SlideShare a Scribd company logo

Code Instrumentation, Dynamic Tracing

Martin Děcký
Martin Děcký

This document discusses various techniques for instrumenting and monitoring computer systems, including interactive debugging, profiling, tracing, and post-mortem analysis. It describes approaches like inserting breakpoints, collecting stack traces, and analyzing core dumps. Dynamic tracing tools allow instrumenting running systems with minimal overhead through techniques like DTrace and SystemTap, which use probes to monitor events like system calls and kernel functions.

1 of 22
Download to read offline
http://d3s.mff.cuni.cz http://d3s.mff.cuni.cz/aosy Martin Děcký decky@d3s.mff.cuni.cz Code Instrumentation, Dynamic Tracing Code Instrumentation, Dynamic Tracing
2Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing ObservabilityObservability What is the system doing? Beyond the obvious (externally visible state changes) Interactive debugging Profiling Tracing Post-mortem analysis Many flavors Development / testing / production Static / dynamic Intrusive / non-intrusive
3Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing InstrumentationInstrumentation Application of measuring instruments Recording of states and values Safety How the measurements affect the state or the values Overhead How the measurements affect the performance (active / inactive) Scope Global vs. local phenomena
4Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Interactive DebuggingInteractive Debugging Mechanisms Breakpoints Software breakpoints (BREAK, INT3) Hardware breakpoints DR0 to DR7 debug registers on x86 (4 linear addresses, trigger conditions [read, write, execute, I/O, area size], status) Single-stepping Trap flag in FLAGS, interrupt vector 1 on x86 Watchpoints Hardware memory access breakpoints (can be emulated via the paging mechanism) WatchLo, WatchHi on MIPS (1 physical address, trigger [read, write])
5Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Interactive Debugging (2)Interactive Debugging (2) Debugger User interface Exception handling code (privileged) Kernel stub Communicating with the debugger UI process – ptrace(2), SIGTRAP, break-in thread (DebugActiveProcess()) Remote debugging – Serial line, FireWire, USB, virtualization extension Full-fledged in-kernel debugger (kmdb in Solaris) 3rd party debugger (SoftICE, Rasta Ring 0) Firmware debugger, hypervisor debugger stub Non-maskable Interrupt, SysRq Debugging countermeasures
6Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Interactive Debugging (3)Interactive Debugging (3) pid_t pid = fork(); if (pid == 0) { ptrace(PTRACE_TRACEME, 0, NULL, NULL); execve(...); } int wstatus; waitpid(pid, &wstatus, 0); // examine wstatus ptrace(PTRACE_SETOPTIONS, pid, NULL, PTRACE_O_EXITKILL | PTRACE_O_TRACECLONE | PTRACE_O_TRACEEXEC | PTRACE_O_TRACEEXIT | PTRACE_O_TRACEFORK | ...); ptrace(PTRACE_GETSIGINFO, pid, NULL, siginfo); ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, iovec); ptrace(PTRACE_PEEKTEXT, pid, remote_addr, local_addr); ptrace(PTRACE_POKETEXT, pid, remote_addr, local_addr); ptrace(PTRACE_CONT, pid, NULL, NULL); trace all signals deliver SIGTRAP after successful exec
7Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing ProfilingProfiling Run-time performance instrumentation Exact profiling Triggered when an interesting event happens, sampling relevant information (timestamp, CPU performance counters, stack trace, etc.) GNU Profiler Using gcc -pg or gcc -pg -mrecord-mcount -mnop-mcount Call to mcount() in every function prologue (optionally epilogue) – Collects information into gmon.out – Postprocessed by gprof Statistical profiling Sampling information in regular intervals PC mapped to symbol name OProfile System-wide profiling
8Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Performance MetricsPerformance Metrics Resource accounting Memory usage (resident/virtual/shared memory, buffers, caches) Time User time, system time, idle time (measured precisely) %user + %system + %idle = 100 % Utilization: %user + %system Saturation: How much more work is there than the machine can handle (sampled in regular intervals) E.g. number of non-idle CPUs + length of scheduler ready queues Usually exponential moving average: cur = prev × decay + n × (1 – decay) Microstate accounting
9Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing TracingTracing Observing events Similar to debugging, but usually high-level events Similar to logging, but activated on-demand System calls, kernel functions, library functions, logical events (e.g. context switches, sending/receiving packets, etc.), even user space logical events Usually asynchronous (avoiding serialization) truss(1), strace(2), ltrace(1) DTrace, SystemTap
10Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing D script dtrace(1M) lockstat(1M) plockstat(1M) libdtrace(3LIB) dtrace(3D) DTrace syscallsysinfo usdtfasttrappid sdt fbt intrstat(1M) consumers user space kernel providers D compiler communication device D virtual machine user-space provider DTraceDTrace
11Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing DTrace (2)DTrace (2) Properties Probe specification language (D script) Active / inactive probes Zero / small overhead Safety for production system Virtual machine, no branching, no loops, safety checks, no state change (unless specified) No debug builds Compact Type Information Correlation of events, aggregate statistics
12Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing SystemTapSystemTap Properties Probe specification language (SystemTap script) Preprocessed into a kernel module source → kernel module Active / inactive probes Zero / small overhead Safety for production system not guaranteed Requires debugging kernel build Correlation of events, aggregate statistics Uses ftrace and kprobes as kernel backends
13Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing DTrace sampleDTrace sample #! /usr/sbin/dtrace -s syscall:::entry { @count[probefunc] = count(); self->ts = timestamp; self->tag = 1; } syscall:::return /self->tag == 1/ { self->ts_diff = timestamp - self->ts; @total[probefunc] = sum(self->ts_diff); @avg[probefunc] = avg(self->ts_diff); } END { printa("%a @%d @%d @%dn", @count, @total, @avg); }
14Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing DTrace sample (2)DTrace sample (2) #! /usr/sbin/dtrace -s #pragma D option quiet hotspot$target:::method-entry { self->indent++; self->trace = 1; printf("%*s -> %s.%sn", self->indent, "", stringof(copyin(arg1, arg2)), stringof(copyin(arg3, arg4))); } hotspot$target:::method-return /self->trace == 1/ { printf("%*s <- %s.%sn", self->indent, "", stringof(copyin(arg1, arg2)), stringof(copyin(arg3, arg4))); self->indent--; self->trace = (self->indent == 0) ? 0 : self->trace; } pid$target:libc::entry /self->trace == 1/ { self->indent++; printf("%*s => %sn", self->indent, "", probefunc); } pid$target:libc::return /self->trace == 1/ { printf("%*s <= %sn", self->indent, "", probefunc); self->indent--; } syscall:::entry /self->trace == 1/ { self->indent++; printf("%*s :> %sn", self->indent, "", probefunc); } syscall:::return /self->trace == 1/ { printf("%*s <: %sn", self->indent, "", probefunc); self->indent--; }
15Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing DTrace Code InstrumentationDTrace Code Instrumentation squeue_enter_chain+0x1af: xorl %eax,%eax xor %eax,%eax squeue_enter_chain+0x1b1: nop nop squeue_enter_chain+0x1b2: nop nop squeue_enter_chain+0x1b3: nop lock nop squeue_enter_chain+0x1b4: nop squeue_enter_chain+0x1b5: nop nop squeue_enter_chain+0x1b6: movb %bl,%bh movb %bl,%bh ufs_mount: pushq %rbp int $0x3 ufs_mount+1: movq %rsp,%rbp movq %rsp,%rbp ufs_mount+4: subq $0x88,%rsp subq $0x88,%rsp ufs_mount+0xb: pushq %rbx pushq %rbx ...... ufs_mount+0x3f3: popq %rbx popq %rbx ufs_mount+0x3f4: movq %rbp,%rsp movq %rbp,%rsp ufs_mount+0x3f7: popq %rbp popq %rbp ufs_mount+0x3f8: ret int $0x3 uninstrumented instrumented later replaced by a call
16Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Code InstrumentationCode Instrumentation Static instrumentation of executables Non-intrusive Avoiding shifting instruction locations (complicated unless the code is PIC) Replacing a byte of an instruction by a trap instruction At run-time, replacing the trap with a call The call emulates the original instruction(s) that are replaced and jumps back to the next instruction Intrusive Techniques similar to binary translation (later) Internal representation of code basic blocks Instrumentation: Inserting new basic block, updating jump/call locations Tricky with self-modifying code, dynamic dispatch, etc. Valgrind, DynInst, Pin, Vulcan, BIRD, PEBIL
17Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Post-mortem AnalysisPost-mortem Analysis Analyzing a root cause of a crash Core dump Snapshot of a single process On-disk format similar to executable format (plus register context and other metadata) Can be opened in interactive debugger Crash dump Snapshot of an entire system Sometimes without user pages and other sensitive data Created by a failing system, rescue system, firmware or out-of-band management NMI to help Special analysis tools
18Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Core DumpCore Dump [1]
19Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Core/Crash Dump AnalysisCore/Crash Dump Analysis Identifying the immediate cause Examining the crash IP location, register context, stack trace, log buffer Maybe instrumentation values (if available) Identifying the root cause Art, science and craftsmanship Heuristic tools to analyze typical crashes (mdb ::findlocks, crash) Gradually reconstructing the events prior to the crash Distrusting information encountered, formulating hypotheses Code optimization gets into the way Analyzing data structures, threads, locks, etc. Looking for interesting literals (0xdeadbeef, 0xbaddcafe, 0xfeedface)
21Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Q&A
22Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing ReferencesReferences [1] Konstantin Lanzet, https://commons.wikimedia.org/wiki/File:KL_Kernspeicher_Makro_1.jpg

Recommended

Module 3-cpu-scheduling
Module 3-cpu-schedulingModule 3-cpu-scheduling
Module 3-cpu-scheduling
Hesham Elmasry
 
Anhnh osg202-1
Anhnh osg202-1Anhnh osg202-1
Anhnh osg202-1
QuynBiVn1
 
Dc 12 Chiueh
Dc 12 ChiuehDc 12 Chiueh
Dc 12 Chiueh
wollard
 
Mutual exclusion and sync
Mutual exclusion and syncMutual exclusion and sync
Mutual exclusion and sync
Dr. C.V. Suresh Babu
 
Parametrized Model Checking of Fault Tolerant Distributed Algorithms by Abstr...
Parametrized Model Checking of Fault Tolerant Distributed Algorithms by Abstr...Parametrized Model Checking of Fault Tolerant Distributed Algorithms by Abstr...
Parametrized Model Checking of Fault Tolerant Distributed Algorithms by Abstr...
Iosif Itkin
 
Sthack 2015 - Jonathan "@JonathanSalwan" Salwan - Dynamic Behavior Analysis U...
Sthack 2015 - Jonathan "@JonathanSalwan" Salwan - Dynamic Behavior Analysis U...Sthack 2015 - Jonathan "@JonathanSalwan" Salwan - Dynamic Behavior Analysis U...
Sthack 2015 - Jonathan "@JonathanSalwan" Salwan - Dynamic Behavior Analysis U...
StHack
 
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)
James Clause
 
Risk Management Webinar
Risk Management WebinarRisk Management Webinar
Risk Management Webinar
janemangat
 

Recommended

Module 3-cpu-scheduling
Module 3-cpu-schedulingModule 3-cpu-scheduling
Module 3-cpu-scheduling
Hesham Elmasry
 
Anhnh osg202-1
Anhnh osg202-1Anhnh osg202-1
Anhnh osg202-1
QuynBiVn1
 
Dc 12 Chiueh
Dc 12 ChiuehDc 12 Chiueh
Dc 12 Chiueh
wollard
 
Mutual exclusion and sync
Mutual exclusion and syncMutual exclusion and sync
Mutual exclusion and sync
Dr. C.V. Suresh Babu
 
Parametrized Model Checking of Fault Tolerant Distributed Algorithms by Abstr...
Parametrized Model Checking of Fault Tolerant Distributed Algorithms by Abstr...Parametrized Model Checking of Fault Tolerant Distributed Algorithms by Abstr...
Parametrized Model Checking of Fault Tolerant Distributed Algorithms by Abstr...
Iosif Itkin
 
Sthack 2015 - Jonathan "@JonathanSalwan" Salwan - Dynamic Behavior Analysis U...
Sthack 2015 - Jonathan "@JonathanSalwan" Salwan - Dynamic Behavior Analysis U...Sthack 2015 - Jonathan "@JonathanSalwan" Salwan - Dynamic Behavior Analysis U...
Sthack 2015 - Jonathan "@JonathanSalwan" Salwan - Dynamic Behavior Analysis U...
StHack
 
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)
James Clause
 
Risk Management Webinar
Risk Management WebinarRisk Management Webinar
Risk Management Webinar
janemangat
 
Covering a function using a Dynamic Symbolic Execution approach
Covering a function using a Dynamic Symbolic Execution approach Covering a function using a Dynamic Symbolic Execution approach
Covering a function using a Dynamic Symbolic Execution approach
Jonathan Salwan
 
nullcon 2011 - Automatic Program Analysis using Dynamic Binary Instrumentation
nullcon 2011 - Automatic Program Analysis using Dynamic Binary Instrumentationnullcon 2011 - Automatic Program Analysis using Dynamic Binary Instrumentation
nullcon 2011 - Automatic Program Analysis using Dynamic Binary Instrumentation
n|u - The Open Security Community
 
Binary instrumentation - dc9723
Binary instrumentation - dc9723Binary instrumentation - dc9723
Binary instrumentation - dc9723
Iftach Ian Amit
 
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...
GangSeok Lee
 
Valgrind
ValgrindValgrind
Valgrind
aidanshribman
 
2010 02 instrumentation_and_runtime_measurement
2010 02 instrumentation_and_runtime_measurement2010 02 instrumentation_and_runtime_measurement
2010 02 instrumentation_and_runtime_measurement
PTIHPA
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
Ajin Abraham
 
Design of Industrial Automation Functional Specifications for PLCs, DCSs and ...
Design of Industrial Automation Functional Specifications for PLCs, DCSs and ...Design of Industrial Automation Functional Specifications for PLCs, DCSs and ...
Design of Industrial Automation Functional Specifications for PLCs, DCSs and ...
Living Online
 
GeeCon2016- High Performance Instrumentation (handout)
GeeCon2016- High Performance Instrumentation (handout)GeeCon2016- High Performance Instrumentation (handout)
GeeCon2016- High Performance Instrumentation (handout)
Jaroslav Bachorik
 
«Вредоносные браузерные расширения и борьба с ними», Александра Сватикова (Од...
«Вредоносные браузерные расширения и борьба с ними», Александра Сватикова (Од...«Вредоносные браузерные расширения и борьба с ними», Александра Сватикова (Од...
«Вредоносные браузерные расширения и борьба с ними», Александра Сватикова (Од...
OWASP Russia
 
IPC in Microkernel Systems, Capabilities
IPC in Microkernel Systems, CapabilitiesIPC in Microkernel Systems, Capabilities
IPC in Microkernel Systems, Capabilities
Martin Děcký
 
LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis
LO-PHI: Low-Observable Physical Host Instrumentation for Malware AnalysisLO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis
LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis
Pietro De Nicolao
 
Embedded Intro India05
Embedded Intro India05Embedded Intro India05
Embedded Intro India05
Rajesh Gupta
 
OORPT Dynamic Analysis
OORPT Dynamic AnalysisOORPT Dynamic Analysis
OORPT Dynamic Analysis
lienhard
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.
guestcf6f5b
 
Digital Forensic tools - Application Specific
Digital Forensic tools - Application SpecificDigital Forensic tools - Application Specific
Digital Forensic tools - Application Specific
ideaflashed
 
Usage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsUsage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics tools
Damir Delija
 
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das
Databricks
 
Beyond Breakpoints: A Tour of Dynamic Analysis
Beyond Breakpoints: A Tour of Dynamic AnalysisBeyond Breakpoints: A Tour of Dynamic Analysis
Beyond Breakpoints: A Tour of Dynamic Analysis
Fastly
 
Intelligent Monitoring
Intelligent MonitoringIntelligent Monitoring
Intelligent Monitoring
Intelie
 
Virtual platform
Virtual platformVirtual platform
Virtual platform
sean chen
 
Multicore
MulticoreMulticore
Multicore
Birgit Plötzeneder
 

More Related Content

Viewers also liked

Covering a function using a Dynamic Symbolic Execution approach
Covering a function using a Dynamic Symbolic Execution approach Covering a function using a Dynamic Symbolic Execution approach
Covering a function using a Dynamic Symbolic Execution approach
Jonathan Salwan
 
nullcon 2011 - Automatic Program Analysis using Dynamic Binary Instrumentation
nullcon 2011 - Automatic Program Analysis using Dynamic Binary Instrumentationnullcon 2011 - Automatic Program Analysis using Dynamic Binary Instrumentation
nullcon 2011 - Automatic Program Analysis using Dynamic Binary Instrumentation
n|u - The Open Security Community
 
Binary instrumentation - dc9723
Binary instrumentation - dc9723Binary instrumentation - dc9723
Binary instrumentation - dc9723
Iftach Ian Amit
 
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...
GangSeok Lee
 
Valgrind
ValgrindValgrind
Valgrind
aidanshribman
 
2010 02 instrumentation_and_runtime_measurement
2010 02 instrumentation_and_runtime_measurement2010 02 instrumentation_and_runtime_measurement
2010 02 instrumentation_and_runtime_measurement
PTIHPA
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
Ajin Abraham
 
Design of Industrial Automation Functional Specifications for PLCs, DCSs and ...
Design of Industrial Automation Functional Specifications for PLCs, DCSs and ...Design of Industrial Automation Functional Specifications for PLCs, DCSs and ...
Design of Industrial Automation Functional Specifications for PLCs, DCSs and ...
Living Online
 
GeeCon2016- High Performance Instrumentation (handout)
GeeCon2016- High Performance Instrumentation (handout)GeeCon2016- High Performance Instrumentation (handout)
GeeCon2016- High Performance Instrumentation (handout)
Jaroslav Bachorik
 
«Вредоносные браузерные расширения и борьба с ними», Александра Сватикова (Од...
«Вредоносные браузерные расширения и борьба с ними», Александра Сватикова (Од...«Вредоносные браузерные расширения и борьба с ними», Александра Сватикова (Од...
«Вредоносные браузерные расширения и борьба с ними», Александра Сватикова (Од...
OWASP Russia
 

Viewers also liked (10)

Covering a function using a Dynamic Symbolic Execution approach
Covering a function using a Dynamic Symbolic Execution approach Covering a function using a Dynamic Symbolic Execution approach
Covering a function using a Dynamic Symbolic Execution approach
 
nullcon 2011 - Automatic Program Analysis using Dynamic Binary Instrumentation
nullcon 2011 - Automatic Program Analysis using Dynamic Binary Instrumentationnullcon 2011 - Automatic Program Analysis using Dynamic Binary Instrumentation
nullcon 2011 - Automatic Program Analysis using Dynamic Binary Instrumentation
 
Binary instrumentation - dc9723
Binary instrumentation - dc9723Binary instrumentation - dc9723
Binary instrumentation - dc9723
 
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...
 
Valgrind
ValgrindValgrind
Valgrind
 
2010 02 instrumentation_and_runtime_measurement
2010 02 instrumentation_and_runtime_measurement2010 02 instrumentation_and_runtime_measurement
2010 02 instrumentation_and_runtime_measurement
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
 
Design of Industrial Automation Functional Specifications for PLCs, DCSs and ...
Design of Industrial Automation Functional Specifications for PLCs, DCSs and ...Design of Industrial Automation Functional Specifications for PLCs, DCSs and ...
Design of Industrial Automation Functional Specifications for PLCs, DCSs and ...
 
GeeCon2016- High Performance Instrumentation (handout)
GeeCon2016- High Performance Instrumentation (handout)GeeCon2016- High Performance Instrumentation (handout)
GeeCon2016- High Performance Instrumentation (handout)
 
«Вредоносные браузерные расширения и борьба с ними», Александра Сватикова (Од...
«Вредоносные браузерные расширения и борьба с ними», Александра Сватикова (Од...«Вредоносные браузерные расширения и борьба с ними», Александра Сватикова (Од...
«Вредоносные браузерные расширения и борьба с ними», Александра Сватикова (Од...
 

Similar to Code Instrumentation, Dynamic Tracing

IPC in Microkernel Systems, Capabilities
IPC in Microkernel Systems, CapabilitiesIPC in Microkernel Systems, Capabilities
IPC in Microkernel Systems, Capabilities
Martin Děcký
 
LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis
LO-PHI: Low-Observable Physical Host Instrumentation for Malware AnalysisLO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis
LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis
Pietro De Nicolao
 
Embedded Intro India05
Embedded Intro India05Embedded Intro India05
Embedded Intro India05
Rajesh Gupta
 
OORPT Dynamic Analysis
OORPT Dynamic AnalysisOORPT Dynamic Analysis
OORPT Dynamic Analysis
lienhard
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.
guestcf6f5b
 
Digital Forensic tools - Application Specific
Digital Forensic tools - Application SpecificDigital Forensic tools - Application Specific
Digital Forensic tools - Application Specific
ideaflashed
 
Usage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsUsage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics tools
Damir Delija
 
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das
Databricks
 
Beyond Breakpoints: A Tour of Dynamic Analysis
Beyond Breakpoints: A Tour of Dynamic AnalysisBeyond Breakpoints: A Tour of Dynamic Analysis
Beyond Breakpoints: A Tour of Dynamic Analysis
Fastly
 
Intelligent Monitoring
Intelligent MonitoringIntelligent Monitoring
Intelligent Monitoring
Intelie
 
Virtual platform
Virtual platformVirtual platform
Virtual platform
sean chen
 
Multicore
MulticoreMulticore
Multicore
Birgit Plötzeneder
 
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
CODE BLUE
 
Performance and Power Profiling on Intel Android Devices
Performance and Power Profiling on Intel Android DevicesPerformance and Power Profiling on Intel Android Devices
Performance and Power Profiling on Intel Android Devices
Intel® Software
 
Project Portfolio - Transferable Skills
Project Portfolio - Transferable SkillsProject Portfolio - Transferable Skills
Project Portfolio - Transferable Skills
tuleyb
 
Performance Tuning Cheat Sheet for MongoDB
Performance Tuning Cheat Sheet for MongoDBPerformance Tuning Cheat Sheet for MongoDB
Performance Tuning Cheat Sheet for MongoDB
Severalnines
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
kozossakai
 
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
CODE BLUE
 
Hardware & softwares
Hardware & softwaresHardware & softwares
Hardware & softwares
Santosh Kulkarni
 
It802 bruning
It802 bruningIt802 bruning
It802 bruning
mrbruning
 

Similar to Code Instrumentation, Dynamic Tracing (20)

IPC in Microkernel Systems, Capabilities
IPC in Microkernel Systems, CapabilitiesIPC in Microkernel Systems, Capabilities
IPC in Microkernel Systems, Capabilities
 
LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis
LO-PHI: Low-Observable Physical Host Instrumentation for Malware AnalysisLO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis
LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis
 
Embedded Intro India05
Embedded Intro India05Embedded Intro India05
Embedded Intro India05
 
OORPT Dynamic Analysis
OORPT Dynamic AnalysisOORPT Dynamic Analysis
OORPT Dynamic Analysis
 
Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.Digital Forensic Tools - Application Specific.
Digital Forensic Tools - Application Specific.
 
Digital Forensic tools - Application Specific
Digital Forensic tools - Application SpecificDigital Forensic tools - Application Specific
Digital Forensic tools - Application Specific
 
Usage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics toolsUsage aspects techniques for enterprise forensics data analytics tools
Usage aspects techniques for enterprise forensics data analytics tools
 
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das
 
Beyond Breakpoints: A Tour of Dynamic Analysis
Beyond Breakpoints: A Tour of Dynamic AnalysisBeyond Breakpoints: A Tour of Dynamic Analysis
Beyond Breakpoints: A Tour of Dynamic Analysis
 
Intelligent Monitoring
Intelligent MonitoringIntelligent Monitoring
Intelligent Monitoring
 
Virtual platform
Virtual platformVirtual platform
Virtual platform
 
Multicore
MulticoreMulticore
Multicore
 
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Beh...
 
Performance and Power Profiling on Intel Android Devices
Performance and Power Profiling on Intel Android DevicesPerformance and Power Profiling on Intel Android Devices
Performance and Power Profiling on Intel Android Devices
 
Project Portfolio - Transferable Skills
Project Portfolio - Transferable SkillsProject Portfolio - Transferable Skills
Project Portfolio - Transferable Skills
 
Performance Tuning Cheat Sheet for MongoDB
Performance Tuning Cheat Sheet for MongoDBPerformance Tuning Cheat Sheet for MongoDB
Performance Tuning Cheat Sheet for MongoDB
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
 
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
Possibility of arbitrary code execution by Step-Oriented Programming by Hiroa...
 
Hardware & softwares
Hardware & softwaresHardware & softwares
Hardware & softwares
 
It802 bruning
It802 bruningIt802 bruning
It802 bruning
 

More from Martin Děcký

Hardware/Software Co-Design for Efficient Microkernel Execution
Hardware/Software Co-Design for Efficient Microkernel ExecutionHardware/Software Co-Design for Efficient Microkernel Execution
Hardware/Software Co-Design for Efficient Microkernel Execution
Martin Děcký
 
Lessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-VLessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-V
Martin Děcký
 
Microkernels in the Era of Data-Centric Computing
Microkernels in the Era of Data-Centric ComputingMicrokernels in the Era of Data-Centric Computing
Microkernels in the Era of Data-Centric Computing
Martin Děcký
 
Formal Verification of Functional Code
Formal Verification of Functional CodeFormal Verification of Functional Code
Formal Verification of Functional Code
Martin Děcký
 
Unikernels, Multikernels, Virtual Machine-based Kernels
Unikernels, Multikernels, Virtual Machine-based KernelsUnikernels, Multikernels, Virtual Machine-based Kernels
Unikernels, Multikernels, Virtual Machine-based Kernels
Martin Děcký
 
Nízkoúrovňové programování
Nízkoúrovňové programováníNízkoúrovňové programování
Nízkoúrovňové programování
Martin Děcký
 
Porting HelenOS to RISC-V
Porting HelenOS to RISC-VPorting HelenOS to RISC-V
Porting HelenOS to RISC-V
Martin Děcký
 
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)
Martin Děcký
 
FOSDEM 2014: Read-Copy-Update for HelenOS
FOSDEM 2014: Read-Copy-Update for HelenOSFOSDEM 2014: Read-Copy-Update for HelenOS
FOSDEM 2014: Read-Copy-Update for HelenOS
Martin Děcký
 
FOSDEM 2013: Operating Systems Hot Topics
FOSDEM 2013: Operating Systems Hot TopicsFOSDEM 2013: Operating Systems Hot Topics
FOSDEM 2013: Operating Systems Hot Topics
Martin Děcký
 
HelenOS: State of the Union 2012
HelenOS: State of the Union 2012HelenOS: State of the Union 2012
HelenOS: State of the Union 2012
Martin Děcký
 

More from Martin Děcký (11)

Hardware/Software Co-Design for Efficient Microkernel Execution
Hardware/Software Co-Design for Efficient Microkernel ExecutionHardware/Software Co-Design for Efficient Microkernel Execution
Hardware/Software Co-Design for Efficient Microkernel Execution
 
Lessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-VLessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-V
 
Microkernels in the Era of Data-Centric Computing
Microkernels in the Era of Data-Centric ComputingMicrokernels in the Era of Data-Centric Computing
Microkernels in the Era of Data-Centric Computing
 
Formal Verification of Functional Code
Formal Verification of Functional CodeFormal Verification of Functional Code
Formal Verification of Functional Code
 
Unikernels, Multikernels, Virtual Machine-based Kernels
Unikernels, Multikernels, Virtual Machine-based KernelsUnikernels, Multikernels, Virtual Machine-based Kernels
Unikernels, Multikernels, Virtual Machine-based Kernels
 
Nízkoúrovňové programování
Nízkoúrovňové programováníNízkoúrovňové programování
Nízkoúrovňové programování
 
Porting HelenOS to RISC-V
Porting HelenOS to RISC-VPorting HelenOS to RISC-V
Porting HelenOS to RISC-V
 
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)
What Could Microkernels Learn from Monolithic Kernels (and Vice Versa)
 
FOSDEM 2014: Read-Copy-Update for HelenOS
FOSDEM 2014: Read-Copy-Update for HelenOSFOSDEM 2014: Read-Copy-Update for HelenOS
FOSDEM 2014: Read-Copy-Update for HelenOS
 
FOSDEM 2013: Operating Systems Hot Topics
FOSDEM 2013: Operating Systems Hot TopicsFOSDEM 2013: Operating Systems Hot Topics
FOSDEM 2013: Operating Systems Hot Topics
 
HelenOS: State of the Union 2012
HelenOS: State of the Union 2012HelenOS: State of the Union 2012
HelenOS: State of the Union 2012
 

Recently uploaded

Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
Federico Razzoli
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 

Recently uploaded (20)

Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 

Code Instrumentation, Dynamic Tracing

  • 2. 2Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing ObservabilityObservability What is the system doing? Beyond the obvious (externally visible state changes) Interactive debugging Profiling Tracing Post-mortem analysis Many flavors Development / testing / production Static / dynamic Intrusive / non-intrusive
  • 3. 3Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing InstrumentationInstrumentation Application of measuring instruments Recording of states and values Safety How the measurements affect the state or the values Overhead How the measurements affect the performance (active / inactive) Scope Global vs. local phenomena
  • 4. 4Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Interactive DebuggingInteractive Debugging Mechanisms Breakpoints Software breakpoints (BREAK, INT3) Hardware breakpoints DR0 to DR7 debug registers on x86 (4 linear addresses, trigger conditions [read, write, execute, I/O, area size], status) Single-stepping Trap flag in FLAGS, interrupt vector 1 on x86 Watchpoints Hardware memory access breakpoints (can be emulated via the paging mechanism) WatchLo, WatchHi on MIPS (1 physical address, trigger [read, write])
  • 5. 5Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Interactive Debugging (2)Interactive Debugging (2) Debugger User interface Exception handling code (privileged) Kernel stub Communicating with the debugger UI process – ptrace(2), SIGTRAP, break-in thread (DebugActiveProcess()) Remote debugging – Serial line, FireWire, USB, virtualization extension Full-fledged in-kernel debugger (kmdb in Solaris) 3rd party debugger (SoftICE, Rasta Ring 0) Firmware debugger, hypervisor debugger stub Non-maskable Interrupt, SysRq Debugging countermeasures
  • 6. 6Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Interactive Debugging (3)Interactive Debugging (3) pid_t pid = fork(); if (pid == 0) { ptrace(PTRACE_TRACEME, 0, NULL, NULL); execve(...); } int wstatus; waitpid(pid, &wstatus, 0); // examine wstatus ptrace(PTRACE_SETOPTIONS, pid, NULL, PTRACE_O_EXITKILL | PTRACE_O_TRACECLONE | PTRACE_O_TRACEEXEC | PTRACE_O_TRACEEXIT | PTRACE_O_TRACEFORK | ...); ptrace(PTRACE_GETSIGINFO, pid, NULL, siginfo); ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, iovec); ptrace(PTRACE_PEEKTEXT, pid, remote_addr, local_addr); ptrace(PTRACE_POKETEXT, pid, remote_addr, local_addr); ptrace(PTRACE_CONT, pid, NULL, NULL); trace all signals deliver SIGTRAP after successful exec
  • 7. 7Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing ProfilingProfiling Run-time performance instrumentation Exact profiling Triggered when an interesting event happens, sampling relevant information (timestamp, CPU performance counters, stack trace, etc.) GNU Profiler Using gcc -pg or gcc -pg -mrecord-mcount -mnop-mcount Call to mcount() in every function prologue (optionally epilogue) – Collects information into gmon.out – Postprocessed by gprof Statistical profiling Sampling information in regular intervals PC mapped to symbol name OProfile System-wide profiling
  • 8. 8Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Performance MetricsPerformance Metrics Resource accounting Memory usage (resident/virtual/shared memory, buffers, caches) Time User time, system time, idle time (measured precisely) %user + %system + %idle = 100 % Utilization: %user + %system Saturation: How much more work is there than the machine can handle (sampled in regular intervals) E.g. number of non-idle CPUs + length of scheduler ready queues Usually exponential moving average: cur = prev × decay + n × (1 – decay) Microstate accounting
  • 9. 9Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing TracingTracing Observing events Similar to debugging, but usually high-level events Similar to logging, but activated on-demand System calls, kernel functions, library functions, logical events (e.g. context switches, sending/receiving packets, etc.), even user space logical events Usually asynchronous (avoiding serialization) truss(1), strace(2), ltrace(1) DTrace, SystemTap
  • 10. 10Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing D script dtrace(1M) lockstat(1M) plockstat(1M) libdtrace(3LIB) dtrace(3D) DTrace syscallsysinfo usdtfasttrappid sdt fbt intrstat(1M) consumers user space kernel providers D compiler communication device D virtual machine user-space provider DTraceDTrace
  • 11. 11Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing DTrace (2)DTrace (2) Properties Probe specification language (D script) Active / inactive probes Zero / small overhead Safety for production system Virtual machine, no branching, no loops, safety checks, no state change (unless specified) No debug builds Compact Type Information Correlation of events, aggregate statistics
  • 12. 12Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing SystemTapSystemTap Properties Probe specification language (SystemTap script) Preprocessed into a kernel module source → kernel module Active / inactive probes Zero / small overhead Safety for production system not guaranteed Requires debugging kernel build Correlation of events, aggregate statistics Uses ftrace and kprobes as kernel backends
  • 13. 13Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing DTrace sampleDTrace sample #! /usr/sbin/dtrace -s syscall:::entry { @count[probefunc] = count(); self->ts = timestamp; self->tag = 1; } syscall:::return /self->tag == 1/ { self->ts_diff = timestamp - self->ts; @total[probefunc] = sum(self->ts_diff); @avg[probefunc] = avg(self->ts_diff); } END { printa("%a @%d @%d @%dn", @count, @total, @avg); }
  • 14. 14Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing DTrace sample (2)DTrace sample (2) #! /usr/sbin/dtrace -s #pragma D option quiet hotspot$target:::method-entry { self->indent++; self->trace = 1; printf("%*s -> %s.%sn", self->indent, "", stringof(copyin(arg1, arg2)), stringof(copyin(arg3, arg4))); } hotspot$target:::method-return /self->trace == 1/ { printf("%*s <- %s.%sn", self->indent, "", stringof(copyin(arg1, arg2)), stringof(copyin(arg3, arg4))); self->indent--; self->trace = (self->indent == 0) ? 0 : self->trace; } pid$target:libc::entry /self->trace == 1/ { self->indent++; printf("%*s => %sn", self->indent, "", probefunc); } pid$target:libc::return /self->trace == 1/ { printf("%*s <= %sn", self->indent, "", probefunc); self->indent--; } syscall:::entry /self->trace == 1/ { self->indent++; printf("%*s :> %sn", self->indent, "", probefunc); } syscall:::return /self->trace == 1/ { printf("%*s <: %sn", self->indent, "", probefunc); self->indent--; }
  • 15. 15Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing DTrace Code InstrumentationDTrace Code Instrumentation squeue_enter_chain+0x1af: xorl %eax,%eax xor %eax,%eax squeue_enter_chain+0x1b1: nop nop squeue_enter_chain+0x1b2: nop nop squeue_enter_chain+0x1b3: nop lock nop squeue_enter_chain+0x1b4: nop squeue_enter_chain+0x1b5: nop nop squeue_enter_chain+0x1b6: movb %bl,%bh movb %bl,%bh ufs_mount: pushq %rbp int $0x3 ufs_mount+1: movq %rsp,%rbp movq %rsp,%rbp ufs_mount+4: subq $0x88,%rsp subq $0x88,%rsp ufs_mount+0xb: pushq %rbx pushq %rbx ...... ufs_mount+0x3f3: popq %rbx popq %rbx ufs_mount+0x3f4: movq %rbp,%rsp movq %rbp,%rsp ufs_mount+0x3f7: popq %rbp popq %rbp ufs_mount+0x3f8: ret int $0x3 uninstrumented instrumented later replaced by a call
  • 16. 16Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Code InstrumentationCode Instrumentation Static instrumentation of executables Non-intrusive Avoiding shifting instruction locations (complicated unless the code is PIC) Replacing a byte of an instruction by a trap instruction At run-time, replacing the trap with a call The call emulates the original instruction(s) that are replaced and jumps back to the next instruction Intrusive Techniques similar to binary translation (later) Internal representation of code basic blocks Instrumentation: Inserting new basic block, updating jump/call locations Tricky with self-modifying code, dynamic dispatch, etc. Valgrind, DynInst, Pin, Vulcan, BIRD, PEBIL
  • 17. 17Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Post-mortem AnalysisPost-mortem Analysis Analyzing a root cause of a crash Core dump Snapshot of a single process On-disk format similar to executable format (plus register context and other metadata) Can be opened in interactive debugger Crash dump Snapshot of an entire system Sometimes without user pages and other sensitive data Created by a failing system, rescue system, firmware or out-of-band management NMI to help Special analysis tools
  • 18. 18Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Core DumpCore Dump [1]
  • 19. 19Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Core/Crash Dump AnalysisCore/Crash Dump Analysis Identifying the immediate cause Examining the crash IP location, register context, stack trace, log buffer Maybe instrumentation values (if available) Identifying the root cause Art, science and craftsmanship Heuristic tools to analyze typical crashes (mdb ::findlocks, crash) Gradually reconstructing the events prior to the crash Distrusting information encountered, formulating hypotheses Code optimization gets into the way Analyzing data structures, threads, locks, etc. Looking for interesting literals (0xdeadbeef, 0xbaddcafe, 0xfeedface)
  • 20.
  • 21. 21Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing Q&A
  • 22. 22Martin Děcký, Advanced Operating Systems, February 24th 2017 Instrumentation, tracing ReferencesReferences [1] Konstantin Lanzet, https://commons.wikimedia.org/wiki/File:KL_Kernspeicher_Makro_1.jpg