and Symbiotic Optimization

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "and Symbiotic Optimization"

Transcription

1 Process Virtualization and Symbiotic Optimization Kim Hazelwood ACACES Summer School July 2009 About Your Instructor Currently Assistant Professor at University of Virginia Faculty Consultant at Intel Previously PostDoc at Intel ( ) PhD from Harvard (2004) Four summer internships (HP & IBM) Worked with Dynamo, Jikes RVM, Other Interests Marathons (Boston, NYC, Disney) Reality TV Shows Family (8 month old at home!) 1 1

2 About the Course Day 1 What is Process Virtualization? Day 2 Building Process Virtualization Systems Day 3 Using Process Virtualization Systems Day 4 Symbiotic Optimization We ll use Pin as a case study You ll have homework! 2 What is Process Virtualization? System virtualization allows multiple OSes to share the same hardware Process virtualization runs as a normal application (on top of an OS) and supports a single process App 1 App 2 App 1 OS 1 OS 2 DBT VMM OS HW HW System Virtualization App 2 DBI Process Virtualization 3 2

3 Classifying Virtualization Dynamic binary optimization (x86 x86--) Complement the static compiler User inputs, phases, DLLs, hardware features Examples: DynamoRIO, Mojo, Strata Dynamic translation (x86 PPC) Convert applications to run on a new architecture Examples: Rosetta, Transmeta CMS, DAISY Dynamic instrumentation (x86 x86++) Inspect/add features to existing applications Examples: Pin, Valgrind 4 A Simple Example of Instrumentation Inserting extra code into a program to collect runtime information counter++; sub $0xff, %edx counter++; cmp %esi, %edx counter++; jle <L1> counter++; mov $0x1, %edi counter++; add $0x10, %eax 5 3

4 Instruction Count Output $ /bin/ls Makefile imageload.out itrace proccount imageload inscount atrace itrace.out $ pin -t inscount.so -- /bin/ls Makefile imageload.out itrace proccount imageload inscount atrace itrace.out Count A Simple Example of Optimization On Pentium 3, inc is faster than add On Pentium 4, add is faster than inc sub cmp jle mov inc $0xff, %edx %esi, %edx <L1> $0x1, %edi %eax sub cmp jle mov add $0xff, %edx %esi, %edx <L1> $0x1, %edi $0x1, %eax 7 4

5 Research Applications Computer Architecture Trace Generation Fault Tolerance Studies Emulating New Instructions Program Analysis Code coverage Call-graph generation Memory-leak detection Instruction profiling Multicore Thread analysis Thread profiling Race detection Cache simulations Compilers Compare programs from competing compilers Security Add security checks and features 8 Approaches Source modification: Modify source programs Binary modification: Modify executables directly Advantages for binary modification Language independent Machine-level view Modify legacy/proprietary software 9 5

6 Static vs Dynamic Approaches Dynamic approaches are more robust No need to recompile or relink Discover code at runtime Handle dynamically-generated code Attach to running processes The Code Discovery Problem on x86 Instr 1 Instr 2 Indirect jump to?? Instr 3 Jump Reg DATA Data interspersed Instr 5 Instr 6 with code Uncond Branch PADDING Instr 8 Pad for alignment 10 Dynamic Modification: Approaches JIT Mode Create a modified copy of the application on-the-fly Original code never executes More flexible, more common approach Probe Mode Modifies the original application instructions Inserts jumps to modified code (trampolines) Lower overhead (less flexible) approach 11 6

7 JIT-Mode Binary Modification Generate and cache modified copies of instructions EXE Transform Profile Code Cache Execute Modified (cached) instructions are executed in lieu of original instructions 12 JIT-Mode Instrumentation Original code 1 Code cache 1 Exits point back to VMM Fetch trace starting block 1 and start instrumentation Pin 13 7

8 JIT-Mode Instrumentation Original code 1 Code cache Transfer control into code cache (block 1) Pin 14 JIT-Mode Instrumentation Original code 1 Code cache trace linking Fetch and instrument a new trace 5 6 Pin 15 8

9 Instrumentation Approaches JIT Mode Create a modified copy of the application on-the-fly Original code never executes More flexible, more common approach Probe Mode Modify the original application instructions Insert jumps to instrumentation code (trampolines) Lower overhead (less flexible) approach 16 A Sample Probe A probe is a jump instruction that overwrites original instruction(s) in the application Copy/translate original bytes so probed functions can be called Original function entry point: 0x400113d4: push %ebp 0x400113d5: mov %esp,%ebp 0x400113d7: push %edi 0x400113d8: push %esi 0x400113d9: push %ebx Entry point overwritten with probe: 0x400113d4: jmp 0x x400113d9: push %ebx Copy of entry point w/ original bytes: 0x : push %ebp 0x : mov %esp,%ebp 0x : push %edi 0x : push %esi 0x : jmp 0x400113d9 17 9

10 Probe Instrumentation Advantages: Low overhead few percent Less intrusive execute original code Disadvantages: More tool writer responsibility Restrictions on where to modify (routine-level) 18 Probe Tool Writer Responsibilities No control flow into the instruction space where probe is placed 6 bytes on IA32, 7 bytes on Intel64, bundle on IA64 Branch into replaced instructions will fail Probes at function entry point only Thread safety for insertion/deletion of probes During image load callback is safe Only loading thread has a handle to the image Replacement function has same behavior as original 19 10

11 Probe vs. JIT Summary Probes JIT Overhead Few percent 50% or higher Intrusive Low High Granularity Function boundary Instruction Safety & Isolation More responsibility for tool writer High 20 Process Virtualization Systems Readily Available DynamoRIO Valgrind Pin Available By Request Strata Adore Unavailable Transmeta CMS Dynamo 21 11

12 DynamoRIO 22 Valgrind 23 12

13 Pin 24 Intel Pin Dynamic Instrumentation: Do not need source code, recompilation, post-linking Programmable Instrumentation: Provides rich APIs to write in C/C++ your own instrumentation tools (called Pintools) Multiplatform: Supports x86, x86-64, Itanium, Xscale Supports Linux, Windows, MacOS Robust: Instruments real-life applications: Database, web browsers, Instruments multithreaded d applications Supports signals Efficient: Applies compiler optimizations on instrumentation code 25 13

14 Using Pin Launch and instrument an application $ pin t pintool.so - application Instrumentation engine (provided in the kit) Instrumentation tool (write your own, or use one provided in the kit) Attach to and instrument an application $ pin t pintool.so pid Pin Instrumentation APIs Basic APIs are architecture independent: Provide common functionalities like determining: Control-flow changes Memory accesses Architecture-specific APIs e.g., Info about opcodes and operands Call-based APIs: Instrumentation routines Analysis routines 27 14

15 Instrumentation vs. Analysis Concepts borrowed from the ATOM tool: Instrumentation routines define where instrumentation is inserted e.g., before instruction Occurs first time an instruction is executed Analysis routines define what to do when instrumentation is activated e.g., increment counter Occurs every time an instruction is executed 28 Pintool 1: Instruction Count counter++; sub $0xff, %edx counter++; cmp %esi, %edx counter++; jle <L1> counter++; mov $0x1, %edi counter++; add $0x10, %eax 29 15

16 Pintool 1: Instruction Count Output $ /bin/ls Makefile imageload.out itrace proccount imageload inscount0 atrace itrace.out $ pin -t inscount0.so -- /bin/ls Makefile imageload.out itrace proccount imageload inscount0 atrace itrace.out Count #include <iostream> #include "pin.h" ManualExamples/inscount0.cpp UINT64 icount = 0; void docount() { icount++; } analysis routine instrumentation routine void Instruction(INS ins, void *v) { INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)docount, IARG_END); } void Fini(INT32 code, void *v) { std::cerr << "Count " << icount << endl; } int main(int argc, char * argv[]) { PIN_Init(argc, argv); INS_AddInstrumentFunction(Instruction, 0); PIN_AddFiniFunction(Fini, 0); PIN_StartProgram(); return 0; } 31 16

17 Pintool 2: Instruction Trace Print(ip); sub $0xff, %edx Print(ip); cmp %esi, %edx Print(ip); jle <L1> Print(ip); mov $0x1, %edi Pi Print(ip); add $0x10, %eax Need to pass ip argument to the analysis routine (Printip()) 32 Pintool 2: Instruction Trace Output $ pin -t itrace.so -- /bin/ls Makefile imageload.out itrace proccount imageload inscount0 atrace itrace.out $ head -4 itrace.out 0x40001e90 0x40001e91 0x40001ee4 0x40001ee

18 ManualExamples/itrace.cpp #include <stdio.h> #include "pin.h" argument to analysis routine FILE * trace; void printip(void *ip) { fprintf(trace, "%p\n", ip); } analysis routine ( ) instrumentation i routine void Instruction(INS ins, void *v) { INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)printip, IARG_INST_PTR, IARG_END); } void Fini(INT32 code, void *v) { fclose(trace); } int main(int argc, char * argv[]) { trace = fopen("itrace.out", "w"); PIN_Init(argc, argv); INS_AddInstrumentFunction(Instruction, 0); } PIN_AddFiniFunction(Fini, 0); PIN_StartProgram(); return 0; 34 Examples of Arguments to Analysis Routine IARG_INST_PTR Instruction pointer (program counter) value IARG_UINT32 <value> An integer value IARG_REG_VALUE <register name> Value of the register specified IARG_BRANCH_TARGET_ADDR Target address of the branch instrumented IARG_MEMORY_READ_EA Effective address of a memory read And many more (refer to the manual for details) 35 18

19 Instrumentation Points Instrument points relative to an instruction: Before: IPOINT_BEFORE After: Fall-through edge: IPOINT_AFTER Taken edge: IPOINT_TAKEN_BRANCH count() count() cmp jle mov %esi, %edx <L1> $0x1, %edi count() <L1>: mov $0x8,%edi 36 Instrumentation Granularity Instrumentation can be done at three different granularities: Instruction Basic block A sequence of instructions sub $0xff, %edx terminated at a control-flow cmp %esi, %edx changing instruction jle <L1> Single entry, single exit Trace mov $0x1, %edi A sequence of basic blocks terminated at an unconditional control-flow changing instruction Single entry, multiple exits add jmp $0x10, %eax <L2> 1 Trace, 2 BBs, 6 insts 37 19

20 Pintool 3: Faster Instruction Count counter += 3 sub $0xff, %edx cmp %esi, %edx jle <L1> counter += 2 mov $0x1, %edi basic blocks (bbl) add $0x10, %eax 38 ManualExamples/inscount1.cpp #include <stdio.h> #include "pin.h UINT64 icount = 0; void docount(int32 c) { icount += c; } analysis routine void Trace(TRACE trace, void *v) { instrumentation routine for (BBL bbl = TRACE_BblHead(trace); BBL_ Valid(bbl); bbl = BBL_ Next(bbl)) { BBL_InsertCall(bbl, IPOINT_BEFORE, (AFUNPTR)docount, IARG_UINT32, BBL_NumIns(bbl), IARG_END); } } void Fini(INT32 code, void *v) { fprintf(stderr, "Count %lld\n", icount); } int main(int argc, char * argv[]) { PIN_Init(argc, I argv); TRACE_AddInstrumentFunction(Trace, 0); PIN_AddFiniFunction(Fini, 0); PIN_StartProgram(); return 0; } 39 20

21 What Did We Learn Today? Overview of Process Virtualization Approaches Source vs. Binary Static vs. Dynamic JIT vs. Probes Three Available Systems Three Simple Examples 40 Want More Info? Read Jim Smith s book: Virtual Machines Download one (or more) of them! Pin DynamoRIO Valgrind org code.google.com/p/dynamorio Day 1 What is Process Virtualization? Day 2 Building Process Virtualization ti Systems Day 3 Using Process Virtualization Systems Day 4 Symbiotic Optimization 41 21

IVIZ TECHNO SOLUTIONS PVT. LTD. Puncture. Automatic Program Analysis using Dynamic Binary Instrumentation. Sunil Kumar sunil.kumar@ivizsecurity.

IVIZ TECHNO SOLUTIONS PVT. LTD. Puncture. Automatic Program Analysis using Dynamic Binary Instrumentation. Sunil Kumar sunil.kumar@ivizsecurity. IVIZ TECHNO SOLUTIONS PVT. LTD. Puncture Automatic Program Analysis using Dynamic Binary Instrumentation Sunil Kumar sunil.kumar@ivizsecurity.com 2/14/2011 Dynamic Binary Instrumentation involves execution

More information

Introduction to Virtual Machines

Introduction to Virtual Machines Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization Computer system architecture Process virtual machines System virtual machines 1 Abstraction Mechanism to manage complexity

More information

Off-by-One exploitation tutorial

Off-by-One exploitation tutorial Off-by-One exploitation tutorial By Saif El-Sherei www.elsherei.com Introduction: I decided to get a bit more into Linux exploitation, so I thought it would be nice if I document this as a good friend

More information

Runtime Monitoring, Performance Analysis

Runtime Monitoring, Performance Analysis Runtime Monitoring, Performance Analysis Peter Libič, Pavel Parízek DEPARTMENT OF DISTRIBUTED AND DEPENDABLE SYSTEMS http://d3s.mff.cuni.cz CHARLES UNIVERSITY PRAGUE Faculty of Mathematics and Physics

More information

Lecture 7: Machine-Level Programming I: Basics Mohamed Zahran (aka Z) mzahran@cs.nyu.edu http://www.mzahran.com

Lecture 7: Machine-Level Programming I: Basics Mohamed Zahran (aka Z) mzahran@cs.nyu.edu http://www.mzahran.com CSCI-UA.0201-003 Computer Systems Organization Lecture 7: Machine-Level Programming I: Basics Mohamed Zahran (aka Z) mzahran@cs.nyu.edu http://www.mzahran.com Some slides adapted (and slightly modified)

More information

64-Bit NASM Notes. Invoking 64-Bit NASM

64-Bit NASM Notes. Invoking 64-Bit NASM 64-Bit NASM Notes The transition from 32- to 64-bit architectures is no joke, as anyone who has wrestled with 32/64 bit incompatibilities will attest We note here some key differences between 32- and 64-bit

More information

Return-oriented programming without returns

Return-oriented programming without returns Faculty of Computer Science Institute for System Architecture, Operating Systems Group Return-oriented programming without urns S. Checkoway, L. Davi, A. Dmitrienko, A. Sadeghi, H. Shacham, M. Winandy

More information

Hacking Techniques & Intrusion Detection. Ali Al-Shemery arabnix [at] gmail

Hacking Techniques & Intrusion Detection. Ali Al-Shemery arabnix [at] gmail Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail All materials is licensed under a Creative Commons Share Alike license http://creativecommonsorg/licenses/by-sa/30/ # whoami Ali

More information

Outline. Outline. Why virtualization? Why not virtualize? Today s data center. Cloud computing. Virtual resource pool

Outline. Outline. Why virtualization? Why not virtualize? Today s data center. Cloud computing. Virtual resource pool Outline CS 6V81-05: System Security and Malicious Code Analysis Overview of System ization: The most powerful platform for program analysis and system security Zhiqiang Lin Department of Computer Science

More information

CS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 20: Stack Frames 7 March 08

CS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 20: Stack Frames 7 March 08 CS412/CS413 Introduction to Compilers Tim Teitelbaum Lecture 20: Stack Frames 7 March 08 CS 412/413 Spring 2008 Introduction to Compilers 1 Where We Are Source code if (b == 0) a = b; Low-level IR code

More information

Computer Organization and Architecture

Computer Organization and Architecture Computer Organization and Architecture Chapter 11 Instruction Sets: Addressing Modes and Formats Instruction Set Design One goal of instruction set design is to minimize instruction length Another goal

More information

General Introduction

General Introduction Managed Runtime Technology: General Introduction Xiao-Feng Li (xiaofeng.li@gmail.com) 2012-10-10 Agenda Virtual machines Managed runtime systems EE and MM (JIT and GC) Summary 10/10/2012 Managed Runtime

More information

ANALYZING PARALLEL PROGRAMS WITH PIN

ANALYZING PARALLEL PROGRAMS WITH PIN COVER FE ATURE ANALYZING PARALLEL PROGRAMS WITH PIN Moshe Bach, Mark Charney, Robert Cohn, Elena Demikhovsky, Tevi Devor, Kim Hazelwood, Aamer Jaleel, Chi-Keung Luk, Gail Lyons, Harish Patil, and Ady Tal,

More information

CSC 574 Computer and Network Security. Reverse Engineering

CSC 574 Computer and Network Security. Reverse Engineering CSC 574 Computer and Network Security Reverse Engineering Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Chris Kruegel) Introduction Reverse engineering process of analyzing a system

More information

Virtualization. Clothing the Wolf in Wool. Wednesday, April 17, 13

Virtualization. Clothing the Wolf in Wool. Wednesday, April 17, 13 Virtualization Clothing the Wolf in Wool Virtual Machines Began in 1960s with IBM and MIT Project MAC Also called open shop operating systems Present user with the view of a bare machine Execute most instructions

More information

Automatic Logging of Operating System Effects to Guide Application-Level Architecture Simulation

Automatic Logging of Operating System Effects to Guide Application-Level Architecture Simulation Automatic Logging of Operating System Effects to Guide Application-Level Architecture Simulation Satish Narayanasamy, Cristiano Pereira, Harish Patil, Robert Cohn, and Brad Calder Computer Science and

More information

Assembly Language: Function Calls" Jennifer Rexford!

Assembly Language: Function Calls Jennifer Rexford! Assembly Language: Function Calls" Jennifer Rexford! 1 Goals of this Lecture" Function call problems:! Calling and returning! Passing parameters! Storing local variables! Handling registers without interference!

More information

Intel microprocessor history. Intel x86 Architecture. Early Intel microprocessors. The IBM-AT

Intel microprocessor history. Intel x86 Architecture. Early Intel microprocessors. The IBM-AT Intel x86 Architecture Intel microprocessor history Computer Organization and Assembly Languages g Yung-Yu Chuang with slides by Kip Irvine Early Intel microprocessors Intel 8080 (1972) 64K addressable

More information

Virtual Servers. Virtual machines. Virtualization. Design of IBM s VM. Virtual machine systems can give everyone the OS (and hardware) that they want.

Virtual Servers. Virtual machines. Virtualization. Design of IBM s VM. Virtual machine systems can give everyone the OS (and hardware) that they want. Virtual machines Virtual machine systems can give everyone the OS (and hardware) that they want. IBM s VM provided an exact copy of the hardware to the user. Virtual Servers Virtual machines are very widespread.

More information

Virtualization. Types of Interfaces

Virtualization. Types of Interfaces Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform diversity

More information

Software Vulnerabilities

Software Vulnerabilities Software Vulnerabilities -- stack overflow Code based security Code based security discusses typical vulnerabilities made by programmers that can be exploited by miscreants Implementing safe software in

More information

Interpreters and virtual machines. Interpreters. Interpreters. Why interpreters? Tree-based interpreters. Text-based interpreters

Interpreters and virtual machines. Interpreters. Interpreters. Why interpreters? Tree-based interpreters. Text-based interpreters Interpreters and virtual machines Michel Schinz 2007 03 23 Interpreters Interpreters Why interpreters? An interpreter is a program that executes another program, represented as some kind of data-structure.

More information

Cloud Computing #6 - Virtualization

Cloud Computing #6 - Virtualization Cloud Computing #6 - Virtualization Main source: Smith & Nair, Virtual Machines, Morgan Kaufmann, 2005 Today What do we mean by virtualization? Why is it important to cloud? What is the penalty? Current

More information

Some Future Challenges of Binary Translation. Kemal Ebcioglu IBM T.J. Watson Research Center

Some Future Challenges of Binary Translation. Kemal Ebcioglu IBM T.J. Watson Research Center Some Future Challenges of Binary Translation Kemal Ebcioglu IBM T.J. Watson Research Center Disclaimers! The IBM material in this tutorial consists of nonconfidential research projects and ideas! Non-IBM

More information

picojava TM : A Hardware Implementation of the Java Virtual Machine

picojava TM : A Hardware Implementation of the Java Virtual Machine picojava TM : A Hardware Implementation of the Java Virtual Machine Marc Tremblay and Michael O Connor Sun Microelectronics Slide 1 The Java picojava Synergy Java s origins lie in improving the consumer

More information

W4118: virtual machines

W4118: virtual machines W4118: virtual machines Instructor: Junfeng Yang References: Modern Operating Systems (3 rd edition), Operating Systems Concepts (8 th edition), previous W4118, and OS at MIT, Stanford, and UWisc Virtual

More information

CS61: Systems Programing and Machine Organization

CS61: Systems Programing and Machine Organization CS61: Systems Programing and Machine Organization Fall 2009 Section Notes for Week 2 (September 14 th - 18 th ) Topics to be covered: I. Binary Basics II. Signed Numbers III. Architecture Overview IV.

More information

Administration. Instruction scheduling. Modern processors. Examples. Simplified architecture model. CS 412 Introduction to Compilers

Administration. Instruction scheduling. Modern processors. Examples. Simplified architecture model. CS 412 Introduction to Compilers CS 4 Introduction to Compilers ndrew Myers Cornell University dministration Prelim tomorrow evening No class Wednesday P due in days Optional reading: Muchnick 7 Lecture : Instruction scheduling pr 0 Modern

More information

Dynamic Binary Analysis and Instrumentation Covering a function using a DSE approach

Dynamic Binary Analysis and Instrumentation Covering a function using a DSE approach Dynamic Binary Analysis and Instrumentation Covering a function using a DSE approach Jonathan Salwan jsalwan@quarkslab.com Security Day Lille France January 16, 2015 Keywords : Program analysis, DBI, Pin,

More information

CPU Organization and Assembly Language

CPU Organization and Assembly Language COS 140 Foundations of Computer Science School of Computing and Information Science University of Maine October 2, 2015 Outline 1 2 3 4 5 6 7 8 Homework and announcements Reading: Chapter 12 Homework:

More information

Stack Overflows. Mitchell Adair

Stack Overflows. Mitchell Adair Stack Overflows Mitchell Adair Outline Why? What? There once was a VM Virtual Memory Registers Stack stack1, stack2, stack3 Resources Why? Real problem Real money Real recognition Still prevalent Very

More information

l Status flags or condition codes are set when the in a zero l Example 1 l mov 0xFFFFFFFF %eax l add 1 %eax

l Status flags or condition codes are set when the in a zero l Example 1 l mov 0xFFFFFFFF %eax l add 1 %eax Machine-Level Programming II: Control Flow Topics Condition Codes Setting Testing Control Flow If-then-else While, for loop Assembly programmer view PC SP BR ALU IR GPR Status Flags ALU: Arithmetic Logic

More information

Instruction Set Design

Instruction Set Design Instruction Set Design Instruction Set Architecture: to what purpose? ISA provides the level of abstraction between the software and the hardware One of the most important abstraction in CS It s narrow,

More information

Sequential Performance Analysis with Callgrind and KCachegrind

Sequential Performance Analysis with Callgrind and KCachegrind Sequential Performance Analysis with Callgrind and KCachegrind 2 nd Parallel Tools Workshop, HLRS, Stuttgart, July 7/8, 2008 Josef Weidendorfer Lehrstuhl für Rechnertechnik und Rechnerorganisation Institut

More information

Carlos Villavieja, Nacho Navarro {cvillavi,nacho}@ac.upc.edu. Arati Baliga, Liviu Iftode {aratib,liviu}@cs.rutgers.edu

Carlos Villavieja, Nacho Navarro {cvillavi,nacho}@ac.upc.edu. Arati Baliga, Liviu Iftode {aratib,liviu}@cs.rutgers.edu Continuous Monitoring using MultiCores Carlos Villavieja, Nacho Navarro {cvillavi,nacho}@ac.upc.edu Arati Baliga, Liviu Iftode {aratib,liviu}@cs.rutgers.edu Motivation Intrusion detection Intruder gets

More information

Processor Architectures

Processor Architectures ECPE 170 Jeff Shafer University of the Pacific Processor Architectures 2 Schedule Exam 3 Tuesday, December 6 th Caches Virtual Memory Input / Output OperaKng Systems Compilers & Assemblers Processor Architecture

More information

Hotpatching and the Rise of Third-Party Patches

Hotpatching and the Rise of Third-Party Patches Hotpatching and the Rise of Third-Party Patches Alexander Sotirov asotirov@determina.com BlackHat USA 2006 Overview In the next one hour, we will cover: Third-party security patches _ recent developments

More information

Intel 8086 architecture

Intel 8086 architecture Intel 8086 architecture Today we ll take a look at Intel s 8086, which is one of the oldest and yet most prevalent processor architectures around. We ll make many comparisons between the MIPS and 8086

More information

Sequential Performance Analysis with Callgrind and KCachegrind

Sequential Performance Analysis with Callgrind and KCachegrind Sequential Performance Analysis with Callgrind and KCachegrind 4 th Parallel Tools Workshop, HLRS, Stuttgart, September 7/8, 2010 Josef Weidendorfer Lehrstuhl für Rechnertechnik und Rechnerorganisation

More information

Virtual Machines. Virtual Machines

Virtual Machines. Virtual Machines Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits? 1 Virtualization Creation of an isomorphism that maps a virtual guest system to a real host: Maps guest state S to host

More information

Abysssec Research. 1) Advisory information. 2) Vulnerable version

Abysssec Research. 1) Advisory information. 2) Vulnerable version Abysssec Research 1) Advisory information Title Version Discovery Vendor Impact Contact Twitter CVE : Apple QuickTime FlashPix NumberOfTiles Remote Code Execution Vulnerability : QuickTime player 7.6.5

More information

Architecture and Programming of x86 Processors

Architecture and Programming of x86 Processors Brno University of Technology Architecture and Programming of x86 Processors Microprocessor Techniques and Embedded Systems Lecture 12 Dr. Tomas Fryza December 2012 Contents A little bit of one-core Intel

More information

x86 ISA Modifications to support Virtual Machines

x86 ISA Modifications to support Virtual Machines x86 ISA Modifications to support Virtual Machines Douglas Beal Ashish Kumar Gupta CSE 548 Project Outline of the talk Review of Virtual Machines What complicates Virtualization Technique for Virtualization

More information

CPU performance monitoring using the Time-Stamp Counter register

CPU performance monitoring using the Time-Stamp Counter register CPU performance monitoring using the Time-Stamp Counter register This laboratory work introduces basic information on the Time-Stamp Counter CPU register, which is used for performance monitoring. The

More information

Multi-core Programming System Overview

Multi-core Programming System Overview Multi-core Programming System Overview Based on slides from Intel Software College and Multi-Core Programming increasing performance through software multi-threading by Shameem Akhter and Jason Roberts,

More information

The Plan Today... System Calls and API's Basics of OS design Virtual Machines

The Plan Today... System Calls and API's Basics of OS design Virtual Machines System Calls + The Plan Today... System Calls and API's Basics of OS design Virtual Machines System Calls System programs interact with the OS (and ultimately hardware) through system calls. Called when

More information

X86-64 Architecture Guide

X86-64 Architecture Guide X86-64 Architecture Guide For the code-generation project, we shall expose you to a simplified version of the x86-64 platform. Example Consider the following Decaf program: class Program { int foo(int

More information

Assembly Language: Overview! Jennifer Rexford!

Assembly Language: Overview! Jennifer Rexford! Assembly Language: Overview! Jennifer Rexford! 1 Goals of this Lecture! Help you learn:! The basics of computer architecture! The relationship between C and assembly language! IA-32 assembly language,

More information

Compilers and Tools for Software Stack Optimisation

Compilers and Tools for Software Stack Optimisation Compilers and Tools for Software Stack Optimisation EJCP 2014 2014/06/20 christophe.guillon@st.com Outline Compilers for a Set-Top-Box Compilers Potential Auto Tuning Tools Dynamic Program instrumentation

More information

Writing Portable Programs COS 217

Writing Portable Programs COS 217 Writing Portable Programs COS 217 1 Goals of Today s Class Writing portable programs in C Sources of heterogeneity Data types, evaluation order, byte order, char set, Reading period and final exam Important

More information

COS 318: Operating Systems

COS 318: Operating Systems COS 318: Operating Systems OS Structures and System Calls Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Outline Protection mechanisms

More information

CSC 2405: Computer Systems II

CSC 2405: Computer Systems II CSC 2405: Computer Systems II Spring 2013 (TR 8:30-9:45 in G86) Mirela Damian http://www.csc.villanova.edu/~mdamian/csc2405/ Introductions Mirela Damian Room 167A in the Mendel Science Building mirela.damian@villanova.edu

More information

Dynamic Program Analysis of Microsoft Windows Applications

Dynamic Program Analysis of Microsoft Windows Applications Dynamic Program Analysis of Microsoft Windows Applications Alex Skaletsky, Tevi Devor, Nadav Chachmon, Robert Cohn, Kim Hazelwood, Vladimir Vladimirov, Moshe Bach Intel Corporation University of Virginia

More information

Lecture 03 Bits, Bytes and Data Types

Lecture 03 Bits, Bytes and Data Types Lecture 03 Bits, Bytes and Data Types In this lecture Computer Languages Assembly Language The compiler Operating system Data and program instructions Bits, Bytes and Data Types ASCII table Data Types

More information

Last Class: OS and Computer Architecture. Last Class: OS and Computer Architecture

Last Class: OS and Computer Architecture. Last Class: OS and Computer Architecture Last Class: OS and Computer Architecture System bus Network card CPU, memory, I/O devices, network card, system bus Lecture 3, page 1 Last Class: OS and Computer Architecture OS Service Protection Interrupts

More information

SuperPin: Parallelizing Dynamic Instrumentation for Real-Time Performance

SuperPin: Parallelizing Dynamic Instrumentation for Real-Time Performance SuperPin: Parallelizing Dynamic Instrumentation for Real-Time Performance Steven Wallace Intel Corporation Kim Hazelwood University of Virginia Abstract Dynamic instrumentation systems have proven to be

More information

Processing Unit. Backing Store

Processing Unit. Backing Store SYSTEM UNIT Basic Computer Structure Input Unit Central Processing Unit Main Memory Output Unit Backing Store The Central Processing Unit (CPU) is the unit in the computer which operates the whole computer

More information

Last Class: Introduction to Operating Systems. Today: OS and Computer Architecture

Last Class: Introduction to Operating Systems. Today: OS and Computer Architecture Last Class: Introduction to Operating Systems User apps OS Virtual machine interface hardware physical machine interface An operating system is the interface between the user and the architecture. History

More information

Computer Architectures

Computer Architectures Computer Architectures 2. Instruction Set Architectures 2015. február 12. Budapest Gábor Horváth associate professor BUTE Dept. of Networked Systems and Services ghorvath@hit.bme.hu 2 Instruction set architectures

More information

Chapter 3 Operating-System Structures

Chapter 3 Operating-System Structures Contents 1. Introduction 2. Computer-System Structures 3. Operating-System Structures 4. Processes 5. Threads 6. CPU Scheduling 7. Process Synchronization 8. Deadlocks 9. Memory Management 10. Virtual

More information

Buffer Overflows. Security 2011

Buffer Overflows. Security 2011 Buffer Overflows Security 2011 Memory Organiza;on Topics Kernel organizes memory in pages Typically 4k bytes Processes operate in a Virtual Memory Space Mapped to real 4k pages Could live in RAM or be

More information

QEMU, a Fast and Portable Dynamic Translator

QEMU, a Fast and Portable Dynamic Translator QEMU, a Fast and Portable Dynamic Translator Fabrice Bellard Abstract We present the internals of QEMU, a fast machine emulator using an original portable dynamic translator. It emulates several CPUs (x86,

More information

Unit 5 Central Processing Unit (CPU)

Unit 5 Central Processing Unit (CPU) Unit 5 Central Processing Unit (CPU) Introduction Part of the computer that performs the bulk of data-processing operations is called the central processing unit (CPU). It consists of 3 major parts: Register

More information

CS 152 Computer Architecture and Engineering. Lecture 22: Virtual Machines

CS 152 Computer Architecture and Engineering. Lecture 22: Virtual Machines CS 152 Computer Architecture and Engineering Lecture 22: Virtual Machines Krste Asanovic Electrical Engineering and Computer Sciences University of California, Berkeley http://www.eecs.berkeley.edu/~krste

More information

Dongwoo Kim : Hyeon-jeong Lee s Husband

Dongwoo Kim : Hyeon-jeong Lee s Husband 2/ 32 Who we are Dongwoo Kim : Hyeon-jeong Lee s Husband Ph.D. Candidate at Chungnam National University in South Korea Majoring in Computer Communications & Security Interested in mobile hacking, digital

More information

CS:APP Chapter 4 Computer Architecture Instruction Set Architecture. CS:APP2e

CS:APP Chapter 4 Computer Architecture Instruction Set Architecture. CS:APP2e CS:APP Chapter 4 Computer Architecture Instruction Set Architecture CS:APP2e Instruction Set Architecture Assembly Language View Processor state Registers, memory, Instructions addl, pushl, ret, How instructions

More information

Instruction Set Architecture (ISA)

Instruction Set Architecture (ISA) Instruction Set Architecture (ISA) * Instruction set architecture of a machine fills the semantic gap between the user and the machine. * ISA serves as the starting point for the design of a new machine

More information

Y86 Instruction Set. Operations. Moves. Branches. %eax %ecx %edx %ebx %esi %edi %esp %ebp R E G I S T E R S. jne. jge. jmp 7 0. cmovne 2 4.

Y86 Instruction Set. Operations. Moves. Branches. %eax %ecx %edx %ebx %esi %edi %esp %ebp R E G I S T E R S. jne. jge. jmp 7 0. cmovne 2 4. Y86 Instruction Set Byte 0 1 2 3 4 5 halt 0 0 nop 1 0 rrmovl ra, rb 2 0 ra rb irmovl V, rb 3 0 8F rb V rmmovl ra, D(rB) 4 0 ra rb D mrmovl D(rB), ra 5 0 ra rb D R E G I S T E R S %eax %ecx %edx %ebx %esi

More information

Computer Architecture Lecture 2: Instruction Set Principles (Appendix A) Chih Wei Liu 劉 志 尉 National Chiao Tung University cwliu@twins.ee.nctu.edu.

Computer Architecture Lecture 2: Instruction Set Principles (Appendix A) Chih Wei Liu 劉 志 尉 National Chiao Tung University cwliu@twins.ee.nctu.edu. Computer Architecture Lecture 2: Instruction Set Principles (Appendix A) Chih Wei Liu 劉 志 尉 National Chiao Tung University cwliu@twins.ee.nctu.edu.tw Review Computers in mid 50 s Hardware was expensive

More information

CSC230 Getting Starting in C. Tyler Bletsch

CSC230 Getting Starting in C. Tyler Bletsch CSC230 Getting Starting in C Tyler Bletsch What is C? The language of UNIX Procedural language (no classes) Low-level access to memory Easy to map to machine language Not much run-time stuff needed Surprisingly

More information

On Demand Loading of Code in MMUless Embedded System

On Demand Loading of Code in MMUless Embedded System On Demand Loading of Code in MMUless Embedded System Sunil R Gandhi *. Chetan D Pachange, Jr.** Mandar R Vaidya***, Swapnilkumar S Khorate**** *Pune Institute of Computer Technology, Pune INDIA (Mob- 8600867094;

More information

Operating Systems. Week 2 Recitation: The system call. Paul Krzyzanowski. Rutgers University. Spring 2015

Operating Systems. Week 2 Recitation: The system call. Paul Krzyzanowski. Rutgers University. Spring 2015 Operating Systems Week 2 Recitation: The system call Paul Krzyzanowski Rutgers University Spring 2015 February 14, 2015 2014-2015 Paul Krzyzanowski 1 System calls System calls are an operating system s

More information

Advanced Computer Architecture-CS501. Computer Systems Design and Architecture 2.1, 2.2, 3.2

Advanced Computer Architecture-CS501. Computer Systems Design and Architecture 2.1, 2.2, 3.2 Lecture Handout Computer Architecture Lecture No. 2 Reading Material Vincent P. Heuring&Harry F. Jordan Chapter 2,Chapter3 Computer Systems Design and Architecture 2.1, 2.2, 3.2 Summary 1) A taxonomy of

More information

SOURCE LEVEL DEBUGGING OF DYNAMICALLY TRANSLATED PROGRAMS

SOURCE LEVEL DEBUGGING OF DYNAMICALLY TRANSLATED PROGRAMS SOURCE LEVEL DEBUGGING OF DYNAMICALLY TRANSLATED PROGRAMS by Naveen Kumar B.Tech., Institute of Technology, India, 2000 M.S., University of Pittsburgh, 2002 Submitted to the Graduate Faculty of University

More information

An Overview of Virtual Machine Architectures

An Overview of Virtual Machine Architectures An Overview of Virtual Machine Architectures J. E. Smith October 27, 2001 1 Introduction When early computer systems were being developed, hardware was designed first, and machine-level software followed.

More information

More on Pipelining and Pipelines in Real Machines CS 333 Fall 2006 Main Ideas Data Hazards RAW WAR WAW More pipeline stall reduction techniques Branch prediction» static» dynamic bimodal branch prediction

More information

Introduction to Machine- and Assembly-Language Programming. Prepared for Tynan (and other crazy people)

Introduction to Machine- and Assembly-Language Programming. Prepared for Tynan (and other crazy people) Introduction to Machine- and Assembly-Language Programming Prepared for Tynan (and other crazy people) by Prof. Dr. Brad Richards University of Applied Sciences, NW Switzerland Institute for Business Information

More information

Memory management in C: The heap and the stack

Memory management in C: The heap and the stack Memory management in C: The heap and the stack Leo Ferres Department of Computer Science Universidad de Concepción leo@inf.udec.cl October 7, 2010 1 Introduction When a program is loaded into memory, it

More information

A Tiny Guide to Programming in 32-bit x86 Assembly Language

A Tiny Guide to Programming in 32-bit x86 Assembly Language CS308, Spring 1999 A Tiny Guide to Programming in 32-bit x86 Assembly Language by Adam Ferrari, ferrari@virginia.edu (with changes by Alan Batson, batson@virginia.edu and Mike Lack, mnl3j@virginia.edu)

More information

Instruction Set Architecture

Instruction Set Architecture CS:APP Chapter 4 Computer Architecture Instruction Set Architecture Randal E. Bryant adapted by Jason Fritts http://csapp.cs.cmu.edu CS:APP2e Hardware Architecture - using Y86 ISA For learning aspects

More information

VLIW Processors. VLIW Processors

VLIW Processors. VLIW Processors 1 VLIW Processors VLIW ( very long instruction word ) processors instructions are scheduled by the compiler a fixed number of operations are formatted as one big instruction (called a bundle) usually LIW

More information

Binary analysis and dynamic jumps

Binary analysis and dynamic jumps Binary analysis and dynamic jumps Gina-Adriana DOBRESCU and Maxime MEIGNAN École Nationale Supérieure d Informatique et de Mathématiques Appliquées de Grenoble, France Email: gina-adriana.dobrescu@ensimag.grenoble-inp.fr

More information

Libmonitor: A Tool for First-Party Monitoring

Libmonitor: A Tool for First-Party Monitoring Libmonitor: A Tool for First-Party Monitoring Mark W. Krentel Dept. of Computer Science Rice University 6100 Main St., Houston, TX 77005 krentel@rice.edu ABSTRACT Libmonitor is a library that provides

More information

Uses for Virtual Machines. Virtual Machines. There are several uses for virtual machines:

Uses for Virtual Machines. Virtual Machines. There are several uses for virtual machines: Virtual Machines Uses for Virtual Machines Virtual machine technology, often just called virtualization, makes one computer behave as several computers by sharing the resources of a single computer between

More information

Full and Para Virtualization

Full and Para Virtualization Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels

More information

Intel Application Software Development Tool Suite 2.2 for Intel Atom processor. In-Depth

Intel Application Software Development Tool Suite 2.2 for Intel Atom processor. In-Depth Application Software Development Tool Suite 2.2 for Atom processor In-Depth Contents Application Software Development Tool Suite 2.2 for Atom processor............................... 3 Features and Benefits...................................

More information

ELEC 377. Operating Systems. Week 1 Class 3

ELEC 377. Operating Systems. Week 1 Class 3 Operating Systems Week 1 Class 3 Last Class! Computer System Structure, Controllers! Interrupts & Traps! I/O structure and device queues.! Storage Structure & Caching! Hardware Protection! Dual Mode Operation

More information

Using the RDTSC Instruction for Performance Monitoring

Using the RDTSC Instruction for Performance Monitoring Using the Instruction for Performance Monitoring http://developer.intel.com/drg/pentiumii/appnotes/pm1.htm Using the Instruction for Performance Monitoring Information in this document is provided in connection

More information

8051 Programming. The 8051 may be programmed using a low-level or a high-level programming language.

8051 Programming. The 8051 may be programmed using a low-level or a high-level programming language. 8051 Programming The 8051 may be programmed using a low-level or a high-level programming language. Low-Level Programming Assembly language programming writes statements that the microcontroller directly

More information

Chapter 7D The Java Virtual Machine

Chapter 7D The Java Virtual Machine This sub chapter discusses another architecture, that of the JVM (Java Virtual Machine). In general, a VM (Virtual Machine) is a hypothetical machine (implemented in either hardware or software) that directly

More information

Virtualization Technologies

Virtualization Technologies 12 January 2010 Virtualization Technologies Alex Landau (lalex@il.ibm.com) IBM Haifa Research Lab What is virtualization? Virtualization is way to run multiple operating systems and user applications on

More information

CS:APP Chapter 4 Computer Architecture. Wrap-Up. William J. Taffe Plymouth State University. using the slides of

CS:APP Chapter 4 Computer Architecture. Wrap-Up. William J. Taffe Plymouth State University. using the slides of CS:APP Chapter 4 Computer Architecture Wrap-Up William J. Taffe Plymouth State University using the slides of Randal E. Bryant Carnegie Mellon University Overview Wrap-Up of PIPE Design Performance analysis

More information

Optimization Techniques in C. Team Emertxe

Optimization Techniques in C. Team Emertxe Optimization Techniques in C Team Emertxe Optimization Techniques Basic Concepts Programming Algorithm and Techniques Optimization Techniques Basic Concepts What is Optimization Methods Space and Time

More information

Computer Organization and Components

Computer Organization and Components Computer Organization and Components IS5, fall 25 Lecture : Pipelined Processors ssociate Professor, KTH Royal Institute of Technology ssistant Research ngineer, University of California, Berkeley Slides

More information

The LC-3. University of Texas at Austin CS310H - Computer Organization Spring 2010 Don Fussell

The LC-3. University of Texas at Austin CS310H - Computer Organization Spring 2010 Don Fussell The LC-3 University of Texas at Austin CS310H - Computer Organization Spring 2010 Don Fussell Instruction Set Architecture ISA = All of the programmer-visible components and operations of the computer

More information

Format String Vulnerability. printf ( user input );

Format String Vulnerability. printf ( user input ); Lecture Notes (Syracuse University) Format String Vulnerability: 1 Format String Vulnerability printf ( user input ); The above statement is quite common in C programs. In the lecture, we will find out

More information

Compiler Construction

Compiler Construction Compiler Construction Lecture 1 - An Overview 2003 Robert M. Siegfried All rights reserved A few basic definitions Translate - v, a.to turn into one s own language or another. b. to transform or turn from

More information

An Introduction to Assembly Programming with the ARM 32-bit Processor Family

An Introduction to Assembly Programming with the ARM 32-bit Processor Family An Introduction to Assembly Programming with the ARM 32-bit Processor Family G. Agosta Politecnico di Milano December 3, 2011 Contents 1 Introduction 1 1.1 Prerequisites............................. 2

More information

Can Hardware Performance Counters Produce Expected, Deterministic Results?

Can Hardware Performance Counters Produce Expected, Deterministic Results? Can Hardware Performance Counters Produce Expected, Deterministic Results? Vince Weaver Innovative Computing Lab, University of Tennessee 3rd Workshop on Functionality of Hardware Performance Monitoring

More information

Basics of VTune Performance Analyzer. Intel Software College. Objectives. VTune Performance Analyzer. Agenda

Basics of VTune Performance Analyzer. Intel Software College. Objectives. VTune Performance Analyzer. Agenda Objectives At the completion of this module, you will be able to: Understand the intended purpose and usage models supported by the VTune Performance Analyzer. Identify hotspots by drilling down through

More information