use dual page map scheme to improve cache consistency

DynamoRIO / dynamorio

Dynamic Instrumentation Tool Platform

Other

2.64k stars 559 forks source link

use dual page map scheme to improve cache consistency #1114

Open derekbruening opened 9 years ago

derekbruening commented 9 years ago

From bruen...@google.com on March 12, 2013 15:13:40

idea is to use dual page map scheme to avoid race of page prot vs instru. also avoids kernel page access problem. and improves performance.

Original issue: http://code.google.com/p/dynamorio/issues/detail?id=1114

derekbruening commented 9 years ago

From zhao...@google.com on April 23, 2013 07:46:18

The basic idea is make the same physical page P map to two virtual pages P' and P".

P' is write-protected and exposed to application
P" is only known by DR and is write-able. Any attempt to write to page P' will trigger an access violation. On seeing the access violation, DR will re-instrument the code to redirect the write to P".

There are a few advantages:

we would avoid the racy page protection changes during the execution.
writing usually happens much less frequently than reading/executing, so we will have low performance overhead.
we can detect the memory write by system call
it is possible to have a smaller granularity on consistency check.

derekbruening commented 9 years ago

From bruen...@google.com on January 21, 2014 09:15:19

to do the mapping:

if anon, make it file-backed. if file-backed and non-COW, done. if file-backed and COW, change backing to a new copy of orig file.

derekbruening commented 9 years ago

From bruen...@google.com on August 20, 2014 13:25:28

pasting some other notes I had:

elaborating on cache cons:

to get a benefit beyond the page prot race and the kernel access problem, we would switch to allowing sub-page regions (today only allowed for sandboxing) and can then check whether this is an append by a JIT on the same page. this will handle a JIT appending one fragment (beyond sub-page code region), then executing (we extend the region), then repeats, w/o any flushes.

if a particular page is written a lot, by a few writing instrs, we redirect those writing instrs to check whether it hits that page (hashtable of double-mapped pages) and if so check whether it's on a sub-page or not.

Owner: byron.c....@gmail.com

byron-hawkins commented 9 years ago

On linux it seems the double-mapping is only possible using shm, which is not compatible with the JIT's original memory allocation. It works to replace the JIT allocation with a new one in shm that can be double-mapped. This did not create significant performance overhead in the benchmarks.

This approach has potential issues on Windows, since it could require replacing a large reservation, even if only a small region of that memory is actually committed for JIT use. If we're lucky, it may be possible to just double-map the original allocation.

jessiepathfinder commented 4 years ago

C:\workspaces\DynamoRIO-Windows-8.0.0-1\bin32\drrun -use_dll C:\workspaces\DynamoRIO-Windows-8.0.0-1\lib64\release\dynamorio.dll -root C:\workspaces\DynamoRIO-Windows-8.0.0-1 -indirect_stubs -opt_speed -c C:\workspaces\DynamoRIO-Windows-8.0.0-1\samples\bin32\inline.dll -opt_cleancall 3 -thread_private -early_inject -msgbox_mask 0 -opt_jit -x86_to_x64 -x86_to_x64_ibl_opt -- "C:\Program Files (x86)\Minecraft Story Mode Episode 8\MinecraftStoryMode.exe"