optimizing binary translation of dynamically generated
play

Optimizing Binary Translation of Dynamically Generated Code Byron - PowerPoint PPT Presentation

Jun 18, 2023 •299 likes •1.15k views

Optimizing Binary Translation of Dynamically Generated Code Byron Hawkins Brian Demsky University of California, Irvine Derek Bruening Qin Zhao Google, Inc. Profiling Bug detection Program analysis Security SPEC CPU 2006

  1. Optimizing Binary Translation of Dynamically Generated Code Byron Hawkins Brian Demsky University of California, Irvine Derek Bruening Qin Zhao Google, Inc.

  2. ● Profiling ● Bug detection ● Program analysis ● Security

  3. SPEC CPU 2006 ● 12% overhead* ● 21% overhead* *geometric mean

  4. SPEC CPU 2006 ● 12% overhead* ● 21% overhead* *geometric mean

  5. Octane JavaScript Benchmark ● 15x overhead on Chrome V8 4.4x overhead on Mozilla Ion ● 18x overhead on Chrome V8 8x overhead on Mozilla Ion

  6. Octane JavaScript Benchmark ● 15x overhead on Chrome V8 4.4x overhead on Mozilla Ion ● 18x overhead on Chrome V8 8x overhead on Mozilla Ion

  7. New Era of Dynamic Code ● Back in 2003 ... – Browsers : one single-phase JIT engine – Microsoft Office : negligible dynamic code ● A decade later... – Browsers : at least 2 multi-phase JIT engines – Microsoft Office : one multi-phase JIT ● Active at startup of all applications

  8. New Era of Dynamic Code ● Back in 2003 ... – Browsers : one single-phase JIT engine – Microsoft Office : negligible dynamic code ● A decade later... – Browsers : at least 2 multi-phase JIT engines – Microsoft Office : one multi-phase JIT ● Active at startup of all applications

  9. Goals ● Optimize binary translation of dynamic code ● Maintain performance for static code Evaluation Platform ● DynamoRIO on 64-bit Linux for x86

  10. Goals ● Optimize binary translation of dynamic code ● Maintain performance for static code Evaluation Platform ● DynamoRIO on 64-bit Linux for x86

  11. Outline ● Background on binary translation – Current optimizations for statically compiled code – Dynamic code → wasting translation overhead ● Coarse-grained detection of code changes ● New optimizations – Manual annotations – Automated inference ● Performance results ● Related Work

  12. Outline ● Background on binary translation – Current optimizations for statically compiled code – Dynamic code → wasting translation overhead ● Coarse-grained detection of code changes ● New optimizations – Manual annotations – Automated inference ● Performance results ● Related Work

  13. Outline ● Background on binary translation – Current optimizations for statically compiled code – Dynamic code → wasting translation overhead ● Coarse-grained detection of code changes ● New optimizations – Manual annotations – Automated inference ● Performance results ● Related Work

  14. SPEC Benchmark App DynamoRIO Code Cache BB Trace foo() bar() Cache Cache A A B C D E F Translate application into code cache as it runs

  15. SPEC Benchmark App DynamoRIO Code Cache BB Trace foo() bar() Cache Cache A A C B C D E F Translate application into code cache as it runs

  16. SPEC Benchmark App DynamoRIO Code Cache BB Trace foo() bar() Cache Cache A A C B C D D E F Translate application into code cache as it runs

  17. SPEC Benchmark App DynamoRIO Code Cache BB Trace foo() bar() Cache Cache A A C B C D D E E F Translate application into code cache as it runs

  18. SPEC Benchmark App DynamoRIO Code Cache BB Trace foo() bar() Cache Cache A A C B C D D E E Indirect Branch Lookup F Translate application into code cache as it runs

  19. SPEC Benchmark App DynamoRIO Code Cache BB Trace foo() bar() Cache Cache A A C B C D D E E Indirect Branch Lookup F F Correlate indirect branch targets via hashtable

  20. SPEC Benchmark App DynamoRIO Code Cache BB Trace foo() bar() Cache Cache A A C B C A C D D D E E E Indirect ? Branch F Lookup F F Hot paths are compiled into traces (10% speedup)

  21. Cost ● Translate code ● Build traces Benefit ● Repeated execution of translated code ● Optimized traces – Can beat native performance on SPEC benchmarks

  22. Cost ● Translate code ● Build traces Benefit ● Repeated execution of translated code ● Optimized traces – Can beat native performance on SPEC benchmarks

  23. JIT Compiled Function DynamoRIO Code Cache BB Trace foo() bar() Cache Cache A A C B C A C D D D E E E Indirect ? Branch F Lookup F F What if the target code is dynamically generated?

  24. JIT Compiled Function DynamoRIO Code Cache BB Trace foo() bar() Cache Cache A A C B C' A C D E D E E D' Indirect ? Branch F Lookup F F The code may be changed frequently at runtime

  25. JIT Compiled Function DynamoRIO Code Cache BB Trace foo() bar() Cache Cache A A C B C' A C D E D E E D' Indirect ? Branch F Lookup F F Corresponding translations become invalid

  26. JIT Compiled Function DynamoRIO Code Cache BB Trace foo() bar() Cache Cache A A C B C' A C D E D E E D' Indirect ? Branch F Lookup F F Stale translations must be deleted for retranslation

  27. JIT Compiled Function DynamoRIO Code Cache BB Trace foo() bar() Cache Cache A A C B C' A C D E D E E D' Indirect ? Branch F Lookup F F Stale translations must be deleted for retranslation → “cache consistency”

  28. JIT Compiled Function DynamoRIO Code Cache BB Trace foo() bar() Cache Cache A A C B C' A C D E D E E D' Indirect ? Branch F Lookup F F Stale translations must be deleted for retranslation → How to detect code changes?

  29. Detecting Code Changes on x86 ● Monitor all memory writes

  30. Detecting Code Changes on x86 ● Monitor all memory writes – Too much overhead!

  31. Detecting Code Changes on x86 ● Monitor all memory writes – Too much overhead! ● Instrument traces to check freshness

  32. Detecting Code Changes on x86 ● Monitor all memory writes – Too much overhead! ● Instrument traces to check freshness – DynamoRIO supports standalone basic blocks → too much overhead!

  33. Detecting Code Changes on x86 ● Monitor all memory writes – Too much overhead! ● Instrument traces to check freshness – DynamoRIO supports standalone basic blocks → too much overhead! ● Leverage page permissions and faults

  34. Detecting Code Changes on x86 ● Monitor all memory writes – Too much overhead! ● Instrument traces to check freshness – DynamoRIO supports standalone basic blocks → too much overhead! ● Leverage page permissions and faults – Make code pages artificially read-only

  35. Detecting Code Changes on x86 ● Monitor all memory writes – Too much overhead! ● Instrument traces to check freshness – DynamoRIO supports standalone basic blocks → too much overhead! ● Leverage page permissions and faults – Make code pages artificially read-only – Intercept page faults and invalidate translations

  36. Detecting Code Changes on x86 ● Monitor all memory writes – Too much overhead! ● Instrument traces to check freshness – DynamoRIO supports standalone basic blocks → too much overhead! ● Leverage page permissions and faults – Make code pages artificially read-only – Intercept page faults and invalidate translations → Acceptable overhead (for rare occurrence)

  37. Detecting Code Changes on x86 ● Monitor all memory writes – Too much overhead! ● Instrument traces to check freshness – DynamoRIO supports standalone basic blocks → too much overhead! ● Leverage page permissions and faults – Make code pages artificially read-only – Intercept page faults and invalidate translations → How does this work?

  38. Chrome V8 DynamoRIO Code Cache r-x foo() foo() bar() bar() rwx r-x compile_js() compile_js()

  39. Chrome V8 DynamoRIO Code Cache r-x foo() foo() X bar() bar() Page fault rwx r-x compile_js() compile_js()

  40. Chrome V8 DynamoRIO Code Cache r-x foo() foo() X bar() bar() rwx r-x compile_js() compile_js()

  41. Chrome V8 DynamoRIO Code Cache rwx Allow foo_2() write bar() bar() rwx r-x compile_js() compile_js()

  42. Chrome V8 DynamoRIO Code Cache rwx foo_2() bar_2() bar() rwx Allow compile_more_js() write! Thread B r-x compile_js() compile_js() Thread A

  43. Chrome V8 DynamoRIO Code Cache rwx foo_2() bar_2() bar() rwx compile_more_js() Concurrent Writer Problem All translations from the modifjed page must be removed Thread B r-x compile_js() compile_js() Thread A

  44. Cache Consistency Overhead ● For non-JIT modules: – System call hooks (program startup only) – Self-modifying code (very rare) ● For JIT engines: – Code generation – Code optimization – Code adjustment for reuse

  45. Cache Consistency Overhead ● For non-JIT modules: – System call hooks (program startup only) – Self-modifying code (very rare) ● For JIT engines: – Code generation – Code optimization – Code adjustment for reuse

  46. Cache Consistency Overhead Chrome V8 DynamoRIO Code Cache r-x foo() foo() bar() rwx r-x compile_js() compile_js() JIT writes a second function to unused space in the page

  47. Cache Consistency Overhead Chrome V8 DynamoRIO Code Cache r-x foo() foo() bar() rwx r-x compile_js() compile_js() DynamoRIO must invalidate all translations from the page

  48. Cache Consistency Overhead Chrome V8 DynamoRIO Code Cache r-x foo() foo() bar() bar() rwx r-x compile_js() compile_js() Trivial code changes require flushing all translations

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dynamic Binary Optimization Introduction Application profiling Optimizing translation

Dynamic Binary Optimization Introduction Application profiling Optimizing translation

Dynamic Binary Optimization Introduction Application profiling Optimizing translation blocks Compatibility Code reordering Other code optimizations 1 EECS 768 Virtual Machines Optimization Overview Identify frequently

822 views • 40 slides
Dynamically Optimizing End-to-End Latency for Time-Triggered Networks Zonghui Li NEAT2019

Dynamically Optimizing End-to-End Latency for Time-Triggered Networks Zonghui Li NEAT2019

Dynamically Optimizing End-to-End Latency for Time-Triggered Networks Zonghui Li NEAT2019 2019/8/19 1 Content Background Motivation Best TT Protocol Evaluation Conclusion and Future Work 2 Background

434 views • 26 slides
Covariant Vector meson-Vector meson Interactions and Dynamically Generated Resonances Dilege

Covariant Vector meson-Vector meson Interactions and Dynamically Generated Resonances Dilege

Covariant Vector meson-Vector meson Interactions and Dynamically Generated Resonances Dilege Glmez HISKP , Universitt Bonn 15 th International Workshop on Meson Physics Uniwersytet Jagiello nski, Krakw June 7-12, 2018 Overview 1

410 views • 13 slides
Fast Binary Translation: Translation Efficiency and Runtime Efficiency Mathias Payer and Thomas

Fast Binary Translation: Translation Efficiency and Runtime Efficiency Mathias Payer and Thomas

Fast Binary Translation: Translation Efficiency and Runtime Efficiency Mathias Payer and Thomas R. Gross Department of Computer Science ETH Zrich Motivation Goal: User-Space BT for Software Virtualization fastBT as a system to analyze

358 views • 34 slides
Five Shades of Noise: Analyzing Machine Translation Errors in User-Generated Text Marlies van

Five Shades of Noise: Analyzing Machine Translation Errors in User-Generated Text Marlies van

Five Shades of Noise: Analyzing Machine Translation Errors in User-Generated Text Marlies van der Wees, Arianna Bisazza, Christof Monz Statistical Machine Translation News sentence: (mumbai,

448 views • 12 slides
x (Actually, its smaller than that heap Process 3 What goes

x (Actually, its smaller than that heap Process 3 What goes

11/20/15 Virtual Memory Physical Addressing Motivation: why not direct physical memory access? Main memory Address translation with pages 0: 1: Optimizing translation: translation

431 views • 12 slides
A jump-target identification method for multi-architecture static binary translation Alessandro

A jump-target identification method for multi-architecture static binary translation Alessandro

A jump-target identification method for multi-architecture static binary translation Alessandro Di Federico Giovanni Agosta Politecnico di Milano CASES 2016 October 4, 2016 Index Introduction Our solution Evaluation Static binary

667 views • 63 slides
Maintaining sentiment polarity in translation of user-generated content Pintu Lohar, Haithem Afli

Maintaining sentiment polarity in translation of user-generated content Pintu Lohar, Haithem Afli

Maintaining sentiment polarity in translation of user-generated content Pintu Lohar, Haithem Afli and Andy Way ADAPT Centre, School of Computing, Dublin City University The ADAPT Centre is funded under the SFI Research Centres Programme (Grant

1.01k views • 63 slides
This is a PDF version with notes. You can find the PPTX version at

This is a PDF version with notes. You can find the PPTX version at

This is a PDF version with notes. You can find the PPTX version at http://www.cse.iitd.ernet.in/~sbansal/talks/btkernel.pptx 1 Firstly, what is Dynamic Binary Translation and what is it used for. Dynamic Binary Translation or DBT is the

617 views • 49 slides
Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or

Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or

Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or binary code are used by computers and digital devices to talk to each other. It is used to give commands to the computer or a way to enter data

165 views • 12 slides
Analyse and binary transformation Guillaume Bouffard Analyse and binary transformation Guillaume

Analyse and binary transformation Guillaume Bouffard Analyse and binary transformation Guillaume

Analyse and binary transformation Guillaume Bouffard Analyse and binary transformation Guillaume Bouffard Outline 1 Introduction Profiling step 2 Translation step 3 Binary Modification 4 Proof Of Concept 5 Conclusion 6 2 / 19

779 views • 40 slides
Accelerate Cycle-Level Multi-Core RISC-V Simulation with Binary Translation Xuan Guo, Robert

Accelerate Cycle-Level Multi-Core RISC-V Simulation with Binary Translation Xuan Guo, Robert

Accelerate Cycle-Level Multi-Core RISC-V Simulation with Binary Translation Xuan Guo, Robert Mullins Department of Computer Science and Technology Both the paper and the slides are made available under CC BY 4.0 Motivation We want to

790 views • 22 slides
for Optimizing the Partial AUC Harikrishna Narasimhan (Joint work with Shivani Agarwal) A paper

for Optimizing the Partial AUC Harikrishna Narasimhan (Joint work with Shivani Agarwal) A paper

A Structural SVM Based Approach for Optimizing the Partial AUC Harikrishna Narasimhan (Joint work with Shivani Agarwal) A paper on this work has been accepted in ICML 2013 Learning with Binary Supervision Learning with Binary Supervision

770 views • 63 slides
Optimizing Compilers Source Optimization (ideal case) Performance Front End Introduction

Optimizing Compilers Source Optimization (ideal case) Performance Front End Introduction

Languages and Performance Optimizing Compiler High Optimizing Compilers Source Optimization (ideal case) Performance Front End Introduction Translation Low IR (straight forward) Markus Schordan Optimizer High level Low level

205 views • 8 slides
x86 Memory Protection and Binary Memory Threads Formats Allocators Translation User System

x86 Memory Protection and Binary Memory Threads Formats Allocators Translation User System

2/5/20 COMP 790: OS Implementation COMP 790: OS Implementation Logical Diagram x86 Memory Protection and Binary Memory Threads Formats Allocators Translation User System Calls Kernel RCU File System Networking Sync Don Porter

238 views • 9 slides
Cross-ISA Machine Instrumentation Cross-ISA Machine Instrumentation using Fast and Scalable

Cross-ISA Machine Instrumentation Cross-ISA Machine Instrumentation using Fast and Scalable

Cross-ISA Machine Instrumentation Cross-ISA Machine Instrumentation using Fast and Scalable using Fast and Scalable Dynamic Binary Translation Dynamic Binary Translation Emilio G. Cota Columbia University Luca P. Carloni VEE'19 April 14,

1.05k views • 45 slides
Parser Self-Training for Syntax-Based Machine Translation Nara Institute of Science and

Parser Self-Training for Syntax-Based Machine Translation Nara Institute of Science and

Parser Self-Training for Syntax-Based Machine Translation Nara Institute of Science and Technology Augmented Human Communication Laboratory Makoto Morishita, Koichi Akabe, Yuto Hatakoshi, Graham Neubig, Koichiro Yoshino, Satoshi

632 views • 37 slides
Order and Report Schema Translation in WISE-SBML Server Dr. Mark Pullen Dr. Per Gustavsson Dr.

Order and Report Schema Translation in WISE-SBML Server Dr. Mark Pullen Dr. Per Gustavsson Dr.

Order and Report Schema Translation in WISE-SBML Server Dr. Mark Pullen Dr. Per Gustavsson Dr. Robert Wittman Douglas Corner Saab AB MITRE Corp. per.m.gustavsson@ rwittman@mitre.org GMU C4I Center saabgroup.com mpullen@c4i.gmu.edu

404 views • 27 slides
Improving User Experience for translators Translate Extension Translate Extension Translate

Improving User Experience for translators Translate Extension Translate Extension Translate

Improving User Experience for translators Translate Extension Translate Extension Translate Extension Translate Extension UI 2006 -2012 Translate Extension UI 2012 - today Editor concept Page view Other improvements Other improvements

600 views • 20 slides
Breaking the barrier of context-freeness. Towards a linguistically adequate probabilistic

Breaking the barrier of context-freeness. Towards a linguistically adequate probabilistic

Breaking the barrier of context-freeness. Towards a linguistically adequate probabilistic dependency model of parallel texts Matthias Buch-Kromann Copenhagen Business School Theoretical and Methodological Issues in Machine Translation Skvde,

373 views • 25 slides
Mary Southern and Gopalan Nadathur Department of Computer Science and Engineering University of

Mary Southern and Gopalan Nadathur Department of Computer Science and Engineering University of

A Translation-Based Animation of Dependently-Typed Specifications From LF to hohh (and back again) Mary Southern and Gopalan Nadathur Department of Computer Science and Engineering University of Minnesota This work was funded by NSF grant

668 views • 24 slides
Translation Model Adaptation Using Genre-Revealing Text Features Marlies van der Wees, Arianna

Translation Model Adaptation Using Genre-Revealing Text Features Marlies van der Wees, Arianna

Translation Model Adaptation Using Genre-Revealing Text Features Marlies van der Wees, Arianna Bisazza, Christof Monz Domain adaptation for SMT Prioritize translation candidates that are most relevant to a specific task Translation Model

758 views • 74 slides
CS356 Unit 9 Virtual Memory & Address Translation 9.2 Indirection Indirection means

CS356 Unit 9 Virtual Memory & Address Translation 9.2 Indirection Indirection means

9.1 CS356 Unit 9 Virtual Memory & Address Translation 9.2 Indirection Indirection means using one entity to refer to another Examples: A variable name vs. it's physical memory address Phone number vs. cell tower

844 views • 53 slides
Source Address Finding (SAF) for IPv6 Translation Mechanisms draft-thaler-ipv6-saf-01.txt Dave

Source Address Finding (SAF) for IPv6 Translation Mechanisms draft-thaler-ipv6-saf-01.txt Dave

Source Address Finding (SAF) for IPv6 Translation Mechanisms draft-thaler-ipv6-saf-01.txt Dave Thaler dthaler@microsoft.com IETF 74 - 6AI BOF 1 UNilateral Self-Address Fixing (UNSAF) 1:1 address mappings (NAT66) avoid most of the issues

545 views • 7 slides

More recommend