CN115470151B - Application operation analysis method, computing device and storage medium - Google Patents

Application operation analysis method, computing device and storage medium Download PDF

Info

Publication number
CN115470151B
CN115470151B CN202211352997.8A CN202211352997A CN115470151B CN 115470151 B CN115470151 B CN 115470151B CN 202211352997 A CN202211352997 A CN 202211352997A CN 115470151 B CN115470151 B CN 115470151B
Authority
CN
China
Prior art keywords
architecture
application
stub code
simulator
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211352997.8A
Other languages
Chinese (zh)
Other versions
CN115470151A (en
Inventor
黄林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Uniontech Software Technology Co Ltd
Original Assignee
Uniontech Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Uniontech Software Technology Co Ltd filed Critical Uniontech Software Technology Co Ltd
Priority to CN202211352997.8A priority Critical patent/CN115470151B/en
Publication of CN115470151A publication Critical patent/CN115470151A/en
Application granted granted Critical
Publication of CN115470151B publication Critical patent/CN115470151B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • G06F11/3612Software analysis for verifying properties of programs by runtime analysis

Abstract

The invention relates to the field of operating systems, in particular to an application running analysis method, computing equipment and a storage medium, wherein the method comprises the following steps: inserting a first stub code in a first architecture application; running the first architecture application based on the first stub code to generate a first structural graph; translating, by the simulator, second architecture instructions included in an executable file of a second architecture application into first architecture instructions; setting a second stub code according to the first architecture instruction; based on the second stub code, running a second architecture application through the simulator to generate a second architecture diagram; and determining running difference information according to the first structural diagram and the second structural diagram. The invention can determine the difference of two operation modes through the structure chart, thereby realizing the comparison of the difference of the operation process and determining the position with problems according to the difference information.

Description

Application operation analysis method, computing device and storage medium
Technical Field
The present invention relates to the field of operating systems, and in particular, to an application execution analysis method, a computing device, and a storage medium.
Background
As computer technology has evolved, different kinds of processors have appeared on the market, which may comprise a variety of different architectures. Accordingly, applications of different architectures have also been developed based on the different instruction sets supported by the processors of different architectures.
The prior art provides methods for running an architecture application on a computing device comprising an architecture processor, in particular by means of a simulator. The simulator may be embodied as a container, a virtual machine, or the like. However, when another architecture application is run through a simulator, problems of the simulator itself can cause that the program is not run on a homogeneous platform, and various unexpected effects (such as crash, abnormal exit, logic errors and the like) occur on a heterogeneous platform, so that software cannot be used.
For this reason, a new application operation analysis method is required.
Disclosure of Invention
To this end, the present invention provides an application run analysis method in an attempt to solve or at least alleviate the above-presented problems.
According to an aspect of the present invention, there is provided an application run analysis method, adapted to be executed in a computing device, the computing device being adapted to run a first architecture application, the method comprising: inserting first stub code in a first architecture application; running the first architecture application based on the first stub code to generate a first structural graph; translating, by the simulator, second architecture instructions included in an executable file of a second architecture application into first architecture instructions; setting a second stub code according to the first architecture instruction; based on the second stub code, running a second architecture application through the simulator to generate a second structure diagram; and determining running difference information according to the first structural diagram and the second structural diagram.
Optionally, in the method according to the present invention, inserting the first stub code in the first architecture application comprises: generating an intermediate format file according to the executable file of the first architecture application; determining a first application execution branch according to the intermediate format file; a first stub code is set at a first application execution branch.
Optionally, in the method according to the invention, a first stub code is inserted in the first architectural application: determining an insertion point from an executable file of a first architecture application; setting a jump instruction at an insertion point; and setting a first stub code according to the jump instruction.
Optionally, in the method according to the present invention, the generating the second architectural diagram by the simulator executing the second architectural application based on the second stub code includes: generating a register identifier according to an executable file of the second architecture application; and executing the first architecture instruction according to the register identification, and generating a second structure diagram according to the second stub code.
Optionally, in a method according to the present invention, executing the first architectural instruction according to the register identifier, and generating the second architectural diagram according to the second stub code, includes: determining a second application execution branch when the first architecture instruction is executed according to the register identification; and executing the second stub code according to the second application execution branch to generate a second structure diagram.
Optionally, in the method according to the present invention, the generating a second architectural diagram by the simulator by running a second architecture application based on a second stub code comprises: determining a second function and a calling position called by the second architecture application according to the executable file of the second architecture application; setting a second stub code according to the calling position; and calling a second function through the simulator to run a second architecture application, and executing second stub code to generate a second structure chart.
Optionally, in the method according to the present invention, calling the second function by the simulator to run the second architecture application includes: generating a first call table for calling a first function according to a second call table for calling a second function, wherein the first function is a local function provided by the computing equipment; and calling the first function according to the first call table to execute the second architecture application.
Optionally, in the method according to the present invention, setting a second stub code according to the call position includes: setting an interrupt processing function at a calling position; and setting a second stub code according to the interrupt processing function.
Optionally, in the method according to the present invention, further comprising: and storing the simulator state of the simulator according to the interrupt processing function so as to continuously run the second architecture application according to the simulator state after the second stub code is executed.
According to another aspect of the present invention, there is provided a computing device comprising: one or more processors; a memory; and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs including instructions for performing the application execution analysis method according to the present invention.
According to yet another aspect of the present invention, there is provided a computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a computing device, cause the computing device to perform an application execution analysis method according to the present invention.
The invention discloses an application running analysis method, which is suitable for being executed in computing equipment, wherein the computing equipment is suitable for running a first architecture application, and the method comprises the following steps: inserting a first stub code in a first architecture application; running the first architecture application based on the first stub code to generate a first structural graph; translating, by the simulator, second architecture instructions included in an executable file of a second architecture application into first architecture instructions; setting a second stub code according to the first architecture instruction; based on the second stub code, running a second architecture application through the simulator to generate a second architecture diagram; and determining running difference information according to the first structural diagram and the second structural diagram. The invention can determine the difference of two operation modes through the structure chart, thereby realizing the comparison of the difference of the operation process and determining the position with problems according to the difference information.
Drawings
To the accomplishment of the foregoing and related ends, certain illustrative aspects are described herein in connection with the following description and the annexed drawings, which are indicative of various ways in which the principles disclosed herein may be practiced, and all aspects and equivalents thereof are intended to be within the scope of the claimed subject matter. The above and other objects, features and advantages of the present disclosure will become more apparent from the following detailed description when read in conjunction with the accompanying drawings. Throughout this disclosure, like reference numerals generally refer to like parts or elements.
FIG. 1 shows a flow diagram of an application execution analysis method 100 according to an exemplary embodiment of the present invention;
FIG. 2 illustrates a block diagram of a computing device 200, according to an exemplary embodiment of the invention;
FIG. 3 illustrates a schematic diagram of generating a first structural map in accordance with an exemplary embodiment of the present invention;
FIG. 4 illustrates a diagram depicting a second block diagram in accordance with an exemplary embodiment of the present invention;
FIG. 5 illustrates a diagram depicting a second block diagram, in accordance with another exemplary embodiment of the present invention;
fig. 6 illustrates a schematic diagram of determining operational difference information according to an exemplary embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. Like reference numbers generally refer to like parts or elements.
FIG. 1 shows a flow diagram of an application execution analysis method 100 according to an exemplary embodiment of the present invention. An application run analysis method in the present invention is suitable for execution in a computing device in the present invention. The computing device is adapted to run a first architecture application.
FIG. 2 illustrates a block diagram of a computing device, according to an exemplary embodiment of the invention. In a basic configuration, computing device 200 includes at least one processing unit 220 and system memory 210. According to one aspect, depending on the configuration and type of computing device, system memory 210 includes, but is not limited to, volatile storage (e.g., random access memory), non-volatile storage (e.g., read-only memory), flash memory, or any combination of such memories. According to one aspect, system memory 210 includes an operating system 211.
According to one aspect, the operating system 211, for example, is suitable for controlling the operation of the computing device 200. Further, the examples are practiced in conjunction with a graphics library, other operating systems, or any other application program, and are not limited to any particular application or system. This basic configuration is illustrated in fig. 2 by those components within dashed line 215. According to one aspect, computing device 200 has additional features or functionality. For example, according to one aspect, computing device 200 includes additional data storage devices (removable and/or non-removable) such as, for example, magnetic disks, optical disks, or tape.
As stated hereinabove, according to one aspect, program modules 212 are stored in system memory 210. According to one aspect, the program modules 212 may include one or more application programs, the invention is not limited to the type of application program, for example, the application may also include: email and contacts applications, word processing applications, spreadsheet applications, database applications, slide show applications, drawing or computer-aided applications, web browser applications, and the like.
According to one aspect, examples may be practiced in a circuit comprising discrete electronic elements, a packaged or integrated electronic chip containing logic gates, a circuit utilizing a microprocessor, or on a single chip containing electronic elements or microprocessors. For example, an example may be practiced via a system on a chip (SOC) in which each or many of the components shown in fig. 2 may be integrated on a single integrated circuit. According to one aspect, such SOC devices may include one or more processing units, graphics units, communication units, system virtualization units, and various application functions, all integrated (or "burned") onto a chip substrate as a single integrated circuit. When operating via an SOC, the functions described herein may be operated via application-specific logic integrated with other components of the computing device 200 on a single integrated circuit (chip). Embodiments of the invention may also be practiced using other technologies capable of performing logical operations (e.g., AND, OR, AND NOT), including but NOT limited to mechanical, optical, fluidic, AND quantum technologies. In addition, embodiments of the invention may be practiced within a general purpose computer or in any other circuits or systems.
According to one aspect, computing device 200 may also have one or more input devices 231, such as a keyboard, mouse, pen, voice input device, touch input device, etc. Output device(s) 232 such as a display, speakers, printer, etc. may also be included. The foregoing devices are examples and other devices may also be used. Computing device 200 may include one or more communication connections 233 that allow communication with other computing devices 240. Examples of suitable communication connections 233 include, but are not limited to: RF transmitter, receiver and/or transceiver circuitry; universal Serial Bus (USB), parallel, and/or serial ports. Computing device 200 may be communicatively connected to other computing devices 240 via communication connection 233.
Embodiments of the present invention also provide a non-transitory readable storage medium storing instructions for causing the computing device to perform a method according to embodiments of the present invention. The readable media of the present embodiments include permanent and non-permanent, removable and non-removable media, and the storage of information may be accomplished by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of readable storage media include, but are not limited to: phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technologies, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transitory readable storage medium.
According to one aspect, communication media is embodied by computer readable instructions, data structures, program modules, or other data in a modulated data signal (e.g., a carrier wave or other transport mechanism) and includes any information delivery media. According to one aspect, the term "modulated data signal" describes a signal that has one or more characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, radio Frequency (RF), infrared, and other wireless media.
It is noted that although the computing device depicted above shows only processing unit 220, system memory 210, input device 231, output device 232, and communication connection 233, in particular implementations, the device may include other components necessary for proper operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
In the prior art, the CPU mainly includes a complex instruction set CPU such as intel and AMD, and a reduced instruction set CPU such as IBM and ARM. The architectures of the products of two different brands of CPUs may be different, for example, the Intel and AMD CPUs are X86 architectures, while the IBM CPU is PowerPC architecture and the ARM architecture. Executable files under different architectures have different instruction set encodings.
Typically, a binary file compiled on one architecture cannot run on a host of another architecture. At present, there are many kinds of software which can only be used in one architecture platform, because source codes are not provided, or transplantation development work is not carried out on different platforms.
According to one embodiment of the invention, a processor of a first architecture is included in a computing device and is adapted to run an application of the first architecture. The processor of the first architecture cannot directly run the application of the second architecture, but only by means of a simulator. The first architecture application is adapted to be executed directly by a processor of the first architecture and the second architecture application is adapted to be executed directly by a processor of the second architecture.
The present invention is not limited to a particular type of first architecture and second architecture. According to an embodiment of the invention, the first architecture may be embodied as an arm architecture and the second architecture may be embodied as an x86 architecture.
The simulator executes heterogeneous executable files through translation. The simulator includes a User Mode "simulator and a System Mode" simulator. In the user mode, the simulator executes heterogeneous binary files through translation, and common user mode simulators include qemu-user, box86 and the like. In a system mode, a simulator simulates the whole system including peripheral devices, a plurality of virtual hosts can be provided on one physical host, and the simulators in common system modes include qemu-system, virtual-box, VMware and the like. The invention is not limited to the particular type of simulator employed.
The simulator executes the executable file in two ways, one is translation execution and the other is dynamic translation execution, and the simulator can simultaneously provide 2 execution modes, specifically: performing dynamic translation execution on the hot spot code to achieve the purpose of code multiplexing; and the codes with few operation times are interpreted and executed, so that the memory space is reduced. The simulator can seamlessly switch between these 2 implementations to achieve space and time optimization.
Since running an application through a simulator may cause various problems, in order to locate these problems, a reverse binary file may be used to guess where the problem may occur according to a hint or a log, and then a debugger is used to load the simulator, debug and execute the binary file, compare registers at the suspicious part, function return values, and manually analyze whether semantics and execution logic are consistent.
However, in this way, the binary instructions and the translated instructions are too large, and although some simulators provide a translation log, the translated codes of a slightly larger program usually reach millions, are not easy to read, and the context dependency is also considered, so that it is difficult to find an error position in the log.
And when the simulator translates the branch and jumps, there are multiple possible exits, the simulator needs to translate all possible paths, the CPU executes different jumps according to the current execution state, but in actual operation, only one branch is operated, and specifically which branch the CPU operates, the software layer cannot know. The analysis of the translation log in conjunction with the next jump is required to decide which branch to execute. When a problem occurs, the condition before the jump is reversely deduced through the execution branch, so that the condition of the abnormal occurrence is deduced step by step.
Therefore, the invention provides an application operation analysis method. Referring to FIG. 1, step 110 is first performed to insert a first stub code in a first architecture application. Specifically, the method comprises the following steps: generating an intermediate format file according to the executable file of the first architecture application; determining a first application execution branch according to the intermediate format file; a first stub code is set at a first application execution branch.
Subsequently, step 120 is executed to run the first architecture application based on the first stub code, generating a first architecture diagram.
According to an embodiment of the present invention, the first architecture application may be implemented as multiple types of applications, and the present invention does not limit the specific application types and implemented functions of the first architecture application.
According to an embodiment of the present invention, the executable file may be implemented as a binary executable file, such as a file in an ELF file format, and the present invention does not limit the specific file format of the executable file. An ELF (Executable and Linable Format) file can be an Executable connection file, and is a Format standard for storing binary files, executable files, target codes, shared libraries and core dumps on a disk.
According to an embodiment of the present invention, the Intermediate format file may be embodied as an IR (Intermediate Representation) file. The IR file is an intermediate representation of a programming language, is an internal representation generated by a compiler after scanning a source program, represents semantic and syntactic structures of the source program, and provides a general analysis object by removing parts of unrelated program operations such as comments. The IR file can be used to determine a first application execution branch when the computing device executes the homogeneous application. An execution branch is where the application runs, resulting in different processing logic. Since different execution logics may be generated at different execution branches when the computing device executes the homogeneous application and the heterogeneous application respectively, the execution branches of the application need to be determined, and instrumentation is performed at the execution branches to determine the execution flow of the application.
According to one embodiment of the present invention, when generating an intermediate format file from an executable file, the corresponding executable file may be loaded through a loading process of an analog LOADER (LOADER), and converted into an IR file with equal semantics by analyzing the logical meaning represented by binary data of the executable file.
According to an embodiment of the present invention, the architectural diagram (including the first architectural diagram and the second architectural diagram) may be embodied as a Dynamic Control Flow Graph (DCFG). The invention is not limited to the specific implementation of the structure diagram. The structure diagram reflects the execution path in the actual operation process of the application. Compared with a Control Flow Graph (CFG), the DCFG includes an initial node without a predecessor node, and a successor node includes a first instruction executed by each thread; the method comprises the steps that a finish node without a successor node is included, and a predecessor node of the finish node comprises the last instruction executed by each thread; the DCFG need not contain unexecuted nodes or edges. The DCFG contains edges that represent all code paths actually executed, even if they are due to non-control flow instructions, e.g., signals, etc.
According to an embodiment of the invention, the data structure of the DCFG may be defined in particular by:
[cfg addr{:count} cfg-name];
wherein: cfg: one DCFG for this structure;
addr: virtual address of DCFG start;
count: the number of runs;
cfg-name obtaining function name (if there is a function name, otherwise "null") by dladdr;
the DCFG may include a plurality of BASIC BLOCKs (BASIC BLOCKs), the data structure of which may be defined as follows:
[bb cfg-addr addr total-sz [instr1-size instr2-size...] [call-addr...] [signal-addr...] successor-addr];
wherein: bb: identify the structure as a BASIC BLOCK;
cfg-addr, the DCFG address to which the BASIC BLOCK belongs;
addr: the address of this BASIC BLOCK;
total-sz: the number of instructions contained in the BASIC BLOCK;
[ instr1-size instr2-size. ]: a list of single instruction numbers;
call-addr, which the BASIC BLOCK executes a list of other DCFGs;
sign-addr: this BASIC BLOCK performs a signal call back to the list of DCFGs;
sucessor-addr: the next BASIC BLOCK, i.e., the successor node.
According to an embodiment of the present invention, the stub code (including the first stub code and the second stub code) is a code of the output structure diagram, and is used for parsing the application running process and determining information of the structure diagram, such as nodes in the structure diagram and a circulation relationship between the nodes according to the application running process, so as to draw the structure diagram according to the information of the structure diagram.
After the first stub code is set by the first application execution branch, when the first architecture application is operated, the first stub code set by the execution branch is operated at the position of the execution branch, so that the first structure graph is drawn.
Fig. 3 shows a schematic diagram of generating a first structure diagram according to an exemplary embodiment of the present invention, according to an embodiment of the present invention. As shown in fig. 3, the first architecture may be embodied as an x86 architecture, and the first architecture application may be embodied as an x86 application. The first structural diagram may be embodied as a DCFG structure diagram.
When an x86 application is loaded on an x 86-architecture computing device and needs to run, an IR file is generated first. And determining a first application execution branch according to the IR file. The first application execution branch may specifically include one or more execution branches. First stub code is then inserted at the first application execution branch.
The first architecture application may then be run according to the IR file when running. When the first stub code is operated, the first stub code is operated to generate a DCFG structure diagram; and when the code needing to be run is not the first stub code, normally running the first architecture application.
According to an embodiment of the present invention, when inserting the first stub code in the first architecture application, an insertion point may also be determined according to an executable file of the first architecture application; setting a jump instruction at an insertion point; the first stub code is set according to the jump instruction so as to run the first architecture application, and the first structural graph is generated according to the jump instruction execution state code.
According to an embodiment of the present invention, the first stub code may also be set by setting a jump instruction.
By parsing the executable file, the insertion point at which the first stub code needs to be inserted can be determined. The insertion point may be embodied as the location where the application running process needs to be recorded. When the executable file is parsed to determine the insertion point, the required insertion point can be found by using the Code Patch tool. The invention is not limited in the particular manner in which the insertion point is determined.
Subsequently, when a jump instruction is set, one or more instructions of the insertion point are replaced with a jump instruction. The jump instruction points to a section of jump bed code, the code of the executable file itself, namely one or more replaced instructions, is realized in the target code section jumped by the jump bed, and the instruction of the output structure diagram, namely the first stub code. The target jump code also comprises code for restoring the normal execution sequence of the application. The trampoline itself is a short code segment, and other code segments can be started.
Then, step 130 is executed to translate the second architecture instructions included in the executable file of the second architecture application into the first architecture instructions through the simulator.
And when the simulator runs the second architecture application, the heterogeneous application is run. The second architecture application cannot be run directly by a computing device that includes the first architecture processor. The computing device needs to translate the second architecture instruction of the second architecture application into the first architecture instruction through the simulator, and then execute the application.
Then, step 140 is executed to set the second stub code according to the first architecture instruction.
And when the second stub code is set according to the first architecture instruction, setting the second stub code according to the position where the application execution branch is generated by running the application according to the first architecture instruction, and recompiling and executing after the second stub code is set. According to an embodiment of the present invention, when the first architecture is an ARM architecture and the second architecture is an x86 architecture, the setting the position of the second stub code in the first architecture instruction includes: JO, JNO, JC, JNC, JNZ, JBE, JNBE, JS, JNS, JP, JNP, JL, JGE, JE, JLE, JG, JECXE, JMP, etc.
Then, step 150 is executed to run a second architecture application through the simulator based on the second stub code, so as to generate a second structure diagram; specifically, the method comprises the following steps: generating a register identifier according to an executable file of the second architecture application; and executing the first architecture instruction according to the register identification, and generating a second structure diagram according to the second stub code.
When the first architecture instruction is executed according to the register identifier and a second structure diagram is generated according to the second stub code, a second application execution branch when the first architecture instruction is executed is determined according to the register identifier; and executing the second stub code according to the second application execution branch to generate a second structure diagram.
When the second architecture application is operated according to the first architecture instruction, because the position where a jump is required when the first architecture instruction is executed is also determined according to the original execution branch position of the second architecture application, a register identifier is set so as to execute different application operation logics at the execution branch position according to the register identifier.
According to an embodiment of the invention, the second architecture may be embodied as an x86 architecture, the register identification may be embodied as an EFLAGS register, and the register identification may be embodied as a ZF identification in the EFLAGS register. The ZF flag is used to indicate which application execution branch is executed specifically when executing to the execution branch.
And when the second stub code is executed according to the second application execution branch to generate a second structure diagram, executing each operation branch, and executing the set second stub code to draw the second structure diagram.
Fig. 4 shows a schematic diagram of a drawing of a second block diagram according to an exemplary embodiment of the invention. As shown in fig. 4, the second architecture may be embodied as an x86 architecture, the register identification may be embodied as an EFLAGS register, and the register identification may be embodied as a ZF identification in the EFLAGS register. When the second architecture application is run, the instructions of the second architecture application are translated into the first architecture instructions. And then setting register identification, and injecting the identification as conversion code, so that after the execution of the code of the execution branch is finished, the register identification is reset, and other application execution branches are executed.
At the execution branch, it is determined whether the value in the register that identifies ZF is 1, if 1, the first branch is executed, if not 1, the second branch is executed. And after the first branch or the second branch is executed, executing the second stub code to generate a second structure diagram. And after the second stub code is executed, storing the construction parameters in the EFLAGS register so as to determine the position of the execution branch in the code according to the construction parameters. And restoring values in the register to execute other application execution branches.
According to one embodiment of the invention, when the simulator runs the second architecture application and generates the second structure diagram, the simulator also determines a second function and a calling position called by the second architecture application according to the executable file of the second architecture application; setting a second stub code according to the calling position; and calling a second function through the simulator to run a second architecture application, and executing a second stub code to generate a second structure diagram.
According to an embodiment of the invention, when the second architecture application is executed through the simulator, the second architecture application can be executed in a non-static compiling (dynamic translation execution) mode. Non-statically compiled applications may rely on a relatively large number of functions. When the simulator executes the function call, a new function execution flow is generated, so that a second stub code needs to be inserted when the first architecture instruction is translated and executed or dynamically compiled and executed.
According to an embodiment of the present invention, the first architecture instruction may be embodied as an ARM instruction, wherein the location where the second stub code needs to be inserted includes the following instructions:
OPCODE==0xE8;
OPCODE==0x9A;
OPCODE==0xFF && GROUP==2;
OPCODE==0xFF && GROUP==3;
the invention does not limit the position and the inserting quantity of the second pile code required to be inserted in the specific implementation process.
According to one embodiment of the invention, calling the second function to run the second architecture application by the simulator comprises: generating a first call table for calling a first function according to a second call table for calling a second function, wherein the first function is a local function provided by the computing equipment; and calling the first function according to the first call table to execute the second architecture application.
When calling the heterogeneous second function, the simulator can convert the heterogeneous second function into the homogeneous first function, so that the operation efficiency is improved.
According to one embodiment of the invention, when the second stub code is set according to the calling position, an interrupt processing function is set at the calling position; and setting a second stub code according to the interrupt processing function. And when the execution reaches the interrupt processing function position, storing the simulator state of the simulator according to the interrupt processing function so as to continuously run the second architecture application according to the simulator state after the second stub code is executed.
Fig. 5 shows a schematic diagram for drawing a second structural diagram according to another exemplary embodiment of the present invention.
According to an embodiment of the present invention, when the local function is called by the interrupt handling function, specifically: firstly, determining a calling position and inserting an interrupt processing function. Modifying a first call table before starting to run a first architecture instruction; specifically, the method comprises the following steps: and modifying the calling position of the second function to be set in the second calling table into the calling position of the local first function. And triggering an interrupt when the first architecture instruction is executed and the interrupt processing function is executed. And recording the current simulator state, calling a corresponding local function, and executing a second stub code to generate a DCFG (discrete component grid) graph. And after the calling is finished, the state of the simulator is recovered, and the simulator returns to the calling part to continue executing. The simulator state includes information such as the operating environment in the simulator and the location of the calling function.
According to an embodiment of the present invention, when returning to the calling place to continue executing other instructions, a second stub code is also added to generate a structure diagram, which indicates that the execution flow of the calling function is finished.
According to one embodiment of the invention, the instruction requiring insertion of the second stub code in the first architecture instruction upon return comprises: OPCODE = =0xC2 and OPCODE = =0xC3.
Finally, step 160 is performed to determine operational variance information based on the first architectural view and the second architectural view. The run disparity information may include information such as different branches of the run.
The logic correctness of the heterogeneous program operated by the simulator can be judged through the first structure diagram and the second structure diagram, and particularly, whether the branches in the execution of the first structure diagram and the second structure diagram are consistent or not can be compared when the structure diagrams are compared.
According to one embodiment of the invention, an automatic ratio of execution branches may be performed using the tool at the time of comparison. The first structure diagram and the second structure diagram adopt a unified format, namely the second stub codes in the execution of the isomorphic program and the execution of the heterogeneous program are output according to the same data format.
According to an embodiment of the present invention, the first structural diagram and the second structural diagram may be customized in a manner of setting the following configurations:
cfg: a structure diagram for identifying the structure as a DCFG format;
and (2) addr: a virtual address identifying the start of this DCFG;
the count is as follows: for identifying the number of runs;
cfg-name: the function name is obtained;
according to an embodiment of the present invention, the execution flow of the structure diagram may be further converted into a visual flow diagram, and the difference between the first structure diagram and the second structure diagram is observed through manual comparison.
Fig. 6 illustrates a schematic diagram of determining operational difference information according to an exemplary embodiment of the present invention.
As shown in fig. 6, when the isomorphic application (first architecture application) is run, a first stub code may be set in the original instruction, and when the executable file is run, after the original instruction is executed, the first stub code is executed at a position where the first stub code needs to be executed, so as to generate a first structural diagram; or adding the trampoline into the original instruction by a trampoline constructing mode, and operating the first pile code according to the trampoline to generate the first structural diagram.
When the heterogeneous application (second architecture application) is run, a second stub code is added to a corresponding position, such as an application branch and a calling position of a calling function, and then recompiled. When the heterogeneous application is run, the executable file is loaded and translation instructions are generated. When the translation instruction is executed, the second stub code is executed at the position where the second stub code is set to generate a second structure diagram.
Subsequently, comparing the first structural diagram with the second structural diagram through a comparison tool, and outputting operation difference information; or drawing the first structural diagram and the second structural diagram through a drawing tool so as to find out the place where the simulator runs wrongly.
According to the invention, the second stub code is inserted, the structure diagram of the heterogeneous program is automatically generated in the execution process, the difference of the structure diagram generated by the homogeneous program and the structure diagram generated by the heterogeneous program in the execution process is visually compared, the comparison range is reduced from an instruction level to a module level or a function level, and the abnormal search range is greatly reduced. After the program flow difference is found macroscopically, the difference analysis and comparison of the instruction level are carried out by combining the difference position, so that the efficiency of finding the problem is greatly improved, and the difficulty of problem positioning is reduced.
The invention discloses an application running analysis method, which is suitable for being executed in computing equipment, wherein the computing equipment is suitable for running a first architecture application, and the method comprises the following steps: inserting a first stub code in a first architecture application; running the first architecture application based on the first stub code to generate a first structural graph; translating second architecture instructions included in an executable file of a second architecture application into first architecture instructions according to the simulator; setting a second stub code according to the first architecture instruction; based on the second stub code, running a second architecture application through the simulator to generate a second architecture diagram; and determining running difference information according to the first structural diagram and the second structural diagram. According to the invention, different structure diagrams are generated by operating the applications with different architectures, and the difference of two operation modes of the applications can be determined through the structure diagrams, so that the difference of the operation processes is compared, and the position with the problem is determined according to the difference information.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects.
Those skilled in the art will appreciate that the modules or units or groups of devices in the examples disclosed herein may be arranged in a device as described in this embodiment, or alternatively may be located in one or more devices different from the devices in this example. The modules in the foregoing examples may be combined into one module or may be further divided into multiple sub-modules.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. Modules or units or groups in embodiments may be combined into one module or unit or group and may furthermore be divided into sub-modules or sub-units or sub-groups. All of the features disclosed in this specification, and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification may be replaced by an alternative feature serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments.
Furthermore, some of the described embodiments are described herein as a method or combination of method elements that can be performed by a processor of a computer system or by other means of performing the described functions. A processor having the necessary instructions for carrying out the method or method elements thus forms a means for carrying out the method or method elements. Further, the elements of the apparatus embodiments described herein are examples of the following apparatus: the apparatus is used to implement the functions performed by the elements for the purpose of carrying out the invention.
The various techniques described herein may be implemented in connection with hardware or software or, alternatively, with a combination of both. Thus, the methods and apparatus of the present invention, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as floppy diskettes, CD-ROMs, hard drives, or any other machine-readable storage medium, wherein, when the program is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention.
In the case of program code execution on programmable computers, the computing device will generally include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. Wherein the memory is configured to store program code; the processor is configured to execute the application execution analysis method of the present invention according to instructions in the program code stored in the memory.
By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer-readable media includes both computer storage media and communication media. Computer storage media store information such as computer readable instructions, data structures, program modules or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of computer readable media.
As used herein, unless otherwise specified the use of the ordinal adjectives "first", "second", "third", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this description, will appreciate that other embodiments can be devised which do not depart from the scope of the invention as described herein. Moreover, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter. Accordingly, many modifications and variations will be apparent to practitioners skilled in this art. The disclosure of the present invention is intended to be illustrative, but not limiting, of the scope of the invention.

Claims (11)

1. An application execution analysis method, adapted to be executed in a computing device, the computing device being adapted to execute a first architecture application, the method comprising:
inserting first stub code in the first architecture application;
running the first architecture application based on the first stub code, generating a first structural graph;
translating, by the simulator, second architecture instructions included in an executable file of a second architecture application into first architecture instructions;
setting a second stub code according to the first architecture instruction;
based on the second stub code, running the second architecture application through a simulator to generate a second structure diagram;
and determining operation difference information according to the first structure diagram and the second structure diagram.
2. The method of claim 1, wherein the inserting first stub code in the first architectural application comprises:
generating an intermediate format file according to the executable file of the first architecture application;
determining a first application execution branch according to the intermediate format file;
and setting first stub code in the first application execution branch.
3. The method of claim 1, wherein the inserting first stub code in the first architectural application comprises:
determining an insertion point from an executable file of the first architecture application;
setting a jump instruction at the insertion point;
and setting a first stub code according to the jump instruction.
4. The method of any of claims 1-3, wherein the generating, by the simulator running the second architectural application based on the second stub code, a second architectural graph comprises:
generating a register identifier according to the executable file of the second architecture application;
and executing the first architecture instruction according to the register identification, and generating a second structure diagram according to the second stub code.
5. The method of claim 4, wherein said executing the first architectural instruction according to the register identification and generating a second architectural graph according to the second stub code comprises:
determining a second application execution branch when the first architecture instruction is executed according to the register identification;
and executing the second stub code according to the second application execution branch to generate a second structure diagram.
6. The method of any of claims 1-3, wherein the generating, by the simulator running the second architectural application based on the second stub code, a second architectural graph comprises:
determining a second function and a calling position called by the second architecture application according to the executable file of the second architecture application;
setting a second pile code according to the calling position;
and calling a second function through the simulator to run a second architecture application, and executing the second stub code to generate a second structure diagram.
7. The method of claim 6, wherein invoking, by the simulator, a second function to run a second architecture application comprises:
generating a first call table for calling a first function according to a second call table for calling the second function, wherein the first function is a local function provided by the computing equipment;
and calling the first function according to the first call table so as to execute the second architecture application.
8. The method of claim 6, wherein said setting a second stub code according to the invocation location comprises:
setting an interrupt processing function at the calling position;
and setting a second stub code according to the interrupt processing function.
9. The method of claim 8, wherein the method further comprises:
and storing the simulator state of the simulator according to the interrupt processing function so as to continuously run the second architecture application according to the simulator state after executing the second stub code.
10. A computing device, comprising:
one or more processors;
a memory; and
one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs comprising instructions for performing the method of any of claims 1-9.
11. A computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a computing device, cause the computing device to perform the method of any of claims 1-9.
CN202211352997.8A 2022-11-01 2022-11-01 Application operation analysis method, computing device and storage medium Active CN115470151B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211352997.8A CN115470151B (en) 2022-11-01 2022-11-01 Application operation analysis method, computing device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211352997.8A CN115470151B (en) 2022-11-01 2022-11-01 Application operation analysis method, computing device and storage medium

Publications (2)

Publication Number Publication Date
CN115470151A CN115470151A (en) 2022-12-13
CN115470151B true CN115470151B (en) 2023-01-24

Family

ID=84336999

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211352997.8A Active CN115470151B (en) 2022-11-01 2022-11-01 Application operation analysis method, computing device and storage medium

Country Status (1)

Country Link
CN (1) CN115470151B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6351843B1 (en) * 1998-08-31 2002-02-26 International Business Machines Corporation Dynamically inserting a function into an application executable at runtime
CN104598808A (en) * 2015-01-08 2015-05-06 中国科学院信息工程研究所 Android application completeness verification method based on register architecture
CN111209193A (en) * 2019-12-30 2020-05-29 北京健康之家科技有限公司 Program debugging method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6351843B1 (en) * 1998-08-31 2002-02-26 International Business Machines Corporation Dynamically inserting a function into an application executable at runtime
CN104598808A (en) * 2015-01-08 2015-05-06 中国科学院信息工程研究所 Android application completeness verification method based on register architecture
CN111209193A (en) * 2019-12-30 2020-05-29 北京健康之家科技有限公司 Program debugging method and device

Also Published As

Publication number Publication date
CN115470151A (en) 2022-12-13

Similar Documents

Publication Publication Date Title
Schlich Model checking of software for microcontrollers
US7080359B2 (en) Stack unique signatures for program procedures and methods
US7051343B2 (en) Module-by-module verification
AU771941B2 (en) Fully lazy linking with module-by-module verification
CN107526625B (en) Java intelligent contract security detection method based on bytecode inspection
US20050177775A1 (en) Data race detection using sequential program analysis
US20100180263A1 (en) Apparatus and method for detecting software error
CN109101416B (en) Kernel fault injection method and electronic equipment
US7512938B2 (en) Typed intermediate representation for object-oriented languages
CN109271789B (en) Malicious process detection method and device, electronic equipment and storage medium
US8261251B2 (en) Modification of array access checking in AIX
CN110688320B (en) Global variable detection method and device and terminal equipment
CN115470151B (en) Application operation analysis method, computing device and storage medium
US20020129336A1 (en) Automatic symbol table selection in a multi-cell environment
CN116150021A (en) Program running track tracking method, program running track comparing method, program running track tracking device and computing equipment
CN114428642B (en) Random instruction generation environment based on novel processor architecture
CN110765008A (en) Data processing method and device
CN115374017A (en) Method for capturing site during simulation running of executable file and computing equipment
US6832181B1 (en) Method to distinguish between physical hardware and simulated hardware
US8769517B2 (en) Generating a common symbol table for symbols of independent applications
CN117008972B (en) Instruction analysis method, device, computing equipment and storage medium
CN114153750B (en) Code checking method and device, code compiling method and electronic equipment
CN104166633B (en) Method and system for memory access protection
CN112527660B (en) Static detection method and device for codes
US20040098708A1 (en) Simulator for software development and recording medium having simulation program recorded therein

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant