Lightweight Memory Tracing
Mathias Payer, Enrico Kravina, and Thomas R. Gross
In ATC'13: Proc. Usenix Annual Technical Conference, 2013. (Slides, Code)
Memory tracing is a powerful technique with many applications, e.g., debugging applications, taint checking applications, or tracking dataflow in an application. Current approaches are limited: software-only memory tracing incurs high performance overhead (up to 10x for, e.g., Libdft) because every single memory access of the application is checked by additional code that is not part of the original application and hardware is limited to a small set of watched locations.
This paper introduces memTrace, a lightweight memory tracing technique that builds on dynamic on-the-fly cross-ISA binary translation of 32-bit code to 64-bit code. Our software-only approach enables memory tracing for unmodified, binary-only x86 applications using the x64 extension that is available in current CPUs; no OS extensions or special hardware is required. The additional registers in x64 and the wider memory addressing enable a low-overhead tracing infrastructure that is protected from the application code (i.e., uses disjunct registers and memory regions). MemTrace handles multi-threaded applications. Two case studies discuss a framework for unlimited read and write watchpoints and an allocation-based memory checker similar in functionality to memgrind.