skip to main content
research-article
Public Access

Partial evaluation of machine code

Published:23 October 2015Publication History
Skip Abstract Section

Abstract

This paper presents an algorithm for off-line partial evaluation of machine code. The algorithm follows the classical two-phase approach of binding-time analysis (BTA) followed by specialization. However, machine-code partial evaluation presents a number of new challenges, and it was necessary to devise new techniques for use in each phase. - Our BTA algorithm makes use of an instruction-rewriting method that ``decouples'' multiple updates performed by a single instruction. This method counters the cascading imprecision that would otherwise occur with a more naive approach to BTA. - Our specializer specializes an explicit representation of the semantics of an instruction, and emits residual code via machine-code synthesis. Moreover, to create code that allows the stack and heap to be at different positions at run-time than at specialization-time, the specializer represents specialization-time addresses using symbolic constants, and uses a symbolic state for specialization. Our experiments show that our algorithm can be used to specialize binaries with respect to commonly used inputs to produce faster binaries, as well as to extract an executable component from a bloated binary.

References

  1. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow integrity. In CCS, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. L. O. Andersen. Binding-time analysis and the taming of C pointers. In PEPM, 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, Univ. of Copenhagen, 1994.Google ScholarGoogle Scholar
  4. M. Aung, S. Horwitz, R. Joiner, and T. Reps. Specialization slicing. TOPLAS, 36(2), 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. J. Auslander, M. Philipose, C. Chambers, S. Eggers, and B. Bershad. Fast, effective dynamic compilation. In PLDI, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. G. Balakrishnan and T. Reps. WYSINWYX: What You See Is Not What You eXecute. TOPLAS, 32(6), 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. G. Balakrishnan, R. Gruian, T. Reps, and T. Teitelbaum. Codesurfer/x86 – A platform for analyzing x86 executables, (tool demonstration paper). In CC, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. S. Bansal and A. Aiken. Automatic generation of peephole superoptimizers. In ASPLOS, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. D. Binkley. Precise executable interprocedural slices. LOPLAS, 2: 31–45, 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. D. Brumley, I. Jager, T. Avgerinos, and E. Schwartz. BAP: A Binary Analysis Platform. In CAV, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. C. Consel and F. No¨el. A general approach for run-time specialization and its application to C. In POPL, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. C. Consel, L. Hornof, F. No¨el, J. Noyé, and N. Volanschi. A uniform approach for compile-time and run-time specialization. Dagstuhl Seminar on Partial Evaluation, pages 54–72, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. K. Coogan, G. Lu, and S. Debray. Deobfuscation of virtualizationobfuscated software: A semantics-based approach. In CCS, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. M. Das, T. Reps, and P. van Hentenryck. Semantic foundations of binding-time analysis for imperative programs. In PEPM, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. K. ElWazeer, K. Anand, A. Kotha, M. Smithson, and R. Barua. Scalable variable and data type detection in a binary rewriter. In PLDI, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. D. Engler, W. Hsieh, and F. Kaashoek. ’C: A language for highlevel, efficient, and machine-independent dynamic code generation. In POPL, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. U. Erlingsson and F. Schneider. SASI enforcement of security policies: A retrospective. In Workshop on New Security Paradigms, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. J. Ferrante, K. Ottenstein, and J. Warren. The program dependence graph and its use in optimization. TOPLAS, 9(3), 1987. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Y. Futamura, K. Nogi, and A. Takano. Essence of generalized partial computation. Theor. Comp. Sci., 90(1), 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. J. Hatcliff. An introduction to online and offline partial evaluation using a simple flowchart language. In Partial Evaluation - Practice and Theory, DIKU 1998 International Summer School, Copenhagen, Denmark, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. S. Horwitz, T. Reps, and D. Binkley. Interprocedural slicing using dependence graphs. TOPLAS, 12(1), 1990. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. N. Jones, C. Gomard, and P. Sestoft. Partial Evaluation and Automatic Program Generation. Prentice-Hall, Inc., 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. P. Kleinrubatscher, A. Kriegshaber, R. Zöchling, and R. Glück. Fortran program specialization. SIGPLAN Notices, 30(4), 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. A. Klimov. A Java supercompiler and its application to verification of cache-coherence protocols. Perspectives of Systems Informatics, 5947:185–192, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. P. Lee and M. Leone. Optimizing ML with run-time code generation. In PLDI, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. J. Lim and T. Reps. TSL: A system for generating abstract interpreters and its application to machine-code analysis. TOPLAS, 35(4), 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. J. Lim, A. Lal, and T. Reps. Symbolic analysis via semantic reinterpretation. Softw. Tools for Tech. Transfer, 13(1), 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. H. Massalin. Superoptimizer: A look at the smallest program. In ASPLOS, 1987. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. T. Mogensen. Self-applicable online partial evaluation of the pure lambda calculus. In PEPM, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. R. Muth, S. Debray, S. Watterson, and K. D. Bosschere. Alto: A link-time optimizer for the compaq alpha. Softw. Pract. Exper., 31(1), 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. F. No¨el, L. Hornof, C. Consel, and J. Lawall. Automatic, templatebased run-time specialization: Implementation and experimental study. In Computer Languages, 1998.Google ScholarGoogle Scholar
  32. T. Reps. Program analysis via graph reachability. Inf. and Softw. Tech., 40(11–12), 1998.Google ScholarGoogle Scholar
  33. T. Reps, S. Horwitz, M. Sagiv, and G. Rosay. Speeding up slicing. In FSE, 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. T. Rompf, A. Sujeeth, K. Brown, H. Lee, H. Chafi, and K. Olukotun. Surgical precision JIT compilers. In PLDI, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. H. Sa¨ıdi. Logical foundation for static analysis: Application to binary static analysis for security. ACM SIGAda Ada Letters, 28(1), 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. E. Schkufza, R. Sharma, and A. Aiken. Stochastic superoptimization. In ASPLOS, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. U. Schultz, J. Lawall, and C. Consel. Automatic program specialization for Java. TOPLAS, 25(4), 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. A. Shali and W. Cook. Hybrid partial evaluation. In OOPSLA, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. M. Sharif, A. Lanzi, J. Giffin, and W. Lee. Automatic reverse engineering of malware emulators. In S&P, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. A. Slowinska, T. Stancescu, and H. Bos. Body armor for binaries: Preventing buffer overflows without recompilation. In ATC, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena. BitBlaze: A new approach to computer security via binary analysis. In Int. Conf. on Information Systems Security, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. V. Srinivasan and T. Reps. Partial evaluation of machince code. TR- 1821, University of Wisconsin–Madison Tech Report, Aug. 2015. URL http://www.cs.wisc.edu/wpis/papers/tr1821.Google ScholarGoogle Scholar
  43. pdf.Google ScholarGoogle Scholar
  44. V. Srinivasan and T. Reps. Synthesis of machince code from semantics. In PLDI, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. M. Weiser. Program slicing. TSE, SE-10(4), 1984. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. B. Yadegari, B. Johannesmeyer, B. Whitely, and S. Debray. A generic approach to automatic deobfuscation of executable code. In S&P, 2015.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Partial evaluation of machine code

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 50, Issue 10
      OOPSLA '15
      October 2015
      953 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/2858965
      • Editor:
      • Andy Gill
      Issue’s Table of Contents
      • cover image ACM Conferences
        OOPSLA 2015: Proceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications
        October 2015
        953 pages
        ISBN:9781450336895
        DOI:10.1145/2814270

      Copyright © 2015 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 23 October 2015

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!