• 220 likes • 234 Views
New Features in Paradyn and Dyninst. Matthew LeGendre legendre@cs.wisc.edu. Ray Chen rchen@cs.umd.edu. The Road from 4.2 to 5.0. Paradyn/Dyninst 4.2 was released in March 2005. Paradyn/Dyninst 5.0 coming very soon.
E N D
New Features in Paradyn and Dyninst Matthew LeGendre legendre@cs.wisc.edu Ray Chen rchen@cs.umd.edu
The Road from 4.2 to 5.0 • Paradyn/Dyninst 4.2 was released in March 2005. • Paradyn/Dyninst 5.0 coming very soon. • In that time, we’ve changed ~40,000* lines out of Dyninst’s 146,000 line code base. • But the code base only grew by ~4,000 lines * loose estimate
Major Features • MRNet integration into Paradyn • More powerful instrumentation system • New threaded event handler • Support for multithreaded mutatees • Performance improvements • New test suite • Linux/AMD64 support • Improved Windows support Dyninst 5.0
Improvements in Scalability • Paradyn/Dyninst 5.0 will be able to handle a wider variety of applications at a more fine-grained level. • We recently used Dyninst to track every branch and return instruction in the Microsoft Word executable. • Users have used pre-releases to instrument every basic block in a ~200MB binary. Dyninst 5.0
MRNet Integration • Paradyn 5.0 now uses MRNet as a communication mechanism between the front end and its backends. • Lays the groundwork for us to start using Paradyn in large-scale computing environments. • An experimental implementation easily ran Paradyn on a 1024 node job. Dyninst 5.0
New Parsing and Instrumentation Systems • New parsing system helps us to distinguish code from data, allowing for more reliable and safe instrumentation. • New instrumentation system allows us to efficiently instrument any instruction in a binary. Dyninst 5.0
Support for Multithreaded Apps • Allows Dyninst to work with multithreaded mutatees • Linux/x86, Linux/IA64, Linux/AMD64, AIX/Power, Solaris/SPARC, and Win32/x86 • Mutators will need to be upgraded to use the new threading interface before they’ll work on multithreaded mutatees. Dyninst 5.0
Current DyninstAPI Model BPatch_process BPatch_thread BPatch_image BPatch_module BPatch_function Dyninst 5.0
Backwards Compatibility • Old Dyninst mutators will continue to work on single threaded applications. • Process operations that used to exist in BPatch_thread are being cloned in BPatch_process. For Example: • BPatch_thread::malloc will call BPatch_process::malloc in the owner process. Dyninst 5.0
Performance Improvements • Lazy parsing of binaries and libraries speeds up Dyninst startup. • Cleaned up memory leaks and reduced memory usage in Dyninst. • We recently were able to run ~150 mutatees through one invocation of a Dyninst mutator. Dyninst 5.0
Register Optimizations • Register Liveness Analysis • Instrumentation point analyzed for which registers are live • Basetramp tailored for specific instPoint • Only live registers need to be saved • Reduces overhead of instrumentation • Implemented for GPR and FPR on Power • Implemented for GPR on x86_64 Dyninst 5.0
Register Optimizations • Register Usage Analysis • Snippet analyzed for registers used • Basetramp tailored for snippets at that point • Functions called from instrumentation checked for register usage • Calls dealt with recursively • Implemented for GPR and FPR on Power • Implemented for block FPR on x86 and x86_64 Dyninst 5.0
Register Optimization • Naturally leads to minitramp in-lining • Basetramp generated specifically for minitramp • Snippet becomes one contiguous piece of code • Enabled with BPatch::setMergeTramp(true); • One step closer to Dyninst as binary editor Dyninst 5.0
Register Optimizations • This stuff works! • Test written on Power architecture • Every basic block of mutatee instrumented Dyninst 5.0
Transactions • More intelligent code generation requires a more descriptive API • Code generated for multi-tramp and in-lining highly sensitive to their associated snippets • Reduce unnecessary re-writes to mutatee memory • Enabled from BPatch_process module • BPatch_process::beginInsertionSet(); • BPatch_process::finalizeInsertionSet(bool); Dyninst 5.0
Improved Testing • Old Testsuite’s Monolithic Structure • 15 major test categories • Few developers know the meaning of all 15 • Poor distribution of subtests • 40 subtests in Test1 • 1 subtest in Test15 • Difficult to add new subtests • Functionality goes untested Dyninst 5.0
Improved Testing • New Testsuite • Each subtest split into separate file • Easier to understand goal of test simply from code • Easier to add new test to the system • Compatible with old testsuite • Nightly runs logged in regression database along with old testsuite • Planned to replace old testsuite soon after 5.0 release Dyninst 5.0
Improved Testing • parseThat • Tool for testing Dyninst on arbitrary binaries • Two major goals • Allows for regular testing on production-scale application binaries • Eg: GCC, Firefox, MySQL • Allows for detailed bug reports from users Dyninst 5.0
X86_64 Support • Introduces support for 64-bit mutatees • One library to instrument them all • 32 and 64-bit mutatees both handled from same libdyninstAPI.so • Mutatee word-length automatically recognized • Successfully running testsuite nightly Dyninst 5.0
Improved Windows Support • Windows is important for Dyninst’s future as a Security tool. • Now supporting Visual Studio 2003 • More reliable stripped binary support • Able to handle newer debugging information formats. • Tested and works with the Microsoft Office suite. Dyninst 5.0
Miscellaneous • Keeping up with the times • GCC 4.x Support • Mutatees built from GCC 4.x • Building DyninstAPI with GCC 4.x Dyninst 5.0
Questions? Ray Chen rchen@cs.umd.edu Matthew LeGendre legendre@cs.wisc.edu Dyninst 5.0