interrupt pins on the CPU…” This is why cat /proc/interrupts doesn’t match this slide - /proc/interrupts shows APIC’s “IRQ numbers”, not the OS’s exception numbers

20 Leading Up to Processes
System Control Flow Control flow Exceptional control flow Asynchronous exceptions (interrupts) Synchronous exceptions (traps & faults)

21 Asynchronous Exceptions (Interrupts)
Caused by events external to the processor Indicated by setting the processor’s interrupt pin(s) (wire into CPU) After interrupt handler runs, the handler returns to “next” instruction Examples: I/O interrupts Hitting Ctrl-C on the keyboard Clicking a mouse button or tapping a touchscreen Arrival of a packet from a network Arrival of data from a disk Timer interrupt Every few ms, an external timer chip triggers an interrupt Used by the OS kernel to take back control from user programs Also: Hard reset interrupt hitting the reset button on front panel Soft reset interrupt hitting Ctrl-Alt-Delete on a PC

22 Synchronous Exceptions
Caused by events that occur as a result of executing an instruction: Traps Intentional: transfer control to OS to perform some function Examples: system calls, breakpoint traps, special instructions Returns control to “next” instruction Faults Unintentional but possibly recoverable Examples: page faults, segment protection faults, integer divide-by-zero exceptions Either re-executes faulting (“current”) instruction or aborts Aborts Unintentional and unrecoverable Examples: parity error, machine check (hardware failure detected) Aborts current program

23 System Calls Each system call has a unique ID number
Examples for Linux on x86-64: Number Name Description read Read file 1 write Write file 2 open Open file 3 close Close file 4 stat Get info about file 57 fork Create process 59 execve Execute a program 60 _exit Terminate process 62 kill Send signal to process

24 Traps Example: Opening File
User calls open(filename, options) Calls __open function, which invokes system call instruction syscall e5d70 <__open>: ... e5d79: b mov $0x2,%eax # open is syscall 2 e5d7e: 0f syscall # return value in %rax e5d80: d 01 f0 ff ff cmp $0xfffffffffffff001,%rax e5dfa: c retq User code OS Kernel code %rax contains syscall number Other arguments in %rdi, %rsi, %rdx, %r10, %r8, %r9 Return value in %rax Negative value is an error corresponding to negative errno Note: on x86-64, syscall and sysret are used instead of int 0x80. Interrupt number 0x80 tells OS that this is a system call; to specify which system call, the system call’s number is stored in a register (%eax on IA32 Linux) before executing the int instruction. Exception syscall cmp Open file Returns

25 Fault Example: Page Fault
int a[1000]; int main () { a[500] = 13; } User writes to memory location That portion (page) of user’s memory is currently on disk Page fault handler must load page into physical memory Returns to faulting instruction: mov is executed again! Successful on second try 80483b7: c d d movl $0xd,0x8049d10 User code OS Kernel code exception: page fault handle_page_fault: movl Create page and load into memory Can SIGSEGV ever be handled without aborting? Yes, but program can’t really run afterwards: returns

26 Fault Example: Invalid Memory Reference
int a[1000]; int main() { a[5000] = 13; } 80483b7: c e d movl $0xd,0x804e360 User Process OS exception: page fault handle_page_fault: movl Can SIGSEGV ever be handled without aborting? Yes, but program can’t really run afterwards: detect invalid address signal process Page fault handler detects invalid address Sends SIGSEGV signal to user process User process exits with “segmentation fault”

27 Summary Exceptions Events that require non-standard control flow
Generated externally (interrupts) or internally (traps and faults) After an exception is handled, one of three things may happen: Re-execute the current instruction Resume execution with the next instruction Abort the process that caused the exception

Download ppt "Cache Wrap-up, System Control Flow CSE 410 Winter 2017"

Similar presentations

More on Processes Chapter 3. Process image _the physical representation of a process in the OS _an address space consisting of code, data and stack segments.

More on Processes Chapter 3. Process image _the physical representation of a process in the OS _an address space consisting of code, data and stack segments.
1 Exceptions, Interrupts & Traps Operating System Hebrew University Spring 2007.

1 Exceptions, Interrupts & Traps Operating System Hebrew University Spring 2007.
Exceptional Control Flow Processes Today. Control Flow Processors do only one thing: From startup to shutdown, a CPU simply reads and executes (interprets)

Exceptional Control Flow Processes Today. Control Flow Processors do only one thing: From startup to shutdown, a CPU simply reads and executes (interprets)
University of Washington Today Midterm grades posted  76. HW 3 due Lab 4 fun! 1.

University of Washington Today Midterm grades posted  76. HW 3 due Lab 4 fun! 1.
Architectural Support for OS March 29, 2000 Instructor: Gary Kimura Slides courtesy of Hank Levy.

Architectural Support for OS March 29, 2000 Instructor: Gary Kimura Slides courtesy of Hank Levy.
OS Spring’03 Introduction Operating Systems Spring 2003.

OS Spring’03 Introduction Operating Systems Spring 2003.
Translation Buffers (TLB’s)

Translation Buffers (TLB’s)
Introduction to Interrupts

Introduction to Interrupts
Exceptions, Interrupts & Traps

Exceptions, Interrupts & Traps
CSE 451: Operating Systems Autumn 2013 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.

CSE 451: Operating Systems Autumn 2013 Module 6 Review of Processes, Kernel Threads, User-Level Threads Ed Lazowska 570 Allen.
1 CS503: Operating Systems Part 1: OS Interface Dongyan Xu Department of Computer Science Purdue University.

1 CS503: Operating Systems Part 1: OS Interface Dongyan Xu Department of Computer Science Purdue University.
Interrupts. What Are Interrupts? Interrupts alter a program’s flow of control  Behavior is similar to a procedure call »Some significant differences.

Interrupts. What Are Interrupts? Interrupts alter a program’s flow of control  Behavior is similar to a procedure call »Some significant differences.
Lecture 3 Process Concepts. What is a Process? A process is the dynamic execution context of an executing program. Several processes may run concurrently,

Lecture 3 Process Concepts. What is a Process? A process is the dynamic execution context of an executing program. Several processes may run concurrently,
CSC 2405 Computer Systems II Exceptions Mini-Lecture Traps & Interrupts.

CSC 2405 Computer Systems II Exceptions Mini-Lecture Traps & Interrupts.
1 CSE451 Architectural Supports for Operating Systems Autumn 2002 Gary Kimura Lecture #2 October 2, 2002.

1 CSE451 Architectural Supports for Operating Systems Autumn 2002 Gary Kimura Lecture #2 October 2, 2002.
Exceptional Control Flow Topics Exceptions except1.ppt CS 105 “Tour of the Black Holes of Computing”

Exceptional Control Flow Topics Exceptions except1.ppt CS 105 “Tour of the Black Holes of Computing”
Operating Systems 1 K. Salah Module 1.2: Fundamental Concepts Interrupts System Calls.

Operating Systems 1 K. Salah Module 1.2: Fundamental Concepts Interrupts System Calls.
University of Washington Exceptional Control Flow The Hardware/Software Interface CSE351 Winter 2013.

University of Washington Exceptional Control Flow The Hardware/Software Interface CSE351 Winter 2013.
Interrupts and Exception Handling. Execution We are quite aware of the Fetch, Execute process of the control unit of the CPU –Fetch and instruction as.

Interrupts and Exception Handling. Execution We are quite aware of the Fetch, Execute process of the control unit of the CPU –Fetch and instruction as.
University of Washington Roadmap 1 car *c = malloc(sizeof(car)); c->miles = 100; c->gals = 17; float mpg = get_mpg(c); free(c); Car c = new Car(); c.setMiles(100);

University of Washington Roadmap 1 car *c = malloc(sizeof(car)); c->miles = 100; c->gals = 17; float mpg = get_mpg(c); free(c); Car c = new Car(); c.setMiles(100);

Similar presentations

Ads by Google