Article

How to shadow every byte of memory used by a program

Authors:

Nicholas Nethercote,

Julian SewardAuthors Info & Claims

VEE '07: Proceedings of the 3rd international conference on Virtual execution environments

Pages 65 - 74

https://doi.org/10.1145/1254810.1254820

Published: 13 June 2007 Publication History

Abstract

Several existing dynamic binary analysis tools use shadowmemory-they shadow, in software, every byte of memory used by a program with another value that says something about it. Shadow memory is difficult to implement both efficiently and robustly. Nonetheless, existing shadow memory implementations have not been studied in detail. This is unfortunate, because shadow memory is powerful-for example, some of the existing tools that use it detect critical errors such as bad memory accesses, data races, and uses of uninitialised or untrusted data. In this paper we describe the implementation of shadow memory in Memcheck, a popular memory checker built with Valgrind, a dynamic binary instrumentation framework. This implementation has several novel features that make it efficient: carefully chosen data structures and operations result in a mean slow-down factor of only 22.2 and moderate memory usage. This may sound slow, but we show it is 8.9 times faster and 8.5 times smaller on average than a naive implementation, and shadow memory operations account for only about half of Memcheck's execution time. Equally importantly, unlike some tools, Memcheck's shadow memory implementation is robust: it is used on Linux by thousands of programmers on sizeable programs such as Mozilla and OpenOffice, and is suited to almost any memory configuration. This is the first detailed description of a robust shadow memory implementation, and the first detailed experimental evaluation of any shadow memory implementation. The ideas within are applicable to any shadow memory tool built with any instrumentation framework.

References

[1]

D. Bruening, T. Garnett, and S. Amarasinghe. An infrastructure for adaptive dynamic optimization. In Proceedings of CGO'03, pages 265--276, San Francisco, California, USA, March 2003.

Digital Library

[2]

M. Burrows. Personal communication, February 2006.

[3]

M. Burrows, S. N. Freund, and J. L. Wiener. Run-time type checking for binary programs. In Proceedings of CC 2003, pages 90--105, Warsaw, Poland, April 2003.

Digital Library

[4]

W. Cheng, Q. Zhao, B. Yu, and S. Hiroshige. Tainttrace: Efficient flow tracing with dynamic binary rewriting. In Proceedings of ISCC 2006, pages 749--754, Cagliari, Sardinia, Italy, June 2006.

Digital Library

[5]

J. J. Harrow, Jr. Runtime checking of multithreaded applications with Visual Threads. In Proceedings of SPIN 2000, pages 331--342, Stanford, California, USA, August 2000.

Digital Library

[6]

R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proceedings of the Winter USENIX Conference, pages 125--136, San Francisco, California, USA, January 1992.

[7]

K. Hazelwood. Code Cache Management in Dynamic Optimization Systems. PhD thesis, Harvard University, Cambridge, Mass., USA, May 2004.

[8]

V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proceedings of the 11th USENIX Security Symposium, pages 191--206, San Francisco, California, USA, August 2002.

Digital Library

[9]

C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: Building customized program analysis tools with dynamic instrumentation. In Proceedings of PLDI 2005, pages 191--200, Chicago, Illinois, USA, June 2005.

Digital Library

[10]

A. Mühlenfeld and F. Wotawa. Fault detection in multi-threaded C++ server applications. In Informal Proceedings of TV06, pages 191--200, Seattle, Washington, USA, August 2006.

[11]

S. Narayanasamy, C. Pereira, H. Patil, R. Cohn, and B. Calder. Automatic logging of operation system effects to guide application--level architecture simulation. In Proceedings of SIGMetrics/Performance 2006, pages 216--227, St. Malo, France, June 2006.

Digital Library

[12]

N. Nethercote. Dynamic Binary Analysis and Instrumentation. PhD thesis, University of Cambridge, United Kingdom, November 2004.

[13]

N. Nethercote and J. Fitzhardinge. Bounds-checking entire programs without recompiling. In Informal Proceedings of SPACE 2004, Venice, Italy, January 2004.

[14]

N. Nethercote and A. Mycroft. Redux: A dynamic dataflow tracer. Electronic Notes in Theoretical Computer Science, 89(2), 2003.

[15]

N. Nethercote and J. Seward. Valgrind: A program supervision framework. Electronic Notes in Theoretical Computer Science, 89(2), 2003.

[16]

Nicholas Nethercote and Julian Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. In Proceedings of PLDI 2007, San Diego, California, USA, June 2007.

Digital Library

[17]

J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of NDSS '05, San Diego, California, USA, February 2005.

[18]

F. Qin, C. Wang, Z. Li, H. Kim, Y. Zhou, and Y. Wu. Lift: A low-overhead practical information flow tracking system for detecting security attacks. In Proceedings of the Annual IEEE/ACM International Symposium on Microarchitecture (Micro'06), Orlando, Florida, USA, December 2006.

Digital Library

[19]

M. Ronsse, B. Stougie, J. Maebe, F. Cornelis, and K. De Bosschere. An efficient data race detector backend for DIOTA. In Parallel Computing: Software Technology, Algorithms, Architectures & Applications, volume~13, pages 39--46. Elsevier, February 2004.

[20]

S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: A dynamic data race detector for multithreaded programs. ACM Transactions on Computer Systems, 15(4):391--411, November 1997.

Digital Library

[21]

J. Seward and N. Nethercote. Using Valgrind to detect undefined value errors with bit-precision. In Proceedings of the USENIX'05 Annual Technical Conference, Anaheim, California, USA, April 2005.

Digital Library

[22]

The Valgrind Developers. Valgrind. url http://www.valgrind.org/.

Cited By

Xu ZChon YSu YTan ZApostolakis SCampanoni SAugust D(2024)PROMPT: A Fast and Extensible Memory Profiling FrameworkProceedings of the ACM on Programming Languages10.1145/36498278:OOPSLA1(449-473)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649827
Mishra DKanellopoulos KPanwar ASriraman ASeshadri VMutlu OMowry T(2024)Address Scaling: Architectural Support for Fine-Grained Thread-Safe Metadata ManagementIEEE Computer Architecture Letters10.1109/LCA.2024.337376023:1(69-72)Online publication date: Jan-2024
https://doi.org/10.1109/LCA.2024.3373760
Zhai YZink MGuissouma HHahn MCaggiano MSax E(2024)Analysis of Update Capabilities of Modern Automotive Electric/Electronic Architectures2024 IEEE 19th Conference on Industrial Electronics and Applications (ICIEA)10.1109/ICIEA61579.2024.10665021(1-8)Online publication date: 5-Aug-2024
https://doi.org/10.1109/ICIEA61579.2024.10665021
Show More Cited By

Index Terms

Recommendations

Valgrind: a framework for heavyweight dynamic binary instrumentation
Proceedings of the 2007 PLDI conference

Dynamic binary instrumentation (DBI) frameworks make it easy to build dynamic binary analysis (DBA) tools such as checkers and profilers. Much of the focus on DBI frameworks has been on performance; little attention has been paid to their capabilities. ...
Valgrind: a framework for heavyweight dynamic binary instrumentation
PLDI '07: Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation

Dynamic binary instrumentation (DBI) frameworks make it easy to build dynamic binary analysis (DBA) tools such as checkers and profilers. Much of the focus on DBI frameworks has been on performance; little attention has been paid to their capabilities. ...
Architectural support for shadow memory in multiprocessors
VEE '09: Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

Runtime monitoring support serves as a foundation for the important tasks of providing security, performing debugging, and improving performance of applications. Often runtime monitoring requires the maintenance of information associated with each of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

VEE '07: Proceedings of the 3rd international conference on Virtual execution environments

June 2007

210 pages

ISBN:9781595936301

DOI:10.1145/1254810

General Chair:
Chandra Krintz
University of California, Santa Barbara
,
Program Chairs:
Steven Hand
University of Cambridge
,
David Tarditi
Microsoft Research

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 June 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

VEE07

Sponsor:

VEE07: International Conference on Virtual Execution Environments

June 13 - 15, 2007

California, San Diego, USA

Acceptance Rates

Overall Acceptance Rate 80 of 235 submissions, 34%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

185
Total Citations
View Citations
1,300
Total Downloads

Downloads (Last 12 months)63
Downloads (Last 6 weeks)8

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Xu ZChon YSu YTan ZApostolakis SCampanoni SAugust D(2024)PROMPT: A Fast and Extensible Memory Profiling FrameworkProceedings of the ACM on Programming Languages10.1145/36498278:OOPSLA1(449-473)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649827
Mishra DKanellopoulos KPanwar ASriraman ASeshadri VMutlu OMowry T(2024)Address Scaling: Architectural Support for Fine-Grained Thread-Safe Metadata ManagementIEEE Computer Architecture Letters10.1109/LCA.2024.337376023:1(69-72)Online publication date: Jan-2024
https://doi.org/10.1109/LCA.2024.3373760
Zhai YZink MGuissouma HHahn MCaggiano MSax E(2024)Analysis of Update Capabilities of Modern Automotive Electric/Electronic Architectures2024 IEEE 19th Conference on Industrial Electronics and Applications (ICIEA)10.1109/ICIEA61579.2024.10665021(1-8)Online publication date: 5-Aug-2024
https://doi.org/10.1109/ICIEA61579.2024.10665021
Chen ZYan RMa YSui YXue J(2023)A Smart Status Based Monitoring Algorithm for the Dynamic Analysis of Memory SafetyACM Transactions on Software Engineering and Methodology10.1145/363722733:4(1-47)Online publication date: 11-Dec-2023
https://dl.acm.org/doi/10.1145/3637227
Ly DKosmatov NLoulergue FSignoles J(2023)Sound Runtime Assertion Checking for Memory Properties via Program TransformationFormal Aspects of Computing10.1145/360595136:1(1-46)Online publication date: 31-Jul-2023
https://dl.acm.org/doi/10.1145/3605951
Lei HZhang ZZhang SJiang PZhong ZHe NLi DGuo YChen XMeng WJensen CCremers CKirda E(2023)Put Your Memory in Order: Efficient Domain-based Memory Isolation for WASM ApplicationsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623205(904-918)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623205
Chen ZZhang QWu JYan JXue J(2023)A Source-Level Instrumentation Framework for the Dynamic Analysis of Memory SafetyIEEE Transactions on Software Engineering10.1109/TSE.2022.321058049:4(2107-2127)Online publication date: 1-Apr-2023
https://doi.org/10.1109/TSE.2022.3210580
Jeong JLee C(2023)S2MSim: Cycle-Accurate and High-Performance Simulator Based on Multi-Threading for Space Multi-Core ProcessorInternational Journal of Aeronautical and Space Sciences10.1007/s42405-023-00627-y24:5(1465-1478)Online publication date: 8-Jun-2023
https://doi.org/10.1007/s42405-023-00627-y
Zhai JJin YChen WZheng WZhai JJin YChen WZheng W(2023)Informed Memory Access MonitoringPerformance Analysis of Parallel Applications for HPC10.1007/978-981-99-4366-1_4(73-97)Online publication date: 19-Jun-2023
https://doi.org/10.1007/978-981-99-4366-1_4
Monniaux DGourdin LBoulmé SLebeltel O(2023)Testing a Formally Verified CompilerTests and Proofs10.1007/978-3-031-38828-6_3(40-48)Online publication date: 18-Jul-2023
https://dl.acm.org/doi/10.1007/978-3-031-38828-6_3
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents