Thread-Safe Dynamic Binary Translation using Transactional Memory

JaeWoong Chung, Michael Dalton, Harri Kannan and Christos Kozyrakis (HPCA 2008)

LBA reading group 02/07/2008

by Evangelos Vlachos

Introduction

Wide spectrum of DBT applicability Debugging, Cross-ISA binary compatibility, etc.

Poor support for multithreaded applications Data races on metadata

Solutions given so far Not supported Locking Serialization of application’s threads

Introduction

Solution proposed DBT with transactional memory to eliminate

metadata races Implemented a DBT framework that runs DIFT on

multithreaded applications

Overview

DBT & DIFT overview DBT & TM = Thread-Safe DBT Optimazations for DBT Transactions DIFT prototype Evaluation Conclusion

Metadata RacesFalse negative False positive

• Introduction of metadata breaks atomicity of RMW instructions

• Attackers may introduce race conditions to exploit memory safety vulnerabilities

DBT + TM

Different flavors of TM STM, Hybrid STM, HTM

Many issues to consider and many trade-offs

…to be continued

DBT + TM

Software & Hybrid TM High overhead – Barriers required for every access

Transaction Length Basic block boundaries? Indirect branches?

DBT + TM

User level transactions Requires nesting of transactions Avoid partial overlap of transactions

User level sync If span multiple

blocks problem Solution:

Detect Re-instrument Re-optimize for basic

blocks

DBT + TM optimizations

Length & cost of starting a transaction DBT trace granularity

Limited length Cost only at start & end of the trace

Dynamic transaction merging At Tx_End check if work amortizes cost Some additional cost when merging Longer transactions

DBT + TM optimizations

Limit the use of barriers Conflict detection & Data Versioning Categorize accesses

During trace generation Dynamically

DIFT prototype

Software TM system Based on Pin 210 locks word version encoded also Software checkpoint provided by Pin RD_barrier(), WR_barrier(), WRlocal_barrier() Transaction length = DBT trace

All other systems emulated!!! ☺

Evaluation

Compared to the same DIFT tool without transactions (not thread-safe)

Evaluation

Effect of Transaction Length Additional overhead to base case TM system

Evaluation

Effect of access categorization

Evaluation

Effect of Hardware Support for Transactions

Conclusion

First system to truly support parallel monitoring

Based on TM to resolve metadata races Based on DBT High Overhead due to DBT