Effective Debugging utilizing Dynamic Instrumentation EDDI .


33 views
Uploaded on:
Category: Home / Real Estate
Description
ETAPS-CC 2008. EDDI
Transcripts
Slide 1

Effective Debugging utilizing Dynamic Instrumentation (EDDI) Qin Zhao ( Singapore-MIT Alliance ) Rodric Rabbah ( IBM TJ Watson Center ) Saman Amarasinghe ( CSAIL, MIT ) Larry Rudolph ( VMware ) Weng-Fai Wong ( National Univ of Singapore )

Slide 2

Debugging is hard Today\'s applications are enormous Many records and segments Run on complex frameworks Source: Wikipedia and M Squared Technologies EDDI – Zhao et al.

Slide 3

Debugging today is exceptionally nearsighted Inspect generally basic predicates at individual program focuses EDDI – Zhao et al.

Slide 4

Example utilizing (gdb) break dist_spu.c:19 (gdb) run (gdb) print cb $1 = {a_addr = 25286272, b_addr = 25269248, res_addr = 25269888, cushioning = 0 } (gdb) cond 1 (cb.padding != 0) (gdb) run $2 = {a_addr = 25282312, b_addr = 2483423, res_addr = 25269888, cushioning = 10 } EDDI – Zhao et al.

Slide 5

printf() The best in class A distortion obviously… … yet what number of you utilize printf() for troubleshooting? EDDI – Zhao et al.

Slide 6

An instance of loses needs? Program directions situated in memory Instructions are perused from memory Instructions control memory But investigating practices are not upgraded for watching memory Instruction breakpoints are very quick Watching memory is very moderate EDDI – Zhao et al.

Slide 7

Breakpoint break when direction at particular address executes Watchpoint break when information at particular address transforms Breakpoint versus Watchpoint EDDI – Zhao et al.

Slide 8

Typical support for watchpoints Hardware bolster for little number of watchpoints GDB utilizes one of four x86 troubleshoot breakpoint registers Software fallback for expansive number of watchpoints Single stride execution and check connected rundown of watchpoints More than 1000x log jam watched EDDI – Zhao et al.

Slide 9

Main understanding fundamental EDDI Dynamic paired instrumentation can drastically enhance bolster for watchpoints Watch requests of extent a larger number of areas than is attainable today Better watchpoint bolster empowers numerous new investigating highlights EDDI – Zhao et al.

Slide 10

Examples of new investigating abilities encouraged by EDDI can give these and other troubleshooting highlights in a solitary brought together structure EDDI – Zhao et al.

Slide 11

Efficient Watchpoints utilizing EDDI Carefully made technique including and joining Fast-get to shadow memory Optimized watchpoint following information structure Full instrumentation Slow and point by point instrumentation of each memory get to Partial instrumentation Focused heuristics for quick instrumentation Compiler advancements Dynamic parallel revamping EDDI – Zhao et al.

Slide 12

Outline EDDI structure Fast-get to shadow memory Full instrumentation Partial instrumentation Case concentrates Future work EDDI – Zhao et al.

Slide 13

User Translate and dispatch summon Front-End Command mediator DBI Signals, IPC EDDI Overview Accelerate and develop debugger usefulness by element co-streamlining of debugger and application code Debugger (e.g., GDB) User Application EDDI – Zhao et al.

Slide 14

EDDI and Watchpoints Associate guarding predicates with watched memory areas Individual or total locations Instrument possibly all memory operations Check if operation alters watched area Update area if guarding predicate permits it Otherwise interfere with execution EDDI – Zhao et al.

Slide 15

Outline EDDI system Fast-get to shadow memory Full instrumentation Partial instrumentation Case concentrates Future work EDDI – Zhao et al.

Slide 16

. . . . . . . . . Shadow memory On-request shadow page tracks watchpoints (set of watched areas) Shadow memory advanced for consistent overhead Lookup table stores uprooting amongst application and shadow pages Trade-off space for time Lookup Table Application Pages Shadow Pages EDDI – Zhao et al.

Slide 17

Outline EDDI system Fast-get to shadow memory Full instrumentation Partial instrumentation Case concentrates Future work EDDI – Zhao et al.

Slide 18

Instrumentation DBI instruments application code to screen peruses and composes from/to memory 1. Spare setting 2. Query address in shadow memory 3. Handle watched deliver as per client commands 4. Reestablish setting and resume execution EDDI – Zhao et al.

Slide 19

Example of full instrumentation 01: mov %ecx - > [ECX_slot] ! Spare enroll 02: mov %eax - > [EAX_slot] 03: seto [OF_slot + 3] ! Spare oflag 04: lahf ! Spare eflags 05: mov %eax - > [AF_slot] 06: mov [EAX_slot] - > %eax ! Reestablish eax 07: lea [%eax, %ebx] - > %ecx ! Get address ! Process table file 08: shr %ecx, $12 - > %ecx ! Move right 09: cmp table[%ecx, 4], $0 ! Check passage 10: je 16: ! Check if tag is set to "watched" 11: include %eax, table[%ecx, 4] - > %eax 12: testb $0xAA, [%eax, %ebx] 13: jz 15: 14: trap ! T rap 15: sub %eax, table[%ecx, 4] - > %eax 16: mov [AF_slot] - > %eax ! Reestablish all ! Reestablish oflag by activating flood ! in the event that essential 17: include [OF_slot], $0x7f000000 - > [OF_slot] 18: sahf ! Reestablish eflags 19: mov [EAX_slot] - > %eax 20: mov [ECX_slot] - > %ecx Context Save Lines 1-6 Address Calculation Line 7 Tag Checks Lines 8-15 Context Restore Lines 16-20 EDDI – Zhao et al.

Slide 20

Experimental Results SPEC 2000 (GCC 4.0 –O3) 2.66 GHz Intel Core 2 with 2GB RAM Linux FC4 EDDI – Zhao et al.

Slide 21

Full instrumentation overhead: Slowdown contrasted with local EDDI – Zhao et al.

Slide 22

Classic improvements Context switch diminishment Group checks Local factors check end Watchpoint particular enhancements Merge checks Stack relocation Reduce overhead for stack factors overhead by means of shadow stack Lowering instrumentation overhead EDDI – Zhao et al.

Slide 23

Optimized instrumentation: Slowdown contrasted with local EDDI – Zhao et al.

Slide 24

Performance overhead as a component of watchpoints EDDI – Zhao et al.

Slide 25

Outline EDDI system Fast-get to shadow memory Full instrumentation Partial instrumentation Case concentrates Future work EDDI – Zhao et al.

Slide 26

Partial instrumentation Key thought: two-organize instrumentation Coarse grained quick checks to whole pages Fine grained instrumentation inside a page when important 1. Protect pages containing watched information areas 2. Catch SIGSEGV signals when access to secured page happens 3. Instrument code for fine-grained watchpoint checks EDDI – Zhao et al.

Slide 27

PI: rework after SIGSEGV hit mov %ecx ��  [ECX_SLOT] ! take ecx lea [%eax+0x10] ��  %ecx ! figure address ... ! spare eflags shr %ecx, 20 ��  %ecx ! right move cmp table[%ecx], $0 ! check table passage je LABEL_ORIG ... ! check label status ... ! reestablish eflags and ecx mov 0 ��  [%eax + 0x030010] ! diverted reference jmp LABEL_NEXT LABEL_ORIG ... ! reestablish eflags and ecx mov 0 ��  [%eax+0x10] ! get to unique area LABEL_NEXT: ... ! proceed with execution EDDI – Zhao et al.

Slide 28

Performance assessment Randomly select load articles to watch Intercept malloc Randomly distributed question from secured page or non-ensured page Object sizes shift EDDI – Zhao et al.

Slide 29

Runtime overhead utilizing halfway instrumentation EDDI – Zhao et al.

Slide 30

Outline EDDI system Fast-get to shadow memory Full instrumentation Partial instrumentation Case concentrates Future work EDDI – Zhao et al.

Slide 31

The estimation of having numerous watchpoints: Case Study 1 Watch for Return Address Access a few capacities attempt to acquire current pc a watchpoint is consequently Set on the arrival address of a capacity when it is called. Cleared on return Ret, setjmp EDDI – Zhao et al.

Slide 32

The estimation of having numerous watchpoints: Case Study 2 Dynamic Pointer Analysis Using 181.mcf Watch each of the 33,112 occurrences of hub information sort Identified 468 (static) directions got to objects of such sort 1.08 × 10 times amid execution EDDI – Zhao et al.

Slide 33

The estimation of having numerous watchpoints: Case Study 3 Read Un-instated Variable Again utilizing 181.mcf Changed calloc() to malloc() Watch all malloc \'ed memory When an area is introduced, watchpoint is cleared the initially uninitialized perused happens in 0.001 secs from the begin of execution EDDI reports the blunder in 0.037 secs Overall, the instrumented execution is 83% slower utilizing PI and 250% slower utilizing FI EDDI – Zhao et al.

Slide 34

The estimation of having numerous watchpoints: Case Study 4 Software Security Using the 20 Wilander Buffer Overflow Benchmarks Watched the finish of all supports Successfully distinguished all infringement EDDI – Zhao et al.

Slide 35

Summary Efficient investigating utilizing dynamic instrumentation empowers new open doors that expansion highlight set accessible for troubleshooting Paper exhibits utilizing EDDI to fundamentally enhance bolster for investigating utilizing watchpoints Practical to watch a great many memory areas with 3x normal lull Large number of watchpoints make it conceivable to investigate new investigating situations Holistic troubleshooting procedure EDDI – Zhao et al.

Slide 36

Main push for future work EDDI for multicores and parallel program Main thought: instead of watch execution and interleaving to catch information races and gridlocks… … watch memory, record gets to, and on an information race or halt, review records to decide wellspring of bug EDDI – Zhao et al.

Recommended
View more...