Instruction punning: Lightweight instrumentation for x86-64

Paper in proceeding, 2017

Existing techniques for injecting probes into running code are limited: they either fail to support probing arbitrary locations, or to support scalable, rapid toggling of probes. We introduce a new technique on x86-64, called instruction punning, which allows scalable probes at any instruction. The key idea is that when we inject a jump instruction, the relative address of the jump serves simultaneously as data and as an instruction sequence. We show that this approach achieves probe invocation overheads of only a few dozen cycles, as well as low probe activation/deactivation costs, even when all threads in the system are both invoking probes and toggling them. Unlike competing systems, the latent overhead when probes are deactivated is exactly zero.