skip to main content
research-article

Transparent dynamic instrumentation

Published:03 March 2012Publication History
Skip Abstract Section

Abstract

Process virtualization provides a virtual execution environment within which an unmodified application can be monitored and controlled while it executes. The provided layer of control can be used for purposes ranging from sandboxing to compatibility to profiling. The additional operations required for this layer are performed clandestinely alongside regular program execution. Software dynamic instrumentation is one method for implementing process virtualization which dynamically instruments an application such that the application's code and the inserted code are interleaved together. DynamoRIO is a process virtualization system implemented using software code cache techniques that allows users to build customized dynamic instrumentation tools. There are many challenges to building such a runtime system. One major obstacle is transparency. In order to support executing arbitrary applications, DynamoRIO must be fully transparent so that an application cannot distinguish between running inside the virtual environment and native execution. In addition, any desired extra operations for a particular tool must avoid interfering with the behavior of the application.

Transparency has historically been provided on an ad-hoc basis, as a reaction to observed problems in target applications. This paper identifies a necessary set of transparency requirements for running mainstream Windows and Linux applications. We discuss possible solutions to each transparency issue, evaluate tradeoffs between different choices, and identify cases where maintaining transparency is not practically solvable. We believe this will provide a guideline for better design and implementation of transparent dynamic instrumentation, as well as other similar process virtualization systems using software code caches.

References

  1. DynamoRIO dynamic instrumentation tool platform, Feb. 2009. http://dynamorio.org/.Google ScholarGoogle Scholar
  2. V. Bala, E. Duesterwald, and S. Banerjia. Dynamo: A transparent runtime optimization system. In Proceeiding of ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '00), pages 1--12, June 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. L. Baraz, T. Devor, O. Etzion, S. Goldenberg, A. Skaletsky, Y. Wang, and Y. Zemach. IA-32 Execution Layer: a two-phase dynamic translator designed to support IA-32 applications on Itanium-based systems. In 36th International Symposium on Microarchitecture, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauery, I. Pratt, and A. Warfield. Xen and the art of virtualization. In Proceeiding of 19th ACM Symposium on Operating System Principles (SOSP '03), pages 164--177, Oct. 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. F. Bellard. QEMU, a Fast and Portable Dynamic Translator. In USENIX Annual Technical Conference. USENIX Association, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. D. Bruening. Efficient, Transparent, and Comprehensive Runtime Code Manipulation. PhD thesis, M.I.T., Sept. 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. D. Bruening and S. Amarasinghe. Maintaining consistency and bounding capacity of software code caches. In Proceedings of International Symposium on Code Generation and Optimization (CGO '05), pages 74--85, Mar. 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. D. Bruening and Q. Zhao. Practical memory checking with Dr. Memory. In The International Symposium on Code Generation and Optimization, Chamonix, France, Apr 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. D. Bruening, E. Duesterwald, and S. Amarasinghe. Design and implementation of a dynamic optimization framework for Windows. In Proceedings of 4th ACM Workshop on Feedback-Directed and Dynamic Optimization (FDDO-4), pages 19--30, Dec. 2001.Google ScholarGoogle Scholar
  10. D. Bruening, T. Garnett, and S. Amarasinghe. An infrastructure for adaptive dynamic optimization. In Proceedings of International Symposium on Code Generation and Optimization (CGO '03), pages 265--275, Mar. 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. B. R. Buck and J. Hollingsworth. An API for runtime code patching. Journal of High Performance Computing Applications, 14 (4): 317--329, Winter 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. E. Bugnion, S. Devine, and M. Rosenblum. Disco: Running commodity operating systems on scalable multiprocessors. In Proceedings of 16th ACM Symposium on Operating System Principles (SOSP '97), pages 143--156, Oct. 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. W. Chen, S. Lerner, R. Chaiken, and D. M. Gillies. Mojo: A dynamic optimization system. In Proceedings of 3rd ACM Workshop on Feedback-Directed and Dynamic Optimization (FDDO-3), pages 81--90, Dec. 2000.Google ScholarGoogle Scholar
  14. W. Cheng, Q. Zhao, B. Yu, and S. Hiroshige. Tainttrace: Efficient flow tracing with dynamic binary rewriting. In Proceedings of Proceedings of the 11th IEEE Symposium on Computers and Communications (ISCC '06), pages 749--754, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. C. Cifuentes, B. Lewis, and D. Ung. Walkabout -- a retargetable dynamic binary translation framework. In Proceedings of 4th Workshop on Binary Translation, Sept. 2002.Google ScholarGoogle Scholar
  16. R. F. Cmelik and D. Keppel. Shade: A fast instruction-set simulator for execution profiling. Technical Report UWCSE 93-06-06, University of Washington, June 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Connectix. Virtual PC. http://www.microsoft.com/windows/virtualpc/default.mspx.Google ScholarGoogle Scholar
  18. K. Ebcioglu and E. Altman. DAISY: Dynamic compilation for 100% architectural compatibility. In Proceedings of 24th International Symposium on Computer Architecture (ISCA '97), pages 26--37, June 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. GDB. The GNU Project Debugger. http://www.gnu.org/software/gdb/gdb.html.Google ScholarGoogle Scholar
  20. J. D. Hiser, D. Williams, W. Hu, J. W. Davidson, J. Mars, and B. R. Childers. Evaluating indirect branch handling mechanisms in software dynamic translation systems. In Proceedings of the International Symposium on Code Generation and Optimization, CGO '07, pages 61--73, Washington, DC, USA, 2007. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. G. Hunt and D. Brubacher. Detours: Binary interception of win32 functions. In Proceedings of USENIX Windows NT Workshop, pages 135--144, July 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proceedings of 11th USENIX Security Symposium, pages 191--206, Aug. 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. A. Klaiber. The technology behind Crusoe processors. Transmeta Corporation, Jan. 2000. http://www.transmeta.com/crusoe/download/pdf/crusoetechwp.pdf.Google ScholarGoogle Scholar
  24. N. Kumar, B. Childers, and M. L. Soffa. Tdb: A source level debugger for dynamically translated programs. In the Sixth International Symposium on Automated And Analysis-Driven Debugging (AADEBUG), 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: Building customized program analysis tools with dynamic instrumentation. In Proceedings of ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '05), pages 190--200, June 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. L. Martignoni, R. Paleari, G. F. Roglia, and D. Bruschi. Testing CPU emulators. In Proceedings of 2009 International Conference on Software Testing and Analysis (ISSTA), pages 261--272. ACM, July 2009. Chicago, Illinois, USA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Microsoft Debugging Tools for Windows. http://www.microsoft.com/whdc/devtools/debugging/default.mspx.Google ScholarGoogle Scholar
  28. G. Nebbett. Windows NT/2000 Native API Reference. Macmillan Technical Publishing, Indianapolis, IN, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. N. Nethercote. Spec2006 zeusmp and dealII on Valgrind 3.3.0, 2008. (These failures are still present in version 3.7.0.) http://article.gmane.org/gmane.comp.debugging.valgrind/7947/match=spec2006%.Google ScholarGoogle Scholar
  30. N. Nethercote and J. Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. In Proceedings of ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '07), pages 89--100, June 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Parasoft. Insure http://www.parasoft.com/jsp/products/insure.jsp?itemId=63.Google ScholarGoogle Scholar
  32. K. Scott, N. Kumar, S. Velusamy, B. Childers, J. Davidson, and M. L. Soffa. Reconfigurable and retargetable software dynamic translation. In Proceedings of International Symposium on Code Generation and Optimization (CGO '03), pages 36--47, Mar. 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. J. Seward and N. Nethercote. Using Valgrind to detect undefined value errors with bit-precision. In Proceedings of USENIX Annual Technical Conference, pages 2--2, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. A. Skaletsky, T. Devor, N. Chachmon, R. Cohn, K. Hazelwood, V. Vladimirov, and M. Bach. Dynamic program analysis of microsoft windows applications. In International Symposium on Performance Analysis of Software and Systems (ISPASS), 2010.Google ScholarGoogle ScholarCross RefCross Ref
  35. J. Souloglou. A Framework for Dynamic Binary Translation. PhD thesis, University of Manchester, 1996.Google ScholarGoogle Scholar
  36. S. Sridhar, J. S. Shapiro, E. Northup, and P. P. Bungale. HDTrans: An open source, low-level dynamic instrumentation system. In Proceedings of 2nd International Conference on Virtual Execution Environments (VEE '06), pages 175--185, New York, NY, USA, 2006. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. A. Srivastava, A. Edwards, and H. Vo. Vulcan: Binary transformation in a distributed environment. Technical Report MSR-TR-2001--50, Microsoft Research, Apr. 2001.Google ScholarGoogle Scholar
  38. Standard Performance Evaluation Corporation. SPEC CPU2000 benchmark suite, 2000. http://www.spec.org/osg/cpu2000/.Google ScholarGoogle Scholar
  39. Standard Performance Evaluation Corporation. SPEC CPU2006 benchmark suite, 2006. http://www.spec.org/osg/cpu2006/.Google ScholarGoogle Scholar
  40. Q. Zhao, J. E. Sim, L. Rudolph, and W. Wong. Dep: Detailed execution profile. In International Conference on Parallel Architectures and Compilation Techniques, Seattle, WA, Sep 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Q. Zhao, R. Rabbah, S. Amarasinghe, L. Rudolph, and W.-F. Wong. Ubiquitous memory introspection. In International Symposium on Code Generation and Optimization, San Jose, CA, Mar 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Q. Zhao, I. Cutcutache, and W.-F. Wong. Pipa: Pipelined profiling and analysis on multi-core systems. In The International Symposium on Code Generation and Optimization, Boston, MA, Apr 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Q. Zhao, R. M. Rabbah, S. P. Amarasinghe, L. Rudolph, and W.-F. Wong. How to do a million watchpoints: Efficient debugging using dynamic instrumentation. In Proceedings of 17th International Conference on Compiler Construction (CC '08), pages 147--162, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Q. Zhao, D. Bruening, and S. Amarasinghe. Umbra: Efficient and scalable memory shadowing. In The International Symposium on Code Generation and Optimization, Toronto, Canada, Apr 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Q. Zhao, D. Koh, S. Raza, D. Bruening, W.-F. Wong, and S. Amarasinghe. Dynamic cache contention detection in multi-threaded applications. In The International Conference on Virtual Execution Environments, Newport Beach, CA, Mar 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. C. Zheng and C. Thompson. PA-RISC to IA-64: Transparent execution, no recompilation. IEEE Computer, 33 (3): 47--53, Mar. 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Transparent dynamic instrumentation

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 47, Issue 7
      VEE '12
      July 2012
      229 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/2365864
      Issue’s Table of Contents
      • cover image ACM Conferences
        VEE '12: Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
        March 2012
        248 pages
        ISBN:9781450311762
        DOI:10.1145/2151024

      Copyright © 2012 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 3 March 2012

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!