CMU CS 17-770 Fall 2024

Project 2: Dynamic Analysis in Wizard

In this project, you will implement dynamic analyses for WebAssembly code running on Wizard. The objective of this project is to understand program behavior through instrumentation and to get some experience in a more complete, research-oriented VM. By starting with a complete VM, you can run larger, more complete programs.

Starter Code and Project Description

Introduction

Dynamic analysis can give insights into program behavior that are not possible through static means. For example, the execution frequency (i.e. hotness) of functions or instructions and memory access behavior are key performance characteristics for optimizing programs and VMs. Often, implementing dynamic analysis is done through instrumenting compiler IR (with a pass), instrumenting machine or bytecode (via a separate tool) or by direct support in the engine. In this project, you'll use an existing WebAssembly with extensible support to implement three (of four) different analyses.

Wizard Engine

Over the past few years we've developed a fully-featured research-oriented VM called Wizard. It's designed for research and teaching scenarios, like this course. Wizard features three execution tiers: a straightforward interpreter (the V3Interpreter), a fast interpreter (written in assembly), and a single-pass compiler. For this project, you should not need to modify the internals of Wizard, but of course you're invited and encouraged to read and study it.

Monitors

Wizard has specific facilities to support dynamic instrumentation as described in a recent publication. In particular, Wizard allows users to build monitors that instrument programs through probes, which are VM-level logic attached to guest program locations. Monitors can collect information at runtime and report events during execution or summarize at the end of execution. Built-in monitors in Wizard are documented here.

Getting started with this project

Checkout, Build and Run Wizard privately. It will run on Linux, MacOS and Windows (via WSL2). We recommend running on a Linux machine with an x86-64 processor.
Install the vim, emacs, or Visual Studio Code plugins for Virgil code.
Read about dynamic instrumentation in the ASPLOS paper.
Read about Wizard's built-in monitors.
Read how to build your own monitor.

Instrumentation Tasks

In this project, you will implement three dynamic analysis tasks, each worth 3.3 points. You may choose three of these four possibilities:

Memory Allocation Profiler, which will instrument the malloc and free functions in a Wasm program and output statistics about memory allocation.
Instruction Class Monitor, which classifies each Wasm instruction and outputs a trace of instruction classes for offline analysis.
Execution Path Profiler, which instruments branches in the program and reports the count of unique execution paths for functions.
Cache Simulator, which instruments memory accesses and simulates a cache attached to the memory.

You will implement each of these as a separate monitor in Wizard (i.e each a new file in Wizard's src/monitors directory). Please check the instructions in the project documentation and links above for a grading expectations.

Tips and Help

Start early. Take a look at the example code and read the project description as soon as possible.
Start small. We recommend building the instruction tracer first, which is really simple.
Commit working code in small chunks. If everything is broken, you can always go back. You can use branches too.
Debug in small chunks. Resist the urge to write large sections of code and then test. It will be easier to find bugs if the new delta is small.