Transcript Binary rewriting: where do we go?

(Static) binary rewriting: where do we go?
Bjorn De Sutter
Overview
• Our old work
• Context changes
• New opportunities
Our old work (1)
• Dynamic Binary Rewriting
– tool called Diota
– good for instrumentation
– vertical profiling (JVM for example)
Our old work (2)
• Static binary rewriting
– long history
– first link-time rewriting prototypes on Alpha
• Alto: program optimization
• Squeeze: program compaction
• Squeeze++: C++ oriente program compaction
– retargertable, extensible link-time rewriting
framework
• Diablo
Our old work (3)
• Diablo applications
1. program compaction and program optimization
• ARM and x86
• great results on top of GCC and ARM RVCT
2. kernel specialization (Linux)
•
•
•
•
•
system call optimization
boot process optimization
compaction
in kernel page fault support
cold code compression
Our old work (4)
• Diablo applications
3. program instrumentation
•
ATOM-like tool called FIT for ARM and x86
4. software protection
• obfuscation techniques
• steganography
• diversity
Context changes (1)
• Improved compilers and libraries
Context changes (2)
• Compilers with whole-program optimization
• ARM
a.c
armcc
a.o
b.c
armcc
b.o
c.c
armcc
c.o
optimizing ld +
feedback
a.out
Context changes (3)
• Compilers with whole-program optimization
• Google and GCC
a.c
b.c
c.c
gcc
a.o +
gimple
a.o +
gimple
gcc
a.o +
gimple
gcc
b. o +
gimple
b. o +
gimple
gcc
b. o +
gimple
gcc
c. o +
gimple
gcc
c. o +
gimple
includes summary information
WPO
c. o +
gimple
contains results of WPO
Context changes (4)
• Process variability
– processors (and components) used to work as
designed
– is no longer true
– large variation on performance leaving the fab
– a lot of defects leaving the fab
– a lot in memories, since memories take a lot of
area
New Opportunities (1)
• Large parts of whole-program optimization is
done in the compiler.
• What remains to be done for the binary
rewriter?
• Is interesting research question, but there are
also practical applications.
New Opportunities (2)
• customization of binaries
– diversity
– software protection in general
– cannot be done during compilation because it
takes too much time
– updating and patching of software requires installtime rewriting
– load-time applications?
• optimizations based on known addresses?
New Opportunities (3)
• Dealing with defects in processors
– some systems will not have run-time code
generation
• implants
• wireless sensors
– still need to shrink the transistors because of
power consumption limitations and temperature
– so many devices will have defects
New Opportunities (4)
• adapt software to defects at install time or at
run time
• not full rewriting
• more a kind of fine-grained relocation
capabilities