Abstract
Process virtualization provides a virtual execution environment within which an unmodified application can be monitored and controlled while it executes. The provided layer of control can be used for purposes ranging from sandboxing to compatibility to profiling. The additional operations required for this layer are performed clandestinely alongside regular program execution. Software dynamic instrumentation is one method for implementing process virtualization which dynamically instruments an application such that the application's code and the inserted code are interleaved together. DynamoRIO is a process virtualization system implemented using software code cache techniques that allows users to build customized dynamic instrumentation tools. There are many challenges to building such a runtime system. One major obstacle is transparency. In order to support executing arbitrary applications, DynamoRIO must be fully transparent so that an application cannot distinguish between running inside the virtual environment and native execution. In addition, any desired extra operations for a particular tool must avoid interfering with the behavior of the application.
Transparency has historically been provided on an ad-hoc basis, as a reaction to observed problems in target applications. This paper identifies a necessary set of transparency requirements for running mainstream Windows and Linux applications. We discuss possible solutions to each transparency issue, evaluate tradeoffs between different choices, and identify cases where maintaining transparency is not practically solvable. We believe this will provide a guideline for better design and implementation of transparent dynamic instrumentation, as well as other similar process virtualization systems using software code caches.
- DynamoRIO dynamic instrumentation tool platform, Feb. 2009. http://dynamorio.org/.Google Scholar
- V. Bala, E. Duesterwald, and S. Banerjia. Dynamo: A transparent runtime optimization system. In Proceeiding of ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '00), pages 1--12, June 2000. Google Scholar
Digital Library
- L. Baraz, T. Devor, O. Etzion, S. Goldenberg, A. Skaletsky, Y. Wang, and Y. Zemach. IA-32 Execution Layer: a two-phase dynamic translator designed to support IA-32 applications on Itanium-based systems. In 36th International Symposium on Microarchitecture, 2003. Google Scholar
Digital Library
- P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauery, I. Pratt, and A. Warfield. Xen and the art of virtualization. In Proceeiding of 19th ACM Symposium on Operating System Principles (SOSP '03), pages 164--177, Oct. 2003. Google Scholar
Digital Library
- F. Bellard. QEMU, a Fast and Portable Dynamic Translator. In USENIX Annual Technical Conference. USENIX Association, 2005. Google Scholar
Digital Library
- D. Bruening. Efficient, Transparent, and Comprehensive Runtime Code Manipulation. PhD thesis, M.I.T., Sept. 2004. Google Scholar
Digital Library
- D. Bruening and S. Amarasinghe. Maintaining consistency and bounding capacity of software code caches. In Proceedings of International Symposium on Code Generation and Optimization (CGO '05), pages 74--85, Mar. 2005. Google Scholar
Digital Library
- D. Bruening and Q. Zhao. Practical memory checking with Dr. Memory. In The International Symposium on Code Generation and Optimization, Chamonix, France, Apr 2011. Google Scholar
Digital Library
- D. Bruening, E. Duesterwald, and S. Amarasinghe. Design and implementation of a dynamic optimization framework for Windows. In Proceedings of 4th ACM Workshop on Feedback-Directed and Dynamic Optimization (FDDO-4), pages 19--30, Dec. 2001.Google Scholar
- D. Bruening, T. Garnett, and S. Amarasinghe. An infrastructure for adaptive dynamic optimization. In Proceedings of International Symposium on Code Generation and Optimization (CGO '03), pages 265--275, Mar. 2003. Google Scholar
Digital Library
- B. R. Buck and J. Hollingsworth. An API for runtime code patching. Journal of High Performance Computing Applications, 14 (4): 317--329, Winter 2000. Google Scholar
Digital Library
- E. Bugnion, S. Devine, and M. Rosenblum. Disco: Running commodity operating systems on scalable multiprocessors. In Proceedings of 16th ACM Symposium on Operating System Principles (SOSP '97), pages 143--156, Oct. 1997. Google Scholar
Digital Library
- W. Chen, S. Lerner, R. Chaiken, and D. M. Gillies. Mojo: A dynamic optimization system. In Proceedings of 3rd ACM Workshop on Feedback-Directed and Dynamic Optimization (FDDO-3), pages 81--90, Dec. 2000.Google Scholar
- W. Cheng, Q. Zhao, B. Yu, and S. Hiroshige. Tainttrace: Efficient flow tracing with dynamic binary rewriting. In Proceedings of Proceedings of the 11th IEEE Symposium on Computers and Communications (ISCC '06), pages 749--754, 2006. Google Scholar
Digital Library
- C. Cifuentes, B. Lewis, and D. Ung. Walkabout -- a retargetable dynamic binary translation framework. In Proceedings of 4th Workshop on Binary Translation, Sept. 2002.Google Scholar
- R. F. Cmelik and D. Keppel. Shade: A fast instruction-set simulator for execution profiling. Technical Report UWCSE 93-06-06, University of Washington, June 1993. Google Scholar
Digital Library
- Connectix. Virtual PC. http://www.microsoft.com/windows/virtualpc/default.mspx.Google Scholar
- K. Ebcioglu and E. Altman. DAISY: Dynamic compilation for 100% architectural compatibility. In Proceedings of 24th International Symposium on Computer Architecture (ISCA '97), pages 26--37, June 1997. Google Scholar
Digital Library
- GDB. The GNU Project Debugger. http://www.gnu.org/software/gdb/gdb.html.Google Scholar
- J. D. Hiser, D. Williams, W. Hu, J. W. Davidson, J. Mars, and B. R. Childers. Evaluating indirect branch handling mechanisms in software dynamic translation systems. In Proceedings of the International Symposium on Code Generation and Optimization, CGO '07, pages 61--73, Washington, DC, USA, 2007. IEEE Computer Society. Google Scholar
Digital Library
- G. Hunt and D. Brubacher. Detours: Binary interception of win32 functions. In Proceedings of USENIX Windows NT Workshop, pages 135--144, July 1999. Google Scholar
Digital Library
- V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proceedings of 11th USENIX Security Symposium, pages 191--206, Aug. 2002. Google Scholar
Digital Library
- A. Klaiber. The technology behind Crusoe processors. Transmeta Corporation, Jan. 2000. http://www.transmeta.com/crusoe/download/pdf/crusoetechwp.pdf.Google Scholar
- N. Kumar, B. Childers, and M. L. Soffa. Tdb: A source level debugger for dynamically translated programs. In the Sixth International Symposium on Automated And Analysis-Driven Debugging (AADEBUG), 2005. Google Scholar
Digital Library
- C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: Building customized program analysis tools with dynamic instrumentation. In Proceedings of ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '05), pages 190--200, June 2005. Google Scholar
Digital Library
- L. Martignoni, R. Paleari, G. F. Roglia, and D. Bruschi. Testing CPU emulators. In Proceedings of 2009 International Conference on Software Testing and Analysis (ISSTA), pages 261--272. ACM, July 2009. Chicago, Illinois, USA. Google Scholar
Digital Library
- Microsoft Debugging Tools for Windows. http://www.microsoft.com/whdc/devtools/debugging/default.mspx.Google Scholar
- G. Nebbett. Windows NT/2000 Native API Reference. Macmillan Technical Publishing, Indianapolis, IN, 2000. Google Scholar
Digital Library
- N. Nethercote. Spec2006 zeusmp and dealII on Valgrind 3.3.0, 2008. (These failures are still present in version 3.7.0.) http://article.gmane.org/gmane.comp.debugging.valgrind/7947/match=spec2006%.Google Scholar
- N. Nethercote and J. Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. In Proceedings of ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '07), pages 89--100, June 2007. Google Scholar
Digital Library
- Parasoft. Insure http://www.parasoft.com/jsp/products/insure.jsp?itemId=63.Google Scholar
- K. Scott, N. Kumar, S. Velusamy, B. Childers, J. Davidson, and M. L. Soffa. Reconfigurable and retargetable software dynamic translation. In Proceedings of International Symposium on Code Generation and Optimization (CGO '03), pages 36--47, Mar. 2003. Google Scholar
Digital Library
- J. Seward and N. Nethercote. Using Valgrind to detect undefined value errors with bit-precision. In Proceedings of USENIX Annual Technical Conference, pages 2--2, 2005. Google Scholar
Digital Library
- A. Skaletsky, T. Devor, N. Chachmon, R. Cohn, K. Hazelwood, V. Vladimirov, and M. Bach. Dynamic program analysis of microsoft windows applications. In International Symposium on Performance Analysis of Software and Systems (ISPASS), 2010.Google Scholar
Cross Ref
- J. Souloglou. A Framework for Dynamic Binary Translation. PhD thesis, University of Manchester, 1996.Google Scholar
- S. Sridhar, J. S. Shapiro, E. Northup, and P. P. Bungale. HDTrans: An open source, low-level dynamic instrumentation system. In Proceedings of 2nd International Conference on Virtual Execution Environments (VEE '06), pages 175--185, New York, NY, USA, 2006. ACM Press. Google Scholar
Digital Library
- A. Srivastava, A. Edwards, and H. Vo. Vulcan: Binary transformation in a distributed environment. Technical Report MSR-TR-2001--50, Microsoft Research, Apr. 2001.Google Scholar
- Standard Performance Evaluation Corporation. SPEC CPU2000 benchmark suite, 2000. http://www.spec.org/osg/cpu2000/.Google Scholar
- Standard Performance Evaluation Corporation. SPEC CPU2006 benchmark suite, 2006. http://www.spec.org/osg/cpu2006/.Google Scholar
- Q. Zhao, J. E. Sim, L. Rudolph, and W. Wong. Dep: Detailed execution profile. In International Conference on Parallel Architectures and Compilation Techniques, Seattle, WA, Sep 2006. Google Scholar
Digital Library
- Q. Zhao, R. Rabbah, S. Amarasinghe, L. Rudolph, and W.-F. Wong. Ubiquitous memory introspection. In International Symposium on Code Generation and Optimization, San Jose, CA, Mar 2007. Google Scholar
Digital Library
- Q. Zhao, I. Cutcutache, and W.-F. Wong. Pipa: Pipelined profiling and analysis on multi-core systems. In The International Symposium on Code Generation and Optimization, Boston, MA, Apr 2008. Google Scholar
Digital Library
- Q. Zhao, R. M. Rabbah, S. P. Amarasinghe, L. Rudolph, and W.-F. Wong. How to do a million watchpoints: Efficient debugging using dynamic instrumentation. In Proceedings of 17th International Conference on Compiler Construction (CC '08), pages 147--162, 2008. Google Scholar
Digital Library
- Q. Zhao, D. Bruening, and S. Amarasinghe. Umbra: Efficient and scalable memory shadowing. In The International Symposium on Code Generation and Optimization, Toronto, Canada, Apr 2010. Google Scholar
Digital Library
- Q. Zhao, D. Koh, S. Raza, D. Bruening, W.-F. Wong, and S. Amarasinghe. Dynamic cache contention detection in multi-threaded applications. In The International Conference on Virtual Execution Environments, Newport Beach, CA, Mar 2011. Google Scholar
Digital Library
- C. Zheng and C. Thompson. PA-RISC to IA-64: Transparent execution, no recompilation. IEEE Computer, 33 (3): 47--53, Mar. 2000. Google Scholar
Digital Library
Index Terms
Transparent dynamic instrumentation
Recommendations
Transparent dynamic instrumentation
VEE '12: Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution EnvironmentsProcess virtualization provides a virtual execution environment within which an unmodified application can be monitored and controlled while it executes. The provided layer of control can be used for purposes ranging from sandboxing to compatibility to ...
Anywhere, any-time binary instrumentation
PASTE '11: Proceedings of the 10th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software toolsThe Dyninst binary instrumentation and analysis framework distinguishes itself from other binary instrumentation tools through its abstract, machine independent interface; its emphasis on anywhere, any-time binary instrumentation; and its low overhead ...
Efficient, sensitivity resistant binary instrumentation
ISSTA '11: Proceedings of the 2011 International Symposium on Software Testing and AnalysisBinary instrumentation allows users to inject new code into programs without requiring source code, symbols, or debugging information. Instrumenting a binary requires structural modifications such as moving code, adding new code, and overwriting ...







Comments