Instruction punning: lightweight instrumentation for x86-64

Existing techniques for injecting probes into running applications are limited; they either fail to support probing arbitrary locations, or to support scalable, rapid toggling of probes. We introduce a new technique on x86-64, called instruction punning, which allows scalable probes at any instruction. The key idea is that when we inject a jump instruction, the relative address of the jump serves simultaneously as data and as an instruction sequence. We show that this approach achieves probe invocation overheads of only a few dozen cycles, and probe activation/deactivation costs that are cheaper than a system call, even when all threads in the system are both invoking probes and toggling them.