Abstract
Existing techniques for injecting probes into running applications are limited;
they either fail to support probing arbitrary locations, or to support scalable,
rapid toggling of probes. We introduce a new technique on x86-64, called
instruction punning, which allows scalable probes at any instruction. The key
idea is that when we inject a jump instruction, the relative address of the jump
serves simultaneously as data and as an instruction sequence. We show that this
approach achieves probe invocation overheads of only a few dozen cycles, and
probe activation/deactivation costs that are cheaper than a system call, even
when all threads in the system are both invoking probes and toggling them.
- J. Arnold and M. F. Kaashoek. Ksplice: Automatic rebootless kernel updates. In Proceedings of the 4th ACM European conference on Computer systems, pages 187–198. ACM, 2009. Google Scholar
Digital Library
- A. R. Bernat and B. P. Miller. Anywhere, any-time binary instrumentation. In Proceedings of the 10th ACM SIGPLANSIGSOFT workshop on Program analysis for software tools, pages 9–16. ACM, 2011. Google Scholar
Digital Library
- D. M. Berris, A. Veitch, N. Heintze, E. Anderson, and N. Wang. Xray: A function call tracing system. 2016.Google Scholar
- G. Bonfante, J. Fernandez, J.-Y. Marion, B. Rouxel, F. Sabatier, and A. Thierry. Codisasm: medium scale concatic disassembly of self-modifying binaries with overlapping instructions. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 745–756. ACM, 2015. Google Scholar
Digital Library
- D. Bruening, T. Garnett, and S. Amarasinghe. An infrastructure for adaptive dynamic optimization. In Code Generation and Optimization, 2003. CGO 2003. International Symposium on, pages 265–275. IEEE, 2003. Google Scholar
Digital Library
- B. Chamith, B. J. Svensson, L. Dalessandro, and R. R. Newton. Living on the edge: Rapid-toggling probes with crossmodification on x86. SIGPLAN Not., 51(6):16–26, June 2016. Google Scholar
Digital Library
- F. B. Cohen. Operating system protection through program evolution. Computers & Security, 12(6):565–584, 1993. Google Scholar
Digital Library
- F. C. EIgler, V. Prasad, W. Cohen, H. Nguyen, M. Hunt, J. Keniston, and B. Chen. Architecture of systemtap: a linux trace/probe tool, 2005.Google Scholar
- B. Gregg and J. Mauro. DTrace: Dynamic Tracing in Oracle Solaris, Mac OS X, and FreeBSD. Prentice Hall Professional, 2011. Google Scholar
Digital Library
- I. Intel. and ia-32 architectures software developer’s manual. Volume 3A: System Programming Guide, Part, 1, 64.Google Scholar
- M. Laurenzano, M. Tikir, L. Carrington, and A. Snavely. Pebil: Efficient static binary instrumentation for linux. In Performance Analysis of Systems Software (ISPASS), 2010 IEEE International Symposium on, pages 175–183, March 2010.Google Scholar
Cross Ref
- N. Nethercote and J. Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. SIGPLAN Not., 42(6):89–100, June 2007. Google Scholar
Digital Library
- M. Probst, A. Krall, and B. Scholz. Register liveness analysis for optimizing dynamic binary translation. In Reverse Engineering, 2002. Proceedings. Ninth Working Conference on, pages 35–44. IEEE, 2002. Google Scholar
Digital Library
- M. Saleh, E. P. Ratazzi, and S. Xu. Instructions-based detection of sophisticated obfuscation and packing. In 2014 IEEE Military Communications Conference, pages 1–6. IEEE, 2014. Google Scholar
Digital Library
- X. Xie, F. Liu, B. Lu, and F. Xiang. Mixed obfuscation of overlapping instruction and self-modify code based on hyperchaotic opaque predicates. In Computational Intelligence and Security (CIS), 2014 Tenth International Conference on, pages 524–528, Nov 2014. Google Scholar
Digital Library
Index Terms
Instruction punning: lightweight instrumentation for x86-64
Recommendations
Instruction punning: lightweight instrumentation for x86-64
PLDI 2017: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and ImplementationExisting techniques for injecting probes into running applications are limited;
they either fail to support probing arbitrary locations, or to support scalable,
rapid toggling of probes. We introduce a new technique on x86-64, called
instruction ...
Living on the edge: rapid-toggling probes with cross-modification on x86
PLDI '16: Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and ImplementationDynamic probe injection is now a widely used method to debug performance in production. Current techniques for dynamic probing of native code, however, rely on an expensive stop-the-world approach: binary changes are made within a safe state of the ...
Living on the edge: rapid-toggling probes with cross-modification on x86
PLDI '16Dynamic probe injection is now a widely used method to debug performance in production. Current techniques for dynamic probing of native code, however, rely on an expensive stop-the-world approach: binary changes are made within a safe state of the ...






Comments