chakra under the hood
play

CHAKRA: UNDER THE HOOD Steve Lucco Technical Fellow Microsoft - PowerPoint PPT Presentation

Jun 23, 2023 •458 likes •734 views

CHAKRA: UNDER THE HOOD Steve Lucco Technical Fellow Microsoft Design Principles Security ECMAScript Compliance Balanced Performance Transparency JIT Security int 3 int 3 push ebp mov ebp, esp Data Execution Protection

  1. CHAKRA: UNDER THE HOOD Steve Lucco Technical Fellow Microsoft

  2. Design Principles • Security • ECMAScript Compliance • Balanced Performance • Transparency

  3. JIT Security int 3 int 3 push ebp mov ebp, esp Data Execution Protection ... xor eax, eax xor ecx, ecx lea ecx, [ecx] Codebase Alignment Randomization $enterLoop: cmp ecx, 0x0a mov edi, edi jge $exitLoop Random NOP Insertion mov edx, 0x02EBCC90 xor edx, 0x50A2B255 add eax, edx jo $handleOverflow Constant Blinding inc ecx jmp $enterLoop $exitLoop: JIT Code Allocation Cap shl eax, 1 jo $handleOverflow inc eax mov esp, ebp JIT Page Randomization pop ebp ret

  4. JIT Hardening Comparison http://www.accuvant.com/sites/default/files/images/webbrowserresearch_v1_0.pdf (12/2011)

  5. ECMAScript Compliance Highest Pass Rate

  6. Balanced Performance: Page Load Source Code Byte Code Parser Interpreter Generator AST Byte Code

  8. Page Load & App Start-Up One of the most visceral elements of user experience • Internal and third-party reviews show IE has solid page load • performance Strangeloop: http://bit.ly/Sxcw2O • • “Internet Explorer 10 served pages faster than other browsers…” Tom’s Hardware: http://bit.ly/OY3Bw0 • • “Here , Microsoft's own IE9 takes the lead…” Page load design points • Interpreter: start execution almost immediately • Deferred Parsing: avoid parsing unused code • Start-Up Profile Caching: remember which functions were called • Background code generation and garbage collection •

  9. Balanced Performance: Throughput and interactive response Byte Code Parser Interpreter Machine Code Generator Runtime Machine AST Byte Code Profile Code JIT Compiler Garbage Collector

  10. Chakra’s Garbage Collector Conservative • Can handle object pointers on the native stack; tagged integers lead to very • low rate (0.02 per GC) of spurious object references Simplifies interoperation with native code • Generational • partial collections; no separate nursery space • Mark and Sweep • small objects sorted by size into buckets for low fragmentation • free-list and bump allocation, currently no compaction or evacuation • Concurrent • Scan Program Rescan Program Program Roots Mark Sweep Zero Pages

  11. Interactive Response: Pause Times

  12. Interactive Response: Pause Times

  13. WebKit SunSpider

  14. Optimistic Profile-Based JIT bailout IE10

  15. Type Specialized Integer Math in IE10 $enterLoop: bitops-bits-in-byte.js cmp esi, 0x100 jge $exitLoop function bitsinbyte(b) { var m = 1, c = 0; mov ecx, eax while(m<0x100) { and ecx, esi if(b & m) c++; test ecx, ecx m <<= 1; jeq $l1 } return c; add edi, 1 } jo $bailOut $l1: shl esi, 1 jmp $enterLoop

  16. Type Specialized Float Math in IE10 $enterLoop: cmp eax, edx 3d-cube.js jge $exitLoop addsd xmm7, xmm2 for (; i < NumPix; i++) { comisd xmm7, xmm6 Num += NumAdd; jb $l2 if (Num >= Den) { subsd xmm7, xmm6 Num -= Den; movsd xmm2, <-176> x += IncX1; addsd xmm0, xmm2 y += IncY1; addsd xmm1, xmm3 } $l2: x += IncX2; addsd xmm0, xmm4 y += IncY2; addsd xmm1, xmm5 } add eax, 1 jo $bailOut movsd xmm2, <-192> jmp $enterLoop

  17. Fast Property Access in IE9 Bubble function Bubble(x, y) { x this.x = x; b1 this.y = y; Bubble } “x” 0 0 var b1 = new Bubble(0, 1); var b2 = new Bubble(10, 11); y 1 Bubble b2 “x” “y” 10 10 b1.type b2.type 11 monomorphic

  18. Fast Property Access in IE9 Bubble function Bubble(x, y) { x this.x = x; b1 this.y = y; Bubble } “x” 0 var b1 = new Bubble(0, 1); y var b2 = new Bubble(10, 11); 1 b2.c = "red"; Bubble b2 “x” “y” 10 10 b1.type b2.type c 11 11 Bubble polymorphic “red” “x” “y” “c”

  19. Faster Property Access in IE10 • Object type specialization • Polymorphic property caches • Field hoisting • Copy propagation • Streamlined object layout • Function inlining

  20. total += o.x + o.y + o.z mov edi,dword ptr [ebx+88h] mov edi,dword ptr [ebp-0A8h] mov eax,18BF198h test edi,1 test edi,1 jne 053F01D7 jne $BailOut mov ecx,dword ptr [edi+8] mov eax,dword ptr [edi+8] o.x cmp ecx,dword ptr [eax] cmp dword ptr ds:[8E4F20h],eax jne 053F01D7 jne $BailOut IE10 movzx eax,word ptr [eax+6] mov eax,dword ptr [edi+eax*4] mov eax,dword ptr [edi+1Ch] mov edx,18BF1A8h test edi,1 jne 053F01F5 mov ecx,dword ptr [edi+8] o.y cmp ecx,dword ptr [edx] jne 053F01F5 movzx edx,word ptr [edx+6] mov edx,dword ptr [edi+edx*4] mov ecx,dword ptr [edi+20h] ... ... mov eax,18BF1B8h test edi,1 o.z jne 053F0231 mov eax,dword ptr [edi+24h] ... ...

  21. for(…) { total += o.x + o.y + o.z; } test esi, 1 o is {x,y,z}? jne $bailOut mov eax, dword ptr [esi+8] cmp eax, [0x00480500] o.x jne $bailOut mov eax, dword ptr [esi+28] o.y loop header mov ecx, dword ptr [esi+32] 1x mov edx, dword ptr [esi+36] o.z ... add eax, ecx jo $bailOut ... t = o.x + o.y add eax, edx jo $bailOut ... t += o.z add ebx, eax loop body jo $bailOut 100x total += t ...

  22. for(…) { total += o.x + o.y + o.z; calculate(); test esi, 1 o is {x,y,z}? jne $bailOut } mov eax, dword ptr [esi+8] cmp eax, [0x00480500] o.x jne $bailOut mov eax, dword ptr [esi+28] o.y mov ecx, dword ptr [esi+32] mov edx, dword ptr [esi+36] o.z ... loop body add eax, ecx 100x jo $bailOut ... t = o.x + o.y add eax, edx jo $bailOut ... t += o.z add ebx, eax jo $bailOut total += t ... call [calculate]

  23. for(…) { total += o.x + o.y + o.z; calculate(); test esi, 1 o is {x,y,z}? jne $bailOut } mov eax, dword ptr [esi+8] cmp eax, [0x00480500] o.x jne $bailOut mov eax, dword ptr [esi+28] o.y loop header mov ecx, dword ptr [esi+32] 1x mov edx, dword ptr [esi+36] o.z ... add eax, ecx jo $bailOut ... t = o.x + o.y add eax, edx jo $bailOut ... t += o.z add ebx, eax loop body jo $bailOut 100x total += t ... $inlinedCalculate:

  24. Windows Store Applications • Bytecode Caching • GC on Idle/Suspend • Fast marshaling to native code • Native calling conventions and exception handling • Generation and caching of method entry points (based on meta-data)

  25. More work to do • Throughput • Array operations; typed arrays • Polymorphism and function inlining • Standards • ES6 features; ES5 accessor performance • Improve GC for games and long-running applications • Precise pointers • Iterate between sequential and concurrent phases

  26. Make web development work for any app • Great JS engine performance • Multiple cores, GPU, continued optimization • APIs, device capabilities, secure component model • Build tools that enable construction of large- scale Javascript applications

Recommend

Your Chakra Is Not Aligned Hunting bugs in the Microsoft Edge Script Engine About Me Natalie

Your Chakra Is Not Aligned Hunting bugs in the Microsoft Edge Script Engine About Me Natalie

Your Chakra Is Not Aligned Hunting bugs in the Microsoft Edge Script Engine About Me Natalie Silvanovich AKA natashenka Project Zero member Previously did mobile security on Android and BlackBerry ECMAScript enthusiast

893 views • 39 slides
Chakra, a user friendly distribution using the KDE desktop Laszlo Papp 04.07.2010 | T ampere |

Chakra, a user friendly distribution using the KDE desktop Laszlo Papp 04.07.2010 | T ampere |

Chakra, a user friendly distribution using the KDE desktop Laszlo Papp 04.07.2010 | T ampere | Akademy Agenda Introduction KDEmod Half-rolling release model Live CD development T ool development Community Questions

572 views • 35 slides
Angel alchemy session 2 Bubble clearing, the 4 clairs, the root and sacral chakra What is Angel

Angel alchemy session 2 Bubble clearing, the 4 clairs, the root and sacral chakra What is Angel

Angel alchemy session 2 Bubble clearing, the 4 clairs, the root and sacral chakra What is Angel Alchemy? The art and science of invoking Source and Angelic Energy to produce DRAMATIC and RAPID healing in the deepest aspects of our hearts,

404 views • 17 slides
A tale of Chakra bugs through the years Bruno Keith (@bkth_) SSTIC 2019 whoami 24, Independent

A tale of Chakra bugs through the years Bruno Keith (@bkth_) SSTIC 2019 whoami 24, Independent

A tale of Chakra bugs through the years Bruno Keith (@bkth_) SSTIC 2019 whoami 24, Independent Researcher, Navigating the jungle of French entrepreneurship CTF player since 2016 (ESPR), now retired due to ptmalloc2 PTSD Vuln research since

889 views • 85 slides
Employment Land Employment (ELE) Intensification Study 575 Hood Road 575 Hood Road

Employment Land Employment (ELE) Intensification Study 575 Hood Road 575 Hood Road

Employment Land Employment (ELE) Intensification Study 575 Hood Road 575 Hood Road Pre-Expansion Post-Expansion Final Report Presentation June 13, 2011 Study Intent Employment Land Employment (ELE) includes manufacturing,

170 views • 16 slides
ChakraLinux.org ChakraLinux.org The Half Rolling repository model The golden intersection for

ChakraLinux.org ChakraLinux.org The Half Rolling repository model The golden intersection for

ChakraLinux.org ChakraLinux.org The Half Rolling repository model The golden intersection for desktop users? About Chakra About Chakra Focus on KDE and Qt Software Independent , using Arch technologies Half-Rolling repository model

286 views • 26 slides
Finite generation of the cohomology rings of some pointed Hopf algebras Van C. Nguyen Hood

Finite generation of the cohomology rings of some pointed Hopf algebras Van C. Nguyen Hood

Finite generation of the cohomology rings of some pointed Hopf algebras Van C. Nguyen Hood College, Frederick MD nguyen@hood.edu joint work with Xingting Wang and Sarah Witherspoon Maurice Auslander Distinguished Lectures and International

690 views • 52 slides
ZFS UTH Always consistent on disk Under The Hood No journal not needed Superlite

ZFS UTH Always consistent on disk Under The Hood No journal not needed Superlite

ZFS I/O Stack Object-Based Transactions Make these 7 changes to these 3 objects ZFS All-or-nothing Transaction Group Commit Again, all-or-nothing DMU ZFS UTH Always consistent on disk Under The Hood No

519 views • 17 slides
Search/Discovery Under the Hood Tricia Jenkins and Sean Luyk | Spring Training 2019

Search/Discovery Under the Hood Tricia Jenkins and Sean Luyk | Spring Training 2019

Search/Discovery Under the Hood Tricia Jenkins and Sean Luyk | Spring Training 2019 Outline - Search in libraries - Search trends - Search under the hood 2 The Discovery Technology Stack - Open Source Apache Project since 2007

618 views • 46 slides
1 compassions ( oiktirms ). a motivating emotion. sympathy, mercy, pity.

1 compassions ( oiktirms ). a motivating emotion. sympathy, mercy, pity.

PHILIPPIANS Part 6: One Minded 07.11.10 PLAY Robin Hood Play: Robin Hood Gang Video Clip [2:05] Gang [2:05] Intro I love to read science fiction. I know its not a genre that everyone loves, but I find some fascinating

340 views • 4 slides
NAU FUME HOOD FINAL PRESENTATION Talal Alshammari, Zachary Bell, Bryce Davis, Shirley Hatcher

NAU FUME HOOD FINAL PRESENTATION Talal Alshammari, Zachary Bell, Bryce Davis, Shirley Hatcher

NAU FUME HOOD FINAL PRESENTATION Talal Alshammari, Zachary Bell, Bryce Davis, Shirley Hatcher Northern Arizona University April 24, 2020 PROJECT DESCRIPTION o The Project is to design a fume hood for the biomechanics lab that will be attached

383 views • 12 slides
Mount Hood (composite cone) Photo: E. M. Puris Larch Mountain (shield volcano) Mount Hood

Mount Hood (composite cone) Photo: E. M. Puris Larch Mountain (shield volcano) Mount Hood

Larch Mountain (shield volcano) Mount Hood (composite cone) Photo: E. M. Puris Larch Mountain (shield volcano) Mount Hood (composite cone) Photo: E. M. Puris Degrees and Certificates Meeting December 9 th 2019 SY CC 233B DAC Meeting

451 views • 18 slides
Urban Renewal: Hood River Heights Business District Two Meetings: October 19- Provide

Urban Renewal: Hood River Heights Business District Two Meetings: October 19- Provide

Urban Renewal: Hood River Heights Business District Two Meetings: October 19- Provide Information/Gain Initial Feedback November 9 Gain public input on project priorities Background on Urban Renewal Q and A Hood River Heights Urban

767 views • 47 slides
Inte gr ate d Appr oac he s to Pove r ty Re duc tion at the Ne ighbor hood L e ve l A

Inte gr ate d Appr oac he s to Pove r ty Re duc tion at the Ne ighbor hood L e ve l A

Inte gr ate d Appr oac he s to Pove r ty Re duc tion at the Ne ighbor hood L e ve l A Citie s Without Slums Initiative (IMPACT Pr oje c t) Housing &amp; Urban Development Coordinating Council UN-HABITAT Pr oje c t Goal T o

513 views • 12 slides
S A V A N T Security Analytics &amp; Visualisation for Advanced Network Threats Paul D. Hood

S A V A N T Security Analytics &amp; Visualisation for Advanced Network Threats Paul D. Hood

S A V A N T Security Analytics &amp; Visualisation for Advanced Network Threats Paul D. Hood &amp; Kristian Kocher OxCERT OxCERT Paul D. Hood Security Operations Lead Kristian Kocher UNIX Security Systems Administrator

1.17k views • 58 slides
Rethinking Club Rethinking Club Promotion JUDO BC AGM | JUNE 2014 JENNIFER HOOD | JUMP

Rethinking Club Rethinking Club Promotion JUDO BC AGM | JUNE 2014 JENNIFER HOOD | JUMP

Rethinking Club Rethinking Club Promotion JUDO BC AGM | JUNE 2014 JENNIFER HOOD | JUMP GYMNASTICS INC. JENNIFER HOOD | JUMP GYMNASTICS INC. Sport in Canada The health and well-being of the nation and the medals won at major Games are

423 views • 16 slides
Aut utism sm 2 207: 07: Trans nsition t n to Adultho hood: d: Behavioral S Support f for

Aut utism sm 2 207: 07: Trans nsition t n to Adultho hood: d: Behavioral S Support f for

Aut utism sm 2 207: 07: Trans nsition t n to Adultho hood: d: Behavioral S Support f for Adults Monica Meyer Autism Parent, Activist, Trainer and Consultant My hope for you today is to feel empowered and instilled with optimism for

747 views • 64 slides
Serializability with Snapshot Isolation under the Hood Mihaela Bornea 1 , S. Elnikety 2 , O.

Serializability with Snapshot Isolation under the Hood Mihaela Bornea 1 , S. Elnikety 2 , O.

Outline Motivation Concurrency Control Replication Model Readset Certification Evaluation Conclusions Serializability with Snapshot Isolation under the Hood Mihaela Bornea 1 , S. Elnikety 2 , O. Hodson 2 , A Fekete 3 1 IBM Research 2

475 views • 31 slides
Welc lcome to to th this P Publi ublic M Meeting o of th the Hood ood R Riv iver C Cou

Welc lcome to to th this P Publi ublic M Meeting o of th the Hood ood R Riv iver C Cou

1 Welc lcome to to th this P Publi ublic M Meeting o of th the Hood ood R Riv iver C Cou ounty S y School ool Dis istric ict Bud udget C t Committe ttee Ma May 5, 2 , 2020 20 6: 6:00 p. p.m. Virtual m tual meeti

410 views • 40 slides
R ecent interest rate cuts have created a hood that the Grantor would die during the GRAT

R ecent interest rate cuts have created a hood that the Grantor would die during the GRAT

G Estate Planning Alert November 1998 Declining Interest Rates Can Mean Transfer Tax Savings (using a Grantor Retained Annuity Trust) By: Michael N. Gooen and John M. Tassillo, Jr. R ecent interest rate cuts have created a hood that the

175 views • 3 slides
Mid id-City ity Neighbor hborhood hood Are rea-Wid ide B Bro rownfie field Plan

Mid id-City ity Neighbor hborhood hood Are rea-Wid ide B Bro rownfie field Plan

Mid id-City ity Neighbor hborhood hood Are rea-Wid ide B Bro rownfie field Plan Plannin ing Pro Proje ject Cit City o of Co Council cil B Blu luffs, I IA Interview Presentation June 11, 2014 ELAN | CHROMA DESIGN | THE

681 views • 37 slides
Underwriting Stop Loss-Looking under the hood. Who is Pat Campola and whats his experience to

Underwriting Stop Loss-Looking under the hood. Who is Pat Campola and whats his experience to

Underwriting Stop Loss-Looking under the hood. Who is Pat Campola and whats his experience to make this presentation? Is it a Science, Art or Other Ted the underwriter Dave the Actuary Specific Underwriting Components Base Rate

344 views • 21 slides
Demystifying the PFB Lifting the hood to a key technique in the Radio Astronomers Toolbox Andrew

Demystifying the PFB Lifting the hood to a key technique in the Radio Astronomers Toolbox Andrew

Demystifying the PFB Lifting the hood to a key technique in the Radio Astronomers Toolbox Andrew van der Byl Signal Processing Engineer (CBF) avanderbyl@ska.ac.za CASPER 2017 Keeping it simple: What youre not going to get. Outline:

355 views • 23 slides
NOSQL UNDER THE HOOD: THE ANATOMY AND EVOLUTION OF CASSANDRA THE GRADUAL DEVELOPMENT OF

NOSQL UNDER THE HOOD: THE ANATOMY AND EVOLUTION OF CASSANDRA THE GRADUAL DEVELOPMENT OF

BEN COVERSTON DSE ARCHITECT DATASTAX INC. @BCOVERSTON NOSQL UNDER THE HOOD: THE ANATOMY AND EVOLUTION OF CASSANDRA THE GRADUAL DEVELOPMENT OF SOMETHING, ESPECIALLY FROM A SIMPLE TO A MORE COMPLEX FORM. Evolution A STUDY OF THE

962 views • 58 slides

More recommend