chakra under the hood
play

CHAKRA: UNDER THE HOOD Steve Lucco Technical Fellow Microsoft - PowerPoint PPT Presentation

Jun 23, 2023 •458 likes •734 views

CHAKRA: UNDER THE HOOD Steve Lucco Technical Fellow Microsoft Design Principles Security ECMAScript Compliance Balanced Performance Transparency JIT Security int 3 int 3 push ebp mov ebp, esp Data Execution Protection

  1. CHAKRA: UNDER THE HOOD Steve Lucco Technical Fellow Microsoft

  2. Design Principles • Security • ECMAScript Compliance • Balanced Performance • Transparency

  3. JIT Security int 3 int 3 push ebp mov ebp, esp Data Execution Protection ... xor eax, eax xor ecx, ecx lea ecx, [ecx] Codebase Alignment Randomization $enterLoop: cmp ecx, 0x0a mov edi, edi jge $exitLoop Random NOP Insertion mov edx, 0x02EBCC90 xor edx, 0x50A2B255 add eax, edx jo $handleOverflow Constant Blinding inc ecx jmp $enterLoop $exitLoop: JIT Code Allocation Cap shl eax, 1 jo $handleOverflow inc eax mov esp, ebp JIT Page Randomization pop ebp ret

  4. JIT Hardening Comparison http://www.accuvant.com/sites/default/files/images/webbrowserresearch_v1_0.pdf (12/2011)

  5. ECMAScript Compliance Highest Pass Rate

  6. Balanced Performance: Page Load Source Code Byte Code Parser Interpreter Generator AST Byte Code

  8. Page Load & App Start-Up One of the most visceral elements of user experience • Internal and third-party reviews show IE has solid page load • performance Strangeloop: http://bit.ly/Sxcw2O • • “Internet Explorer 10 served pages faster than other browsers…” Tom’s Hardware: http://bit.ly/OY3Bw0 • • “Here , Microsoft's own IE9 takes the lead…” Page load design points • Interpreter: start execution almost immediately • Deferred Parsing: avoid parsing unused code • Start-Up Profile Caching: remember which functions were called • Background code generation and garbage collection •

  9. Balanced Performance: Throughput and interactive response Byte Code Parser Interpreter Machine Code Generator Runtime Machine AST Byte Code Profile Code JIT Compiler Garbage Collector

  10. Chakra’s Garbage Collector Conservative • Can handle object pointers on the native stack; tagged integers lead to very • low rate (0.02 per GC) of spurious object references Simplifies interoperation with native code • Generational • partial collections; no separate nursery space • Mark and Sweep • small objects sorted by size into buckets for low fragmentation • free-list and bump allocation, currently no compaction or evacuation • Concurrent • Scan Program Rescan Program Program Roots Mark Sweep Zero Pages

  11. Interactive Response: Pause Times

  12. Interactive Response: Pause Times

  13. WebKit SunSpider

  14. Optimistic Profile-Based JIT bailout IE10

  15. Type Specialized Integer Math in IE10 $enterLoop: bitops-bits-in-byte.js cmp esi, 0x100 jge $exitLoop function bitsinbyte(b) { var m = 1, c = 0; mov ecx, eax while(m<0x100) { and ecx, esi if(b & m) c++; test ecx, ecx m <<= 1; jeq $l1 } return c; add edi, 1 } jo $bailOut $l1: shl esi, 1 jmp $enterLoop

  16. Type Specialized Float Math in IE10 $enterLoop: cmp eax, edx 3d-cube.js jge $exitLoop addsd xmm7, xmm2 for (; i < NumPix; i++) { comisd xmm7, xmm6 Num += NumAdd; jb $l2 if (Num >= Den) { subsd xmm7, xmm6 Num -= Den; movsd xmm2, <-176> x += IncX1; addsd xmm0, xmm2 y += IncY1; addsd xmm1, xmm3 } $l2: x += IncX2; addsd xmm0, xmm4 y += IncY2; addsd xmm1, xmm5 } add eax, 1 jo $bailOut movsd xmm2, <-192> jmp $enterLoop

  17. Fast Property Access in IE9 Bubble function Bubble(x, y) { x this.x = x; b1 this.y = y; Bubble } “x” 0 0 var b1 = new Bubble(0, 1); var b2 = new Bubble(10, 11); y 1 Bubble b2 “x” “y” 10 10 b1.type b2.type 11 monomorphic

  18. Fast Property Access in IE9 Bubble function Bubble(x, y) { x this.x = x; b1 this.y = y; Bubble } “x” 0 var b1 = new Bubble(0, 1); y var b2 = new Bubble(10, 11); 1 b2.c = "red"; Bubble b2 “x” “y” 10 10 b1.type b2.type c 11 11 Bubble polymorphic “red” “x” “y” “c”

  19. Faster Property Access in IE10 • Object type specialization • Polymorphic property caches • Field hoisting • Copy propagation • Streamlined object layout • Function inlining

  20. total += o.x + o.y + o.z mov edi,dword ptr [ebx+88h] mov edi,dword ptr [ebp-0A8h] mov eax,18BF198h test edi,1 test edi,1 jne 053F01D7 jne $BailOut mov ecx,dword ptr [edi+8] mov eax,dword ptr [edi+8] o.x cmp ecx,dword ptr [eax] cmp dword ptr ds:[8E4F20h],eax jne 053F01D7 jne $BailOut IE10 movzx eax,word ptr [eax+6] mov eax,dword ptr [edi+eax*4] mov eax,dword ptr [edi+1Ch] mov edx,18BF1A8h test edi,1 jne 053F01F5 mov ecx,dword ptr [edi+8] o.y cmp ecx,dword ptr [edx] jne 053F01F5 movzx edx,word ptr [edx+6] mov edx,dword ptr [edi+edx*4] mov ecx,dword ptr [edi+20h] ... ... mov eax,18BF1B8h test edi,1 o.z jne 053F0231 mov eax,dword ptr [edi+24h] ... ...

  21. for(…) { total += o.x + o.y + o.z; } test esi, 1 o is {x,y,z}? jne $bailOut mov eax, dword ptr [esi+8] cmp eax, [0x00480500] o.x jne $bailOut mov eax, dword ptr [esi+28] o.y loop header mov ecx, dword ptr [esi+32] 1x mov edx, dword ptr [esi+36] o.z ... add eax, ecx jo $bailOut ... t = o.x + o.y add eax, edx jo $bailOut ... t += o.z add ebx, eax loop body jo $bailOut 100x total += t ...

  22. for(…) { total += o.x + o.y + o.z; calculate(); test esi, 1 o is {x,y,z}? jne $bailOut } mov eax, dword ptr [esi+8] cmp eax, [0x00480500] o.x jne $bailOut mov eax, dword ptr [esi+28] o.y mov ecx, dword ptr [esi+32] mov edx, dword ptr [esi+36] o.z ... loop body add eax, ecx 100x jo $bailOut ... t = o.x + o.y add eax, edx jo $bailOut ... t += o.z add ebx, eax jo $bailOut total += t ... call [calculate]

  23. for(…) { total += o.x + o.y + o.z; calculate(); test esi, 1 o is {x,y,z}? jne $bailOut } mov eax, dword ptr [esi+8] cmp eax, [0x00480500] o.x jne $bailOut mov eax, dword ptr [esi+28] o.y loop header mov ecx, dword ptr [esi+32] 1x mov edx, dword ptr [esi+36] o.z ... add eax, ecx jo $bailOut ... t = o.x + o.y add eax, edx jo $bailOut ... t += o.z add ebx, eax loop body jo $bailOut 100x total += t ... $inlinedCalculate:

  24. Windows Store Applications • Bytecode Caching • GC on Idle/Suspend • Fast marshaling to native code • Native calling conventions and exception handling • Generation and caching of method entry points (based on meta-data)

  25. More work to do • Throughput • Array operations; typed arrays • Polymorphism and function inlining • Standards • ES6 features; ES5 accessor performance • Improve GC for games and long-running applications • Precise pointers • Iterate between sequential and concurrent phases

  26. Make web development work for any app • Great JS engine performance • Multiple cores, GPU, continued optimization • APIs, device capabilities, secure component model • Build tools that enable construction of large- scale Javascript applications

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Your Chakra Is Not Aligned Hunting bugs in the Microsoft Edge Script Engine About Me Natalie

Your Chakra Is Not Aligned Hunting bugs in the Microsoft Edge Script Engine About Me Natalie

Your Chakra Is Not Aligned Hunting bugs in the Microsoft Edge Script Engine About Me Natalie Silvanovich AKA natashenka Project Zero member Previously did mobile security on Android and BlackBerry ECMAScript enthusiast

893 views • 39 slides
Chakra, a user friendly distribution using the KDE desktop Laszlo Papp 04.07.2010 | T ampere |

Chakra, a user friendly distribution using the KDE desktop Laszlo Papp 04.07.2010 | T ampere |

Chakra, a user friendly distribution using the KDE desktop Laszlo Papp 04.07.2010 | T ampere | Akademy Agenda Introduction KDEmod Half-rolling release model Live CD development T ool development Community Questions

572 views • 35 slides
Angel alchemy session 2 Bubble clearing, the 4 clairs, the root and sacral chakra What is Angel

Angel alchemy session 2 Bubble clearing, the 4 clairs, the root and sacral chakra What is Angel

Angel alchemy session 2 Bubble clearing, the 4 clairs, the root and sacral chakra What is Angel Alchemy? The art and science of invoking Source and Angelic Energy to produce DRAMATIC and RAPID healing in the deepest aspects of our hearts,

404 views • 17 slides
A tale of Chakra bugs through the years Bruno Keith (@bkth_) SSTIC 2019 whoami 24, Independent

A tale of Chakra bugs through the years Bruno Keith (@bkth_) SSTIC 2019 whoami 24, Independent

A tale of Chakra bugs through the years Bruno Keith (@bkth_) SSTIC 2019 whoami 24, Independent Researcher, Navigating the jungle of French entrepreneurship CTF player since 2016 (ESPR), now retired due to ptmalloc2 PTSD Vuln research since

889 views • 85 slides
Employment Land Employment (ELE) Intensification Study 575 Hood Road 575 Hood Road

Employment Land Employment (ELE) Intensification Study 575 Hood Road 575 Hood Road

Employment Land Employment (ELE) Intensification Study 575 Hood Road 575 Hood Road Pre-Expansion Post-Expansion Final Report Presentation June 13, 2011 Study Intent Employment Land Employment (ELE) includes manufacturing,

170 views • 16 slides
ChakraLinux.org ChakraLinux.org The Half Rolling repository model The golden intersection for

ChakraLinux.org ChakraLinux.org The Half Rolling repository model The golden intersection for

ChakraLinux.org ChakraLinux.org The Half Rolling repository model The golden intersection for desktop users? About Chakra About Chakra Focus on KDE and Qt Software Independent , using Arch technologies Half-Rolling repository model

286 views • 26 slides
Finite generation of the cohomology rings of some pointed Hopf algebras Van C. Nguyen Hood

Finite generation of the cohomology rings of some pointed Hopf algebras Van C. Nguyen Hood

Finite generation of the cohomology rings of some pointed Hopf algebras Van C. Nguyen Hood College, Frederick MD nguyen@hood.edu joint work with Xingting Wang and Sarah Witherspoon Maurice Auslander Distinguished Lectures and International

690 views • 52 slides
ZFS UTH Always consistent on disk Under The Hood No journal not needed Superlite

ZFS UTH Always consistent on disk Under The Hood No journal not needed Superlite

ZFS I/O Stack Object-Based Transactions Make these 7 changes to these 3 objects ZFS All-or-nothing Transaction Group Commit Again, all-or-nothing DMU ZFS UTH Always consistent on disk Under The Hood No

519 views • 17 slides
Search/Discovery Under the Hood Tricia Jenkins and Sean Luyk | Spring Training 2019

Search/Discovery Under the Hood Tricia Jenkins and Sean Luyk | Spring Training 2019

Search/Discovery Under the Hood Tricia Jenkins and Sean Luyk | Spring Training 2019 Outline - Search in libraries - Search trends - Search under the hood 2 The Discovery Technology Stack - Open Source Apache Project since 2007

618 views • 46 slides
1 compassions ( oiktirms ). a motivating emotion. sympathy, mercy, pity.

1 compassions ( oiktirms ). a motivating emotion. sympathy, mercy, pity.

PHILIPPIANS Part 6: One Minded 07.11.10 PLAY Robin Hood Play: Robin Hood Gang Video Clip [2:05] Gang [2:05] Intro I love to read science fiction. I know its not a genre that everyone loves, but I find some fascinating

340 views • 4 slides
NAU FUME HOOD FINAL PRESENTATION Talal Alshammari, Zachary Bell, Bryce Davis, Shirley Hatcher

NAU FUME HOOD FINAL PRESENTATION Talal Alshammari, Zachary Bell, Bryce Davis, Shirley Hatcher

NAU FUME HOOD FINAL PRESENTATION Talal Alshammari, Zachary Bell, Bryce Davis, Shirley Hatcher Northern Arizona University April 24, 2020 PROJECT DESCRIPTION o The Project is to design a fume hood for the biomechanics lab that will be attached

383 views • 12 slides
Mount Hood (composite cone) Photo: E. M. Puris Larch Mountain (shield volcano) Mount Hood

Mount Hood (composite cone) Photo: E. M. Puris Larch Mountain (shield volcano) Mount Hood

Larch Mountain (shield volcano) Mount Hood (composite cone) Photo: E. M. Puris Larch Mountain (shield volcano) Mount Hood (composite cone) Photo: E. M. Puris Degrees and Certificates Meeting December 9 th 2019 SY CC 233B DAC Meeting

451 views • 18 slides
Urban Renewal: Hood River Heights Business District Two Meetings: October 19- Provide

Urban Renewal: Hood River Heights Business District Two Meetings: October 19- Provide

Urban Renewal: Hood River Heights Business District Two Meetings: October 19- Provide Information/Gain Initial Feedback November 9 Gain public input on project priorities Background on Urban Renewal Q and A Hood River Heights Urban

767 views • 47 slides
Inte gr ate d Appr oac he s to Pove r ty Re duc tion at the Ne ighbor hood L e ve l A

Inte gr ate d Appr oac he s to Pove r ty Re duc tion at the Ne ighbor hood L e ve l A

Inte gr ate d Appr oac he s to Pove r ty Re duc tion at the Ne ighbor hood L e ve l A Citie s Without Slums Initiative (IMPACT Pr oje c t) Housing &amp; Urban Development Coordinating Council UN-HABITAT Pr oje c t Goal T o

513 views • 12 slides
S A V A N T Security Analytics &amp; Visualisation for Advanced Network Threats Paul D. Hood

S A V A N T Security Analytics &amp; Visualisation for Advanced Network Threats Paul D. Hood

S A V A N T Security Analytics &amp; Visualisation for Advanced Network Threats Paul D. Hood &amp; Kristian Kocher OxCERT OxCERT Paul D. Hood Security Operations Lead Kristian Kocher UNIX Security Systems Administrator

1.17k views • 58 slides
Rethinking Club Rethinking Club Promotion JUDO BC AGM | JUNE 2014 JENNIFER HOOD | JUMP

Rethinking Club Rethinking Club Promotion JUDO BC AGM | JUNE 2014 JENNIFER HOOD | JUMP

Rethinking Club Rethinking Club Promotion JUDO BC AGM | JUNE 2014 JENNIFER HOOD | JUMP GYMNASTICS INC. JENNIFER HOOD | JUMP GYMNASTICS INC. Sport in Canada The health and well-being of the nation and the medals won at major Games are

423 views • 16 slides
CSE 351: Week 4 Tom Bergan, TA 1 Does this code look okay? int binarySearch(int a[], int

CSE 351: Week 4 Tom Bergan, TA 1 Does this code look okay? int binarySearch(int a[], int

CSE 351: Week 4 Tom Bergan, TA 1 Does this code look okay? int binarySearch(int a[], int length, int key) { int low = 0; int high = length - 1; while (low &lt;= high) { int mid = (low + high) / 2; int midVal = a[mid]; if (midVal &lt; key)

444 views • 33 slides
TOS Arno Puder 1 Objectives Explain non-preemptive scheduling Explain step-by-step how

TOS Arno Puder 1 Objectives Explain non-preemptive scheduling Explain step-by-step how

TOS Arno Puder 1 Objectives Explain non-preemptive scheduling Explain step-by-step how a context switch works in TOS 2 Status Quo We can create new processes in TOS. New processes are added to the ready queue. The

572 views • 38 slides
CS/ECE 6710 Tool Suite Verilog sim Synopsys Behavioral Design Compiler Verilog Structural

CS/ECE 6710 Tool Suite Verilog sim Synopsys Behavioral Design Compiler Verilog Structural

Synthesis and Place &amp; Route Synopsys design compiler Cadence Encounter Digital Implementation System (EDI) CS/ECE 6710 Tool Suite Verilog sim Synopsys Behavioral Design Compiler Verilog Structural Verilog Cadence Your EDI Library

580 views • 46 slides
Web services Patryk Czarnik XML and Applications 2015/2016 Lecture 6 11.04.2016 Motivation

Web services Patryk Czarnik XML and Applications 2015/2016 Lecture 6 11.04.2016 Motivation

Web services Patryk Czarnik XML and Applications 2015/2016 Lecture 6 11.04.2016 Motivation for web services Electronic data interchange Distributed applications even as simple as client / server Interoperability and fmexibility need for

848 views • 45 slides
Solid Sands 1 Selection of our Customers 2 The Seventies - CISC 68000 6502 6800 8086 Z80

Solid Sands 1 Selection of our Customers 2 The Seventies - CISC 68000 6502 6800 8086 Z80

Compiler Verification, More Necessary than Ever Marcel Beemster, CTO Solid Sands 1 Selection of our Customers 2 The Seventies - CISC 68000 6502 6800 8086 Z80 8080 8051 Intel 4004 1981 1970 1975 1980 3 The Eighties - RISC TMS320

433 views • 21 slides
Standard bodies: who does what? Cristina Mussinelli (cristina.mussinelli@aie.it) Publishing and

Standard bodies: who does what? Cristina Mussinelli (cristina.mussinelli@aie.it) Publishing and

Standard bodies: who does what? Cristina Mussinelli (cristina.mussinelli@aie.it) Publishing and the Open Web Platform September 16th and 17th, Centre Pompidou, Paris Book distribution = information Information flow Identifiers and metadata

514 views • 13 slides
National Committee on Vital and Health Statistics (NCVHS) Subcommittee on Standards Hearing on

National Committee on Vital and Health Statistics (NCVHS) Subcommittee on Standards Hearing on

National Committee on Vital and Health Statistics (NCVHS) Subcommittee on Standards Hearing on HIPAA and ACA Administrative Simplification Attachment Standards Testimony by Don St Jacques, Senior Vice President Jopari Solutions, Inc. Feb 16,

271 views • 12 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (Feb. 9, 2002) I E S R C E O

UMBC A B M A L T F O U M B C I M Y O R T 1 (Feb. 9, 2002) I E S R C E O

Systems Design &amp; Programming 80x86 Assembly II CMPE 310 Data Addressing Modes Base-Plus-Index addressing: Effective address computed as: seg_base + base + index. Base registers: Holds starting location of an array. ebp (stack) ebx

682 views • 8 slides

More recommend