Presentation is loading. Please wait.

Presentation is loading. Please wait.

Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-3, 2011 Introduction to the PatchAPI Wenbin Fang, Drew Bernat.

Published byAlberta Bailey Modified over 9 years ago

Similar presentations

Presentation on theme: "Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-3, 2011 Introduction to the PatchAPI Wenbin Fang, Drew Bernat."— Presentation transcript:

1 Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-3, 2011 Introduction to the PatchAPI Wenbin Fang, Drew Bernat

2 Motivation: a confluence of two tools 2 Introduction to the PatchAPI User Mutator DyninstAPI Code Patching find point insert snippet delete snippet Process void foo () { } void bar () { } void baz () { } Snippet Process void foo () { bar() } void bar () { baz() } void baz () { } Instrumenter.so Code Patching Snippet Dyninst (3 rd party instrumentation) Self-propelled instrumentation (1 st party instrumentation) PatchAPI

3 3 Introduction to the PatchAPI AST Binary Process Stackwalker API Stackwalker API Symtab API Symtab API DataFlow API DataFlow API Instruction API Parse API Parse API Code Gen Code Gen ProcControl API Binary = Existing Component = New Component = Proposed Dyninst and the Components Stackwalker API Stackwalker API ProcControl API Patch API Patch API

4 4 Introduction to the PatchAPI Binary Code Binary Process Symtab API Symtab API Instruction API Parse API Parse API Binary = Existing Component = New Component Self-propelled and the Components 0101011 11001… Patch API Patch API

5 Outline o Overview o Point + Snippet abstractions o Design o Challenges o Public + Plugin interfaces o Applications of PatchAPI o Dyninst Reintegration o Self-propelled instrumentation 5 Introduction to the PatchAPI

6 Abstraction in DyninstAPI 6 BPatch_addressSpace* app = BPatch_function* foo = BPatch_snippet* snippet = BPatch_Vector * points = NULL;... points = foo->findPoint(BPatch_entry); BPatchSnippetHandle* handle1 = app->insertSnippet(snippet, points, BPatch_callBefore); points = foo->findPoint(BPatch_exit); BPatchSnippetHandle* handle2 = app->insertSnippet(snippet, points, BPatch_callAfter);... Introduction to the PatchAPI FuncEntry Snippet FuncExit Snippet Basic Block CFG of function foo Point Snippet Function Exit Block Entry Before Function Call Before Instruction Function Entry During Edge Dyninst AST DynC Binary Code User-defined

7 Refined Interfaces in PatchAPI 7 PatchMgrPtr patchMgr = PatchFunction* foo = SnippetPtr snippet = vector points; FilterFunc myfilter; patchMgr->findPoints(foo, FuncEntry | FuncExit | EdgeDuring | BlockExit, myfilter, back_inserter(points)); patchMgr->batchStart(); for (int i = 0; i < points.size(); i++) points[i]->push_back(snippet); patchMgr->batchFinish(); … Introduction to the PatchAPI Basic Block FuncEntry Snippet FuncExit Snippet EdgeDuring CFG of function foo Snippet BlockExit Snippet Filter-based point query Transactional semantics

8 Design Challenge 1: Backward Compatibility o PatchAPI has refined interfaces for code patching. o Integrating PatchAPI back to dyninst should keep dyninst interfaces unchanged. 8 Introduction to the PatchAPI Dyninst PatchAPI Code Patching Functionality Code Patching Functionality PatchAPI Compatibility Layer

9 Design Challenge 2: Flexibility 9 Introduction to the PatchAPI Address Space Snippet CFG Parsing Instrumentation Engine 1 st Party 3 rd Party Binary Rewriter AST DynC User-defined Online Parsing Stored CFG In-line Out-of-line 1 st Party User-defined Stored CFG Out-of-line

10 Plugin Interface Internal Snippet instance at point Opaque handle Location + Container PatchMgr Point Snippet Instance PatchAPI Public Interface 10 Introduction to the PatchAPI Binary Patching Tools Register plugins + Accept requests Public Interface PatchAPI

11 Patch Manager o Register plugins o Filter-based point query o Enforce transactional semantics for patching o batchStart / batchFinish o Improve instrumentation performance o Reduce # of IPCs for 3 rd party instrumentation. 11 Introduction to the PatchAPI

12 Patch Manager (Cont.) o Filter-based point query o Scope o function, block, edge, or instruction o Point type o FuncEntry, BlockExit, BeforeCall, BeforeInsn … o Filter function o User-implemented o Fine grained control o e.g., Function calls with function name MPI_* o e.g., “push” instructions o…o… 12 Introduction to the PatchAPI

13 Example 13 // Find Points at Function Exits and Block Exits of // those having two outgoing edges class MyFilterFunc { bool operator() (PointPtr pt) { if (pt->type() == FuncExit) return true; PatchBlock* block = If (block->targets().size() == 2) return true; return false; } }; vector output; MyFilterFunc myfilter; PatchFunction* foo = patchMgr->findPoints (foo, BlockExit | FuncExit, myfilter, back_inserter(output)); Introduction to the PatchAPI Basic Block CFG of function foo BlockExit FuncExit BlockExit

14 Point, Snippet, and Instance o Snippet insertion o Instance iterator o Snippet removal 14 Introduction to the PatchAPI foo () { } Point Snippet Instance Instance push_back(Snippet); Instance push_front(Snippet); instance_iterator begin(); instance_iterator end(); bool remove(Instance);

15 Address Space Snippet CFG Parsing Instrumentation Engine Plugin Interface Public Interface PatchAPI Plugin Interface 15 Introduction to the PatchAPI Binary Patching Tools Internal PatchAPI In-line, out-of-line Online parsing, reuse stored CFG AST, DynC, user-defined code … 1 st party, 3 rd party, binary rewriter

16 Address Space o Memory management primitives o malloc / realloc / free o write / read o Example o 3 rd party instrumentation uses ptrace o 1 st party instrumentation uses libc 16 Introduction to the PatchAPI

17 Snippet 17 Introduction to the PatchAPI DynC if (x == 0) { inf ‘printf("x == 0\n"); } else if (x > 3) { inf ‘printf("x > 3\n"); } else { inf ‘printf("x < 3 but x != 0\n"); } AST Binary Code 55 48 89 e5 48 83 ec 20 47 45 ec 00 00 00 00 eb 39 b8 00 00 00 00 e8 a8 f5 df ff … User-defined: Provided by us:

18 CFG Parsing 18 Introduction to the PatchAPI User Mutator PatchAPI Process On demand parsing Process Reuse Parse CFG info Stored CFG info User Mutator PatchAPI Reuse CFG info Offlne Parser Patching

19 Address Space Snippet CFG Parsing Instrumentation Engine Plugin Interface Public Interface Dyninst Reintegration 19 Introduction to the PatchAPI DyninstInternal PatchAPI Dyninst Address Space ParseAPI In-line AST Relocate a group of code, embed snippet Parse CFG during the runtime of instrumentation Will support DynC in the future 3 rd party, binary rewriter

20 Address Space Snippet CFG Parsing Instrumentation Engine Plugin Interface Public Interface Self-propelled instrumentation 20 Introduction to the PatchAPI Self- propelled Internal PatchAPI libc Stored CFG Hybrid Binary code Out-of-line + In-line Reuse stored CFG information A small set of instructions 1 st party instrumentation

21 Status 21 Introduction to the PatchAPI Conception Interface Design Dyninst Reintegration Code Refactoring Build Self- propelled instrumentation

22 Summary o PatchAPI from/back to Dyninst o Point and Snippet o Design of PatchAPI o Public Interface o Filter-based Point Query o Transactional Semantics o Plugin Interface o Customizing Instrumentation o To be released with Dyninst 8.0 22 Introduction to the PatchAPI

23 23 Introduction to the PatchAPI Question?

Download ppt "Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-3, 2011 Introduction to the PatchAPI Wenbin Fang, Drew Bernat."

Similar presentations

Project Proposal Anton Tkacik, Lukas Sedlak

Project Proposal Anton Tkacik, Lukas Sedlak
A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.

A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.
CS457 – Introduction to Information Systems Security Software 4 Elias Athanasopoulos

CS457 – Introduction to Information Systems Security Software 4 Elias Athanasopoulos
DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Kwong Yan, and Heng Yin Syracuse University.

DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Kwong Yan, and Heng Yin Syracuse University.
University of Maryland Smarter Code Generation for Dyninst Nick Rutar.

University of Maryland Smarter Code Generation for Dyninst Nick Rutar.
Carnegie Mellon 1 Dynamic Memory Allocation: Basic Concepts 15-213 / 18-213: Introduction to Computer Systems 18 th Lecture, March 24, 2015 Instructors:

Carnegie Mellon 1 Dynamic Memory Allocation: Basic Concepts / : Introduction to Computer Systems 18 th Lecture, March 24, 2015 Instructors:
Chris Riesbeck, Fall 2007 Dynamic Memory Allocation Today Dynamic memory allocation – mechanisms & policies Memory bugs.

Chris Riesbeck, Fall 2007 Dynamic Memory Allocation Today Dynamic memory allocation – mechanisms & policies Memory bugs.
Chapter 7 User-Defined Methods. Chapter Objectives  Understand how methods are used in Java programming  Learn about standard (predefined) methods and.

Chapter 7 User-Defined Methods. Chapter Objectives  Understand how methods are used in Java programming  Learn about standard (predefined) methods and.
Paradyn. Paradyn Goals Performance measurement tool that –scales to long-running programs on large parallel and distributed systems –automates much of.

Paradyn. Paradyn Goals Performance measurement tool that –scales to long-running programs on large parallel and distributed systems –automates much of.
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-4, 2011 ProcControlAPI and StackwalkerAPI Integration into Dyninst Todd Frederick and Dan.

Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2-4, 2011 ProcControlAPI and StackwalkerAPI Integration into Dyninst Todd Frederick and Dan.
Paradyn Project Paradyn / Dyninst Week College Park, Maryland March 26-28, 2012 Paradyn Project Upcoming Features in Dyninst and its Components Bill Williams.

Paradyn Project Paradyn / Dyninst Week College Park, Maryland March 26-28, 2012 Paradyn Project Upcoming Features in Dyninst and its Components Bill Williams.
Paradyn Project Paradyn / Dyninst Week College Park, Maryland March 26-28, 2012 Self-propelled Instrumentation Wenbin Fang.

Paradyn Project Paradyn / Dyninst Week College Park, Maryland March 26-28, 2012 Self-propelled Instrumentation Wenbin Fang.
© 2006 Barton P. MillerFebruary 2006Binary Code Analysis and Editing A Framework for Binary Code Analysis, and Static and Dynamic Patching Barton P. Miller.

© 2006 Barton P. MillerFebruary 2006Binary Code Analysis and Editing A Framework for Binary Code Analysis, and Static and Dynamic Patching Barton P. Miller.
Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 29 - May 1, 2013 Using Dyninst for Program Binary Analysis and Instrumentation Emily Jacobson.

Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin April 29 - May 1, 2013 Using Dyninst for Program Binary Analysis and Instrumentation Emily Jacobson.
B. Childers, M. L. Soffa, J. Beaver, L. Ber, K. Cammarata, J. Litman, J. Misurda Presented by: Priyanka Puri 1000676053 SOFTTEST: A FRAMEWORK FOR SOFTWARE.

B. Childers, M. L. Soffa, J. Beaver, L. Ber, K. Cammarata, J. Litman, J. Misurda Presented by: Priyanka Puri SOFTTEST: A FRAMEWORK FOR SOFTWARE.
Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.

Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.
Cpeg421-08S/final-review1 Course Review Tom St. John.

Cpeg421-08S/final-review1 Course Review Tom St. John.
CS 536 Spring 20011 Run-time organization Lecture 19.

CS 536 Spring Run-time organization Lecture 19.
3/17/2008Prof. Hilfinger CS 164 Lecture 231 Run-time organization Lecture 23.

3/17/2008Prof. Hilfinger CS 164 Lecture 231 Run-time organization Lecture 23.
Precision Going back to constant prop, in what cases would we lose precision?

Precision Going back to constant prop, in what cases would we lose precision?

Similar presentations

Ads by Google