facebookexperimental/reverie facebookexperimental/reverie

  • Stars
    star
    531
  • Rank 81,585 (Top 2 %)
  • Language
    Rust
  • License
    Other
  • Created over 2 years ago
  • Updated about 2 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
facebookexperimental/reverie
github

facebookexperimental

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An ergonomic and safe syscall interception framework for Linux.

Reverie

Reverie is a user space system-call interception framework for Linux. It can be used to intercept, modify, or elide a syscall before the kernel executes it. In essence, Reverie sits at the boundary between user space and kernel space.

Some potential use cases include:

  • Observability tools, like strace.
  • Failure injection to test error handling logic.
  • Manipulating scheduling decisions to expose concurrency bugs.

See the reverie-examples directory for examples of tools that can be built with this library.

Features

  • Ergonomic syscall handling. It is easy to modify syscall arguments or return values, inject multiple syscalls, or suppress the syscall entirely.
  • Async-await usage allows blocking syscalls to be handled without blocking other guest threads.
  • Can intercept CPUID and RDTSC instructions.
  • Typed syscalls. Every syscall has a wrapper to make it easier to access pointer values. This also enables strace-like pretty-printing for free.
  • Avoid intercepting syscalls we don't care about. For example, if we only care about sys_open, we can avoid paying the cost of intercepting other syscalls.
  • Can act as a GDB server. This allows connection via the GDB client where you can step through the process that is being traced by Reverie.

Terminology and Background

Clients of the Reverie library write tools. A tool runs a shell command creating a guest process tree, comprised of multiple guest threads and processes, in an instrumented manner. Each Reverie tool is written as a set of callbacks (i.e. handlers), which are invoked each time a guest thread encounters a trappable event such as a system call or inbound signal. The tool can stipulate exactly which events streams it subscribes to. The tool itself is stateful, maintaining state between consecutive invocations.

Building and Testing

Reverie needs the following system-level dependencies:

sudo apt install pkg-config libunwind-devel

(These are required to get backtraces from the guest process.)

To test, run:

cargo test -- --test-threads=1

To run the strace example:

cd reverie-examples
cargo run --bin strace -- ls

Usage

Currently, there is only the reverie-ptrace backend which uses ptrace to intercept syscalls. Copy one of the example tools to a new Rust project (e.g. cargo init). You’ll see that it depends both on the general reverie crate for the API and on the specific backend implementation crate, reverie_ptrace.

Performance

Since ptrace adds significant overhead when the guest has a syscall-heavy workload, Reverie will add similarly-significant overhead. The slowdown depends on how many syscalls are being performed and are intercepted by the tool.

The primary way you can improve performance with the current implementation is to implement the subscriptions callback, specifying a minimal set of syscalls that are actually required by your tool.

Overall architecture

When implementing a Reverie tool, there are three main components of the tool to consider:

  • The process-level state,
  • the thread-level state, and
  • the global state (which is shared among all processes and threads in the traced process tree).

This separation of process-, thread-, and global-state is meant to provide an abstraction that allows future Reverie backends to be used without requiring the tool to be rewritten.

Architecture Diagram

Process State

Whenever a new process is spawned (i.e., when fork or clone is called by the guest), a new instance of the process state struct is created and managed by the Reverie backend.

Thread State

When a syscall is intercepted, it is always associated with the thread that called it.

Global State

The global state is accessed via RPC messages. Since a future Reverie backend may use in-guest syscall interception, the syscall handler code may not be running in the same address space. Thus, all shared state is communicated via RPC messages. (There is, however, currently only a single ptrace-based backend where all tracer code is in the same address space.)

Platform and Architecture Support

Reverie currently only supports the following platforms and architectures:

Platform Architecture Notes
Linux x86-64 Full support
Linux aarch64 Missing timers & cpuid/rdtsc interception

Other platforms and architectures are currently unplanned.

Future Plans

  • Add a more performant backend. The rough goal is to have handlers executing in the guest with close to regular functional call overhead. Global state and its methods will still be centralized, but the RPC/IPC mechanism between guest & the centralized tool process will become much more efficient.

Contributing

Contributions are welcome! Please see the CONTRIBUTING.md file for guidance.

License

Reverie is BSD 2-Clause licensed as found in the LICENSE file.

More Repositories

1

Recoil

Recoil is an experimental state management library for React apps. It provides several capabilities that are difficult to achieve with React alone, while being compatible with the newest features of React.
JavaScript
19,454
star
2

libunifex

Unified Executors
C++
1,373
star
3

hermit

Hermit launches linux x86_64 programs in a special, hermetically isolated sandbox to control their execution. Hermit translates normal, nondeterministic behavior, into deterministic, repeatable behavior. This can be used for various applications, including replay-debugging, reproducible artifacts, chaos mode concurrency testing and bug analysis.
Rust
1,126
star
4

Robyn

Robyn is an experimental, AI/ML-powered and open sourced Marketing Mix Modeling (MMM) package from Meta Marketing Science. Our mission is to democratise modeling knowledge, inspire the industry through innovation, reduce human bias in the modeling process & build a strong open source marketing science community.
Jupyter Notebook
1,059
star
5

MIRAI

Rust mid-level IR Abstract Interpreter
Rust
963
star
6

ExtendedAndroidTools

Extended Android Tools is a place to host and maintain a build environment and makefiles cross compiling Linux tools we all love for Android.
Python
165
star
7

object-introspection

Object Introspection (OI) enables on-demand, hierarchical profiling of objects in arbitrary C/C++ programs with no recompilation.
C++
145
star
8

resctl-demo

Demonstrate and benchmark various features of Linux resource control in a self-contained package.
Rust
141
star
9

allocative

Library and proc macro to analyze memory usage of data structures in rust.
Rust
120
star
10

rust-shed

Repository containing Rust crates common between other Facebook open source projects (like Mononoke or Eden).
Rust
99
star
11

go-media-webtransport-server

WebTransport media server that enables ultra low latency live streaming over QUIC (also VOD and rewind)
Go
82
star
12

webcodecs-capture-play

Live streaming low latency experimentation platform in the browser (using WebCodecs)
JavaScript
78
star
13

siMMMulator

siMMMulator is an open source R-package that helps users to generate simulated data to plug into Marketing Mix Models (MMMs). The package features a variety of functions to help users build a data set from scratch.
R
35
star
14

MemorySnapshotAnalyzer

Analysis tooling for memory snapshots of managed code runtimes, specifically, Unity Memory Snapshots.
C#
29
star
15

moq-encoder-player

This project is provides a minimal implementation (inside the browser) of a live video and audio encoder and video / audio player creating and consuming IETF MOQ stream. The goal is to provide a minimal live platform components that helps testing IETF MOQ interop
JavaScript
26
star
16

protoquant

Prototype routines for GPU quantization written using PyTorch.
Python
19
star
17

moq-go-server

This is an experimental relay (optimized for low latency media transfers) that implements IETF MOQ protocol
Go
16
star
18

edencommon

Shared library for Watchman and Eden projects.
C++
9
star
19

kperf

TCP and TLS performance testing tool.
C
7
star
20

propellint

A tool joining profile information with static analysis.
C++
5
star
21

r8

Customized version of the D8 dexer and R8 shrinker
Java
4
star
22

iot-session-manager

The IoT Session Manager is an application that provides a reliable and scalable device to device messaging network with simple setup. The system is deployable locally on a machine or on a cloud server and provides extensible methods for device authentication and control automation.
Python
3
star
23

fnob

Open source Fnob (Command-line Dynamic Random Generator) package;
SystemVerilog
2
star
24

Rmdkernel

This is a very simple fork of https//github.com/IRkernel/IRkernel to provide an rmarkdown (rather than R) jupyter kernel.
Jupyter Notebook
2
star
25

xrpa

Xrpa (pronounced "sherpa") is a platform architecture framework for building experimental XR experiences.
C++
2
star
26

CARL

Classical Action Recognition Library
C++
1
star
27

csproj_benchmark

A tool that generates Visual Studio C# projects and measures IDE startup performance
C#
1
star
28

ndctl

A "device memory" enabling project encompassing tools and libraries for CXL, NVDIMMs, DAX, memory tiering and other platform memory device topics. Forked from https://github.com/pmem/ndctl
C
1
star