Transcript Slides - University of Toronto

JIFL: JIT Instrumentation
Framework for Linux
Marek Olszewski
Adam Czajkowski
Keir Mierle
University of Toronto
1
Instrumenting Operating Systems

Operating systems are growing in complexity


Kernel instrumentation is a well know method of
combating this problem


Becoming harder to understand
Used for: debugging, profiling, monitoring, coverage
testing, security auditing...
Dynamic instrumentation is especially useful

No recompilation & no reboot

Good for debugging systemic problems

Feasible in production settings
2
Dynamic Instrumentation

All dynamic instrumentation tools for operating
systems are probe based

Overwrite existing code with jump/trap instructions

Efficient on fixed length architectures

Slow on variable length architectures


Must use trap instruction (and hash table lookup)
JIT-based instrumentation can be more efficient

Proven itself for user space (Pin, Valgrind)

Probe-based instrumentation is seldom used in
user-space
3
Probe-based Instrumentation
OS Code
Trap Handler
1.
2.
3.
Look up which
instrumentation to
call
Call instrumentation
Emulate overwritten
instruction
Instrumentation
Code
Instrumentation
Code
4
JIT Instrumentation


JIT instrumentation rewrites the OS code with calls
to instrumentation code

Creates a duplicate instrumented copy of the OS

Called the code-cache
Since instrumentation is dynamic, it is not feasible
to rewrite the entire operating system up-front


Instrumentation is performed just-in-time, basic
block by basic block, right before each new basic
block is executed.
The resulting code is fast

No hash table lookup required

Though there is some cost in executing in the codecache
5
JIT Instrumentation
OS Code
Duplicate Copy of OS
Instrumentation
Code
Instrumentation
Code
6
Software Architecture
USER SPACE
JIFL Plugin Starter
KERNEL SPACE
JIFL Plugin
(Loadable Kernel Module)
JIFL Instrumentation API
Runtime System
Linux Kernel
System Call
Code
Code Cache
JIT compiler
Dispatcher
Modified
Syscall
JIFL (Loadable Kernel Module)
7
Performance Evaluation
Apache Web Server Throughput
5000
4641
Requests / Second
4000
3000
2401
2241
2093
2000
1000
495
40
0
Baseline
Jifl: No
Instrumentation
Jifl: Call Trace
Jifl: BB Counting
Kprobe: Call
Trace
Kprobe: BB
Counting
10
Conclusions
 JIT instrumentation viable for operating systems
 Fine grained instrumentation now possible for
kernel space on variable length architectures
 Intel’s x86
 AMD’s AMD64
 Great performance
 Though it comes with a fixed cost
11