the jvm is not observable enough and what to do about it
play

The JVM is not observable enough (and what to do about it) Stephen - PowerPoint PPT Presentation

Mar 02, 2023 •191 likes •422 views

The JVM is not observable enough (and what to do about it) Stephen Kell stephen.kell@usi.ch University of Lugano joint work with: Danilo Ansaloni, Walter Binder, Luk a s Marek The JVM is. . . p.1/20 0xcafebabe This is a talk

  1. The JVM is not observable enough (and what to do about it) Stephen Kell stephen.kell@usi.ch “University of Lugano” joint work with: Danilo Ansaloni, Walter Binder, Luk´ aˇ s Marek The JVM is. . . – p.1/20

  2. 0xcafebabe This is a talk about Java bytecode instrumentation � the Java platform’s de facto standard mechanism � ... for observing programs in execution � (non-interactively, usually) The JVM is. . . – p.2/20

  3. What � profilers (JP2, ...) � data race detectors (FastTrack, ...) � white-box / active testing (jCUTE, ...) � security monitors (TaintDroid, ...) � memory / GC analyses (ElephantTracks, ...) � ... The JVM is. . . – p.3/20

  4. How Rewrite the bytecode, adding analysis “snippets” � on e.g. method entries, object allocations, locking, ... Can use libraries that help to munge bytecode � ASM, BCEL, Javassist, Soot, ... Or, some systems abstract the problem a bit more � Chord, DiSL, BTrace, RoadRunner, ... The JVM is. . . – p.4/20

  5. An “innocuous” example (using DiSL) public class TargetClass { public static void main(String[] args) { System.err.println (”MAIN”); } } public class DiSLClass { @Before(marker = BodyMarker. class , scope = ”java.lang.Object. ∗ ”) public static void onMethodExit(MethodStaticContext msc) { System.err.print(”.” ); } } The JVM is. . . – p.5/20

  6. A choice quotation (from http://docs.oracle.com/javase/6/docs/technotes/guides/jvmti/ ) ‘Typically, these alterations are to add “events” to the code of a method —for example, to add, at the beginning of a method, a call to MyProfiler.methodEntered() . Since the changes are purely additive, they do not modify application state or behavior.’ Purely additive? The JVM is. . . – p.6/20

  7. Wishful thinking Some questions: � what problems occur writing tools this way? � can we avoid them? � what would be a better observation mechanism? Answers: several; not really; let’s talk about it... The JVM is. . . – p.7/20

  8. A summary of the difficulties In the paper: � deadlock between instrumentation and program � state corruption by non-reentrant code � method calls: unsafe but unavoidable � “my instrumentation crashes the VM” � instrumented bytecode that doesn’t verify � coverage underapproximation (initializers, startup) � coverage overapproximation (shared threads) The JVM is. . . – p.8/20

  9. Deadlock The JVM is. . . – p.9/20

  10. Attempted escape (1): share no mutable state! Q. Can’t we just never share mutable state ? ( → no locking) A. Good idea. But � this implies calling no methods � ... not even static ones � does your analysis do I/O? (hint: yes) The JVM is. . . – p.10/20

  11. Reentrancy example public class TargetClass { public static void main(String[] args) { System.err.println (”MAIN”); } } public class DiSLClass { @Before(marker = BodyMarker. class , scope = ”java.lang.Object. ∗ ”) public static void onMethodExit(MethodStaticContext msc) { System.err.print(”.” ); } } Any guesses about the output? The JVM is. . . – p.11/20

  12. The output ...................................................... MAIN.MAIN . .... The JVM is. . . – p.12/20

  13. Non-reentrant code now called reentrantly package java.io; class PrintStream { // ... void println () { The JVM is. . . – p.13/20

  14. Non-reentrant code now called reentrantly package java.io; class PrintStream { // ... void println () { // ... try { this .state = PENDING; The JVM is. . . – p.13/20

  15. Non-reentrant code now called reentrantly package java.io; class PrintStream { // ... void println () { // ... try { this .state = PENDING; while (pos != len) pos = copySome(in, out, pos, len); The JVM is. . . – p.13/20

  16. Non-reentrant code now called reentrantly package java.io; class PrintStream { // ... void println () { // ... try { this .state = PENDING; while (pos != len) pos = copySome(in, out, pos, len); } finally { assert this .state == PENDING; // FAILS following reentrant call! this .state = CLEAR; } } } The JVM is. . . – p.13/20

  17. Attempted escape (2): use native code? Q. Maybe just do your analysis in native code? A. Okay, but � (I thought you liked Java?) � any library method might be implemented natively... � and might call back into [instrumented] Java � so sharing can still happen, unbeknownst to analysis Less likely perhaps, but how to be safe ? The JVM is. . . – p.14/20

  18. A known approach we could borrow... Valgrind, Pin, DynamoRIO et al: � share neither state nor code with the observed program � → private libraries (duplicate libc, etc.) � → avoid signal handling, wait() , shared fds, ... We can do the same, at least from native code... � maybe from Java too? � ... if can replicate down to Object , ClassLoader etc. Problem: lost expressiveness! The JVM is. . . – p.15/20

  19. Expressiveness lost If we’re avoiding shared state, we can’t call any Java APIs: � no reflection � can’t call getters ( → field access instead) � can’t observe even basic semantics (e.g. equals() ) � → can’t aggregate data using equality � can’t synchronise One consequence: can’t analyse user-defined abstractions � including library-defined abstractions! The JVM is. . . – p.16/20

  20. Aiming at something better Wanted: keep the abstraction, but add isolation � bytecode instrumentation (BCI) is an abstraction � so far, we have made it “safe” by throwing it away The JVM is. . . – p.17/20

  21. What’s the design space of observation? � isolation: in-process (soft) versus out-of-process (hard) � abstraction: VM-level (fixed) versus user-level (flexible) � synchrony... We have a weird asymmetric isolation requirement. � observed is not influenced by observer � observer is influenced by observed! The JVM is. . . – p.18/20

  22. Isolated bytecode abstractions Existing systems we can take inspiration from � debugger expression eval (VM-style) � debugger expression eval (native-style) � Unix fork() � shared memory (is asymmetric...) � isolates, SIPs (MVM, Singularity) � async assertions (Aftandilian &al, OOPSLA ’11) � JIT purity analysis Can we share the work with expression eval in debuggers? The JVM is. . . – p.19/20

  23. Conclusions Currently, bytecode instrumentors risk � deadlock, reentrancy-derived corruption, ... � more in the paper! We can only do things safely by � trapping to a sharing-free environment ASAP � avoid interacting with user-defined abstractions This limits our expressiveness. Real solution: � an asymmetric “isolated bytecode” abstraction � might unify/replace a subset of JDWP too! (ask me) Thanks for listening. Questions? The JVM is. . . – p.20/20

Recommend

1 Stochastic, Partially Observable Markov Decision Process (MDP) Partially Observable MDP S

1 Stochastic, Partially Observable Markov Decision Process (MDP) Partially Observable MDP S

Stochastic Planning Classical Planning (MDPs, Reinforcement Learning) Static Predictable Unpredictable Static CSE 473 Artificial Intelligence Environment Environment Fully Fully Observable Discrete Observable Observable Discrete

669 views • 9 slides
Reinforcement Learning Environments Fully-observable vs partially-observable Single agent

Reinforcement Learning Environments Fully-observable vs partially-observable Single agent

Reinforcement Learning Environments Fully-observable vs partially-observable Single agent vs multiple agents Deterministic vs stochastic Episodic vs sequential Static or dynamic Discrete or continuous What is reinforcement

684 views • 39 slides
Reinforcement Learning Environments Fully-observable vs

Reinforcement Learning Environments Fully-observable vs

Reinforcement Learning Environments Fully-observable vs par9ally-observable Single agent vs mul9ple agents Determinis9c vs stochas9c Episodic vs

393 views • 8 slides
Dichotomic Observables; GP(1992) vs Psudospin observable(2002). Gisin-Peres observable for Bell

Dichotomic Observables; GP(1992) vs Psudospin observable(2002). Gisin-Peres observable for Bell

Dichotomic Observables; GP(1992) vs Psudospin observable(2002). Gisin-Peres observable for Bell test of N-dim. Pseudospin operator s = ( s x , s y , s z ) for a nonlo- state cality test of continuous variables A ( ) = x sin +

298 views • 7 slides
Precision nuclear physics Observable calculations are becoming increasingly precise Hamiltonian

Precision nuclear physics Observable calculations are becoming increasingly precise Hamiltonian

Precision nuclear physics Observable calculations are becoming increasingly precise Hamiltonian Calculation Experiment Observable What are the theory errors? Hergert et al. PRL 110 , 242501 (2013) Ground-state energies for even oxygen

358 views • 12 slides
Partially observable Markov decision processes Matthijs Spaan Institute for Systems and Robotics

Partially observable Markov decision processes Matthijs Spaan Institute for Systems and Robotics

Partially observable Markov decision processes Matthijs Spaan Institute for Systems and Robotics Instituto Superior T ecnico Lisbon, Portugal Reading group meeting, February 12, 2007 1/22 Overview Partially observable Markov decision

443 views • 25 slides
Conditional Planning Section 11.3 Sec. 11.3 p.1/18 Outline Fully observable environments

Conditional Planning Section 11.3 Sec. 11.3 p.1/18 Outline Fully observable environments

Conditional Planning Section 11.3 Sec. 11.3 p.1/18 Outline Fully observable environments Partially observable environments Conditional POP Sec. 11.3 p.2/18 Uncertainty The agent might not know what the initial state is The agent

447 views • 18 slides
Conditional Planning Section 12.4 Sec. 12.4 p.1/13 Outline Fully observable environments

Conditional Planning Section 12.4 Sec. 12.4 p.1/13 Outline Fully observable environments

Conditional Planning Section 12.4 Sec. 12.4 p.1/13 Outline Fully observable environments Partially observable environments Conditional POP Sec. 12.4 p.2/13 Uncertainty The agent

581 views • 13 slides
Introduction to Partially Observable Markov Decision Processes CS 886 Sequential Decision Making

Introduction to Partially Observable Markov Decision Processes CS 886 Sequential Decision Making

Module 14 Introduction to Partially Observable Markov Decision Processes CS 886 Sequential Decision Making and Reinforcement Learning University of Waterloo Markov Decision Processes MDPs: Fully Observable MDPs Decision maker

398 views • 21 slides
Observable microservices with MicroProfile OpenTracing and looking beyond to OpenTelemetry

Observable microservices with MicroProfile OpenTracing and looking beyond to OpenTelemetry

OPTIONAL SECTION MARKER OR TITLE Observable microservices with MicroProfile OpenTracing and looking beyond to OpenTelemetry Pavol Loffay Senior Software Engineer 1 Agenda Introduction to distributed tracing MicroProfile-OpenTracing

555 views • 26 slides
Entropy-based characterizations of the observable-dependence of the fluctuation-dissipation

Entropy-based characterizations of the observable-dependence of the fluctuation-dissipation

Introduction General framework Illustration on simple models Conclusions Entropy-based characterizations of the observable-dependence of the fluctuation-dissipation temperature Michel Droz 1 Kirsten Martens 1 , 2 , Eric Bertin 3 1 Department

1.08k views • 77 slides
Pattern-Database Heuristics for Partially Observable Nondeterministic Planning

Pattern-Database Heuristics for Partially Observable Nondeterministic Planning

Pattern-Database Heuristics for Partially Observable Nondeterministic Planning Albert-Ludwigs-Universitt Freiburg Manuela Ortlieb and Robert Mattmller Research Group Foundations of Artificial Intelligence Department of Computer Science

3.03k views • 25 slides
HOW AN IOC CAN LEAD TO ANOTHER? Sad Kadhi TheHive Project Automate bulk observable

HOW AN IOC CAN LEAD TO ANOTHER? Sad Kadhi TheHive Project Automate bulk observable

BEERUMP 17 / 2017-06-22 TLP:WHITE HOW AN IOC CAN LEAD TO ANOTHER? Sad Kadhi TheHive Project Automate bulk observable analysis through a REST API Can be queried Web UI Analyzers can be developed in any programming language that

443 views • 8 slides
UNIFICATION, OBSERVABLE LANDSCAPES AND NEW PARTICLES AT THE LHC Raffaele Tito DAgnolo - IAS

UNIFICATION, OBSERVABLE LANDSCAPES AND NEW PARTICLES AT THE LHC Raffaele Tito DAgnolo - IAS

UNIFICATION, OBSERVABLE LANDSCAPES AND NEW PARTICLES AT THE LHC Raffaele Tito DAgnolo - IAS Princeton A First Glance Beyond the Energy Frontier 9/9/2016-ICTP THE MOST EXCITING LHC RESULT THE HIGGS IS LIGHT AND THERE IS NOTHING

470 views • 46 slides
Towards an LHC observable NMSSM grid Joscha Knolle in collaboration with Sophie

Towards an LHC observable NMSSM grid Joscha Knolle in collaboration with Sophie

Introduction NMSSM Phenomenology Constraints SUSY Searches Scan Simulation Conclusion Towards an LHC observable NMSSM grid Joscha Knolle in collaboration with Sophie Henrot-Versill, Anja Butter, Laurent Duflot & Dirk Zerwas and

404 views • 16 slides
Using multiple SLE to explain a certain observable in the 2d Ising model Michael J. Kozdron

Using multiple SLE to explain a certain observable in the 2d Ising model Michael J. Kozdron

Using multiple SLE to explain a certain observable in the 2d Ising model Michael J. Kozdron University of Regina http://stat.math.uregina.ca/ kozdron/ Statcomb 2009: Workshop on Two-Dimensional Lattice Models Centre Emile Borel, Institut

499 views • 36 slides
Uninformed Search (Ch. 3-3.4) Environment classification 1. Fully vs. partially observable = how

Uninformed Search (Ch. 3-3.4) Environment classification 1. Fully vs. partially observable = how

1 Uninformed Search (Ch. 3-3.4) Environment classification 1. Fully vs. partially observable = how much can you see? 2. Single vs. multi-agent = do you need to worry about others interacting? 3. Deterministic vs. stochastic = do you know

783 views • 56 slides
Measurement of the double polarisation observable G with the Crystal Barrel Experiment @ ELSA

Measurement of the double polarisation observable G with the Crystal Barrel Experiment @ ELSA

Measurement of the double polarisation observable G with the Crystal Barrel Experiment @ ELSA Marcus Grner for the CBELSA/TAPS Collaboration Supported by SFB/TR 16 Helmholtz-Institut fr Strahlen- und Kernphysik der Uni Bonn Content

454 views • 23 slides
Observable JS Apps @eanakashima about:// Emily Nakashima product engineering manager @

Observable JS Apps @eanakashima about:// Emily Nakashima product engineering manager @

Observable JS Apps @eanakashima about:// Emily Nakashima product engineering manager @ honeycomb.io The one where we DDOSd ourselves Epilogue // if the page is long enough to scroll if (document.body.clientHeight > window.innerHeight)

649 views • 62 slides
LO-PH Low-Observable Physical Host Instrumentation for Malware Analysis Chad Spensky ,

LO-PH Low-Observable Physical Host Instrumentation for Malware Analysis Chad Spensky ,

LO-PH Low-Observable Physical Host Instrumentation for Malware Analysis Chad Spensky , Hongyi Hu and Kevin Leach cspensky@cs.ucsb.edu hongyihu@alum.mit.edu kjl2y@virginia.edu lophi@mit.edu The Network and

533 views • 24 slides
From Monolith to Observable Microservices using DDD Maria Gomez @mariascandella Tech Principal

From Monolith to Observable Microservices using DDD Maria Gomez @mariascandella Tech Principal

From Monolith to Observable Microservices using DDD Maria Gomez @mariascandella Tech Principal ... HOW? What is Domain Driven Design? It is an approach to building software that has complex and ever- changing business requirements Key

421 views • 38 slides
Partially Observable Markov Decision Processes 3/3/17 (Dis)Advantages of Online MCTS + Just

Partially Observable Markov Decision Processes 3/3/17 (Dis)Advantages of Online MCTS + Just

Partially Observable Markov Decision Processes 3/3/17 (Dis)Advantages of Online MCTS + Just like in game playing, MCTS handles high branching factors very well. + No training phase is required. Each move takes a long time. Were back

459 views • 11 slides
A Multi-Agent Prediction Market based on Raj Dasgupta Partially Observable Stochastic Game

A Multi-Agent Prediction Market based on Raj Dasgupta Partially Observable Stochastic Game

A Multi-Agent Prediction Market based on Partially Observable Stochastic Game Janyl Jumadinova, A Multi-Agent Prediction Market based on Raj Dasgupta Partially Observable Stochastic Game Outline Introduction Research Problem POSGI Janyl

753 views • 46 slides
New observable for CP asymmetry in charm decays Hsiang-nan Li ( ) Academia Sinica,

New observable for CP asymmetry in charm decays Hsiang-nan Li ( ) Academia Sinica,

New observable for CP asymmetry in charm decays Hsiang-nan Li ( ) Academia Sinica, Taipei Presented at HFCPV, Wuhan Oct. 27, 2017 In collaboration with D. Wang, F.S. Yu Direct CP violation Direct CP asymmetry established in kaon

375 views • 18 slides

More recommend