fast binary translation
play

Fast Binary Translation: Translation Efficiency and Runtime - PowerPoint PPT Presentation

Aug 18, 2022 •18 likes •358 views

Fast Binary Translation: Translation Efficiency and Runtime Efficiency Mathias Payer and Thomas R. Gross Department of Computer Science ETH Zrich Motivation Goal: User-Space BT for Software Virtualization fastBT as a system to analyze

  1. Fast Binary Translation: Translation Efficiency and Runtime Efficiency Mathias Payer and Thomas R. Gross Department of Computer Science ETH Zürich

  2. Motivation  Goal: User-Space BT for Software Virtualization  fastBT as a system to analyze cost of BT  We are interested in  Flexibility of code generation  Efficiency of translation  Efficiency of generated runtime image  Limits of dynamic software BT  Problem:  Flexibility of dynamic software BT comes at a cost  Especially indirect control transfers incur high overhead  What is the lowest possible overhead (w/o HW support)? 2009-06-20 ETH Zurich / LST / Mathias Payer 2

  3. Outline  Introduction  Design and Implementation  Translator  Table generation  Optimization  How to reduce overhead  Benchmarks  Related Work  Conclusion 2009-06-20 ETH Zurich / LST / Mathias Payer 3

  4. Introduction  Design of a fast and flexible dynamic binary translator  Table driven translation approach  Master (indirect) control transfers  Indirect jumps, indirect calls, and function returns  Use a code cache and inlining  High level interface to generate translation tables at compile time  Manual table construction is hard & cumbersome  Use automation and high level description! Table generator Intel IA32 Optimized ● High level interface opcode translator ● Adapter functions tables table 2009-06-20 ETH Zurich / LST / Mathias Payer 4

  5. Table Generation  Use enriched opcode tables  Information about opcodes, possible encodings, and properties  Specify default translation actions  Use table generator to offer high-level interface  Transforming opcode tables into runtime translation tables  Add analysis functions to control the table generation  Memory access?  What are src, dst, aux parameters?  FPU usage?  What kind of opcode?  Immediate value as pointer?  ... 2009-06-20 ETH Zurich / LST / Mathias Payer 5

  6. Design and Implementation  BT in a nutshell: Original program Translator Trace cache Opcode table 1' 0 1 3' Trampoline to translate 4 2 3 2' Mapping 3 3' 4 1 1' 2 2' 2009-06-20 ETH Zurich / LST / Mathias Payer 6

  7. Optimization  Various optimizations explored for IA32  Performance limited by indirect control flow transfers  Optimize indirect call/jump and function returns  Require runtime lookup and dispatching  BT replaces indirect control transfers with software traps  Calculate target address from original instruction  Lookup target (translated?)  Redirect to target 2009-06-20 ETH Zurich / LST / Mathias Payer 7

  8. Optimization  Various optimizations explored for IA32  Performance limited by indirect control flow transfers  Optimize indirect call/jump and function returns  Require runtime lookup and dispatching  BT replaces indirect control transfers with software traps  Calculate target address from original instruction  Lookup target (translated?)  Redirect to target A naive approach translates one instruction into ~30 instructions (+function call) 2009-06-20 ETH Zurich / LST / Mathias Payer 8

  9. Optimization: Return instructions, naive approach  Treat a return instruction like an indirect jump  Use return IP on stack and branch to ind_jump  ind_jump pseudocode:  Lookup target  Call to mapping table lookup function push tld ret  Translate target if not in code cache call ind_jump  Return to translated target 2009-06-20 ETH Zurich / LST / Mathias Payer 9

  10. Optimization: Return instructions, naive approach  Treat a return instruction like an indirect jump  Use return IP on stack and branch to ind_jump  ind_jump pseudocode:  Lookup target  Call to mapping table lookup function push tld ret  Translate target if not in code cache call ind_jump  Return to translated target  Results in ~30 instructions  2-3 function calls ( ind_jump , lookup, maybe translation)  No distinction between fast path and slow path 2009-06-20 ETH Zurich / LST / Mathias Payer 10

  11. Optimization: Shadow Stack  Use relationship between call/ret  CALL  Push return IP and translated IP on shadow stack Stack: Shadow Stack: ... ... RIP Trans. IP RIP 2009-06-20 ETH Zurich / LST / Mathias Payer 11

  12. Optimization: Shadow Stack  Use relationship between call/ret  CALL  Push return IP and translated IP on shadow stack  RET  Compare return IP on stack with shadow stack Stack: Shadow Stack: ... ... RIP Trans. IP ? RIP 2009-06-20 ETH Zurich / LST / Mathias Payer 12

  13. Optimization: Shadow Stack  Use relationship between call/ret  CALL  Push return IP and translated IP on shadow stack  RET  Compare return IP on stack with shadow stack  If it matches, return to translated IP on shadow stack Stack: Shadow Stack: ... ... Trans. IP 2009-06-20 ETH Zurich / LST / Mathias Payer 13

  14. Optimization: Shadow Stack  Use relationship between call/ret  CALL  Push return IP and translated IP on shadow stack  RET  Compare return IP on stack with shadow stack  If it matches, return to translated IP on shadow stack Stack: Shadow Stack: ... ... 2009-06-20 ETH Zurich / LST / Mathias Payer 14

  15. Optimization: Shadow Stack  Use relationship between call/ret  CALL  Push return IP and translated IP on shadow stack  RET  Compare return IP on stack with shadow stack  If it matches, return to translated IP on shadow stack  Results in ~18 instructions  1 additional function call, if target is untranslated  Overhead results from stack synchronization 2009-06-20 ETH Zurich / LST / Mathias Payer 15

  16. Optimization: Return Prediction  Save last target IP and translated IP in inline cache  Compare inline cache with actual IP branch to translated IP if correct  Otherwise recover through indirect jump and backpatch cached entries ret cmpl $cached_rip, (%esp) je hit_ret pushl tld call ret_fixup hit_ret: addl $4, %esp jmp $translated_rip 2009-06-20 ETH Zurich / LST / Mathias Payer 16

  17. Optimization: Return Prediction  Save last target IP and translated IP in inline cache  Compare inline cache with actual IP branch to translated IP if correct  Otherwise recover through indirect jump and backpatch cached entries  Results in 4/43 (hit/miss) instructions  1 additional function call, if target is untranslated  Only possible for misses  Optimistic approach that speculates on a high hit-rate  Recovery is more expensive than even the naive approach 2009-06-20 ETH Zurich / LST / Mathias Payer 17

  18. Optimization: Inlined Fast Return  Inline a fast mapping table lookup into the code cache  Branch to target if already translated  Otherwise branch to ind_jump ret pushl %ebx & %ecx movl 8(%esp), %ebx #load rip movl %ebx, %ecx Fast lookup andl HASH_PATTERN, %ebx subl MAPTLB_START(0,%ebx,4), %ecx jecxz hit popl %ecx & %ebx Recover from failed lookup pushl tld call ind_jump hit: movl MAPTLB_START+4(0,%ebx,4),%ebx movl %ebx, 8(%esp) # overwrite rip Fix RIP and return popbl %ecx & %ebx ret 2009-06-20 ETH Zurich / LST / Mathias Payer 18

  19. Optimization: Inlined Fast Return  Inline a fast mapping table lookup into the code cache  Branch to target if already translated  Otherwise branch to ind_jump  Results in 12 instructions  1 additional function call, if target is untranslated  Only possible for misses  Faster than shadow stack and naive approach  For most benchmarks faster than the return prediction 2009-06-20 ETH Zurich / LST / Mathias Payer 19

  20. Optimization summary  Optimize different forms of indirect control transfers  Indirect jumps, indirect calls, and function returns  fastBT uses:  Inlined fast return and inlining to reduce the cost of function returns  Indirect call prediction  Hit: 4, miss: 43 instructions  Inlined fast indirect jumps 2009-06-20 ETH Zurich / LST / Mathias Payer 20

  21. Benchmarks  Used SPEC CPU2006 benchmarks to evaluate different optimizations  Compared against three dynamic BT systems  HDTrans version 0.4.1 (current version)  DynamoRIO version 0.9.4 (current version)  PIN version 2.4, revision 19012  Used “null”-translation  Machine: Intel Core2 Duo @ 3GHz, 2GB Memory 2009-06-20 ETH Zurich / LST / Mathias Payer 21

  22. Benchmarks 2.5 Slowdown, relative to untranslated code 2 1.5 fastBT dynamoRIO HDTrans 1 PIN 0.5 0 400.perlbench 458.sjeng 464.h264ref 2009-06-20 ETH Zurich / LST / Mathias Payer 22

  23. Benchmarks 1.2 Slowdown, relative to untranslated code 1 0.8 fastBT 0.6 dynamoRIO HDTrans 0.4 PIN 0.2 0 456.hmmer 435.gromacs 444.namd 2009-06-20 ETH Zurich / LST / Mathias Payer 23

  24. Benchmarks  High overhead for SW BT: Map. Misses (%miss) Function calls (%inl.) Ind. Jumps Ind. Calls (%miss) 400.perlbench 246667 (0.00%) 21909*10^6 (9.50%) 21930*10^6 3902*10^6 (89.14%) 458.sjeng 1 (0.00%) 21940*10^6 (1.25%) 109930*10^6 5070*10^6 (64.05%) 464.h264ref 11340*10^6 (42.64%) 9148*10^6 (30.36%) 2317*10^6 28445*10^6 (1.20%)  Low overhead for SW BT: Map. Misses (%miss) Function calls (%inl.) Ind. Jumps Ind. Calls (%miss) 456.hmmer 15 (0.00%) 219*10^6 (26.78%) 163*10^6 1*10^6 (0.01%) 435.gromacs 2 (0.00%) 3510*10^6 (75.48%) 27*10^6 3*10^6 (0.86%) 444.namd 2 (0.00%) 34*10^6 (20.47%) 15*10^6 2*10^6 (0.00%) 2009-06-20 ETH Zurich / LST / Mathias Payer 24

Recommend

Cross-ISA Machine Instrumentation Cross-ISA Machine Instrumentation using Fast and Scalable

Cross-ISA Machine Instrumentation Cross-ISA Machine Instrumentation using Fast and Scalable

Cross-ISA Machine Instrumentation Cross-ISA Machine Instrumentation using Fast and Scalable using Fast and Scalable Dynamic Binary Translation Dynamic Binary Translation Emilio G. Cota Columbia University Luca P. Carloni VEE'19 April 14,

1.05k views • 45 slides
CS 171: Introduction to Computer Science II Binary Search Trees Binary Search Trees

CS 171: Introduction to Computer Science II Binary Search Trees Binary Search Trees

CS 171: Introduction to Computer Science II Binary Search Trees Binary Search Trees Generalized from Linked List. Advantages: Fast to search Fast to insert and delete Fast to insert and delete Recall the search and

602 views • 32 slides
A jump-target identification method for multi-architecture static binary translation Alessandro

A jump-target identification method for multi-architecture static binary translation Alessandro

A jump-target identification method for multi-architecture static binary translation Alessandro Di Federico Giovanni Agosta Politecnico di Milano CASES 2016 October 4, 2016 Index Introduction Our solution Evaluation Static binary

667 views • 63 slides
Translation Services: Innovation in Translation Workflow, Tools and Translation Workflow, Tools

Translation Services: Innovation in Translation Workflow, Tools and Translation Workflow, Tools

Translation Services: Innovation in Translation Workflow, Tools and Translation Workflow, Tools and Processes Nirupama Deshpande Fast Facts About Kaiser Permanente Founded in 1945 Founded in 1945 Headquartered in Oakland,

416 views • 25 slides
Optimizing Binary Translation of Dynamically Generated Code Byron Hawkins Brian Demsky

Optimizing Binary Translation of Dynamically Generated Code Byron Hawkins Brian Demsky

Optimizing Binary Translation of Dynamically Generated Code Byron Hawkins Brian Demsky University of California, Irvine Derek Bruening Qin Zhao Google, Inc. Profiling Bug detection Program analysis Security SPEC CPU 2006

1.15k views • 85 slides
Dynamic Binary Optimization Introduction Application profiling Optimizing translation

Dynamic Binary Optimization Introduction Application profiling Optimizing translation

Dynamic Binary Optimization Introduction Application profiling Optimizing translation blocks Compatibility Code reordering Other code optimizations 1 EECS 768 Virtual Machines Optimization Overview Identify frequently

822 views • 40 slides
This is a PDF version with notes. You can find the PPTX version at

This is a PDF version with notes. You can find the PPTX version at

This is a PDF version with notes. You can find the PPTX version at http://www.cse.iitd.ernet.in/~sbansal/talks/btkernel.pptx 1 Firstly, what is Dynamic Binary Translation and what is it used for. Dynamic Binary Translation or DBT is the

617 views • 49 slides
Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or

Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or

Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or binary code are used by computers and digital devices to talk to each other. It is used to give commands to the computer or a way to enter data

165 views • 12 slides
Analyse and binary transformation Guillaume Bouffard Analyse and binary transformation Guillaume

Analyse and binary transformation Guillaume Bouffard Analyse and binary transformation Guillaume

Analyse and binary transformation Guillaume Bouffard Analyse and binary transformation Guillaume Bouffard Outline 1 Introduction Profiling step 2 Translation step 3 Binary Modification 4 Proof Of Concept 5 Conclusion 6 2 / 19

779 views • 40 slides
Accelerate Cycle-Level Multi-Core RISC-V Simulation with Binary Translation Xuan Guo, Robert

Accelerate Cycle-Level Multi-Core RISC-V Simulation with Binary Translation Xuan Guo, Robert

Accelerate Cycle-Level Multi-Core RISC-V Simulation with Binary Translation Xuan Guo, Robert Mullins Department of Computer Science and Technology Both the paper and the slides are made available under CC BY 4.0 Motivation We want to

790 views • 22 slides
1 Fast hits by Avoiding Address Fast hits by Avoiding Address Translation Translation Send

1 Fast hits by Avoiding Address Fast hits by Avoiding Address Translation Translation Send

Reducing Misses by Hardware Prefetching of Instructions & Data Lecture 17: Reducing Cache Miss E.g., Instruction Prefetching Penalty and Reducing Cache Hit Alpha 21064 fetches 2 blocks on a miss Extra block placed in stream

389 views • 3 slides
A fast parameter space search for continuous gravitational waves from known binary systems

A fast parameter space search for continuous gravitational waves from known binary systems

Introduction The data analysis challenge Current Solutions A New Solution Conclusions and future work A fast parameter space search for continuous gravitational waves from known binary systems C Messenger University of Glasgow

461 views • 21 slides
Fast decoding in neural machine translation with Ray MAREK STRELEC Time cost statistics for

Fast decoding in neural machine translation with Ray MAREK STRELEC Time cost statistics for

Fast decoding in neural machine translation with Ray MAREK STRELEC Time cost statistics for decoding Zhang, Wen, et al. (2018) Ray q A flexible, high-performance distributed execution framework q Implements a dynamic task graph

105 views • 6 slides
x86 Memory Protection and Binary Memory Threads Formats Allocators Translation User System

x86 Memory Protection and Binary Memory Threads Formats Allocators Translation User System

2/5/20 COMP 790: OS Implementation COMP 790: OS Implementation Logical Diagram x86 Memory Protection and Binary Memory Threads Formats Allocators Translation User System Calls Kernel RCU File System Networking Sync Don Porter

238 views • 9 slides
Fast Monte-Carlo Simulation of Ion Implantation Binary Collision Approximation Implementation

Fast Monte-Carlo Simulation of Ion Implantation Binary Collision Approximation Implementation

Fast Monte-Carlo Simulation of Ion Implantation Binary Collision Approximation Implementation within ATHENA Contents Simulation Challenges for Future Technologies Monte-Carlo Concepts and Models Atomic and nuclear

267 views • 26 slides
Deep Learning of Binary Hash Codes for Fast Image Retrieval Kevin Lin, Huei-Fang Yang, Jen-Hao

Deep Learning of Binary Hash Codes for Fast Image Retrieval Kevin Lin, Huei-Fang Yang, Jen-Hao

Deep Learning of Binary Hash Codes for Fast Image Retrieval Kevin Lin, Huei-Fang Yang, Jen-Hao Hsiao, Chu-song chen Yahoo! Taiwan CVPR 2015 2016. 11. 6. 1 Index Review Background & Motivation Method Experiment

543 views • 32 slides
Fast and Adaptive Online Training of Feature-Rich Translation Models Spence Green Sida Wang

Fast and Adaptive Online Training of Feature-Rich Translation Models Spence Green Sida Wang

Fast and Adaptive Online Training of Feature-Rich Translation Models Spence Green Sida Wang Daniel Cer Christopher D. Manning Stanford University ACL 2013 Feature-Rich Research Industry/Evaluations Liang et al. 2006 Tillmann and Zhang

1.24k views • 93 slides
Fast and Adaptive Online Training of Feature-Rich Translation Models Spence Green Sida Wang

Fast and Adaptive Online Training of Feature-Rich Translation Models Spence Green Sida Wang

Fast and Adaptive Online Training of Feature-Rich Translation Models Spence Green Sida Wang Daniel Cer Christopher D. Manning Stanford University ACL 2013 Feature-Rich Research Industry/Evaluations Liang et al. 2006 Tillmann and Zhang

899 views • 65 slides
Generating Low-Overhead Dynamic Binary Translators Mathias Payer and Thomas R. Gross Department

Generating Low-Overhead Dynamic Binary Translators Mathias Payer and Thomas R. Gross Department

Generating Low-Overhead Dynamic Binary Translators Mathias Payer and Thomas R. Gross Department of Computer Science ETH Z rich Motivation Binary Translation (BT) well known technique for late transformations Extend or add

326 views • 29 slides
The Power of Binary 0, 1, 10, 11, 100, 101, 110, 111... What is Binary? a binary number

The Power of Binary 0, 1, 10, 11, 100, 101, 110, 111... What is Binary? a binary number

The Power of Binary 0, 1, 10, 11, 100, 101, 110, 111... What is Binary? a binary number is a number expressed in the binary numeral system, or base-2 numeral system, which represents numeric values using two different symbols: typically

485 views • 19 slides
BREAKTHROUGHS IN NEURAL MACHINE TRANSLATION Olof Mogren Chalmers University of Technology

BREAKTHROUGHS IN NEURAL MACHINE TRANSLATION Olof Mogren Chalmers University of Technology

BREAKTHROUGHS IN NEURAL MACHINE TRANSLATION Olof Mogren Chalmers University of Technology 2016-09-29 COMING SEMINARS T oday: Olof Mogren Neural Machine Translation October 6: John Wiedenhoeft Fast Bayesian inference in Hidden Markov

607 views • 22 slides
LECTURE 2 Review 1 Binary Math and Assembly BINARY MATH In this section, we review Binary

LECTURE 2 Review 1 Binary Math and Assembly BINARY MATH In this section, we review Binary

LECTURE 2 Review 1 Binary Math and Assembly BINARY MATH In this section, we review Binary to decimal conversions and vice versa IEEE 754 Floating point representations Binary Arithmetic Decimal representation of binary numbers

1.66k views • 118 slides
Binary There are 10 types of people in the world those that understand binary and those

Binary There are 10 types of people in the world those that understand binary and those

Binary There are 10 types of people in the world those that understand binary and those that dont. What is binary? You and I write numbers like this: twelve is 12, sixty eight is 68, and one hundred is 100 Binary is a number

525 views • 26 slides
1 Translation and Scalling Matrice Translation o The translation and scaling transformations may

1 Translation and Scalling Matrice Translation o The translation and scaling transformations may

3D Coordinate Systems 3D Transformation o The translation, scaling and rotation transformations used for 2D o 3D computer graphics involves the additional dimension of can be extended to three dimensions depth, allowing more realistic

435 views • 9 slides

More recommend