DOCSLIB.ORG

Dynamic Analysis of ARINC 653 RTOS with LLVM

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Dynamic Analysis of ARINC 653 RTOS with LLVM Vitaly Cheptsov Alexey Khoroshilov Ivannikov Institute for System Programming Ivannikov Institute for System Programming of the Russian Academy of Sciences; of the Russian Academy of Sciences Higher School of Economics Moscow, Russia Moscow, Russia [email protected] [email protected] Abstract—Existing standards for airborne-embedded software national and international standards for secure development systems impose a number of requirements applicable to the lifecycle, like GOST R 56939—2016 [1]. software development cycle of hard real-time operating systems Safety critical software is an entirely different domain. found in modern aircraft. The measures taken are meant to reduce the risks of undesired consequences, but have strongly Creation of systems, failure of which costs human loss, injuries varying costs. Dynamic instrumentation and static analysis are or disasters resulting in severe nature or property damage, may common practices used to automatically find software defects, only be performed under a large amount of strict precautions, from strictly non-conforming code constructions to memory commonly referred to as objectives, defined in industrial corruptions or invalid control flow. LLVM analyser and sani- standards. For aviation it is DO-178C [2]. The resulting tizer infrastructure, while regularly applied to general-purpose software, originally was not thought to be introduced to heavily product has to be certified prior to being put into service, restricted environments. In this paper we discuss the specifics and history shows that the price of timely defect detection of airborne systems with regards to dynamic instrumentation is quite different at the early stage versus the verification or and provide practical considerations to be taken into account for production stage [3]. To lower the costs, additional measures, the effective use of general-purpose instrumentation tools. We sometimes not included in particular regulatory documents, bring a complete LLVM stack support to JetOS, a prospective onboard real-time operating system currently being developed are continuously sought for and efficiently applied whenever at ISP RAS in collaboration with GosNIIAS. As an example, possible. This is especially important when certifying against we port AddressSanitizer, MemorySanitizer, and UndefinedBe- multiple standards containing objectives which not necessarily haviorSanitizer and provide the details against the caveats on all conform to each other. relevant sides: a sanitizer, a compiler, and an operating system. In addition we suggest uninvolved optimisations and enhancements In this paper we study the specifics of modern airborne to the runtimes to maximise the effects of the tools. operating systems in regards to dynamic instrumentation for Index Terms—dynamic instrumentation, real-time operating early error detection. We take a set of general-purpose error systems, ARINC 653, IMA, LLVM detection tools based on the LLVM sanitizer infrastructure, tar- geting dynamic software instrumentation and error detection, I. INTRODUCTION and bring them up in a certified airborne operating system JetOS [4]. These tools are commonly applied to general- The problem of code correctness existed since before it was purpose software development projects but were not intended arXiv:2106.01766v1 [cs.SE] 3 Jun 2021 studied in computer science. As long as programming is done to be used in restricted environments. We describe which tools by humans, there will remain a high probability of mistakes in may be applicable for testing ARINC 653 applications and the the written code, which may result in program malfunctioning operating system itself, which objectives and issues could be at some point in the future. To circumvent biological imper- focused on, and the specifics of implementing sanitizer runtime fection, a number of methods reducing the risks of making support in a hard real-time operating system. We showcase mistakes during software development, decreasing the costs for possible issues to be found and suggest actions to increase the their elimination, and, most importantly, detecting the mistakes efficiency of test results in tandem with the other tools. made as early as possible, are currently being developed. Depending on the software lifecycle and regulatory doc- II. STATE OF THE ART uments used, the set of measures taken may be comprised of: coding standards, test coverage, defensive programming, Dynamic instrumentation is a way to measure program redundancy, semiformal and formal objectives to supporting behaviour by certain parameters allowing to gather information documentation, threat model conformance testing, static anal- about program performance, contract violation, coverage, and ysis, dynamic instrumentation, fuzz-testing, regular inspection, debugging at runtime. Different kinds of instrumentation may code modelling and verification, etc. The minimal objectives require code alteration on the source level or the compiler for general-purpose software development may be defined by level. In this paper we refer to dynamic instrumentation in V. Cheptsov and A. Khoroshilov, “Dynamic Analysis of ARINC 653 RTOS with LLVM,” 2018 Ivannikov Ispras Open Conference (ISPRAS), 2018, pp. 9-15, DOI: 10.1109/ISPRAS.2018.00009. © 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. the sense of compiler passes applying modifications targeting integer overflow, incorrect execution of floating-point programming error detection. calculations, incorrect boolean type assignment, etc; While the benefits of dynamic instrumentation may be vast, • ThreadSanitizer – data race condition detection tool. Used there are not so many publicly available tools that could be for finding errors in multithreaded programs; integrated at a reasonable cost. Proprietary software, such as • Control Flow Integrity – tool implementing a number of WinDbg, Intel Inspector, UNICOM PurifyPlus, Insure++, and control flow integrity checks including the detection of several others, usually target specific platforms or userspace incorrect class and function casts and invalid virtual table instrumentation, and even if free for use come with no source usage; availability. As a result, it is either impossible or very costly to • LeakSanitizer – memory leak detection tool; adopt it to embedded projects, putting aside the safety-critical • EfficiencySanitizer – tool for detecting suboptimal lan- systems segment. The few existing opensource tools have the guage constructions and APIs; exact same problems except in-house resources are to be spent • SafeStack – tool intended to protect software from stack for the bring up. buffer overflow with no measurable performance costs; Valgrind is one of the oldest and most powerful tool suites • libFuzzer – fuzz testing tool. currently developed. It supports a large number of CPUs and These tools are being continuously ported to GCC as well, was proven to be quite effective on general-purpose operating however, the GCC support list is incomplete and suffers from systems, like Linux targets, macOS, or Android. However, backport delays. On the good side, LLVM and Clang try to using Valgrind on non-Linux and even non-POSIX targets may support a reasonable amount of GCC-supported platforms and be quite challenging. One of the ways to use Valgrind could be extensions, which allows a drop-in replacement in the majority porting the code to a simulated Linux-based environment, but of the BSPs. this results in additional costs of supporting multiple systems as well as the inability to detect bugs in the original code, III. JETOS OPERATING SYSTEM which makes the task effectively unrewarding. In addition, Valgrind seriously affects the performance of the instrumented JetOS is a cross-platform hard real-time operating system code [5]. DynamoRIO based Dr. Memory and the supple- designed to control airborne equipment in modern civil avia- mental tools are quite promising, but once again the current tion. One of the fundamental requirements in its implementa- development course is focused on expanding the functionality tion is accordance with ARINC 653 [8] parts 1 and 2. ARINC and resolving the issues in general-purpose operating systems. 653 (Avionics Application Standard Software Interface) de- PowerPC or MIPS-based CPUs are not yet even considered. scribes the implementation of APEX (APplication/EXecutive), an API that regulates space and time partitioning in safety- From this perspective the LLVM project [6] favourably critical real-time operating systems for avionics. This stan- differs from the others by consisting of reusable modules han- dard allows the hosting of multiple applications of different dling compiling, building, and instrumenting stages altogether. software levels on the same hardware in the context of an Just like GNU Compiler Collection (GCC), LLVM subprojects Integrated Modular Avionics (IMA) [9] architecture. In turn, contain all the necessary components to create a fully-fledged IMA is an airborne system architecture used in modern air- toolchain for a target Board Support Package (BSP). It has an crafts (Boeing 787, Airbus A350, etc.) replacing the outdated optimizer with
Recommended publications
  • Dynamic Optimization of IA-32 Applications Under Dynamorio by Timothy Garnett

    Dynamic Optimization of IA-32 Applications Under Dynamorio by Timothy Garnett

    Dynamic Optimization of IA-32 Applications Under DynamoRIO by Timothy Garnett Submitted to the Department of Electrical Engineering and Computer Science in Partial Fulfillment of the Requirements for the Degree of Master of Engineering in Computer Science Abstract The ability of compilers to optimize programs statically is diminishing. The advent and increased use of shared libraries, dynamic class loading, and runtime binding means that the compiler has, even with difficult to accurately obtain profiling data, less and less knowledge of the runtime state of the program. Dynamic optimization systems attempt to fill this gap by providing the ability to optimize the application at runtime when more of the system's state is known and very accurate profiling data can be obtained. This thesis presents two uses of the DynamoRIO runtime introspection and modification system to optimize applications at runtime. The first is a series of optimizations for interpreters running under DynamoRIO's logical program counter extension. The optimizations include extensions to DynamoRIO to allow the interpreter writer add a few annotations to the source code of his interpreter that enable large amounts of optimization. For interpreters instrumented as such, improvements in performance of 20 to 60 percent were obtained. The second use is a proof of concept for accelerating the performance of IA-32 applications running on the Itanium processor by dynamically translating hot trace paths into Itanium IA-64 assembly through DynamoRIO while allowing the less frequently executed potions of the application to run in Itanium's native IA-32 hardware emulation. This transformation yields speedups of almost 50 percent on small loop intensive benchmarks.
  • Rational Purifyplus for UNIX

    Rational Purifyplus for UNIX

    Develop Fast, Reliable Code Rational PurifyPlus for UNIX Customers and end-users demand that your Automatically Pinpoint code works reliably and offers adequate execu- Hard-To-Find Bugs tion performance. But the reality of your deliv- Reliability problems, such as runtime errors and ery schedule often forces you to sacrifice relia- memory leaks in C/C++, can kill a software bility or performance – sometimes both. And company’s reputation. These errors are hard to without adequate time for testing, you may not find, hard to reproduce, and hardest of all, to even know these issues exist. So you reluctant- explain to customers who discover them. No ly deliver your code before it’s ready, knowing one intentionally relies on their customer as good and well that the integrity of your work their "final QA." But without adequate tools, this may be suspect. is the inevitable outcome. Even the best pro- Rational Software has a solution for ensuring grammers make mistakes in their coding. that your code is both fast and reliable. Rational PurifyPlus for UNIX automatically finds HIGHLIGHTS Rational® PurifyPlus for UNIX combines runtime these reliability errors in C/C++ code that can’t error detection, application performance profil- Automatically finds runtime be found in any other way. It finds the errors ing, and code coverage analysis into a single, errors in C/C++ code even before visible symptoms occur (such as a complete package. Together, these functions system crash or other spurious behavior). And help developers ensure the highest reliability Quickly isolates application it shows you exactly where the error originated, and performance of their software from the very performance bottlenecks regardless of how remote from the visible first release.
  • Dynamic Binary Translation & Instrumentation

    Dynamic Binary Translation & Instrumentation

    Dynamic Binary Translation & Instrumentation Pin Building Customized Program Analysis Tools with Dynamic Instrumentation CK Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Kim Hazelwood Intel Vijay Janapa Reddi University of Colorado http://rogue.colorado.edu/Pin PLDI’05 2 Instrumentation • Insert extra code into programs to collect information about execution • Program analysis: • Code coverage, call-graph generation, memory-leak detection • Architectural study: • Processor simulation, fault injection • Existing binary-level instrumentation systems: • Static: • ATOM, EEL, Etch, Morph • Dynamic: • Dyninst, Vulcan, DTrace, Valgrind, Strata, DynamoRIO C Pin is a new dynamic binary instrumentation system PLDI’05 3 A Pintool for Tracing Memory Writes #include <iostream> #include "pin.H" executed immediately before a FILE* trace; write is executed • Same source code works on the 4 architectures VOID RecordMemWrite(VOID* ip, VOID* addr, UINT32 size) { fprintf(trace,=> “%p: Pin Wtakes %p %dcare\n”, of ip, different addr, size); addressing modes } • No need to manually save/restore application state VOID Instruction(INS ins, VOID *v) { if (INS_IsMemoryWrite(ins))=> Pin does it for you automatically and efficiently INS_InsertCall(ins, IPOINT_BEFORE, AFUNPTR(RecordMemWrite), IARG_INST_PTR, IARG_MEMORYWRITE_EA, IARG_MEMORYWRITE_SIZE, IARG_END); } int main(int argc, char * argv[]) { executed when an instruction is PIN_Init(argc, argv); dynamically compiled trace = fopen(“atrace.out”, “w”); INS_AddInstrumentFunction(Instruction,
  • Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation

    Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation

    Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation Chi-Keung Luk Robert Cohn Robert Muth Harish Patil Artur Klauser Geoff Lowney Steven Wallace Vijay Janapa Reddi Kim Hazelwood Intel Corporation ¡ University of Colorado ¢¤£¦¥¨§ © £ ¦£ "! #%$&'( £)&(¦*+©-,.+/01$©-!2 ©-,2¦3 45£) 67©2, £¦!2 "0 Abstract 1. Introduction Robust and powerful software instrumentation tools are essential As software complexity increases, instrumentation—a technique for program analysis tasks such as profiling, performance evalu- for inserting extra code into an application to observe its behavior— ation, and bug detection. To meet this need, we have developed is becoming more important. Instrumentation can be performed at a new instrumentation system called Pin. Our goals are to pro- various stages: in the source code, at compile time, post link time, vide easy-to-use, portable, transparent, and efficient instrumenta- or at run time. Pin is a software system that performs run-time tion. Instrumentation tools (called Pintools) are written in C/C++ binary instrumentation of Linux applications. using Pin’s rich API. Pin follows the model of ATOM, allowing the The goal of Pin is to provide an instrumentation platform for tool writer to analyze an application at the instruction level with- building a wide variety of program analysis tools for multiple archi- out the need for detailed knowledge of the underlying instruction tectures. As a result, the design emphasizes ease-of-use, portabil- set. The API is designed to be architecture independent whenever ity, transparency, efficiency, and robustness. This paper describes possible, making Pintools source compatible across different archi- the design of Pin and shows how it provides these features.
  • Intermediate Representation and LLVM

    Intermediate Representation and LLVM

    CS153: Compilers Lecture 6: Intermediate Representation and LLVM Stephen Chong https://www.seas.harvard.edu/courses/cs153 Contains content from lecture notes by Steve Zdancewic and Greg Morrisett Announcements •Homework 1 grades returned •Style •Testing •Homework 2: X86lite •Due Tuesday Sept 24 •Homework 3: LLVMlite •Will be released Tuesday Sept 24 Stephen Chong, Harvard University 2 Today •Continue Intermediate Representation •Intro to LLVM Stephen Chong, Harvard University 3 Low-Level Virtual Machine (LLVM) •Open-Source Compiler Infrastructure •see llvm.org for full documentation •Created by Chris Lattner (advised by Vikram Adve) at UIUC •LLVM: An infrastructure for Multi-stage Optimization, 2002 •LLVM: A Compilation Framework for Lifelong Program Analysis and Transformation, 2004 •2005: Adopted by Apple for XCode 3.1 •Front ends: •llvm-gcc (drop-in replacement for gcc) •Clang: C, objective C, C++ compiler supported by Apple •various languages: Swift, ADA, Scala, Haskell, … •Back ends: •x86 / Arm / PowerPC / etc. •Used in many academic/research projects Stephen Chong, Harvard University 4 LLVM Compiler Infrastructure [Lattner et al.] LLVM llc frontends Typed SSA backend like IR code gen 'clang' jit Optimizations/ Transformations Analysis Stephen Chong, Harvard University 5 Example LLVM Code factorial-pretty.ll define @factorial(%n) { •LLVM offers a textual %1 = alloca %acc = alloca store %n, %1 representation of its IR store 1, %acc •files ending in .ll br label %start start: %3 = load %1 factorial64.c %4 = icmp sgt %3, 0 br %4, label
  • Ryan Holland CSC415 Term Paper Final Draft Language: Swift (OSX)

    Ryan Holland CSC415 Term Paper Final Draft Language: Swift (OSX)

    Ryan Holland CSC415 Term Paper Final Draft Language: Swift (OSX) Apple released their new programming language "Swift" on June 2nd of this year. Swift replaces current versions of objective-C used to program in the OSX and iOS environments. According to Apple, swift will make programming apps for these environments "more fun". Swift is also said to bring a significant boost in performance compared to the equivalent objective-C. Apple has not released an official document stating the reasoning behind the launch of Swift, but speculation is that it was a move to attract more developers to the iOS platform. Swift development began in 2010 by Chris Lattner, but would later be aided by many other programmers. Swift employs ideas from many languages into one, not only from objective-C. These languages include Rust, Haskell, Ruby, Python, C#, CLU mainly but many others are also included. Apple says that most of the language is built for Cocoa and Cocoa Touch. Apple claims that Swift is more friendly to new programmers, also claiming that the language is just as enjoyable to learn as scripting languages. It supports a feature known as playgrounds, that allow programmers to make modifications on the fly, and see results immediately without the need to build the entire application first. Apple controls most aspects of this language, and since they control so much of it, they keep a detailed records of information about the language on their developer site. Most information within this paper will be based upon those records. Unlike most languages, Swift has a very small set of syntax that needs to be shown compared to other languages.
  • The Developer's Guide to Debugging

    The Developer's Guide to Debugging

    The Developer’s Guide to Debugging Thorsten Grotker¨ · Ulrich Holtmann Holger Keding · Markus Wloka The Developer’s Guide to Debugging 123 Thorsten Gr¨otker Ulrich Holtmann Holger Keding Markus Wloka Internet: http://www.debugging-guide.com Email: [email protected] ISBN: 978-1-4020-5539-3 e-ISBN: 978-1-4020-5540-9 Library of Congress Control Number: 2008929566 c 2008 Springer Science+Business Media B.V. No part of this work may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, microfilming, recording or otherwise, without written permission from the Publisher, with the exception of any material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Printed on acid-free paper 987654321 springer.com Foreword Of all activities in software development, debugging is probably the one that is hated most. It is guilt-ridden because a technical failure suggests personal fail- ure; because it points the finger at us showing us that we have been wrong. It is time-consuming because we have to rethink every single assumption, every single step from requirements to implementation. Its worst feature though may be that it is unpredictable: You never know how much time it will take you to fix a bug - and whether you’ll be able to fix it at all. Ask a developer for the worst moments in life, and many of them will be related to debugging. It may be 11pm, you’re still working on it, you are just stepping through the program, and that’s when your spouse calls you and asks you when you’ll finally, finally get home, and you try to end the call as soon as possible as you’re losing grip on the carefully memorized observations and deductions.
  • Heapmon: a Low Overhead, Automatic, and Programmable Memory Bug Detector ∗

    Heapmon: a Low Overhead, Automatic, and Programmable Memory Bug Detector ∗

    Appears in the Proceedings of the First IBM PAC2 Conference HeapMon: a Low Overhead, Automatic, and Programmable Memory Bug Detector ∗ Rithin Shetty, Mazen Kharbutli, Yan Solihin Milos Prvulovic Dept. of Electrical and Computer Engineering College of Computing North Carolina State University Georgia Institute of Technology frkshetty,mmkharbu,[email protected] [email protected] Abstract memory bug detection tool, improves debugging productiv- ity by a factor of ten, and saves $7,000 in development costs Detection of memory-related bugs is a very important aspect of the per programmer per year [10]. Memory bugs are not easy software development cycle, yet there are not many reliable and ef- to find via code inspection because a memory bug may in- ficient tools available for this purpose. Most of the tools and tech- volve several different code fragments which can even be in niques available have either a high performance overhead or require different files or modules. The compiler is also of little help a high degree of human intervention. This paper presents HeapMon, in finding heap-related memory bugs because it often fails to a novel hardware/software approach to detecting memory bugs, such fully disambiguate pointers [18]. As a result, detection and as reads from uninitialized or unallocated memory locations. This new identification of memory bugs must typically be done at run- approach does not require human intervention and has only minor stor- time [1, 2, 3, 4, 6, 7, 8, 9, 11, 13, 14, 18]. Unfortunately, the age and execution time overheads. effects of a memory bug may become apparent long after the HeapMon relies on a helper thread that runs on a separate processor bug has been triggered.
  • LLVM Overview

    LLVM Overview

    Overview Brandon Starcheus & Daniel Hackney Outline ● What is LLVM? ● History ● Language Capabilities ● Where is it Used? What is LLVM? What is LLVM? ● Compiler infrastructure used to develop a front end for any programming language and a back end for any instruction set architecture. ● Framework to generate object code from any kind of source code. ● Originally an acronym for “Low Level Virtual Machine”, now an umbrella project ● Intended to replace the GCC Compiler What is LLVM? ● Designed to be compatible with a broad spectrum of front ends and computer architectures. What is LLVM? LLVM Project ● LLVM (Compiler Infrastructure, our focus) ● Clang (C, C++ frontend) ● LLDB (Debugger) ● Other libraries (Parallelization, Multi-level IR, C, C++) What is LLVM? LLVM Project ● LLVM (Compiler Infrastructure, our focus) ○ API ○ llc Compiler: IR (.ll) or Bitcode (.bc) -> Assembly (.s) ○ lli Interpreter: Executes Bitcode ○ llvm-link Linker: Bitcode (.bc) -> Bitcode (.bc) ○ llvm-as Assembler: IR (.ll) -> Bitcode (.bc) ○ llvm-dis Disassembler: Bitcode (.bc) -> IR (.ll) What is LLVM? What is LLVM? Optimizations History History ● Developed by Chris Lattner in 2000 for his grad school thesis ○ Initial release in 2003 ● Lattner also created: ○ Clang ○ Swift ● Other work: ○ Apple - Developer Tools, Compiler Teams ○ Tesla - VP of Autopilot Software ○ Google - Tensorflow Infrastructure ○ SiFive - Risc-V SoC’s History Language Capabilities Language Capabilities ● Infinite virtual registers ● Strongly typed ● Multiple Optimization Passes ● Link-time and Install-time
  • Improving Program Reconstruction in LLDB Using C++ Modules

    Improving Program Reconstruction in LLDB Using C++ Modules

    Beyond Debug Information: Improving Program Reconstruction in LLDB using C++ Modules Master’s Thesis in Computer Science and Engineering RAPHAEL ISEMANN Department of Computer Science and Engineering CHALMERS UNIVERSITY OF TECHNOLOGY UNIVERSITY OF GOTHENBURG Gothenburg, Sweden 2019 Master’s thesis 2019 Beyond Debug Information: Improving Program Reconstruction in LLDB using C++ Modules Raphael Isemann Department of Computer Science and Engineering Chalmers University of Technology University of Gothenburg Gothenburg, Sweden 2019 Beyond Debug Information: Improving Program Reconstruction in LLDB using C++ Modules Raphael Isemann © Raphael Isemann, 2019. Supervisor: Thomas Sewell, Department of Computer Science and Engineering Examiner: Magnus Myreen, Department of Computer Science and Engineering Master’s Thesis 2019 Department of Computer Science and Engineering Chalmers University of Technology and University of Gothenburg SE-412 96 Gothenburg Telephone +46 31 772 1000 Cover: The LLVM logo, owned by and royality-free licensed from Apple Inc. Typeset in LATEX Gothenburg, Sweden 2019 iv Beyond Debug Information: Improving Program Reconstruction in LLDB using C++ Modules Raphael Isemann Department of Computer Science and Engineering Chalmers University of Technology and University of Gothenburg Abstract Expression evaluation is a core feature of every modern C++ debugger. Still, no C++ debugger currently features an expression evaluator that consistently supports advanced language features such as meta-programming with templates. The under- lying problem is that the debugger can often only partially reconstruct the debugged program from the debug information. This thesis presents a solution to this problem by using C++ modules as an additional source of program information. We devel- oped a prototype based on the LLDB debugger that is loading missing program components from the C++ modules used by the program.
  • An Infrastructure for Adaptive Dynamic Optimization

    An Infrastructure for Adaptive Dynamic Optimization

    An Infrastructure for Adaptive Dynamic Optimization Derek Bruening, Timothy Garnett, and Saman Amarasinghe Laboratory for Computer Science Massachusetts Institute of Technology Cambridge, MA 02139 fiye,timothyg,[email protected] Abstract ing profile information improves the predictions but still falls short for programs whose behavior changes dynami- Dynamic optimization is emerging as a promising ap- cally. Additionally, many software vendors are hesitant to proach to overcome many of the obstacles of traditional ship binaries that are compiled with high levels of static op- static compilation. But while there are a number of com- timization because they are hard to debug. piler infrastructures for developing static optimizations, Shifting optimizations to runtime solves these problems. there are very few for developing dynamic optimizations. Dynamic optimization allows the user to improve the per- We present a framework for implementing dynamic analy- formance of binaries without relying on how they were ses and optimizations. We provide an interface for build- compiled. Furthermore, several types of optimizations are ing external modules, or clients, for the DynamoRIO dy- best suited to a dynamic optimization framework. These in- namic code modification system. This interface abstracts clude adaptive, architecture-specific, and inter-module opti- away many low-level details of the DynamoRIO runtime mizations. system while exposing a simple and powerful, yet efficient Adaptive optimizations require instant responses to and lightweight, API. This is achieved by restricting opti- changes in program behavior. When performed statically, a mization units to linear streams of code and using adaptive single profiling run is taken to be representative of the pro- levels of detail for representing instructions.
  • Using Dynamic Binary Instrumentation for Security(And How You May Get

    Using Dynamic Binary Instrumentation for Security(And How You May Get

    King’s Research Portal Document Version Peer reviewed version Link to publication record in King's Research Portal Citation for published version (APA): Cono D'Elia, D., Coppa, E., Palmaro, F., & Cavallaro, L. (Accepted/In press). SoK: Using Dynamic Binary Instrumentation for Security (And How You May Get Caught Red Handed). In ACM Asia Conference on Information, Computer and Communications Security (ASIACCS 2019) Citing this paper Please note that where the full-text provided on King's Research Portal is the Author Accepted Manuscript or Post-Print version this may differ from the final Published version. If citing, it is advised that you check and use the publisher's definitive version for pagination, volume/issue, and date of publication details. And where the final published version is provided on the Research Portal, if citing you are again advised to check the publisher's website for any subsequent corrections. General rights Copyright and moral rights for the publications made accessible in the Research Portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognize and abide by the legal requirements associated with these rights. •Users may download and print one copy of any publication from the Research Portal for the purpose of private study or research. •You may not further distribute the material or use it for any profit-making activity or commercial gain •You may freely distribute the URL identifying the publication in the Research Portal Take down policy If you believe that this document breaches copyright please contact [email protected] providing details, and we will remove access to the work immediately and investigate your claim.