7/31/2019 Bernat - multitramps2
1/25
Generalized Code Relocation 2006 Andrew R. Bernat March 2006
Generalized Code Relocation forInstrumentation and Efficiency
Andrew R. BernatUniversity of Wisconsin
mailto:[email protected]:[email protected]7/31/2019 Bernat - multitramps2
2/25
2 Generalized Code Relocation 2006 Andrew R. Bernat
Design Objectives
Whole-program instrumentation
Instrument every instruction in the program
and all control flow edges as well
Efficient instrumentation
No traps! Minimize extraneous jumps
Restrict register save/restores
Flexible, extensible instrumentation system Laying the groundwork for binary rewriting
7/31/2019 Bernat - multitramps2
3/25
3 Generalized Code Relocation 2006 Andrew R. Bernat
Multitramps
Whole-program instrumentation
All instructions, including neighbors
All control flow edges
One trampoline per basic block
Reduces number of extra branches Hierarchical code generation
Extensible
Allows for a variety of optimizations
7/31/2019 Bernat - multitramps2
4/25
4 Generalized Code Relocation 2006 Andrew R. Bernat
Function Relocation
Efficient instrumentation
Blocks too small for branch to instrumentation
Instrumentation too far away
No traps!
Shared functions
Copy to remove sharing
Function rewriting Undo optimizations
7/31/2019 Bernat - multitramps2
5/25
5 Generalized Code Relocation 2006 Andrew R. Bernat
Old Instrumentation Overview
Application
Program
Application
Program
Function fooFunction foo
Base TrampolineBase Trampoline
Save RegsSave Regs
instr2instr2
Mini TrampolinesMini Trampolines
InstrumentationInstrumentationCodeCode
InstrumentationInstrumentationCodeCode
instr1instr2instr3
Restore RegsRestore Regs
Save RegsSave Regs
Restore RegsRestore Regs
7/31/2019 Bernat - multitramps2
6/25
6 Generalized Code Relocation 2006 Andrew R. Bernat
Old Instrumentation - Consecutive
Application
Program
Application
Program
Function fooFunction foo
Multiple Base
Trampolines
Multiple Base
Trampolines Mini TrampolinesMini Trampolines
instr2instr2
instr1instr2instr3
instr1instr1
7/31/2019 Bernat - multitramps2
7/25
7 Generalized Code Relocation 2006 Andrew R. Bernat
Old Instrumentation Uninstrumentable Neighbors
ApplicationProgram
Application
Program
Function fooFunction foo
Base TrampolineBase Trampoline
Save RegsSave Regs
instr2instr2
Mini TrampolinesMini Trampolines
InstrumentationInstrumentation
CodeCode
InstrumentationInstrumentation
CodeCode
instr1instr2instr3
instr1instr1
instr3instr3
Restore RegsRestore Regs
Save RegsSave Regs
Restore RegsRestore Regs
7/31/2019 Bernat - multitramps2
8/25
8 Generalized Code Relocation 2006 Andrew R. Bernat
Edge instrumentation
Application
Program
Application
Program
Function fooFunction foo
Base TrampolinesBase Trampolines
branch
Edge TrampolineEdge Trampoline
save/restoresave/restore
save/restoresave/restore
save/restoresave/restorebranchbranch
Instrument edges viaanother level of indirection
(plus extra branches)
Instrument edges viaanother level of indirection
(plus extra branches)
pre-branch
fallthrough
jump taken
7/31/2019 Bernat - multitramps2
9/25
9 Generalized Code Relocation 2006 Andrew R. Bernat
Limitations of Old Instrumentation
Incomplete instrumentation coverage
Often could not instrument near-byinstructions
Inefficient instrumentation
Edges, consecutive instructions require extrabranches
Platform specific implementation
Inextensible and bug-prone
7/31/2019 Bernat - multitramps2
10/25
10 Generalized Code Relocation 2006 Andrew R. Bernat
Multitramp Principles
Basic-block instrumentation
One jump to/from per block Efficient instrumentation of neighbor
instructions
Logical view: a control flow graph Relocated instructions + instrumentation
Apply compiler techniques to dynamic
instrumentation
7/31/2019 Bernat - multitramps2
11/25
11 Generalized Code Relocation 2006 Andrew R. Bernat
Multitramps
Application
Program
Application
Program
Function fooFunction foo
MultitrampMultitramp
Basic Block
Base Tramp
InstructionInstruction
InstructionInstruction
Base Tramp
BranchBranch
Fallthrough Target
7/31/2019 Bernat - multitramps2
12/25
12 Generalized Code Relocation 2006 Andrew R. Bernat
Multitramp Implementation
A multitramp is a tree of code objects
Code objects provide the following:
Maximum space required (worst case)
Generate, install, and link callbacks
Map relocated to original address
Single mechanism for both instruction andedge instrumentation
7/31/2019 Bernat - multitramps2
13/25
13 Generalized Code Relocation 2006 Andrew R. Bernat
Multitramp Example
Base Tramp 1
InstructionInstruction
Base Tramp 2
BranchBranch
Mini Tramp 4Base Tramp 3
Mini Tramp 3
Mini Tramp 1
Mini Tramp 2
save ; BT 1branch
7/31/2019 Bernat - multitramps2
14/25
14 Generalized Code Relocation 2006 Andrew R. Bernat
In-Line Instrumentation
Current out-of-line model is based on the
requirements of Paradyn Frequent insertion/removal of instrumentation
Limited opportunity for optimization Particularly register saves and restores
What about long-lived instrumentation?
7/31/2019 Bernat - multitramps2
15/25
15 Generalized Code Relocation 2006 Andrew R. Bernat
In-Line Instrumentation
In-line instrumentation into a single code
sequence: Relocated instructions
Save/restore code
Instrumentation Replace entire sequence when something
changes!
BPatch::setMergeTramp(true)
7/31/2019 Bernat - multitramps2
16/25
16 Generalized Code Relocation 2006 Andrew R. Bernat
Multitramp Status
Extensible implementation
Can add new code objects to multitramp CFG: Raw binary sections.
Control flow-altering code
In-line instrumentation POWER, x86-64
Platform-independent design
Encapsulated platform-dependent sections Included with all platforms in Dyninst 5.0
7/31/2019 Bernat - multitramps2
17/25
17 Generalized Code Relocation 2006 Andrew R. Bernat
Multitramp Results
Whole-program instrumentation
Instrument every instruction in the program and all control flow edges as well
Efficient instrumentation
No traps!Minimize extraneous jumpsRestrict register save/restores
Flexible, extensible instrumentation systemLaying the groundwork for binary rewriting
7/31/2019 Bernat - multitramps2
18/25
18 Generalized Code Relocation 2006 Andrew R. Bernat
Function Relocation
The basic block may be too small to contain a
branch to instrumentation IA-32, x86-64
We may not have the available registers to
construct a long branch POWER, SPARC
Solution: relocate on a function level
Sufficient space to fit large branches Dead registers that can be used to branch
7/31/2019 Bernat - multitramps2
19/25
19 Generalized Code Relocation 2006 Andrew R. Bernat
Old Approach
One-time relocation
Preemptively expand possible instrumentationsites: Function entry, exit, call sites; loop entry, exits
But what about everything else? Linear scan of the function, ignoring control
flow.
Dangerous with in-lined data
7/31/2019 Bernat - multitramps2
20/25
7/31/2019 Bernat - multitramps2
21/25
21 Generalized Code Relocation 2006 Andrew R. Bernat
Function Relocation - Example
Block 2 is too small topatch in a jump
block 1
block 5
block 4
block 3block 2 block 2
block 1
block 5
block 4
block 3 block 2
1. Copy thefunction
2. Enlarge bloc2
3. Replace
Addmodification
7/31/2019 Bernat - multitramps2
22/25
22 Generalized Code Relocation 2006 Andrew R. Bernat
Other Uses for Relocation
Overlapping functions
Relocation disambiguates code Instrument unique per-function copy
Undo optimizations
Rewrite the function during relocation Example: unwinding a tail call
7/31/2019 Bernat - multitramps2
23/25
23 Generalized Code Relocation 2006 Andrew R. Bernat
Function Relocation Status
Platform-independent function relocation
engine IA-32, x86-64, POWER, SPARC
Support for multiple relocated versions
On-the-fly code relocation Extensible modification interface
Block must be 5 bytes long
Modify the instructions in the block
7/31/2019 Bernat - multitramps2
24/25
24 Generalized Code Relocation 2006 Andrew R. Bernat
Design Objectives
Whole-program instrumentation
Instrument every instruction in the program and all control flow edges as well
Efficient instrumentation
No traps!Minimize extraneous jumpsRestrict register save/restores
Flexible, extensible instrumentation systemLaying the groundwork for binary rewriting
7/31/2019 Bernat - multitramps2
25/25
25 Generalized Code Relocation 2006 Andrew R. Bernat
Conclusion
Multitramps
Whole-program instrumentation approach Function relocation
Instrument everywhere (without traps)
People Drew Bernat Multitramps
Nate Rosenblum Function relocation
Nick Rutar Register optimizations