Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Java DaCapo benchmark sample provide fixes #646

Open
wants to merge 22 commits into
base: oe_port
Choose a base branch
from

Conversation

prp
Copy link
Member

@prp prp commented Jul 19, 2020

This PR adds the Java DaCapo benchmark sample and attempts to fix #645.

A fundamental issue with SGX1 is that the in-enclave segfault handler does not receive the correct address of the memory access that caused the fault (instead before it received the address of the instruction causing the segfault). The Hotspot JVM uses guard pages that trigger segfaults to make threads reach safepoints for garbage collection. Since the faulting access isn't reported correctly, the JVM may be confused and segfault.

The PR also adds a new enclave_config option unsafe_host_signal, which controls if untrusted page faults are exposed to the enclave. It also adds a CI test that runs one of the DaCapo Java benchmarks.

In addition, the PR does some minor cleanup work:

  • Move dumping of mount table to correct location (This was a previous merge error.)
  • Output thread struct address in backtraces
  • Fix dependency in Makefile for Java sample

@prp prp changed the title Minor cleanup to help with work on #644 and #645 Add Java DaCapo benchmark sample minor cleanup Jul 19, 2020
@prp prp marked this pull request as draft July 19, 2020 17:14
@prp prp marked this pull request as ready for review July 19, 2020 17:15
@prp prp changed the title Add Java DaCapo benchmark sample minor cleanup Fix Java DaCapo benchmarks add sample Jul 22, 2020
Copy link
Contributor

@davidchisnall davidchisnall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the JVM is running in a configuration where it depends on SIGSEGV for functional correctness then it is insecure on current SGX. We should not be running benchmarks in that configuration because it's misleading. The GC should be configured to use explicit barriers in the JIT, not page protection.

.gitmodules Outdated Show resolved Hide resolved
@prp prp changed the title Fix Java DaCapo benchmarks add sample Add Java DaCapo benchmark sample provide fixes Jul 27, 2020
@prp prp requested a review from davidchisnall July 27, 2020 18:16
@prp prp requested a review from letmaik July 27, 2020 18:17
Copy link
Contributor

@letmaik letmaik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The benchmark test takes around 2 1/2 min. We may want to consider running this in the nightly build only.

samples/languages/java/dacapo-benchmark/Dockerfile Outdated Show resolved Hide resolved
src/enclave/enclave_signal.c Outdated Show resolved Hide resolved
tests/languages/java/dacapo-benchmark/Dockerfile Outdated Show resolved Hide resolved
tools/schemas/enclave-config.schema.json Show resolved Hide resolved
@@ -0,0 1,9 @@
{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not just host-config.json?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like making them specific to the application, so from looking at the filename, you have a better understanding what's inside.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I find that weird and I don't think we should advocate/recommend that. A folder should be the logical unit that groups things and inside that we have a standard layout. Don't you think?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, I would say that there are two options:

  1. We assume that the enclave/host configs should have well-known fixed filenames, i.e. enclave_config.json and host_config.json. This would be similar to the Dockerfile or Makefile convention. In that case though, the --encave-config and --host-config parameters should be optional and only needed if a user (for whatever reason) wants to override the filenames. This would be similar to how docker or make work -- otherwise we are forcing users to provide redundant options with each invocation.

  2. We don't assume that there is a single approved filename and instead require users to be explicit (as it is now).

As you can tell, I'm in favour of (2), as I'm not a big fan of "magic" filenames that people must remember. That said, if people prefer (1), I'm also ok with that.

@prp
Copy link
Member Author

prp commented Jul 27, 2020

If the JVM is running in a configuration where it depends on SIGSEGV for functional correctness then it is insecure on current SGX. We should not be running benchmarks in that configuration because it's misleading. The GC should be configured to use explicit barriers in the JIT, not page protection.

@davidchisnall I could not find a JVM configuration option to make the HotSpot JVM not use barriers based on page protection.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Some Java DaCapo benchmarks fail with unhandled SIGSEGVs in hw mode
4 participants