Portable Native Client - LLVMllvm.org/devmtg/2010-11/Sehr-NativeClient.pdfHow should we handle bitcode versioning? 31 Thursday, November 4, 2010 Bitcode as an Interchange Format PNaCl

1

Portable Native Client

David Sehr, Robert Muth, Jan Voung, David Meyer,Betul Buyukkurt, Karl Schimpf, Jason Kim, Rafael Espindola,Alan Donovan

Thursday, November 4, 2010

AgendaMotivationApproachSafe TranslationBitcode as an Interchange FormatStatusFuture Work

2


Motivation


A NaCl-Enabled Web Application



Native ClientHelper

Your favorite language



Native ClientHelper


Screened for malicious instructions



Native ClientHelper



System calls moderated by a virtualized OS



Native ClientHelper



System calls moderated by a virtualized OS

Performance within 5% ofnative code


Applications with NaCl

9

Lego Star Wars

Nexuiz

Darkroom demo


Where Native Client Started

10

x86-32OSXWindows

Linux


Where We Went Next

11

x86-32

ARM


What Developers Want

12

x86-32

ARMx86-64

Only one porting effort


Approach

13


Application Life Cycle

14

app.bc

a.ccz.cc

app.so

sources

libraryinfo

lib.bc


Application Life Cycle

15

app.bc

a.ccz.cc

app.so

sources

libraryinfo

lib.bc

Bitcode is PNaCl’s distribution format


Client side

Native ClientHelper

http://myurl/myapp.bc

translationengine

myapp.so

NaClsandbox

ELFx86, x64, or ARM




Translation Engine

17

in my cache?

myapp.so

translator(llvm)

myapp.bc

use cachedtranslation

savetranslation


Translation Engine

18

in my cache?

myapp.so

translator(llvm)

myapp.bc


savetranslation

Know the platform (uarch)


Translation Engine

19

in my cache?

myapp.so

translator(llvm)

myapp.bc


savetranslation

Know the platform (uarch)Can collect/use profiling data

Webpage-specific specialization


Translation Engine

20

in my cache?

myapp.so

translator(llvm)

myapp.bc


savetranslation

Know the platform (uarch)Can collect/use profiling data

Webpage-specific specialization

Can translate atinvocation timeinstall timeasynchronously


Safe Translation


Translating in a Sandbox

The translator must run in the browserMalicious bitcode files are a potential attack vector

22


Translating in a Sandbox

The translator must run in the browserMalicious bitcode files are a potential attack vector

23

Translator phases are run as NaCl modules


Translator

24

llc

myapp.so

myapp.bc

as

ld

today


Translator

25

llc

myapp.so

myapp.bc

as

ld

today

llc

myapp.so

myapp.bc

what we want


Translator

26

llc

myapp.so

myapp.bc

as

ld

today

llc

myapp.so

myapp.bc

what we want

+ MC ELF+ Bundling

+ DT_NEEDED


Bitcode as an Interchange Format


Target Model

Address space / data modelILP32 (sizeof(int) == sizeof(long) == sizeof(void*))sizeof(va_list) == 241GB maximum total address spaceStack pointer starts at the top of the address space

Data typesIEEE fp“natural” alignment

(e.g., double is aligned 0mod8)

Byte orderLittle Endian

28


Target Model

C++ Exception Handlingx86-32 Linux model

varargssizeof(va_list) == 24Front end emits va_arg instruction

setjmpConsistent jmp_buf size (work in progress)

29


Target Model

Calling conventionsBitcode file is calling convention neutralActual target convention determined by translator

Concurrency and memory modelAssume a least common denominator

Store ordering within a threadExplicit synchronization across threads

We expect people to use llvm atomic/barrier intrinsics where needed

30



PNaCl will need bitcode stabilityDeveloper expects published bitcode to work forever

Download size is startup time.bc is ~3x bigger than .nexe, ~1.9x when .gz.bc is ~6x bigger than .NET

How should we handle bitcode versioning?

31



PNaCl will need bitcode stabilityDeveloper expects published bitcode to work forever

Download size is startup time.bc is ~3x bigger than .nexe, ~1.9x when .gz.bc is ~6x bigger than .NET

How should we handle bitcode versioning?

32

We need your help!


Status

33


What’s running?

One bitcode file translates, validates, and runs on three architecturesAll of SPEC2000 int and the four C fp tests pass

The translator is sandboxedllc, as, ld runs as a NaCl module on x86-32 and 64

A few areas of portability work remainC++ exception handling on ARM is incompletesetjmp/longjmp is just coming together

34


CodeGen Work

Control and data sandboxing on ARMRobert, Cliff

Control and data sandboxing on x86Robert, Alan, Jan, David

ILP32 on x86-64Jan, David

x86-32 and x86-64 MC ELF contributionsRafael

ARM MC ELF contributionsJason

35


Front end work

ILP32 for x86-64Jan, DavidM

VarargsDavidM

Exception handling, setjmpRobert

36


Future Work

37


Directly Producing .so’s

ELF MCARM support is still incomplete

MCAssembler“Bundling” support for NaCl pseudo-instructions

.so generationSimulated linking to collect symbolsEmission work for DT_NEEDED

38


Intrinsics and/or Assembly

One of the promises of NaCl is access to the performance that comes from hand-tuning while not sacrificing portability or safety.

How do we get to, e.g., AES instructions, etc.?How do we optimize for cache configuration, etc.?

39


Other future work

ClangOther languages that could target bitcode

.NET/Mono, ...

JIT supportPerformance

feedback directed optimization, ...

Bitcode sizeTranslation time

40


Want to Learn More?

http://www.chromium.org/nativeclient(Follow Portable Native Client link)

http://code.google.com/p/nativeclient

41


http://www.chromium.org

http://www.chromium.org



Documents

Portable Native Client - LLVMllvm.org/devmtg/2010-11/Sehr-NativeClient.pdfHow should we handle bitcode versioning? 31 Thursday, November 4, 2010 Bitcode as an Interchange Format PNaCl