A Midsummer Night's Tree: Efficient and High Performance Secure SCM

This is the artifact for ASPLOS Fall '24 Submission #74
``A Midsummer Night's Tree: Efficient and High Performance Secure SCM''

The artifact is largely basd on gem5, a state-of-the-art simulation tool, and
models benchmarks from the PARSEC benchmark suite. Our evaluation also includes
results from the SPEC 2017 CPU suite, but we are only releasing the option to
run the capability to run the open-sourced benchmark suite.

We briefly describe our contribution to the repository below:

The source for AMNT and the related prior art can be found in the 'src/mem/mee'
directory. Here we implement each algorithm as an extension to the
'BaseMemoryEncryptionEngine' class to ensure the portability of each protocol.

The source for the OS modification comprising AMNT++ can be found in the
'linux-build' repository. In particular, our modifications can be found in the
'__free_one_page' function, where we bias the ordering of the free pages struct.

Our work assumes an ARM processor. To build the simulator, call
'scons build/ARM/gem5.opt'. Then, use the script run_benchmark.sh to run boot
the simulator. This script assumes a working disk image, operating system, and
checkpoint are provided to run properly. For ease of evaluation, we provide
disk images with the benchmark suite pre-built on an Ubuntu 18.04 disk as
provided by the gem5 guest resources and are located in 'dist/disks'. Similarly,
checkpoints have been provided in the 'checkpoints/' directory for ease of
evaluation, but they can be reconstructed using the 'set_checkpoint.sh' script.
Finally, the operating systems can be built from scratch using the source in the
'linux-build' directory, but we include pre-compiled versions of the OS with and
without our changes in 'dist/binaries/<modified, unmodified>_vmlinux.arm64'. You
can unzip the 'dist.zip' and 'checkpoints.zip' files from the Zenodo DOI
provided in the artifact.

The 'run_benchmark.sh' script takes several inputs that can be found by calling
'bash run_benchmark.sh --help'. For example, if I were to run AMNT through the
canneal benchmark without the modified OS, I would call
'bash run_benchmark.sh unmodified parsec canneal ParsecSP-HW 100000000000 amnt'.
Note, we modified the benchmarks so that they automatically exit after the
region of interest (as specified by the developers) completes. Thus, setting a
large max insts value essentially allows the benchmark to run to completion
(this can be verified by checking the simInsts value in the stats output of the
simulation, which could be found in
'results/ParsecSP-HW/canneal/amnt/stats.txt'). If strapped for time, you can
run with a smaller max insts value so long as its consistent across
configurations, but longer runs model more of the region of interest and will
be more accurate.

We now describe the assumed environment, and provide a detailed workflow to
evaluate our environment.

Software requirements: We assume that you are running on an Ubuntu OS (at least
20.04). The workflow may also work for other Linux-based operating systems, but
is untested for our environment and may lead to errors in compilation and/or
runtime. In the workflow we will enumerate the required packages to install.

We assume that you have approximately 72GB of free disk space to support the
repository, pre-built disk images (for simulation), and pre-built operating
system binaries (for simulation).

The workflow to build and run the artifact is as follows:

1. Download the artifact
' $ mkdir AMNT-Artifact && cd AMNT-Artifact '
' $ wget https://zenodo.org/records/10775190/files/gem5.zip '
' $ wget https://zenodo.org/records/10775190/files/dist.zip '
' $ wget https://zenodo.org/records/10775190/files/checkpoints.zip '

2. Unzip the artifact and build the simulator
' $ unzip gem5.zip '
' $ cd gem5 '
' $ mv ../dist.zip . && unzip dist.zip '
' $ mv ../checkpoints.zip . && unzip checkpoints.zip '
' $ sudo apt install build-essential git m4 scons zlib1g zlib1g-dev \
      libprotobuf-dev protobuf-compiler libprotoc-dev libgoogle-perftools-dev \
      python3-dev python3 -y'
' $ scons build/ARM/gem5.opt -j `nproc` ' # Note the build step takes +/- 1 hour

3. We have provided the pre-built modified and unmodified OS, simulated file
system (disk images can be found ' $ ls /AMNT-Artifact/dist/disks/*.img '), and
simulation checkpoints ( ' $ ls checkpoints/ '), which were taken at the labeled
region of interest for each benchmark.

4. Run the benchmarks.
We have provided several scripts to help facilitate performing evaluation.
- Use the 'unmodified' operating system type for all configurations besides
amnt++. To run amnt++, use 'modified'.
- To evaluate single program workloads, use the disk id 'parsec'. For
multiprogram workloads, use 'parsec_multiprog'.
- Specify which of the parsec benchmarks to run, see either the enumerated
list in the checkpoints directory, or refer to Fig. 4 of our paper.
- To evaluate single program workloads, use the run type 'ParsecSP-HW' for all
configurations besides amnt++. To run amnt++, use 'ParsecSP-HWSW'.
- Use a fixed value for max insts if you would like to terminate a benchmark
before reaching the end of the region of interest.
- Specify which secure memory protocol to run (leaf, strict, amnt, amnt++,
anubis, bmf)

4a. Run a single benchmark
' $ bash run_benchmark.sh <OS type> <disk id> <benchmark> <run type> \
      <max insts> <config> '

4b. Wrapper to run some of the benchmarks (manually specified subset)
' $ bash run_specified.sh <bench1> <bench2> ... <benchN> '

4c. Wrapper to run all of the benchmarks
' $ bash run_all.sh '

5. Interpreting results
Results are stored in 'stats.txt' files in the 'outdir' specified by the run
command. We follow the convention 'results/<run type>/<benchmark>/<config>/' to
define the outdir. We base performance on the number of simTicks (simulated
cycles in gem5 execution). Fetch this metric by calling:
' $ grep simTicks results/<run type>/<benchmark>/<config>/stats.txt '
Note: AMNT++ is config 'amnt' and run type 'ParsecXP-HWSW'.

For your convenience, we include the script 'parse_results.py' which
scans the expected output paths for the appropriate files and prints them in
CSV format (normalized and non-normalized). The script assumes all tests are
done, but can be modified as appropriate. It can be run by calling:
' $ python3 parse_results.py '

The results used for the main result of the paper (Fig. 4) can be found in
'main_results', and we itemize the tests to run and the time it took us to
run each test below:
    - bash run_benchmark.sh unmodified parsec blackscholes ParsecSP-HW 1000000000 leaf (~6 hours per config to run)
    - bash run_benchmark.sh unmodified parsec blackscholes ParsecSP-HW 1000000000 strict
    - bash run_benchmark.sh unmodified parsec blackscholes ParsecSP-HW 1000000000 anubis
    - bash run_benchmark.sh unmodified parsec blackscholes ParsecSP-HW 1000000000 bmf
    - bash run_benchmark.sh unmodified parsec blackscholes ParsecSP-HW 1000000000 amnt
    - bash run_benchmark.sh modified parsec blackscholes ParsecSP-HWSW 1000000000 amnt (this is AMNT++)
    - bash run_benchmark.sh unmodified parsec bodytrack ParsecSP-HW 1000000000 leaf (~19 hours)
    - etc...
    - bash run_benchmark.sh unmodified parsec facesim ParsecSP-HW 1000000000 leaf (~47 hours)
    - etc...
    - bash run_benchmark.sh unmodified parsec ferret ParsecSP-HW 1000000000 leaf (~2 hours)
    - etc...
    - bash run_benchmark.sh unmodified parsec fluidanimate ParsecSP-HW 1000000000 leaf (>48 hours)
    - etc...
    - bash run_benchmark.sh unmodified parsec freqmine ParsecSP-HW 1000000000 leaf (>48 hours)
    - etc...
    - bash run_benchmark.sh unmodified parsec swaptions ParsecSP-HW 1000000000 leaf (~41 hours)
    - etc...
    - bash run_benchmark.sh unmodified parsec x264 ParsecSP-HW 1000000000 leaf (~38 hours)
    - etc...
    - bash run_benchmark.sh unmodified parsec canneal ParsecSP-HW 1000000000 leaf (>48 hours)
    - etc...
    - bash run_benchmark.sh unmodified parsec dedup ParsecSP-HW 1000000000 leaf (>48 hours)
    - etc...

The README of the unmodified repository can be found below:

----------------

This is the gem5 simulator.

The main website can be found at http://www.gem5.org

A good starting point is http://www.gem5.org/about, and for
more information about building the simulator and getting started
please see http://www.gem5.org/documentation and
http://www.gem5.org/documentation/learning_gem5/introduction.

To build gem5, you will need the following software: g++ or clang,
Python (gem5 links in the Python interpreter), SCons, zlib, m4, and lastly
protobuf if you want trace capture and playback support. Please see
http://www.gem5.org/documentation/general_docs/building for more details
concerning the minimum versions of these tools.

Once you have all dependencies resolved, type 'scons
build/<CONFIG>/gem5.opt' where CONFIG is one of the options in build_opts like
ARM, NULL, MIPS, POWER, SPARC, X86, Garnet_standalone, etc. This will build an
optimized version of the gem5 binary (gem5.opt) with the the specified
configuration. See http://www.gem5.org/documentation/general_docs/building for
more details and options.

The main source tree includes these subdirectories:
   - build_opts: pre-made default configurations for gem5
   - build_tools: tools used internally by gem5's build process.
   - configs: example simulation configuration scripts
   - ext: less-common external packages needed to build gem5
   - include: include files for use in other programs
   - site_scons: modular components of the build system
   - src: source code of the gem5 simulator
   - system: source for some optional system software for simulated systems
   - tests: regression tests
   - util: useful utility programs and files

To run full-system simulations, you may need compiled system firmware, kernel
binaries and one or more disk images, depending on gem5's configuration and
what type of workload you're trying to run. Many of those resources can be
downloaded from http://resources.gem5.org, and/or from the git repository here:
https://gem5.googlesource.com/public/gem5-resources/

If you have questions, please send mail to gem5-users@gem5.org

Enjoy using gem5 and please share your modifications and extensions.