Valentin Touzeau
Skip Abstract Section
Skip Supplemental Material SectionAbstract
For applications in worst-case execution time analysis and in security, it is desirable to statically classify memory accesses into those that result in cache hits, and those that result in cache misses. Among cache replacement policies, the least recently used (LRU) policy has been studied the most and is considered to be the most predictable.
The state-of-the-art in LRU cache analysis presents a tradeoff between precision and analysis efficiency: The classical approach to analyzing programs running on LRU caches, an abstract interpretation based on a range abstraction, is very fast but can be imprecise. An exact analysis was recently presented, but, as a last resort, it calls a model checker, which is expensive.
In this paper, we develop an analysis based on abstract interpretation that comes close to the efficiency of the classical approach, while achieving exact classification of all memory accesses as the model-checking approach. Compared with the model-checking approach we observe speedups of several orders of magnitude. As a secondary contribution we show that LRU cache analysis problems are in general NP-complete.
Supplemental Material
- Advanced Micro Devices 2017. Software Optimization Guide for AMD Family 17h Processors. Advanced Micro Devices. https://developer.amd.com/wordpress/media/2013/12/55723_3_00.ZIP Publication No. 55723, Revision 3.00.Google Scholar
- Clément Ballabriga, Hugues Cassé, Christine Rochange, and Pascal Sainrat. 2010. OTAWA: An Open Toolbox for Adaptive WCET Analysis. In Software Technologies for Embedded and Ubiquitous Systems - 8th IFIP WG 10.2 International Workshop, SEUS 2010, Waidhofen/Ybbs, Austria, October 13-15, 2010. Proceedings (Lecture Notes in Computer Science), Sang Lyul Min, Robert G. Pettit IV, Peter P. Puschner, and Theo Ungerer (Eds.), Vol. 6399. Springer, 35–46. Google ScholarDigital Library
- Wenlei Bao, Sriram Krishnamoorthy, Louis-Noel Pouchet, and P. Sadayappan. 2017. Analytical Modeling of Cache Behavior for Affine Programs. Proc. ACM Program. Lang. 2, POPL, Article 32 (Dec. 2017), 26 pages. Google ScholarDigital Library
- Daniel J. Bernstein. 2005. Cache-timing attacks on AES. (2005). https://cr.yp.to/antiforgery/cachetiming- 20050414.pdfGoogle Scholar
- Kristof Beyls and Erik H. D’Hollander. 2005. Generating cache hints for improved program efficiency. Journal of Systems Architecture 51, 4 (2005), 223 – 250. Google ScholarDigital Library
- Calin Cascaval and David A. Padua. 2003. Estimating Cache Misses and Locality Using Stack Distances. In Proceedings of the 17th Annual International Conference on Supercomputing (ICS ’03). ACM, New York, NY, USA, 150–159. Google ScholarDigital Library
- Siddhartha Chatterjee, Erin Parker, Philip J. Hanlon, and Alvin R. Lebeck. 2001. Exact Analysis of the Cache Behavior of Nested Loops. In Proceedings of the ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation (PLDI ’01). ACM, New York, NY, USA, 286–297. Google ScholarDigital Library
- Sudipta Chattopadhyay and Abhik Roychoudhury. 2013. Scalable and precise refinement of cache timing analysis via path-sensitive verification. Real-Time Systems 49, 4 (2013), 517–562.Google ScholarCross Ref
- Duc-Hiep Chu, Joxan Jaffar, and Rasool Maghareh. 2016. Precise Cache Timing Analysis via Symbolic Execution. In 2016 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), Vienna, Austria, April 11-14, 2016. IEEE Computer Society, 293–304.Google ScholarCross Ref
- Patrick Cousot. 1978. Méthodes itératives de construction et d’approximation de points fixes d’opérateurs monotones sur un treillis, analyse sémantique de programmes. Thèse d’état ès sciences mathématiques. Université scientifique et médicale de Grenoble, Grenoble, France. https://tel.archives- ouvertes.fr/tel- 00288657/en/Google Scholar
- Goran Doychev and Boris Köpf. 2017. Rigorous Analysis of Software Countermeasures Against Cache Attacks. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2017). ACM, New York, NY, USA, 406–421. Google ScholarDigital Library
- Goran Doychev, Boris Köpf, Laurent Mauborgne, and Jan Reineke. 2015. CacheAudit: A Tool for the Static Analysis of Cache Side Channels. ACM Trans. Inf. Syst. Secur. 18, 1, Article 4 (June 2015), 32 pages. Google ScholarDigital Library
- Heiko Falk, Sebastian Altmeyer, Peter Hellinckx, Björn Lisper, Wolfgang Puffitsch, Christine Rochange, Martin Schoeberl, Rasmus Bo Sorensen, Peter Wägemann, and Simon Wegener. 2016. TACLeBench: A Benchmark Collection to Support Worst-Case Execution Time Research. In 16th International Workshop on Worst-Case Execution Time Analysis, WCET 2016, July 5, 2016, Toulouse, France. 2:1–2:10.Google Scholar
- Paul Feautrier. 1992. Some efficient solutions to the affine scheduling problem. Part II. Multidimensional time. International Journal of Parallel Programming 21, 6 (01 Dec 1992), 389–420. Google ScholarDigital Library
- Christian Ferdinand and Reinhard Wilhelm. 1999. Efficient and Precise Cache Behavior Prediction for Real-Time Systems. Real-Time Systems 17, 2-3 (1999), 131–181. Google ScholarDigital Library
- Somnath Ghosh, Margaret Martonosi, and Sharad Malik. 1999. Cache Miss Equations: A Compiler Framework for Analyzing and Tuning Memory Behavior. ACM Trans. Program. Lang. Syst. 21, 4 (July 1999), 703–746. Google ScholarDigital Library
- Daniel Grund and Jan Reineke. 2009. Abstract Interpretation of FIFO Replacement. In Static Analysis, 16th International Symposium, SAS 2009 (LNCS), Jens Palsberg and Zhendong Su (Eds.), Vol. 5673. Springer-Verlag, 120–136. Google ScholarDigital Library
- Daniel Grund and Jan Reineke. 2010a. Precise and Efficient FIFO-Replacement Analysis Based on Static Phase Detection. In Proceedings of the 22nd Euromicro Conference on Real-Time Systems (ECRTS ’10). 155–164. Google ScholarDigital Library
- Daniel Grund and Jan Reineke. 2010b. Toward Precise PLRU Cache Analyis. In Proceedings of 10th International Workshop on Worst-Case Execution Time (WCET) Analysis, Björn Lisper (Ed.). Austrian Computer Society, 28–39. http://rw4.cs. uni- saarland.de/~grund/papers/wcet10- plru.pdfGoogle Scholar
- Nan Guan, Mingsong Lv, Wang Yi, and Ge Yu. 2014. WCET Analysis with MRU Cache: Challenging LRU for Predictability. ACM Trans. Embed. Comput. Syst. 13, 4s, Article 123 (April 2014), 26 pages. Google ScholarDigital Library
- Nan Guan, Xinping Yang, Mingsong Lv, and Wang Yi. 2013. FIFO Cache Analysis for WCET Estimation: A Quantitative Approach. In Proceedings of the Conference on Design, Automation and Test in Europe (DATE 2013). EDA Consortium, San Jose, CA, USA, 296–301. http://dl.acm.org/citation.cfm?id=2485288.2485362 Google ScholarDigital Library
- Reinhold Heckmann and Christian Ferdinand. 2014. Worst-Case Execution Time Prediction by Static Program Analysis. The whitepaper of aiT (2014). http://www.absint.com/aiT_{W}{C}{E}{T}.pdfGoogle Scholar
- Intel Corporation 2016. Intel 64 and IA-32 Architectures Optimization Reference Manual. Intel Corporation. https://www. intel.com/content/dam/www/public/us/en/documents/manuals/64- ia- 32- architectures- optimization- manual.pdf Order Number: 248966-033.Google Scholar
- Donald E. Knuth. 2011. The Art of Computer Programming: Combinatorial Algorithms, part 1. Vol. 4A. Pearson. Google ScholarDigital Library
- Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2018. Spectre Attacks: Exploiting Speculative Execution. CoRR abs/1801.01203 (2018). arXiv: 1801.01203 http://arxiv.org/abs/1801.01203Google Scholar
- Amy W. Lim and Monica S. Lam. 1997. Maximizing Parallelism and Minimizing Synchronization with Affine Transforms. In Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’97). ACM, New York, NY, USA, 201–214. Google ScholarDigital Library
- Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD. https://www. usenix.org/conference/usenixsecurity18/presentation/lipp Google ScholarDigital Library
- Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-Level Cache Side-Channel Attacks are Practical. In 2015 IEEE Symposium on Security and Privacy. 605–622. Google ScholarDigital Library
- Thomas Lundqvist and Per Stenström. 1999. Timing Anomalies in Dynamically Scheduled Microprocessors. In 20th IEEE Real-Time Systems Symposium (RTSS). Google ScholarDigital Library
- Mingsong Lv, Nan Guan, Jan Reineke, Reinhard Wilhelm, and Wang Yi. 2016. A Survey on Static Cache Analysis for Real-Time Systems. Leibniz Transactions on Embedded Systems 3, 1 (2016), 05–1–05:48.Google Scholar
- Shin-ichi Minato. 2001. Zero-suppressed BDDs and their applications. Int. J. on Software Tools for Technology Transfer (STTT) 3, 2 (2001), 156–170.Google ScholarCross Ref
- Alan Mishchenko. 2014. An introduction to zero-suppressed binary decision diagrams. In Applications of Zero-Suppressed Decision Diagrams, Tsutomu Sasao and Jon T. Butler (Eds.). Morgan Claypool. https://people.eecs.berkeley.edu/~alanmi/ publications/2001/tech01_zdd_.pdfGoogle Scholar
- Keaton Mowery, Sriram Keelveedhi, and Hovav Shacham. 2012. Are AES x86 Cache Timing Attacks Still Feasible?. In Cloud Computing Security Workshop. ACM, New York, NY, USA, 19–24. Google ScholarDigital Library
- Frank Mueller and David B. Whalley. 1995. Fast Instruction Cache Analysis via Static Cache Simulation. In Proceedings of the 28th Annual Simulation Symposium. 105–114. Google ScholarDigital Library
- Jan Reineke, Daniel Grund, Christoph Berg, and Reinhard Wilhelm. 2007. Timing Predictability of Cache Replacement Policies. Real-Time Systems 37, 2 (November 2007), 99–122. Google ScholarDigital Library
- Jan Reineke, Björn Wachter, Stephan Thesing, Reinhard Wilhelm, Ilia Polian, Jochen Eisinger, and Bernd Becker. 2006. A Definition and Classification of Timing Anomalies. In 6th International Workshop on Worst-Case Execution Time Analysis (WCET).Google Scholar
- Fabio Somenzi. 2001. Efficient manipulation of decision diagrams. Int J. Software Tools for Technology Transfer (STTT) 3, 2 (2001), 171–181.Google ScholarCross Ref
- Valentin Touzeau, Claire Maïza, David Monniaux, and Jan Reineke. 2017. Ascertaining Uncertainty for Efficient Exact Cache Analysis. In Computer-aided verification (CAV) (Lecture Notes in Computer Science), Rupak Majumdar and Viktor Kuncak (Eds.), Vol. 10427. Springer, 22–40.Google Scholar
- Reinhard Wilhelm, Jakob Engblom, Andreas Ermedahl, Niklas Holsti, Stephan Thesing, David B. Whalley, Guillem Bernat, Christian Ferdinand, Reinhold Heckmann, Tulika Mitra, Frank Mueller, Isabelle Puaut, Peter P. Puschner, Jan Staschulat, and Per Stenström. 2008. The worst-case execution-time problem - overview of methods and survey of tools. ACM Trans. Embedded Comput. Syst. 7, 3 (2008), 36:1–36:53. Google ScholarDigital Library
- Martin De Wulf, Laurent Doyen, Thomas A. Henzinger, and Jean-François Raskin. 2006. Antichains: A New Algorithm for Checking Universality of Finite Automata. In Computer Aided Verification, 18th International Conference, CAV 2006, Seattle, WA, USA, August 17-20, 2006, Proceedings (Lecture Notes in Computer Science), Thomas Ball and Robert B. Jones (Eds.), Vol. 4144. Springer, 17–30. Google ScholarDigital Library
- Martin De Wulf, Laurent Doyen, Nicolas Maquet, and Jean-François Raskin. 2008. Alaska: Antichains for Logic, Automata and Symbolic Kripke structures Analysis. In Automated Technology for Verification and Analysis, 6th International Symposium, ATVA 2008, Seoul, Korea, October 20-23, 2008. Proceedings (Lecture Notes in Computer Science), Sung Deok Cha, Jin-Young Choi, Moonzoo Kim, Insup Lee, and Mahesh Viswanathan (Eds.), Vol. 5311. Springer, 240–245. Google ScholarDigital Library
- Yuval Yarom, Daniel Genkin, and Nadia Heninger. 2017. CacheBleed: a timing attack on OpenSSL constant-time RSA. Journal of Cryptographic Engineering 7, 2 (01 Jun 2017), 99–112.Google ScholarCross Ref
Index Terms
- Fast and exact analysis for LRU caches
Recommendations
WCET Analysis with MRU Caches: Challenging LRU for Predictability
RTAS '12: Proceedings of the 2012 IEEE 18th Real Time and Embedded Technology and Applications SymposiumMost previous work in cache analysis for WCET estimation assumes a particular replacement policy called LRU. In contrast, much less work has been done for non-LRU policies, since they are generally considered to be very "unpredictable". However, most ...
Modeling LRU cache with invalidation
Least Recently Used (LRU) is a very popular caching replacement policy. It is very easy to implement and offers good performance, especially when data requests are temporally correlated, as in the case of web traffic.When the data content can change ...
Dynamically Configuring LRU Replacement Policy in Redis
MEMSYS '20: Proceedings of the International Symposium on Memory SystemsTo reduce the latency of accessing backend servers, today’s web services usually adopt in-memory key-value stores in the front end which cache the frequently accessed objects. Memcached and Redis are two most popular key-value cache systems. Due to the ...
Comments