Presentation is loading. Please wait.

Presentation is loading. Please wait.

15-740/18-740 Oct. 17, 2012 Stefan Muller.  Problem: Software is buggy!  More specific problem: Want to make sure software doesn’t have bad property.

Published byByron Cooper Modified over 8 years ago

Similar presentations

Presentation on theme: "15-740/18-740 Oct. 17, 2012 Stefan Muller.  Problem: Software is buggy!  More specific problem: Want to make sure software doesn’t have bad property."— Presentation transcript:

1 15-740/18-740 Oct. 17, 2012 Stefan Muller

2  Problem: Software is buggy!  More specific problem: Want to make sure software doesn’t have bad property X. ◦ X could be: double frees, uses freed memory, race condition, buffer overflow, security vulnerability…  2 solutions: ◦ Static analysis – analyze the code to see if it can have property X (last paper, sort of) ◦ Dynamic analysis – watch the code as it runs and stop it if it shows property X (first 3 papers) 10/17/2012 2

3  Prevents use-after-free errors by dynamically adding instructions.  For each pointer, stores an identifier in hardware.  When a pointer is dereferenced, check that the identifier is valid.  When a pointer is freed, invalidate its identifier.  Optimizations for fast checking of identifiers. 10/17/2012 3

4  Race Detection in Software and Hardware  Uses vector clocks to track which reads and writes to memory are guaranteed to happen before now in all threads. ◦ Each core stores a clock for every core including itself. ◦ Each byte(*) of memory is associated with clocks showing when it was last read and written. ◦ Cached along with the contents of memory. Stored in software when data is evicted. 10/17/2012 4

5  Associate a lifeguard with a running thread ◦ Lifeguard checks execution of the thread for bugs ◦ Run lifeguard in parallel on another core  Running many threads+lifeguards in parallel causes problems. ◦ Atomicity of accesses to lifeguard metadata ◦ Out-of-order execution: in some cases, it matters that events that happen first are seen first by lifeguard. x = *pfree(p) Thread 1 Thread 2 10/17/2012 5

6  How to reduce the penalty to access metadata? ◦ Caching!  Use existing architecture features ◦ RADISH uses cache coherence messages to update clocks. ◦ ParaLog uses cache coherence messages to ascertain dependences between events.  Modify other features to aid analysis ◦ Watchdog has a separate cache for identifier info. ◦ RADISH adds additional logic and hardware state to store and compute with per-core clocks. ◦ ParaLog maintains a TLB mapping commonly used application data to the location of related metadata. 10/17/2012 6

7 WatchdogRADISHParaLog Type of errorUse-after-freeRace conditionMany MetadataIdentifiersClocksVaries Where storedRegisters + Memory Caches + Software Memory Where runApplication thread Separate core Runtime penalty24%0-100%Varies (51% and 28% for two lifeguards on eight cores) 10/17/2012 7

8  How much metadata to store  Hardware vs. Software ◦ Hardware is fast, but software is flexible and allows a reduction in space usage. ◦ We’ve seen ways to store some metadata in hardware, but use a different system (maybe software) when that overflows.  Where to run checks ◦ Use a separate core and run application in ~real- time or instrument application with runtime checks? 10/17/2012 8

9  Works backward from (potential) failures to find concurrency errors that trigger them. ◦ Identify failure sites (e.g. assert failures, bad outputs…) Static ◦ Identify a critical read that affects the value of local memory at that failure site. Static ◦ Find alternative interleavings that might result in different values at critical read by observing a (probably correct) run of the program. Dynamic  Use vector clocks to identify other writes that may produce such alternate values 10/17/2012 9

10 10 Failure Trigger Other write to be interleaved p = malloc(sizeof(some_t)); for (int i = 0; i < 5; i++) a[i] = 0; assert (p != NULL); p = NULL; Thread 1 Thread 2

11  ConSeq is only run during testing, so no production runtime overhead.  However, give up two properties: ◦ Soundness: no false negatives ◦ Completeness: no false positives ◦ Can usually only have one of these anyway. ConSeq instead seeks to balance both with performance.  Is this a good tradeoff? 10/17/2012 11

Download ppt "15-740/18-740 Oct. 17, 2012 Stefan Muller.  Problem: Software is buggy!  More specific problem: Want to make sure software doesn’t have bad property."

Similar presentations

CS 162 Memory Consistency Models. Memory operations are reordered to improve performance Hardware (e.g., store buffer, reorder buffer) Compiler (e.g.,

CS 162 Memory Consistency Models. Memory operations are reordered to improve performance Hardware (e.g., store buffer, reorder buffer) Compiler (e.g.,
Lecture 13 Page 1 CS 111 Online File Systems: Introduction CS 111 On-Line MS Program Operating Systems Peter Reiher.

Lecture 13 Page 1 CS 111 Online File Systems: Introduction CS 111 On-Line MS Program Operating Systems Peter Reiher.
Dec 5, 2007University of Virginia1 Efficient Dynamic Tainting using Multiple Cores Yan Huang University of Virginia Dec. 5 2007.

Dec 5, 2007University of Virginia1 Efficient Dynamic Tainting using Multiple Cores Yan Huang University of Virginia Dec
Bouncer securing software by blocking bad input Miguel Castro Manuel Costa, Lidong Zhou, Lintao Zhang, and Marcus Peinado Microsoft Research.

Bouncer securing software by blocking bad input Miguel Castro Manuel Costa, Lidong Zhou, Lintao Zhang, and Marcus Peinado Microsoft Research.
CSE 788.07, Autumn 2011 Michael Bond.  Name  Program & year  Where are you coming from?  Research interests  Or what’s something you find interesting?

CSE , Autumn 2011 Michael Bond.  Name  Program & year  Where are you coming from?  Research interests  Or what’s something you find interesting?
Recording Inter-Thread Data Dependencies for Deterministic Replay Tarun GoyalKevin WaughArvind Gopalakrishnan.

Recording Inter-Thread Data Dependencies for Deterministic Replay Tarun GoyalKevin WaughArvind Gopalakrishnan.
Hastings Purify: Fast Detection of Memory Leaks and Access Errors.

Hastings Purify: Fast Detection of Memory Leaks and Access Errors.
Thread-Level Transactional Memory Decoupling Interface and Implementation UW Computer Architecture Affiliates Conference Kevin Moore October 21, 2004.

Thread-Level Transactional Memory Decoupling Interface and Implementation UW Computer Architecture Affiliates Conference Kevin Moore October 21, 2004.
Race Conditions. Isolated & Non-Isolated Processes Isolated: Do not share state with other processes –The output of process is unaffected by run of other.

Race Conditions. Isolated & Non-Isolated Processes Isolated: Do not share state with other processes –The output of process is unaffected by run of other.
Continuously Recording Program Execution for Deterministic Replay Debugging.

Continuously Recording Program Execution for Deterministic Replay Debugging.
Type-Safe Programming in C George Necula EECS Department University of California, Berkeley.

Type-Safe Programming in C George Necula EECS Department University of California, Berkeley.
Lecture 36: Programming Languages & Memory Management Announcements & Review Read Ch GU1 & GU2 Cohoon & Davidson Ch 14 Reges & Stepp Lab 10 set game due.

Lecture 36: Programming Languages & Memory Management Announcements & Review Read Ch GU1 & GU2 Cohoon & Davidson Ch 14 Reges & Stepp Lab 10 set game due.
1 Lecture 23: Multiprocessors Today’s topics:  RAID  Multiprocessor taxonomy  Snooping-based cache coherence protocol.

1 Lecture 23: Multiprocessors Today’s topics:  RAID  Multiprocessor taxonomy  Snooping-based cache coherence protocol.
Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.

Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.
NUMA coherence CSE 471 Aut 011 Cache Coherence in NUMA Machines Snooping is not possible on media other than bus/ring Broadcast / multicast is not that.

NUMA coherence CSE 471 Aut 011 Cache Coherence in NUMA Machines Snooping is not possible on media other than bus/ring Broadcast / multicast is not that.
A. Frank - P. Weisberg Operating Systems Introduction to Cooperating Processes.

A. Frank - P. Weisberg Operating Systems Introduction to Cooperating Processes.
MemTracker Efficient and Programmable Support for Memory Access Monitoring and Debugging Guru Venkataramani, Brandyn Roemer, Yan Solihin, Milos Prvulovic.

MemTracker Efficient and Programmable Support for Memory Access Monitoring and Debugging Guru Venkataramani, Brandyn Roemer, Yan Solihin, Milos Prvulovic.
Lecture 39: Review Session #1 Reminders –Final exam, Thursday 3:10pm Sloan 150 –Course evaluation (Blue Course Evaluation) Access through.

Lecture 39: Review Session #1 Reminders –Final exam, Thursday 3:10pm Sloan 150 –Course evaluation (Blue Course Evaluation) Access through.
U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science 2006 Exterminator: Automatically Correcting Memory Errors Gene Novark, Emery Berger.

U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science 2006 Exterminator: Automatically Correcting Memory Errors Gene Novark, Emery Berger.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Similar presentations

Ads by Google