Performance is Dead, Long Live Performance

download Performance is Dead, Long Live Performance

of 48

  • date post

    02-Feb-2016
  • Category

    Documents

  • view

    38
  • download

    0

Embed Size (px)

description

Performance is Dead, Long Live Performance. Ben Zorn Microsoft Research. Outline. Good news Bad news Good news again! Mystery…. 1990s A Great Decade for Performance!. Stock market booming Itanium processor shipping Processor performance growing exponentially (Moore’s Law) - PowerPoint PPT Presentation

Transcript of Performance is Dead, Long Live Performance

  • Performance is Dead,Long Live PerformanceBen ZornMicrosoft Research

    Ben Zorn CGO 2010 Keynote

  • OutlineGood news

    Bad news

    Good news again!

    Mystery*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • 1990sA Great Decade for Performance!Stock market boomingItanium processor shippingProcessor performance growing exponentially (Moores Law)Compiler research booming

    *Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • NASDAQ Booming*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • New Processors Had High ExpectationsSource: CNET Networks from data provided by Sun and IDC (12/7/2005)Itanium Sales Forecasts*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • SPECint2006 CPU Performance*Numbers courtesy of Mark Horowitz, Ofer Shacham Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Performance Papers Dominate PLDI*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Some Cynics: Proebstings Lawhttp://research.microsoft.com/en-us/um/people/toddpro/papers/law.htm*Proebsting's Law: Compiler Advances Double Computing Power Every 18 Years This means that while hardware computing horsepower increases at roughly 60%/year, compiler optimizations contribute only 4%. Basically, compiler optimization work makes only marginal contributions.Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • The Bubble Bursts*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Itanium Sales LagSource: CNET Networks from data provided by Sun and IDC (12/7/2005)http://news.cnet.com/2300-1006_3-5873647.html*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Uniprocessor Performance Flattens*Numbers courtesy of Mark Horowitz, Ofer Shacham Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • PLDI Performance Paper Decline*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Performance is Dead*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • What Killed Performance?*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Companies Shift GearsCorrectness and security a major new focusMicrosoft investments:PREfix, PREfast, SDV (Slam), ESPLarge code bases automatically checked for correctness errors (10+ million LOC)Combined, the tools [PREfix and PREfast] found 12.5% of the bugs fixed in Windows Server 2003 Righting Software, Larus et al., IEEE Software, 2004

    *Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Researchers Shift GearsBens research agenda changes 1990sPredicting object lifetime and locality (with David Barrett and Matt Seidl)Branch Prediction (with Brad Calder et al.)Value Prediction (with Martin Burtscher) 2000s tough sounding project names DieHard with Emery Berger, Gene NovarkSamurai with Karthik PattabiramanNozzle with Ben Livshits*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • aThe New Threat:Exploitable Memory Corruptions*c099p1099p2xBuffer overflow char *c = malloc(100); c[101] = a; Use after free char *p1 = malloc(100); char *p2 = p1; free(p1); p2[0] = x; Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Strategies for Avoiding Memory CorruptionsRewrite in a safe language (Java, C#, JavaScript)Static analysis / safe subset of C or C++SAFECode [Adve], etc.Runtime detection, fail fastJones & Lin, CRED [Lam], CCured [Necula], others

    A New Approach: Tolerate Corruption and ContinueFailure oblivious computing [Rinard] (unsound)Rx, Boundless Memory Blocks, ECC memoryDieHard / Exterminator, Samurai*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Correctness at What Cost?Heap implementations are/were maximally brittle for performanceSpace: packed as tightly as possible

    Time: reuse freed objects as soon as possiblefree = push malloc = pop*freelistfreelistBen Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • DieHard Allocator in a NutshellWith Emery Berger (PLDI 2006)Existing heaps are brittle, predictable Predictable layout is easier for attacker to exploitRandomize and overprovision the heapExpansion factor determines how much empty spaceSemantics are identicalAllocator is easy to replaceReplication increases benefits Exterminator extended ideas (PLDI 2007, Novark et al.)

    *Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Of Course, Performance Matters*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • DieHard ImpactDieHard (non-replicated)Windows, Linux version implemented by Emery BergerWorks in FireFox distribution without any changesTry it right now! (http://www.diehard-software.org/)RobustHeapMicrosoft internal version implemented by Ted HartPrototyped in Microsoft productsDemonstrated to tolerate faults and detect errorsWindows 7 Fault Tolerant Heap (FTH)Inspired by ideas from DieHard/RobustheapTurns on when application crashes

    *Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • A Benefit of Working at MicrosoftOne day I was trying to convince a security team that DieHard would improve security They said What about heap spraying? And I said Whats that? (long pause) And they said Look it up

    *Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Heres What I FoundAdobe Acrobat/ReaderJuly 23, 2009Common Element: All vulnerable applications support embedded scripting languages(JavaScript, ActionScript, etc.)*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Drive-By Heap SprayingOwned!*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Drive-By Heap Spraying (2)

    shellcode = unescape("%u4343%u4343%...'');

    okbadokCreates the malicious objectTriggers the jumpProgram HeapASLR prevents the attackPC*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Drive-By Heap Spraying (3)

    shellcode = unescape("%u4343%u4343%...''); oneblock = unescape("%u0C0C%u0C0C"); var fullblock = oneblock; while (fullblock.length

  • Nozzle Detecting Heap SprayingJoint work with Paruj Ratanaworabhan (Kasetsart University) and Ben Livshits (Microsoft Research)Insight:Spraying creates many objects with malicious contentThat gives the heap unique, recognizable characteristicsApproach:Dynamically scan objects to estimate overall malicious content

    *Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Nozzle: Classifying Malicious Objectsnew objectcreate objectscan object and classifysuspectobjectRepeatsuspectobjectbenignobjectbenignobjectbenignobjectsuspectobjectbenignobject*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Local Malicious Object DetectionCode or Data?Is this object dangerous?Is this object code?Code and data look the same on x86Focus on sled detectionMajority of object is sledSpraying scripts build simple sledsIs this code a NOP sled?Previous techniques do not look at heapMany heap objects look like NOP sleds80% false positive rates using previous techniquesNeed stronger local techniques *000000000000000000000000000000000000000000000000000000000000000000000000000000000000add [eax], aladd [eax], aladd [eax], aladd [eax], aladd [eax], aladd [eax], aladd [eax], al0101010101010101010101010101010101010101010101010101010101010101010101and ah, [edx]and ah, [edx]and ah, [edx]and ah, [edx]and ah, [edx]and ah, [edx]and ah, [edx]*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Object Surface Area CalculationAssume: attacker wants to reach shell code from jump to any point in objectGoal: find blocks that are likely to be reached via control flowStrategy: use dataflow analysis to compute surface area of each block **An example object from visiting google.comBen Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Nozzle EffectivenessLogical time (number of allocations/frees)Malicious PageNormal PageApplication: Web Browser*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Nozzle Performance**Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • So, Performance is Dead*How far can defect detection and runtime toleration go?% All Critical Defects Detected1005019701980199020002010Future challenges:Diminishing returnsScaling verification3rd-party library codePerformance implications0Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Whats Happening Here?Browser Market Share Trends*Source: http://marketshare.hitslink.com/Security?Reliability?Features?Performance!Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Long Live Performance!*Performance can make or break a platformBen Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • One Word:*JavaScriptStandard for scripting web applicationsFast JITs widely availableSupport in every browserLots of code present in all major web sitesBen Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • Goal: Measure JavaScript in real web applicationsApproach: Instrument IE runtime

    Understanding JavaScript Behavior7 V8 programs: richards deltablue crypto raytrace earley-boyer regexp splay8 SunSpider programs: 3-draytrace access-nbody bitops-nsieve controlflow crypto-aes date-xparb math-cordic string-tagcloudJSMeterWith Paruj Ratanaworabhan and Ben LivshitsBenchmarksReal apps*Ben Zorn CGO 2010 Keynote

    Ben Zorn CGO 2010 Keynote

  • JSMeter ProjectJoint work with Paruj Ratanaworabhan (Kasetsart University) and Ben Livshits (Microsoft Research)Goal: Measure the behavior of JavaScript in real web applicationsDetermine if benchmarks are representatativeUnderstand the behavior we are optimizing forApproach: instrume