derek/bachelor-thesis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Non-blocking caches

Browse Source
This commit is contained in:
Derek Christ
2022-05-25 19:13:05 +02:00
parent 696b2b05d2
commit b8d75bf8f1
8 changed files with 237 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
inc/2.dynamorio.tex
View File

@@ -10,10 +10,10 @@ It is mainly based on on the chapter \textit{DynamoRIO} and \textit{Code Cache}
\revabbr{Dynamic binary instrumentation}{DBI} is a method for analyzing and manipulating the behavior of a binary application while it is running.
This is achieved through the injection of additional instructions into the instruction trace of the target application.
Debuggers on the other hand, use special breakpoint instructions (e.g. INT3 on x86 or BKPT on ARM) that get injected at specific places in the code, raising a debug exception when reaching it.
At those exceptions a context switch to the operating system kernel will be performed, however, those context switches result in a significant performance penalty as the processor state has to be saved and restored afterwards.
Debuggers, on the other hand, use special breakpoint instructions (e.g. INT3 on x86 or BKPT on ARM) that get injected at specific places in the code, raising a debug exception when reaching it.
At those exceptions a context switch to the operating system kernel will be performed, however, those context switches result in a significant performance penalty as the processor state has to be saved and restored afterwards, making it slower than DBI.
Because the instrumentation tool runs in the same process as the application, it is important that it operates transparently, meaning that it will not affect the application behavior in unintended ways.
Because the instrumentation tool runs in the same process as the target application, it is important that it operates transparently, meaning that it will not affect the application behavior in unintended ways.
This is a special challenge as the dynamic instrumentation is not allowed to use the same memory routines or input/output buffering as the target application \cite{Bruening2003}.
In contrast to static code analysis, which cannot predict the execution path of the program, the full runtime information is available to the dynamic instrumentation.
@@ -37,7 +37,7 @@ To reduce this overhead, DynamoRIO can \textit{link} two basic blocks together t
For indirect branches it is not possible to link them as their target basic blocks may vary and DynamoRIO needs to translate the branch address to the address of the basic block in the code cache.
However, basic block that are often executed in a sequence are be merged into a \textit{trace}.
At the end of each basic block, a additional check is performed to determine if the indirect branch target will stay in the same trace, possibly preventing the context switch.
The generic term for a basic block or a trace is a \textit{fragment}.
The generic term for a basic block or a trace is \textit{fragment}.
Figure \ref{fig:dynamorio} illustrates the functionality of DynamoRIO.
The application code will get loaded by the dispatcher, modified by the basic block builder and finally be executed in the code cache.