HYPACK HARDWARE CONFIGURATION. HYPACK ® HARDWARE: Combined HYPACK HARDWARE, HYSWEEP HARDWARE & SIDE…
VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt...
Transcript of VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt...
![Page 1: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/1.jpg)
VM Analysis and
Hardware TraceReconstruction
Suchakrapani Datt Sharma
Dec 12, 2016
École Polytechnique de Montréal
Laboratoire DORSAL
![Page 2: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/2.jpg)
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Agenda
Introduction● Research Updates
New Investigations● Intel PT
● Advanced Analysis of VMs
● Trace Reconstruction Issues
● Failed & Incorrect Decoding
● Kernel Assisted Reconstruction
Upcoming● Kernel Patches
![Page 3: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/3.jpg)
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Introduction
Research Focus : Hardware tracing on Intel and ARM for low
overhead and high accuracy tracing and profiling
Research Updates● Advanced VM analysis with hardware tracing
● FlowJIT : A robust hardware trace reconstruction technique
![Page 4: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/4.jpg)
4
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Introduction
Hardware Tracing with PT
Configure and Enable PT
CPU0CPU
Intel PTSoftware Decoder
Intel PT Hardware
Intel PT Packets
Runtime Data
Binary
Reconstructed Execution Flow
Based on, Andi Kleen's Presentation (TracingSummit 2015)
![Page 5: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/5.jpg)
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Hardware Trace Packets (Perf) . ... Intel Processor Trace data: size 8544 bytes. 00000000: 02 82 02 82 02 82 02 82 02 82 02 82 02 82 02 82 PSB. 00000010: 00 00 00 00 00 00 PAD. 00000016: 19 ba 39 4d 7b 89 5e 04 TSC 0x45e897b4d39ba. 0000001e: 00 00 00 00 00 00 00 00 PAD. 00000026: 02 73 57 64 00 1c 00 00 TMA CTC 0x6457 FC 0x1c. 0000002e: 00 00 PAD. 00000030: 02 03 27 00 CBR 0x27. 00000034: 02 23 PSBEND. 00000036: 59 8b MTC 0x8b. 00000038: 59 8c MTC 0x8c.. 00000304: f8 TNT TTTTNN (6). 00000305: 06 00 00 TNT T (1). 00000308: 4d e0 3c 6d 9c TIP 0x9c6d3ce0. 0000030d: 1c 00 00 TNT TTN (3). 00000310: 2d f0 3c TIP 0x3cf0. 00000313: 06 TNT T (1). 00000314: 59 2e MTC 0x2e. 00000316: 94 TNT NNTNTN (6). 00000317: a8 TNT NTNTNN (6). 00000318: a6 TNT NTNNTT (6)
![Page 6: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/6.jpg)
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Timing. ... Intel Processor Trace data: size 8544 bytes. 00000000: 02 82 02 82 02 82 02 82 02 82 02 82 02 82 02 82 PSB. 00000010: 00 00 00 00 00 00 PAD. 00000016: 19 ba 39 4d 7b 89 5e 04 TSC 0x45e897b4d39ba. 0000001e: 00 00 00 00 00 00 00 00 PAD. 00000026: 02 73 57 64 00 1c 00 00 TMA CTC 0x6457 FC 0x1c. 0000002e: 00 00 PAD. 00000030: 02 03 27 00 CBR 0x27. 00000034: 02 23 PSBEND. 00000036: 59 8b MTC 0x8b. 00000038: 59 8c MTC 0x8c.. 00000304: f8 TNT TTTTNN (6). 00000305: 06 00 00 TNT T (1). 00000308: 4d e0 3c 6d 9c TIP 0x9c6d3ce0. 0000030d: 1c 00 00 TNT TTN (3). 00000310: 2d f0 3c TIP 0x3cf0. 00000313: 06 TNT T (1). 00000314: 59 2e MTC 0x2e. 00000316: 94 TNT NNTNTN (6). 00000317: a8 TNT NTNTNN (6). 00000318: a6 TNT NTNNTT (6)
![Page 7: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/7.jpg)
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Conditional Branches. ... Intel Processor Trace data: size 8544 bytes. 00000000: 02 82 02 82 02 82 02 82 02 82 02 82 02 82 02 82 PSB. 00000010: 00 00 00 00 00 00 PAD. 00000016: 19 ba 39 4d 7b 89 5e 04 TSC 0x45e897b4d39ba. 0000001e: 00 00 00 00 00 00 00 00 PAD. 00000026: 02 73 57 64 00 1c 00 00 TMA CTC 0x6457 FC 0x1c. 0000002e: 00 00 PAD. 00000030: 02 03 27 00 CBR 0x27. 00000034: 02 23 PSBEND. 00000036: 59 8b MTC 0x8b. 00000038: 59 8c MTC 0x8c.. 00000304: f8 TNT TTTTNN (6). 00000305: 06 00 00 TNT T (1). 00000308: 4d e0 3c 6d 9c TIP 0x9c6d3ce0. 0000030d: 1c 00 00 TNT TTN (3). 00000310: 2d f0 3c TIP 0x3cf0. 00000313: 06 TNT T (1). 00000314: 59 2e MTC 0x2e. 00000316: 94 TNT NNTNTN (6). 00000317: a8 TNT NTNTNN (6). 00000318: a6 TNT NTNNTT (6)
![Page 8: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/8.jpg)
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Indirect Branches. ... Intel Processor Trace data: size 8544 bytes. 00000000: 02 82 02 82 02 82 02 82 02 82 02 82 02 82 02 82 PSB. 00000010: 00 00 00 00 00 00 PAD. 00000016: 19 ba 39 4d 7b 89 5e 04 TSC 0x45e897b4d39ba. 0000001e: 00 00 00 00 00 00 00 00 PAD. 00000026: 02 73 57 64 00 1c 00 00 TMA CTC 0x6457 FC 0x1c. 0000002e: 00 00 PAD. 00000030: 02 03 27 00 CBR 0x27. 00000034: 02 23 PSBEND. 00000036: 59 8b MTC 0x8b. 00000038: 59 8c MTC 0x8c.. 00000304: f8 TNT TTTTNN (6). 00000305: 06 00 00 TNT T (1). 00000308: 4d e0 3c 6d 9c TIP 0x9c6d3ce0. 0000030d: 1c 00 00 TNT TTN (3). 00000310: 2d f0 3c TIP 0x3cf0. 00000313: 06 TNT T (1). 00000314: 59 2e MTC 0x2e. 00000316: 94 TNT NNTNTN (6). 00000317: a8 TNT NTNTNN (6). 00000318: a6 TNT NTNNTT (6)
![Page 9: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/9.jpg)
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
VM Analysis● Resource consumption and process analysis
● PTParse1 : Extract PT data from Perf
● VMPT2 : Format PT data as XML bundles
● Bundle contains PIP (CR3 value / NR bit), VMCS and TSC
packets in XML
● VMCS Base Register → Associated VM
● CR3 → Process
● NR → VM Entry/Exit
● Decoder + TraceCompass View
1 https://github.com/tuxology/dorsal/tree/master/ptparse
2 https://github.com/tuxology/vmpt
Thanks to
Hani & Geneviè
ve!
![Page 10: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/10.jpg)
10
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
<bundle> <PIP> 792ec000 </PIP>
<NR> 1 </NR><VMCS> 7eb71000 </VMCS><TSC> 2342353646 </TSC>
</bundle>perf.data PTParse VMPT
CPU
Intel PT Hardware
Perf
![Page 11: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/11.jpg)
11
There's a glitch in the matrix though..
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
![Page 12: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/12.jpg)
12
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Limitations
Configure and Enable PT
CPU0CPU
Intel PTSoftware Decoder
Intel PT Hardware
Intel PT Packets
Runtime Data
Binary
Reconstructed Execution Flow
Based on, Andi Kleen's Presentation (TracingSummit 2015)
![Page 13: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/13.jpg)
13
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Limitations
CPUIntel PT Software Decoder
Intel PT Hardware
Binary
Reconstructed Execution Flow
![Page 14: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/14.jpg)
14
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Limitations – JIT Code
CPUIntel PT Software Decoder
Intel PT Hardware
Binary
Reconstructed Execution Flow
Trace Packets
TNT - T TNT - N
Static Codejnzaddnopjz
![Page 15: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/15.jpg)
15
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Limitations – JIT Code
CPUIntel PT Software Decoder
Intel PT Hardware
Binary
Reconstructed Execution Flow
Trace Packets
TNT - T TNT - N
Static Codejnzaddnopjz
![Page 16: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/16.jpg)
16
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Limitations – JIT Code
CPUIntel PT Software Decoder
Intel PT Hardware
Binary
Reconstructed Execution Flow
Trace Packets
TNT - T TNT - N
Static Codejnzaddnopjz
Runtime Generated
Code
![Page 17: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/17.jpg)
17
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Limitations – JIT Code
CPUIntel PT Software Decoder
Intel PT Hardware
Binary
Reconstructed Execution Flow
Trace Packets
TNT - T TNT - N
Static Codejnzaddnopjz
Runtime Generated
CodeTrace Packets
![Page 18: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/18.jpg)
18
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Limitations – JIT Code
CPUIntel PT Software Decoder
Intel PT Hardware
Binary
Reconstructed Execution Flow
Trace Packets
TNT - T TNT - N
Static Codejnzaddnopjz
Runtime Generated
CodeTrace Packets
![Page 19: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/19.jpg)
19
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Limitations – JIT Code
CPUIntel PT Software Decoder
Intel PT Hardware
Binary
Reconstructed Execution Flow
Trace Packets
TNT - T TNT - N
Static Codejnzaddnopjz
Runtime Generated
CodeTrace Packets
??
![Page 20: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/20.jpg)
20
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Limitations – JIT Code
CPUIntel PT Software Decoder
Intel PT Hardware
Binary
Reconstructed Execution Flow
Trace Packets
TNT - T TNT - N
Static Codejnzaddnopjz
Runtime Generated
CodeTrace Packets
??
!
![Page 21: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/21.jpg)
21
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Limitations – Self-modifying Code
CPUIntel PT Software Decoder
Intel PT Hardware
Binary
Reconstructed Execution Flow
Trace Packets
TNT - T TNT - N
Static Codejnzaddnopjz
![Page 22: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/22.jpg)
22
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Limitations – Self-modifying Code
CPUIntel PT Software Decoder
Intel PT Hardware
Binary
Reconstructed Execution Flow
Trace Packets
TNT - T TNT - N
Static Codejnzaddjmpjz
![Page 23: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/23.jpg)
23
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Limitations – Self-modifying Code
CPUIntel PT Software Decoder
Intel PT Hardware
Binary
Reconstructed Execution Flow
Trace Packets
TNT - T TNT - N
Static Codejnzaddjmpjz
![Page 24: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/24.jpg)
24
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Intel PT
Limitations – Self-modifying Code
CPUIntel PT Software Decoder
Intel PT Hardware
Binary
Reconstructed Execution Flow
Trace Packets
TNT - T TNT - N
Static Codejnzaddnopjz
!
![Page 25: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/25.jpg)
25
FlowJIT
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
![Page 26: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/26.jpg)
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
FlowJIT
Trace Reconstruction● JIT code (such as eBPF) allocates memory for code-cache
● We define dynamic Code Sections (CSr ) – pages
corresponding to code-cache executing in process
CSr1
Runtime Code Pages
CSp
CSr2 CSrn
Tr1
Tr1 Trn
Code Execution Flow
Tp
Hardware Trace
ProcessCode
![Page 27: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/27.jpg)
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
FlowJIT
Technique● In-kernel tracking of runtime generated/modified code pages
● Compilers use malloc() and mprotect()
● FlowJIT intercepts and modifies exec bits
● Synthetic page faults at execution
● Intercept tracked pages and re-flip exec bits
● Record IP, Timestamp, complete page data as a FlowJIT
event and copy to disk.
● Events indexed and queried by IP. At decode time, query by
failed decoding IP
![Page 28: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/28.jpg)
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
FlowJIT
Technique
Runtime Code
Userspace
Kernel
Page Access Control
Target Process
Runtime Code
Tracked Pages
ioctl()
NX
NX
PF HandlerX
X
Trace Decoder
ID
Timestamp
Instruction Pointer
Runtime CodeRuntime Code
Query
FlowJIT Events
![Page 29: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/29.jpg)
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
FlowJIT
Usecase : eBPF JIT Code
CSr
Process Code
eBPF Code
CSp
HardwareTracePackets FlowJIT
Query IP
? (Tr)
Ir
1
2
3
4
TNTN
T
Flow(CSr)
CFG(CSr)
Image at IP
![Page 30: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/30.jpg)
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
FlowJIT
Experiments
102
103
104
105
101 102 103 104
Pag
e F
aul
ts (
PF
n)
JIT Compiled Sites (CSrn)
Number of Page Faults with increasing JIT compiled code sites
eBPF (Enabled)
eBPF (Disabled)
Baseline (Enabled)
Baseline (Disabled)
0
500
1000
1500
2000
2500
3000
1x104 2x104 3x104 4x104 5x104 6x104T
ime
(μs)
JIT Compiled Sites (CSrn)
Time Overhead with increasing JIT compiled code sites
FlowJIT Enabled
FlowJIT Disabled
![Page 31: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/31.jpg)
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
FlowJIT
ExperimentsT = T(Tracking Initiation) + T(Access Change) + T(Page Fault)
20K executions of JIT compiled sites
0.00000
0.00025
0.00050
0.00075
0.00100
0.00125
2000 4000 6000
1315
27456647
Overhead T obs (ns)
Den
sity
Per Access Fault Overhead Density
![Page 32: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/32.jpg)
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Upcoming
FlowJIT Patch● An initial version of kernel patch against v4.7 available
● https://github.com/tuxology/flowjit
● Enhance patch and work on Perf
● Probably link FlowJIT events to PT data in Perf's aux buffer?
Future Work● Extend self-modifying code to provide better code security
and application robustness
● Extend FlowJIT to support ARM through Perf
![Page 33: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/33.jpg)
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
Outcomes
● Low Overhead Hardware-Assisted Virtual Machine Analysis and
Profiling, IEEE CCSNA'16 Globecom Workshops
● Hardware Trace Reconstruction of Runtime Compiled Code
[Submitted]
● Hardware-Assisted Instruction Profiling and Latency Detection,
Journal of Engineering, IET
![Page 34: VM Analysis and Hardware Trace Reconstruction · POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma Introduction Research Focus : Hardware tracing on Intel and ARM for low overhead](https://reader033.fdocuments.in/reader033/viewer/2022061002/60b11157785b5e04b40c32eb/html5/thumbnails/34.jpg)
POLYTECHNIQUE MONTREAL – Suchakrapani Datt Sharma
“Education never ends, Watson. It is a series of lessons, with the greatest for the last.”
~ Arthur Conan Doyle
Questions? [email protected]