AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
This paper has identified the requirements of shadow value tools and how Valgrind supports them, and shown that Valgrind inhabits a unique part of the dynamic binary instrumentation framework design space

Valgrind: a framework for heavyweight dynamic binary instrumentation

Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation, no. 6 (2007): 89-100

Cited by: 2377|Views160
EI

Abstract

Dynamic binary instrumentation (DBI) frameworks make it easy to build dynamic binary analysis (DBA) tools such as checkers and profilers. Much of the focus on DBI frameworks has been on performance; little attention has been paid to their capabilities. As a result, we believe the potential of DBI has not been fully exploited. In this pape...More

Code:

Data:

Introduction
  • Valgrind is a dynamic binary instrumentation (DBI) framework that occupies a unique part of the DBI framework design space.
  • DBA tools are often implemented using dynamic binary instrumentation (DBI), whereby the analysis code is added to the original code of the client program at run-time
  • This is convenient for users, Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page.
  • They provide a base system that can instrument and run code, plus an environment for writing tools that plug into the base system
Highlights
  • Valgrind is a dynamic binary instrumentation (DBI) framework that occupies a unique part of the dynamic binary instrumentation framework design space
  • Lightweight tools built with Valgrind run comparatively slowly, but Valgrind can be used to build more interesting, robust, heavyweight tools that are difficult or impossible to build with other dynamic binary instrumentation frameworks such as Pin and DynamoRIO
  • Valgrind is a dynamic binary instrumentation framework designed for building heavyweight Dynamic binary analysis tools
  • This paper has identified the requirements of shadow value tools and how Valgrind supports them, and shown that Valgrind inhabits a unique part of the dynamic binary instrumentation framework design space
  • We want to find a way to avoid forcing serial thread execution in a way that does not compromise the correctness of shadow value tools
  • Memcheck has already shown that heavyweight Dynamic binary analysis tools can help programmers greatly improve their programs
Results
  • The authors can use code sizes to roughly measure the amount of effort that went into Valgrind’s core and various tools.
  • In Valgrind 3.2.1, the core contains 170,280 lines of C and 3,207 lines of assembly code.
  • Memcheck contains 10,509 lines of C, Cachegrind is 2,431 lines of C, Massif is 1,764, and Nulgrind is 39.
  • Even though lines of code is not a good measure of coding effort, the benefit of using Valgrind is clear, compared to writing a new tool from scratch.
  • A tool that traces memory accesses would be about 30 lines of code in Pin, and about
Conclusion
  • The authors want to find a way to avoid forcing serial thread execution in a way that does not compromise the correctness of shadow value tools.
  • This will become increasingly important as multi-core machines proliferate.
  • The authors think there is plenty of scope for new heavyweight DBA tools, shadow value tools, and the authors hope Valgrind will be used to build some of these tools
Tables
  • Table1: Valgrind events, their trigger locations, and Memcheck’s callbacks for handling them
  • Table2: Performance of four Valgrind tools on SPEC CPU2000. Column 1 gives the program name; integer programs are listed before floating-point programs. Column 2 gives the native execution time in seconds. Columns 3–6 give the slow-down factors for each tool. The final row shows each column’s geometric mean
Download tables as Excel
Related work
  • There are many DBI frameworks; Nethercote [15] compares eleven in detail (that publication also discusses shadow values, but in less detail than this paper). They vary in numerous ways: platforms supported, instrumentation mechanisms, kinds of analysis code supported, robustness, speed, and availability. Judging by recent literature, those that are both widely-used and actively maintained are Pin [11], DynamoRIO [3], DIOTA [12], and Valgrind.

    We compared Valgrind to Pin in Section 5. As for other DBI frameworks, they all provide less shadow value support than Pin; in particular, they provide no support for R1 (provide shadow registers), such as virtual registers or register re-allocation. We believe R1 is the hardest requirement for a tool to fulfil without help from its framework; without such support, tools have to find ways to “steal” extra registers for themselves. This is possible to some extent, but very difficult to do on the scale required for shadow values in a manner that is robust and gives reasonable performance.
Reference
  • V. Bala, E. Duesterwald, and S. Banerjia. Dynamo: A transparent dynamic optimization system. In Proceedings of PLDI 2000, pages 1–12, Vancouver, Canada, June 2000.
    Google ScholarLocate open access versionFindings
  • D. Bruening. Efficient, Transparent, and Comprehensive Runtime Code Manipulation. PhD thesis, MIT, Cambridge, Mass., USA, September 2004.
    Google ScholarFindings
  • D. Bruening, T. Garnett, and S. Amarasinghe. An infrastructure for adaptive dynamic optimization. In Proceedings of CGO’03, pages 265–276, San Francisco, California, USA, March 2003.
    Google ScholarLocate open access versionFindings
  • M. Burrows, S. N. Freund, and J. L. Wiener. Run-time type checking for binary programs. In Proceedings of CC 2003, pages 90–105, Warsaw, Poland, April 2003.
    Google ScholarLocate open access versionFindings
  • W. Cheng. Personal communication, November 2006.
    Google ScholarFindings
  • W. Cheng, Q. Zhao, B. Yu, and S. Hiroshige. TaintTrace: Efficient flow tracing with dynamic binary rewriting. In Proceedings of ISCC 2006, pages 749–754, Cagliari, Sardinia, Italy, June 2006.
    Google ScholarLocate open access versionFindings
  • P. J. Guo, J. H. Perkins, S. McCamant, and M. D. Ernst. Dynamic inference of abstract types. In Proceedings of ISSTA 2006, pages 255–265, Portland, Maine, USA, July 2006.
    Google ScholarLocate open access versionFindings
  • R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proceedings of the Winter USENIX Conference, pages 125–136, San Francisco, California, USA, January 1992.
    Google ScholarLocate open access versionFindings
  • K. Hazelwood. Code Cache Management in Dynamic Optimization Systems. PhD thesis, Harvard University, Cambridge, Mass., USA, May 2004.
    Google ScholarFindings
  • G. Lueck and R. Cohn. Personal communication, September– November 2006.
    Google ScholarFindings
  • C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: Building customized program analysis tools with dynamic instrumentation. In Proceedings of PLDI 2005, pages 191–200, Chicago, Illinois, USA, June 2005.
    Google ScholarLocate open access versionFindings
  • J. Maebe, M. Ronsse, and K. De Bosschere. DIOTA: Dynamic instrumentation, optimization and transformation of applications. In Proceedings of WBT-2002, Charlottesville, Virginia, USA, September 2002.
    Google ScholarLocate open access versionFindings
  • S. McCamant and M. D. Ernst. Quantitative information-flow tracking for C and related languages. Technical Report MIT-CSAILTR-2006-076, MIT, Cambridge, Mass., USA, 2006.
    Google ScholarFindings
  • S. Narayanasamy, C. Pereira, H. Patil, R. Cohn, and B. Calder. Automatic logging of operation system effects to guide application-level architecture simulation. In Proceedings of SIGMetrics/Performance 2006, pages 216–227, St. Malo, France, June 2006.
    Google ScholarLocate open access versionFindings
  • N. Nethercote. Dynamic Binary Analysis and Instrumentation. PhD thesis, University of Cambridge, United Kingdom, November 2004.
    Google ScholarFindings
  • N. Nethercote and J. Fitzhardinge. Bounds-checking entire programs without recompiling. In Informal Proceedings of SPACE 2004, Venice, Italy, January 2004.
    Google ScholarLocate open access versionFindings
  • N. Nethercote and A. Mycroft. Redux: A dynamic dataflow tracer. ENTCS, 89(2), 2003.
    Google ScholarLocate open access versionFindings
  • N. Nethercote and J. Seward. Valgrind: A program supervision framework. ENTCS, 89(2), 2003.
    Google ScholarLocate open access versionFindings
  • N. Nethercote and J. Seward. How to shadow every byte of memory used by a program. In Proceedings of VEE 2007, San Diego, California, USA, June 2007.
    Google ScholarLocate open access versionFindings
  • J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of NDSS ’05, San Diego, California, USA, February 2005.
    Google ScholarLocate open access versionFindings
  • H. Patil and C. Fischer. Low-cost, concurrent checking of pointer and array accesses in C programs. Software—Practice and Experience, 27(1):87–110, January 1997.
    Google ScholarLocate open access versionFindings
  • F. Qin. Personal communication, March 2007.
    Google ScholarFindings
  • F. Qin, C. Wang, Z. Li, H. Kim, Y. Zhou, and Y. Wu. Lift: A low-oeverhead practical information flow tracking system for detecting security attacks. In Proceedings of the Annual IEEE/ACM International Symposium on Microarchitecture (Micro’06), Orlando, Florida, USA, December 2006.
    Google ScholarLocate open access versionFindings
  • K. Scott, J. W. Davidson, and K. Skadron. Low-overhead software dynamic translation. Technical Report CS-2001-18, University of Virginia, Charlottesville, Virginia, USA, 2001.
    Google ScholarFindings
  • J. Seward and N. Nethercote. Using Valgrind to detect undefined value errors with bit-precision. In Proceedings of the USENIX’05 Annual Technical Conference, Anaheim, California, USA, April 2005.
    Google ScholarLocate open access versionFindings
  • O. Traub, G. Holloway, and M. D. Smith. Quality and speed in linearscan register allocation. In Proceedings of PLDI ’98, pages 142–151, Montreal, Canada, June 1998.
    Google ScholarLocate open access versionFindings
  • The Valgrind Developers. 2nd official Valgrind survey, September 2005: full report. http://www.valgrind.org/gallery/survey 05/report.txt.
    Findings
  • The Valgrind Developers. Valgrind. http://www.valgrind.org/.
    Findings
  • L. Wall, T. Christiansen, and J. Orwant. Programming Perl. O’Reilly, 3rd edition, 2000.
    Google ScholarFindings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科