ABSTRACT
Shadow memory is used by dynamic program analysis tools to store metadata for tracking properties of application memory. The efficiency of mapping between application memory and shadow memory has substantial impact on the overall performance of such analysis tools. However, traditional memory mapping schemes that work well on 32-bit architectures cannot easily port to 64-bit architectures due to the much larger 64-bit address space.
This paper presents EMS64, an efficient memory shadowing scheme for 64-bit architectures. By taking advantage of application reference locality and unused regions in the 64-bit address space, EMS64 provides a fast and flexible memory mapping scheme without relying on any underlying platform features or requiring any specific shadow memory size. Our experiments show that EMS64 is able to reduce the runtime shadow memory translation overhead to 81% on average, which almost halves the overhead of the fastest 64-bit shadow memory system we are aware of.
- DynamoRIO dynamic instrumentation tool platform, February 2009. http://dynamorio.org/.Google Scholar
- Derek Bruening. Efficient, Transparent, and Comprehensive Runtime Code Manipulation. PhD thesis, M.I.T., September 2004. Google Scholar
Digital Library
- Michael Burrows, Stephen N. Freund, and Janet L. Wiener. Run-time type checking for binary programs. In Proc. of 12th International Conference on Compiler Construction (CC '03), pages 90--105, 2003. Google Scholar
Digital Library
- Shimin Chen, Michael Kozuch, Theodoros Strigkos, Babak Falsafi, Phillip B. Gibbons, Todd C. Mowry, Vijaya Ramachandran, Olatunji Ruwase, Michael Ryan, and Evangelos Vlachos. Flexible hardware acceleration for instruction-grain program monitoring. In Proc. of 35th International Symposium on Computer Architecture (ISCA '08), pages 377--388, 2008. Google Scholar
Digital Library
- Winnie Cheng, Qin Zhao, Bei Yu, and Scott Hiroshige. Taint-trace: Efficient flow tracing with dynamic binary rewriting. In Proc. of Proceedings of the 11th IEEE Symposium on Computers and Communications (ISCC '06), pages 749--754, 2006. Google Scholar
Digital Library
- Marc L. Corliss, E. Christopher Lewis, and Amir Roth. Dise: a programmable macro engine for customizing applications. In Proc. of 30th International Symposium on Computer Architecture (ISCA '03), pages 362--373, 2003. Google Scholar
Digital Library
- Jedidiah R. Crandall and Frederic T. Chong. Minos: Control data attack prevention orthogonal to memory model. In Proc. of 37th International Symposium on Microarchitecture (MICRO 37), pages 221--232, 2004. Google Scholar
Digital Library
- Michael Dalton, Hari Kannan, and Christos Kozyrakis. Raksha: a flexible information flow architecture for software security. In Proc. of 34th International Symposium on Computer architecture (ISCA '07), pages 482--493, 2007. Google Scholar
Digital Library
- Jerry J. Harrow. Runtime checking of multithreaded applications with visual threads. In Proc. of 7th International SPIN Workshop on SPIN Model Checking and Software Verification, pages 331--342, 2000. Google Scholar
Digital Library
- Hewlett-Packard. Third Degree. http://h30097.www3.hp.com/developerstoolkit/tools.html.Google Scholar
- Intel. Intel Parallel Inspector. http://software.intel.com/en-us/intel-parallel-inspector/.Google Scholar
- OpenWorks LLP. Helgrind: A data race detector, 2007. http://valgrind.org/docs/manual/hg-manual.html/.Google Scholar
- Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. Pin: Building customized program analysis tools with dynamic instrumentation. In Proc. of ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '05), pages 190--200, June 2005. Google Scholar
Digital Library
- Satish Narayanasamy, Cristiano Pereira, Harish Patil, Robert Cohn, and Brad Calder. Automatic logging of operating system effects to guide application-level architecture simulation. In Proc. of Joint International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS '06/Performance '06), pages 216--227, 2006. Google Scholar
Digital Library
- Nicholas Nethercote and Alan Mycroft. Redux: A dynamic dataflow tracer. In Electronic Notes in Theoretical Computer Science, volume 89, 2003.Google Scholar
- Nicholas Nethercote and Julian Seward. How to shadow every byte of memory used by a program. In Proc. of 3rd International Conference on Virtual Execution Environments (VEE '07), pages 65--74, June 2007. Google Scholar
Digital Library
- Nicholas Nethercote and Julian Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. In Proc. of ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '07), pages 89--100, June 2007. Google Scholar
Digital Library
- James Newsome. dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proc. of Network and Distributed System Security Symposium (NDSS 2005), 2005.Google Scholar
- Parasoft. Insure++. http://www.parasoft.com/jsp/products/insure.jsp?itemId=63.Google Scholar
- Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan Zhou, and Youfeng Wu. Lift: A low-overhead practical information flow tracking system for detecting security attacks. In Proc. of 39th International Symposium on Microarchitecture (MICRO 39), pages 135--148, 2006. Google Scholar
Digital Library
- PurifyRational Software. Purify: Fast detection of memory leaks and access errors, 2000. http://www.rationalsoftware.com/products/whitepapers/319.jsp.Google Scholar
- Michiel Ronsse, Bastiaan Stougie, Jonas Maebe, Frank Cornelis, and Koen De Bosschere. An efficient data race detector backend for diota. In Parallel Computing: Software Technology, Algorithms, Architectures & Applications, volume 13, pages 39--46. Elsevier, 2 2004.Google Scholar
- Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, and Thomas Anderson. Eraser: a dynamic data race detector for multithreaded programs. ACM Trans. Comput. Syst., 15 (4): 391--411, 1997. Google Scholar
Digital Library
- Julian Seward and Nicholas Nethercote. Using Valgrind to detect undefined value errors with bit-precision. In Proc. of USENIX Annual Technical Conference, pages 2--2, 2005. Google Scholar
Digital Library
- Standard Performance Evaluation Corporation. SPEC CPU2006 benchmark suite, 2006. http://www.spec.org/osg/cpu2006/.Google Scholar
- G. Edward Suh, Jae W. Lee, David Zhang, and Srinivas Devadas. Secure program execution via dynamic information flow tracking. In Proc. of 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '04), pages 85--96, 2004. Google Scholar
Digital Library
- Guru Venkataramani, Brandyn Roemer, Yan Solihin, and Milos Prvulovic. Memtracker: Efficient and programmable support for memory access monitoring and debugging. In Proc. of 2007 IEEE 13th International Symposium on High Performance Computer Architecture (HPCA '07), pages 273--284, 2007. Google Scholar
Digital Library
- Qin Zhao, Rodric M. Rabbah, Saman P. Amarasinghe, Larry Rudolph, and Weng-Fai Wong. How to do a million watchpoints: Efficient debugging using dynamic instrumentation. In Proc. of 17th International Conference on Compiler Construction (CC '08), pages 147--162, 2008. Google Scholar
Digital Library
- Qin Zhao, Derek Bruening, and Saman Amarasinghe. Umbra: Efficient and scalable memory shadowing. In Proc. of International Symposium on Code Generation and Optimization (CGO '10), April 2010. Google Scholar
Digital Library
- Pin Zhou, Radu Teodorescu, and Yuanyuan Zhou. Hard: Hardware-assisted lockset-based race detection. In Proc. of 2007 IEEE 13th International Symposium on High Performance Computer Architecture (HPCA '07), pages 121--132, 2007. Google Scholar
Digital Library
- Yuanyuan Zhou, Pin Zhou, Feng Qin, Wei Liu, and Josep Torrellas. Efficient and flexible architectural support for dynamic monitoring. ACM Transactions on Architecture and Code Optimization (TACO), 2 (1): 3--33, 2005. Google Scholar
Digital Library
Index Terms
Efficient memory shadowing for 64-bit architectures
Recommendations
How to shadow every byte of memory used by a program
VEE '07: Proceedings of the 3rd international conference on Virtual execution environmentsSeveral existing dynamic binary analysis tools use shadowmemory-they shadow, in software, every byte of memory used by a program with another value that says something about it. Shadow memory is difficult to implement both efficiently and robustly. ...
Efficient memory shadowing for 64-bit architectures
ISMM '10Shadow memory is used by dynamic program analysis tools to store metadata for tracking properties of application memory. The efficiency of mapping between application memory and shadow memory has substantial impact on the overall performance of such ...
Shadow state encoding for efficient monitoring of block-level properties
ISMM '17Memory shadowing associates addresses from an application's memory to values stored in a disjoint memory space called shadow memory. At runtime shadow values store metadata about application memory locations they are mapped to. Shadow state encodings --...







Comments