基于QEMU的龙架构平台插桩软件

doi:10.19678/j.issn.1000-3428.0070725

摘要/Abstract

摘要： 随着软件规模和复杂性指数级地增长，对程序运行时行为的监控和分析变得越来越困难，动态二进制插桩技术是解决这一问题的有效手段，现有成熟的二进制插桩软件有Pin和Valgrind等，主要支持x86、ARM等主流架构，但在新兴的自主指令集架构上缺乏支持。龙架构作为我国自主研制的指令集架构，具有较好的自主性、先进性与兼容性，但其发展时间较短，生态环境尚不完善，特别是在调试工具链方面存在明显短板。为了填补这一空白，推动龙架构生态的成熟，推出一款支持龙架构的动态二进制插桩软件具有重要意义。本研究旨在设计并实现一款基于QEMU框架的动态二进制插桩软件，以支持龙架构的程序监控与分析。该软件对标Pin，设计实现了五个基础插桩粒度及相关插桩API，并在此基础上开发了20多个插桩工具，供用户直接使用或学习插桩工具的编写。为了提升框架性能，研究通过优化条件跳转指令的翻译、基本块链接和插桩内联等方法对框架进行了改进。性能测试结果表明，优化后的框架在指令级插桩效率上提升了100多倍，基本块级插桩效率提高了近33倍。最后，本研究将源代码在GitHub上开源，以促进龙架构生态的进一步发展，并为相关领域的研究者提供参考和学习资源。

Abstract: As software scale and complexity grow exponentially, monitoring and analyzing program runtime behavior has become increasingly challenging. Dynamic binary instrumentation is an effective solution to this problem, with mature tools like Pin and Valgrind supporting mainstream architectures such as x86 and ARM. However, these tools lack support for emerging domestic instruction set architectures, such as LoongArch. LoongArch, a self-developed instruction set architecture in China, exhibits high levels of autonomy, advancement, and compatibility. Nevertheless, due to its relatively short development history, its ecosystem remains incomplete, particularly in the debugging toolchain. To address this gap and promote the maturation of the LoongArch ecosystem, developing a dynamic binary instrumentation tool for LoongArch is of significant importance. This study aims to design and implement a dynamic binary instrumentation tool based on the QEMU framework to support program monitoring and analysis on LoongArch. The tool, modeled after Pin, implements five fundamental instrumentation granularities and related APIs, along with over 20 instrumentation tools for direct use or as learning resources for tool development. To enhance performance, the framework was optimized through improvements in conditional jump instruction translation, basic block linking, and instrumentation inlining. Performance tests demonstrate that the optimized framework achieves over 100 times improvement in instruction-level instrumentation efficiency and nearly 33 times improvement in basic block-level instrumentation efficiency. Finally, the source code has been open-sourced on GitHub to facilitate the further development of the LoongArch ecosystem and provide a reference for researchers in related fields.

高林萍, 徐伟, 陈曦, 穆奕博, 张开. 基于QEMU的龙架构平台插桩软件[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.0070725.

Gao Lingping, Xu Wei, Chen Xi, Mu Yibo, Zhang Kai. An Instrumentation Software for LoongArch Based on QEMU[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.0070725.

参考文献

[1] HU W W, WANG W X, WU R Y, et al. Loongson instruction set architecture technology[J]. J. Comput. Res. Dev, 2023, 60(2): 16.
[2] Gorgovan C, Callaghan G, Luján M. Balancing performance and productivity for the development of dynamic binary instrumentation tools: A case study on Arm systems[C]//Proceedings of the 29th International Conference on Compiler Construction. 2020: 132-142.
[3] Chen Z, Zhang Q, Wu J, et al. A source-level instrumentation framework for the dynamic analysis of memory safety[J]. IEEE Transactions on Software Engineering, 2022, 49(4): 2107-2127.
[4] Açıcı K, Uğurlu G. A Reverse Engineering Tool that Directly Injects Shellcodes to the Code Caves in Portable Executable Files[C]//2022 International Conference on Theoretical and Applied Computer Science and Engineering. IEEE, 2022: 42-45.
[5] Arif M, Zhou R, HO H M, et al. Cinnamon: A domain-specific language for binary profiling and monitoring[C]//2021 IEEE/ACM International Symposium on Code Generation and Optimization (CGO). IEEE, 2021: 103-114.[6] Bellard F. QEMU, a fast and portable dynamic translator[C]//USENIX annual technical conference, FREENIX Track. 2005, 41(46): 10-5555.
[7] Huang J C. Program instrumentation and software testing[J]. Computer, 1978, 11(4): 25-32.
[8] Bruening D, Garnett T, Amarasinghe S. An infrastructure for adaptive dynamic optimization[C]//International Symposium on Code Generation and Optimization, 2003. CGO 2003. IEEE, 2003: 265-275.
[9] Kim D, Kim S, Ryou J. Design and implementation of user-level dynamic binary instrumentation on ARM architecture[J]. The Journal of Supercomputing, 2018, 74: 3583-3595.
[10] Pereira R, Stelle G, Carribault P. Taskgrind: Heavyweight Dynamic Binary Instrumentation for Parallel Programs Analysis[C]//8th International Workshop on Software Correctness for HPC Applications (Correctness' 24). 2024.
[11] Nethercote N, Seward J. Valgrind: a framework for heavyweight dynamic binary instrumentation[J]. ACM Sigplan notices, 2007, 42(6): 89-100.
[12] Srivastava A, Eustace A. ATOM: A system for building customized program analysis tools[C]//Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation. 1994: 196-205.
[13] Luk C K, Cohn R, Muth R, et al. Pin: building customized program analysis tools with dynamic instrumentation[J]. Acm sigplan notices, 2005, 40(6): 190-200.
[14] Lueck G, Patil H, Pereira C. PinADX: an interface for customizable debugging with dynamic instrumentation[C]//Proceedings of the Tenth International Symposium on Code Generation and Optimization. 2012: 114-123.
[15] Bruening D, Amarasinghe S. Efficient, transparent, and comprehensive runtime code manipulation[J]. 2004.
[16] Hill J H, Feiock D C. Pin++: an object-oriented framework for writing pintools[C]//Proceedings of the 2014 International Conference on Generative Programming: Concepts and Experiences. 2014: 133-141.
[17] Chatterjee N, Thakur S S, Das P P. Resource management in native languages using dynamic binary instrumentation (pin)[J]. Advanced Computing and Systems for Security: Volume 2, 2016: 107-119.
[18] Arafa P, Kashif H, Fischmeister S. Dime: Time-aware dynamic binary instrumentation using rate-based resource allocation[C]//2013 Proceedings of the International Conference on Embedded Software (EMSOFT). IEEE, 2013: 1-10.
[19] 林昊, 康绯, 光焱. 基于动态二进制插桩的密钥安全性检测[J]. 网络与信息安全学报, 2017, 3(11): 50-58. Lin H, Kang F, Guang Y. Key Security Detection Based on Dynamic Binary Instrumentation[J]. Journal of Network and Information Security, 2017, 3(11): 50-58.
[20] 陈金宝, 张昱, 李清伟，等. DBI-Go:动态插桩定位 Go 二进制的非法内存引用[J]. 软件学报, 2024, 35(6): 258 5-2607. Chen J B, Zhang Y, Li Q W, et al. DBI-Go:Dynamic Instrumentation for Illegal Memory Reference Locating in Go Binaries[J]. Journal of Software, 2024, 35(6):25 85-2607. [21] 卢帅兵, 张明, 林哲超, 等. 基于动态二进制翻译和插桩的函数调用跟踪[J]. 计算机研究与发展, 2019, 56(2): 421-430. Lu S B, Zhang M, Lin Z C, et al.Function Call Tracking via Dynamic Binary Translation and Instrumentation[J]. Journal of Computer Research and Development, 2019, 56(2): 421-430.
[22] Zeng J, Fu Y, Lin Z. Pemu: A pin highly compatible out-of-vm dynamic binary instrumentation framework[C]//Proceedings of the 11th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. 2015: 147-160.
[23] ZOU W, GAO F, YAN Y Q. Dynamic Binary Instrumentation Based on QEMU[J]. Journal of Computer Research and Development, 2019, 56: 730.
[24] Cota E G, Carloni L P. Cross-ISA machine instrumentation using fast and scalable dynamic binary translation[C]//Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. 2019: 74-87.
[25]Gan C. Research on High-Reliability and Portable Dynamic Binary Instrumentation for Linux Syscall[C]//2023 3rd International Symposium on Computer Technology and Information Science (ISCTIS). IEEE, 2023: 725-729.

选择文件类型/文献管理软件名称

选择包含的内容