Slides - University of Toronto
Download
Report
Transcript Slides - University of Toronto
JIFL: JIT Instrumentation
Framework for Linux
Marek Olszewski
Adam Czajkowski
Keir Mierle
University of Toronto
1
Instrumenting Operating Systems
Operating systems are growing in complexity
Kernel instrumentation is a well know method of
combating this problem
Becoming harder to understand
Used for: debugging, profiling, monitoring, coverage
testing, security auditing...
Dynamic instrumentation is especially useful
No recompilation & no reboot
Good for debugging systemic problems
Feasible in production settings
2
Dynamic Instrumentation
All dynamic instrumentation tools for operating
systems are probe based
Overwrite existing code with jump/trap instructions
Efficient on fixed length architectures
Slow on variable length architectures
Must use trap instruction (and hash table lookup)
JIT-based instrumentation can be more efficient
Proven itself for user space (Pin, Valgrind)
Probe-based instrumentation is seldom used in
user-space
3
Probe-based Instrumentation
OS Code
Trap Handler
1.
2.
3.
Look up which
instrumentation to
call
Call instrumentation
Emulate overwritten
instruction
Instrumentation
Code
Instrumentation
Code
4
JIT Instrumentation
JIT instrumentation rewrites the OS code with calls
to instrumentation code
Creates a duplicate instrumented copy of the OS
Called the code-cache
Since instrumentation is dynamic, it is not feasible
to rewrite the entire operating system up-front
Instrumentation is performed just-in-time, basic
block by basic block, right before each new basic
block is executed.
The resulting code is fast
No hash table lookup required
Though there is some cost in executing in the codecache
5
JIT Instrumentation
OS Code
Duplicate Copy of OS
Instrumentation
Code
Instrumentation
Code
6
Software Architecture
USER SPACE
JIFL Plugin Starter
KERNEL SPACE
JIFL Plugin
(Loadable Kernel Module)
JIFL Instrumentation API
Runtime System
Linux Kernel
System Call
Code
Code Cache
JIT compiler
Dispatcher
Modified
Syscall
JIFL (Loadable Kernel Module)
7
Performance Evaluation
Apache Web Server Throughput
5000
4641
Requests / Second
4000
3000
2401
2241
2093
2000
1000
495
40
0
Baseline
Jifl: No
Instrumentation
Jifl: Call Trace
Jifl: BB Counting
Kprobe: Call
Trace
Kprobe: BB
Counting
10
Conclusions
JIT instrumentation viable for operating systems
Fine grained instrumentation now possible for
kernel space on variable length architectures
Intel’s x86
AMD’s AMD64
Great performance
Though it comes with a fixed cost
11