Nov 6, 2009 - Speculation for Parallelizing. Runtime Checks. Martin SüÃkraut, Stefan Weigert, Ute Schiffel, Thomas. Knauth, Martin Nowack, Diogo Becker de ...
Department of Computer Science Institute for System Architecture, Systems-Engineering Group
Speculation for Parallelizing Runtime Checks Martin Süßkraut, Stefan Weigert, Ute Schiffel, Thomas Knauth, Martin Nowack, Diogo Becker de Brum, and Christof Fetzer {martin.suesskraut, stefan.weigert, ute.schiffel, thomas.knauth, martin.nowack, diogo.becker, christof.fetzer}@tu-dresden.de
SSS 2009, 6th November 2009
Runtime Checks Cannot accept a single wrong output
SSS 2009, 6th Nov 2009
Safety critical systems
ParExC: Speculation for Parallelizing Runtime Checks
Slide 2
Runtime Checks Cannot accept a single wrong output
Runtime Checks
SSS 2009, 6th Nov 2009
Safety critical systems
Inserted by compiler
ParExC: Speculation for Parallelizing Runtime Checks
Slide 3
Runtime Checks Cannot accept a single wrong output
Runtime Checks
High Runtime Overheads
SSS 2009, 6th Nov 2009
Safety critical systems
Inserted by compiler
Buffer overflow: 40x
ParExC: Speculation for Parallelizing Runtime Checks
Slide 4
Goal: Parallelization of Runtime Checks Use multi-cores
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 5
Goal: Parallelization of Runtime Checks Use multi-cores
Parallelize Application with Runtime Checks
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 6
Goal: Parallelization of Runtime Checks Use multi-cores
Parallelize Application with Runtime Checks
SSS 2009, 6th Nov 2009
Parallelize Runtime Checks Only
ParExC: Speculation for Parallelizing Runtime Checks
Slide 7
Parallel Application vs. Parallel Checks Parallelize Application with Runtime Checks • Requirement: parallelized application • Checker has to be parallelized too • Can transactional memory help?
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 8
Parallel Application vs. Parallel Checks Parallelize Application with Runtime Checks • Requirement: parallelized application • Checker has to be parallelized too • Can transactional memory help?
SSS 2009, 6th Nov 2009
Parallelize Runtime Checks Only • No parallelized application need • Only need a parallel checker • Can we build a framework?
ParExC: Speculation for Parallelizing Runtime Checks
Slide 9
Parallel Application vs. Parallel Checks Parallelize Application with Runtime Checks • Requirement: parallelized application • Checker has to be parallelized too • Can transactional memory help?
SSS 2009, 6th Nov 2009
Parallelize Runtime Checks Only • No parallelized application need • Only need a parallel checker • Can we build a framework? s
ParExC: Speculation for Parallelizing Runtime Checks
u c Fo
Slide 10
Contribution: ParExC Framework • ParExC: Framework for parallelized runtime checks – Static instrumentation – Speculative system calls – Speculative checker state
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 11
Our Checkers Out-of-bounds
SSS 2009, 6th Nov 2009
- Tracks memory allocations - Checks every load & store
ParExC: Speculation for Parallelizing Runtime Checks
Slide 12
Our Checkers Out-of-bounds
- Tracks memory allocations - Checks every load & store
Dataflow integrity
- Static model of dataflow - Enforce model at runtime
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 13
Our Checkers Out-of-bounds
- Tracks memory allocations - Checks every load & store
Dataflow integrity
- Static model of dataflow - Enforce model at runtime
Encoded Processing
- Detects mainly hardware errors - Adds redundancy to every variable & operation
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 14
Parallel Checking Application without checks: Application with checks:
SSS 2009, 6th Nov 2009
time
ParExC: Speculation for Parallelizing Runtime Checks
Slide 15
Parallel Checking Application without checks: Application with checks:
time
Parallel Checking: Core 0
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 16
Parallel Checking Application without checks: Application with checks:
time
Parallel Checking: Core 0
Snapshot (epoch boundary)
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 17
Parallel Checking Application without checks: Application with checks:
time
Parallel Checking: Core 0 Core 1
Snapshot (epoch boundary) Replay with Checks Fork executor
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 18
Parallel Checking Application without checks: Application with checks:
time
Parallel Checking: Core 0 Core 1
Snapshot (epoch boundary)
Core 2
Replay with Checks Fork executor
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 19
Parallel Checking Application without checks: Application with checks:
time
Parallel Checking: Core 0 Core 1
Snapshot (epoch boundary)
Core 2
Replay with Checks Fork executor
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 20
Restrictions of Parallel Checking • Speedup limited by checking overhead • Synchronize checker state between epochs
Parallel Checking: Core 0 Core 1
Snapshot (epoch boundary)
Core 2
Replay with Checks Fork executor
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 21
Checker State • Out-of-bounds checker keeps track of allocations – Tracking only in checking variant – Parallelization may break causality
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 22
Checker State • Out-of-bounds checker keeps track of allocations – Tracking only in checking variant – Parallelization may break causality A: char* buf = malloc (10); … B: buf[5] = …
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 23
Checker State • Out-of-bounds checker keeps track of allocations – Tracking only in checking variant – Parallelization may break causality A: char* buf = malloc (10); … B: buf[5] = …
A
B
time
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 24
Checker State • Out-of-bounds checker keeps track of allocations – Tracking only in checking variant – Parallelization may break causality A: char* buf = malloc (10); … B: buf[5] = …
A
B
time
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 25
Checker State • Out-of-bounds checker keeps track of allocations – Tracking only in checking variant – Parallelization may break causality A: char* buf = malloc (10); … B: buf[5] = …
A
B A
time
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 26
Checker State • Out-of-bounds checker keeps track of allocations – Tracking only in checking variant – Parallelization may break causality A: char* buf = malloc (10); … B: buf[5] = …
A
B A
time
SSS 2009, 6th Nov 2009
B ParExC: Speculation for Parallelizing Runtime Checks
Slide 27
Checker State • Out-of-bounds checker keeps track of allocations – Tracking only in checking variant – Parallelization may break causality A: char* buf = malloc (10); … B: buf[5] = …
A
B A
time
SSS 2009, 6th Nov 2009
B ParExC: Speculation for Parallelizing Runtime Checks
Slide 28
Checker State • Out-of-bounds checker keeps track of allocations – Tracking only in checking variant – Parallelization may break causality A: char* buf = malloc (10); … B: buf[5] = …
A
B A
time
SSS 2009, 6th Nov 2009
B ParExC: Speculation for Parallelizing Runtime Checks
Slide 29
Speculative Variables • Solution: speculate on checker state A: char* buf = malloc (10); … B: buf[5] = …
B SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 30
Speculative Variables • Solution: speculate on checker state A: char* buf = malloc (10); … B: buf[5] = …
obligation: sizeof(buf) >= 6 SSS 2009, 6th Nov 2009
B ParExC: Speculation for Parallelizing Runtime Checks
Slide 31
Speculative Variables • Solution: speculate on checker state A: char* buf = malloc (10); … B: buf[5] = …
A fact: sizeof(buf) = 10
obligation: sizeof(buf) >= 6 SSS 2009, 6th Nov 2009
B ParExC: Speculation for Parallelizing Runtime Checks
Slide 32
Speculative Variables • Solution: speculate on checker state A: char* buf = malloc (10); … B: buf[5] = …
A fact: sizeof(buf) = 10
obligation: sizeof(buf) >= 6 SSS 2009, 6th Nov 2009
B ParExC: Speculation for Parallelizing Runtime Checks
Slide 33
Speculative Variables • Solution: speculate on checker state A: char* buf = malloc (10); … B: buf[5] = …
A
write
sizeof(buf) = 10
fact: sizeof(buf) = 10
obligation: sizeof(buf) >= 6 SSS 2009, 6th Nov 2009
B ParExC: Speculation for Parallelizing Runtime Checks
Slide 34
Speculative Variables • Solution: speculate on checker state A: char* buf = malloc (10); … B: buf[5] = …
A
write
sizeof(buf) = 10
fact: sizeof(buf) = 10
check: fact ↔ obligation obligation: sizeof(buf) >= 6 SSS 2009, 6th Nov 2009
B ParExC: Speculation for Parallelizing Runtime Checks
Slide 35
Speculative System Calls • Cannot allow unchecked output • Deterministic Replay of system calls
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 36
Speculative System Calls • Cannot allow unchecked output • Deterministic Replay of system calls Kernel
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 37
Speculative System Calls • Cannot allow unchecked output • Deterministic Replay of system calls Kernel
Speculative System call SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 38
Speculative System Calls • Cannot allow unchecked output • Deterministic Replay of system calls Kernel
Speculative System call SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 39
Speculative System Calls • Cannot allow unchecked output • Deterministic Replay of system calls Kernel
Speculative System call SSS 2009, 6th Nov 2009
Replayed System call ParExC: Speculation for Parallelizing Runtime Checks
Slide 40
Speculative System Calls • Cannot allow unchecked output • Deterministic Replay of system calls Kernel
Speculative System call SSS 2009, 6th Nov 2009
Replayed System call ParExC: Speculation for Parallelizing Runtime Checks
Commit Slide 41
Evaluation • 8 core machine • Focus: scalability – Growing limits for number of used threads
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 42
Dataflow integrity checker • Slowdown – Vacation: sequential: 7.3x → parallel: 1.9x – Labyrinth: sequential: 7.1x → parallel: 1.4x
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 43
Encoded Processing
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 44
Comparison Parallelize Application with Runtime Checks • Parallelize with STM (Tanger + TinySTM) – Application – Checker
SSS 2009, 6th Nov 2009
Parallelize Runtime Checks Only • ParExC
ParExC: Speculation for Parallelizing Runtime Checks
Slide 45
Comparison: Out-of-Bounds checker Parallelize Application with Runtime Checks
Parallelize Runtime Checks Only
• Two parallelized STM-benchmarks • Instrumentation: the same for both variants • State: STM
SSS 2009, 6th Nov 2009
• State: Speculative Variables
ParExC: Speculation for Parallelizing Runtime Checks
Slide 46
Ouf-of-Bounds: STM (Tanger) vs. ParExC
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 47
Conclusion • Speculative Runtime Checking – Is fast – Scales well • Scalability limited by checker slowdown
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 48
Conclusion • Speculative Runtime Checking – Is fast – Scales well • Scalability limited by checker slowdown Currently: Low number of cores? Parallelize the runtime checks and not the application.
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 49
Comparison: What about our other checkers? • Dataflow integrity – Difficult to build dataflow model for parallel applications • Encoded processing – No parallelized benchmarks (yet)
SSS 2009, 6th Nov 2009
ParExC: Speculation for Parallelizing Runtime Checks
Slide 50
