|
From: Surya K. <jsk...@gm...> - 2011-05-09 20:27:44
|
Hi, I was going through the paper "Valgrind: A framework for heavyweight dynamic binary instrumentation" (PLDI '07)and I have a few questions regarding Valgrind and the D&R approach: 1. Why is Valgrind linked to load at a specific address? Is this to allow the client executable to be loaded at the standrd address? Can you provide more information on the address layout? Where is the client's text, data, stack situated with respect to Valgrind's text and data, and where is the shadow memory & code cache situated? Also, since Valgrind loads the client executable, I assume it also loads any shared libraries that the client depends upon, and Valgrind also does symbol resolution? 2. I understand that DynamoRio is faster than Valgrind, in part due to the C&A approach adopted by it. Do you feel that if certain optimizations like traces, skipping shadow operations, inlining shadow load instead of calling C function, etc, would result in a performance comparable with DynamoRio? Your paper mentions the advantages of D&R over C&A approach. In addition to these, do you believe that tools that use the C&A approach would not be able to find as many errors in the client as Valgrind can? 3. In the 2006 Gelato ICE talk on porting Valgrind to Itanium, it is mentioned that porting would require ALAT simulation. Can you elaborate more on why the ALAT needs to be simulated? Can't the speculative load instructions operate directly on the h/w ALAT structure? What are the advantages of simulation? 4. It has been mentioned in the PLDI paper that the reason for thread serialization is to avoid a situation where a thread switch occurs between the original load/store and the shadow load/store instruction, since this can result in concurrent memory accesses to the same memory location to complete in a different order to their corresponding shadow memory accesses. But doesn't such a situation arise only if there is a data race in the original code, in which case why should we be concerned with a thread switch occurring between a client load/store and shadow load/store? Thanks, Surya |