KR20190076217A - Apparatus and method for dynamic binary instrumentation using multi-core - Google Patents

Apparatus and method for dynamic binary instrumentation using multi-core Download PDF

Info

Publication number
KR20190076217A
KR20190076217A KR1020170177828A KR20170177828A KR20190076217A KR 20190076217 A KR20190076217 A KR 20190076217A KR 1020170177828 A KR1020170177828 A KR 1020170177828A KR 20170177828 A KR20170177828 A KR 20170177828A KR 20190076217 A KR20190076217 A KR 20190076217A
Authority
KR
South Korea
Prior art keywords
code
execution
breakpoint
core
instrument
Prior art date
Application number
KR1020170177828A
Other languages
Korean (ko)
Inventor
이상록
이정희
김종규
Original Assignee
한국전자통신연구원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국전자통신연구원 filed Critical 한국전자통신연구원
Priority to KR1020170177828A priority Critical patent/KR20190076217A/en
Publication of KR20190076217A publication Critical patent/KR20190076217A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging
    • G06F11/3644Software debugging by instrumenting at runtime

Abstract

Disclosed are a dynamic binary instrumentation device using multicores and a method thereof. The dynamic binary instrumentation method conducted by the dynamic binary instrumentation device using multicores comprises: a step of setting a break point in an executing core for executing an object program; a step of entering the break point and receiving a debugging event from the executing core in which the debugging event occurs; a step of identifying the break point in which the debugging event occurs, and executing an instrument code corresponding to the break point; a step of storing executing results of the instrument code; and a step of setting the break point in the next code block, and re-executing the executing core. Therefore, the dynamic binary instrumentation method can execute an instrument code for dynamic binary instrumentation (DBI) in a core which is not used by an object program in a multi-core CPU system, thereby efficiently utilizing the multi-core CPU system.

Description

[0001] APPARATUS AND METHOD FOR DYNAMIC BINARY INSTRUMENTATION USING MULTI-CORE [0002]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a dynamic binary instrumentation technique using a multicore, and more particularly to a technique for executing an instrument code in another CPU core without inserting an instrument code into a binary of a target program.

Instrumentation refers to the insertion of additional instrumentation code into the source code or binary of the target program in order to collect and analyze specific information about the target program.

In this case, the position where the code is inserted may be different according to the type of information to be collected, and may be different depending on the type of the information to be collected, and may be different from a specific function call, And the like.

Binary Instrumentation during instrumentation is a method of inserting code into the binary of the target program. Binary instrumentation is used as an instrumentation method for analyzing programs without source code, such as commercial products or malicious code.

Binary Instrumentation is divided into Static Binary Instrumentation (SBI) and Dynamic Binary Instrumentation (DBI). SBI disassembles the executable file before inserting the program and inserts the instrument code into the disassembled code. DBI, on the other hand, inserts instrumentation code into memory-loaded code during program execution, and can be used immediately for running programs without having to compile or link.

Typical DBI tools include pin, valgrind, dynamoRIO, and bochs. While pin, valgrind, and dynamoRIO are instrumentation methods for specific programs (processes), bochs can instrument entire systems, including operating systems and applications. But bochs has the disadvantage of running on the emulator.

The process instrumentation method used by pin, valgrind, and dynamoRIO is a translating method instrumentation using process-based virtualization technology. That is, when the target program is executed through the DBI tool, the DBI tool reads the corresponding binary code block, performs the translation in real time, and executes the translated code. In the DBI, the code for observing and analyzing the target program is inserted in the translation process, and the code inserted before or after the code block together with the program code block is executed.

DBI has gained popularity in areas such as Taint Analysis, de-obfuscation, and shellcode detection, and many techniques have been developed using DBI tools. And, as the program analysis method using DBI gets attention, many techniques for detecting DBI have been developed.

If commercial software or malicious code is analyzed by DBI through DBI detection method, it will be executed differently from normal execution because it is not analyzed. A process target instrument such as pin, valgrind, or dynamoRIO is a structure in which instrument code is added to the original code copied in the process space, after the original code is copied, translated, and instrumented in a separate process. Thus, if the original code and the instrument code are executed in the same process, if the original code has the ability to detect the instrument code, the instrumentation is easily detected.

For the instrumentation of the process target, the characteristics of the instrument code are listed and announced for each DBI tool. "I know you're there spying on me" at Recon 2012, "Defeating the Transparency Features of Dynamic Binary Instrumentation" and "Anti-instrumentation techniques: I know you're there, Frida! "A process-based DBI object detection technique. There are also a number of ways to detect the Bochs emulator environment in terms of instrumenting the entire system with the Bochs emulator.

That is, the fundamental reason for the detection of the process target instrumentation is that the target program code and the instrument code coexist in a single process address space. Because it is in the same process space, the original program code can access the instrument code and read and analyze the instrument code to find the DBI feature.

Bochs emulator-based instrumentation, on the other hand, is not a way of adding code, but rather a way in which the emulator executes instrument code when it encounters a particular code block when it executes the target program code. Because of this, existing DBI detection methods can not be applied to Bochs emulator-based instrumentation. However, there are already plenty of ways to detect the Bochs emulator itself, and using these emulator detection methods can easily detect emulator-based instrumentation.

Therefore, it is necessary to develop a technology that can solve the problem detected by the target program by loading the original code and the instrument code into the address space of the same process in the existing dynamic binary instrumentation method.

Korean Patent Publication No. 10-2017-0055933, published May 22, 2017 (titled: Method and Apparatus for Kernel Control-Flow Integrity Protection Using Static Binary Metering)

It is an object of the present invention to solve the problem that a conventional dynamic binary instrumentation (DBI) method loads the original code and the instrument code into the address space of the same process and is detected by the target program.

It is also an object of the present invention to ensure that the target program execution and the instrumentation execution region are logically and physically separated without modulating the target program code so that the dynamic binary instrumentation (DBI) is not detected.

It is also an object of the present invention to efficiently execute a multi-core CPU system by executinginstruction codes for dynamic binary instru- mentation (DBI) on a core not used by a target program in a multi-core CPU system.

According to an aspect of the present invention, there is provided a method for dynamic binary instrumentation performed by a dynamic binary instrumentation apparatus using a multi-core, the method comprising: setting a breakpoint in an execution core executing a target program; Receiving the debug event from the execution core that generated the debug event, checking the breakpoint at which the debug event occurred, and executing an instrument code corresponding to the breakpoint, Storing the execution result, setting the breakpoint in the next code block, and re-executing the execution core.

The execution of the instrument code may include retrieving the instrument code corresponding to the breakpoint entered by the execution core, loading the instrument code retrieved in the memory and executing the instru- ment code . ≪ / RTI >

At this time, the step of storing the execution result of the instrument code may include at least one of an execution core context value which is a response to at least one of an execution core context read instruction, an instruction transmission instruction, and an instruction execution instruction and an instruction execution result Can be collected and stored.

At this time, the step of storing the execution result of the instrument code may include at least one of the information of the breakpoint, the number of the breakpoints, the setting of the breakpoint, and the setting value of the breakpoint And receive and store status information of the breakpoint including one of the breakpoints.

The step of setting the breakpoint in the next code block and re-executing the execution core may include calculating the position of the next code block based on at least one of the state information of the breakpoint and the memory , Releasing the current breakpoint that executed the instrument code, and setting the breakpoint in the next code block based on the location of the next code block.

In this case, the code block may be an instrument unit that is at least one of a basic block unit, an instruction unit, a function unit, and an image unit.

In this case, when the debug event occurs, the execution core is switched to a halt mode, and after setting the breakpoint in the next code block, the execution core is switched to a normal mode And re-executing the execution core.

At this time, it is possible to repeat the step of re-executing the execution core after setting the break point in the next code block until the last code of the target program is executed.

At this time, the setting of the breakpoint may set one or more hardware breakpoints in the execution core.

According to another aspect of the present invention, there is provided a dynamic binary instrumentation apparatus using a multicore, the method comprising: setting a breakpoint in an execution core that executes a target program; determining, from the execution core that has generated a debug event, An execution core control unit for receiving a debug event, checking the breakpoint at which the debug event occurs, executing an instruction code corresponding to the breakpoint, storing the execution result of the instruction code, And an instruction execution unit for setting the break point in the block and re-executing the execution core.

The instrument execution unit may include an instrument code search module that searches for the instrument code corresponding to the break point entered by the execution core, and the instrument code loaded in the memory and executes the instrumement code And an instrument code execution module.

At this time, the instrument code execution module may collect and store at least one of an execution core context value that is a response to at least one of an execution core context read command, an instruction transmission instruction, and an instruction execution instruction, and an instruction execution result .

At this time, the instrument execution unit may include at least one of the breakpoints including at least one of the breakpoint information on which the execution core has entered, the number of breakpoints, the setting of the breakpoint, And a code block control module for receiving and storing status information of the mobile terminal.

Here, the code block control module may calculate the position of the next code block based on at least one of the state information of the breakpoint and the memory, and may cancel the current break point that executed the instruction code And set the breakpoint in the next code block based on the location of the next code block.

In this case, the code block may be an instrument unit that is at least one of a basic block unit, an instruction unit, a function unit, and an image unit.

At this time, the execution core controller switches the execution core to a halt mode when the debug event occurs, sets the breakpoint in the next code block, The execution core can be re-executed.

At this time, the execution core control unit may repeat the process of re-executing the execution core after setting the break point in the next code block until the last code of the target program is executed.

At this time, one or more hardware breakpoints may be set in the execution core.

According to another aspect of the present invention, there is provided a dynamic binary instrumentation apparatus using a multicore, comprising: a breakpoint setting unit that sets a breakpoint in an execution core that executes a target program among a plurality of cores, An execution core controller for entering the breakpoint and receiving the debug event from the execution core which has generated a debug event, an instrument code search unit for searching for an instrument code corresponding to the break point at which the debug event occurred, An instrument code execution unit for executing the searched instrument code and storing the result of execution of the instrument code, and calculating the position of the next code block and setting the breakpoint in the next code block Code block control included The.

At this time, the execution core control unit switches the execution core to the halt mode when the execution core enters the break point, and the execution code corresponding to the break point in the instrument core After the execution of the instrument code is completed, the execution core can be switched to the normal mode.

According to the present invention, the conventional dynamic binary instru- ment (DBI) method can solve the problem of being detected by the target program by loading the source code and the instrument code into the address space of the same process.

Further, according to the present invention, the target program execution and the execution execution area can be logically and physically separated without modulating the target program code, so that the dynamic binary instrumentation (DBI) can be prevented from being detected.

Further, according to the present invention, it is possible to utilize the multi-core CPU system efficiently by executing theinstruction code for the dynamic binaryinstruction (DBI) on the core that is not used by the target program in the multicore CPU system.

1 is a diagram schematically illustrating an environment to which a dynamic binary instrumentation apparatus using a multicore according to an embodiment of the present invention is applied.
2 is a block diagram illustrating a configuration of a dynamic binary instrumentation apparatus using a multicore according to an embodiment of the present invention.
3 is a flowchart illustrating a dynamic binary instrumentation method using a multicore according to an embodiment of the present invention.
FIG. 4 is a flowchart illustrating a method of setting a break point in a next code block in step S360 of FIG.
5 is a diagram for explaining a method of controlling an execution core according to an embodiment of the present invention.
6 is a diagram illustrating an instrument core to which a dynamic binary instrumentation apparatus using a multicore according to another embodiment of the present invention is applied.

While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail.

It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In the present application, the terms "comprises" or "having" and the like are used to specify that there is a feature, a number, a step, an operation, an element, a component or a combination thereof described in the specification, But do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries should be interpreted as having a meaning consistent with the meaning in the context of the relevant art and are to be interpreted in an ideal or overly formal sense unless explicitly defined in the present application Do not.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. In order to facilitate the understanding of the present invention, the same reference numerals are used for the same constituent elements in the drawings and redundant explanations for the same constituent elements are omitted.

1 is a diagram schematically illustrating an environment to which a dynamic binary instrumentation apparatus using a multicore according to an embodiment of the present invention is applied.

1, in a multi-core CPU system, a dynamic binary instrumentation apparatus 200 using a multicore according to an embodiment of the present invention is applied to one or more instrument core 20, The core control functions for one or more execution cores 10 executing the core control functions.

The dynamic binary instrumentation apparatus 200 using a multicore includes a Dynamic Binary Instrumentation (DBI) tool, which inserts an instrument code into a code loaded in a memory while the execution core 10 executes a target program to be.

In DBI, the process of the target program does not directly execute the code, but a separate process is created by the DBI tool, and the generated separate process copies the code block of the target program, It is a structure that is translated and instrumented and then executed.

At this time, a memory area copied and stored in a code block in a separate process is generally called a code cache. In the code cache, not all the code of the target program is copied and stored. Instead, a specific code block is read according to the execution path of the code, then instrumented and executed. Then, the code block to be executed is read and then instrumented and executed By repeatedly performing, the instrumented code blocks are accumulated in the code cache. If the code block already read is present in the code cache, the code block stored in the code cache is executed.

The dynamic binary instrumentation apparatus 200 using a multicore according to an embodiment of the present invention operates in the instruction core 20, which is a CPU core different from the execution core 10, which is a CPU core in which a target program is executed.

This makes it possible to logically and physically separate the target program execution area and the instrumentation execution area without modulating the target program code and prevent the target program from detecting the DBI.

Recently, in the field of mobile field and desktop PC, a method of increasing the number of CPU cores is used to improve the performance of the CPU. In particular, mobile CPU makers such as Qualcomm, Samsung, and Huawei have 8 to 10 cores on one CPU, and Apple recently released 6 cores on A11 bionic CPUs. In desktop and server products, AMD released up to 32-core CPUs and Intel released 28-core CPUs in 2017. While the number of cores is increasing rapidly in the hardware field, software is not making efficient use of multicore hardware.

However, the dynamic binary instrumentation apparatus 200 using a multicore according to an embodiment of the present invention can operate an unused CPU core on the instruction core 20, thereby taking advantage of the multicore structure. In addition, the dynamic binary instrumentation apparatus 200 using the multicore executes the instrument code in an area logically and physically separated from the area in which the target program is executed, thereby preventing the target program from detecting the DBI have.

Also, since the dynamic binary instrumentation apparatus 200 using the multicore according to an embodiment of the present invention does not use a virtualization technique or an emulator, the DBI may not be detected even by the emulator detection.

Hereinafter, a configuration of a dynamic binary instrumentation apparatus using a multicore according to an embodiment of the present invention will be described in detail with reference to FIG.

2 is a block diagram illustrating a configuration of a dynamic binary instrumentation apparatus using a multicore according to an embodiment of the present invention.

2, a dynamic binary instrumentation apparatus 200 using a multicore according to an embodiment of the present invention includes an execution core control unit 210, an instrument code search unit 220, an instrument code execution unit Unit 230, and a code block control unit 240.

First, the execution core control unit 210 controls an execution core which is a CPU core executing the target program code. At this time, the execution core control unit 210 generates control data for controlling the execution core according to the CPU architecture, such as ARM 32/64 bit, Intel 32/64 bit, Freescale 32/64 bit, The core state data (state information) can be interpreted.

The execution core control unit 210 sets a breakpoint in the execution core executing the target program, and generates a debug event when the execution core enters the break point. The execution core control unit 210 receives the debug event generated from the execution core, and can switch the execution mode of the execution core to the stop mode.

The execution core control unit 210 sets or releases a breakpoint including at least one of an instruction breakpoint and a data breakpoint and sets a breakpoint including a register, You can read and write core context values for cache, memory, and on-chip hardware. In addition, the execution core control unit 210 can transmit and execute instructions to the execution core and manage the debug events.

The execution core control unit 210 can switch the execution mode of the execution core. When a debug event occurs, the execution core control unit 210 can stop the execution core by switching the execution core in which the debug event has occurred to the halt mode.

Also, after the execution of the instrument code is completed, the execution core control unit 210 can switch the mode of the execution core to the normal mode and re-execute the execution core whose execution has been suspended. At this time, after the process of setting the breakpoint in the next code block, the execution core control unit 210 can switch the execution core into the normal mode and re-execute the execution core.

The execution core control unit 210 may repeat the process of re-executing the execution core after setting a break point in the next code block until the last code of the target program is executed.

Next, the instrument code searching unit 220 searches for the instrument code corresponding to the break point entered by the execution core.

When the execution core reaches the break point point, which is an instrument point, execution core break information including at least one of the position of the execution core, the address of the instrument point, and the execution core context is transmitted from the execution core control unit 210 Can be delivered.

The instrument code searching unit 220 searches the instrument code corresponding to the instrument point by using the execution core break information and outputs the instrument code to the instrument code execution unit 230).

The instrument code may be stored in a storage device including a memory or a hard disk, and may be stored in a different form depending on the unit of the code block. For example, if the code block is an instruction unit, the instrument code may vary depending on the type of instruction, whether it is executed before the instruction, or after the instruction. That is, different instrument codes can be used for instructions such as Load, Store, Move, Or, Xor, Call, and Return.

If the unit of the code block is a function unit, the function entry portion and the function end portion can be instrument points. In the function entry section, the instrument code can read the input parameter value of the function, and at the end of the function, the instrument code can read and store the return value of the function. Also, depending on the function, the number of input parameters and the type of the return data may be different, and thus the instrument code may be different.

For convenience of explanation, the case where the code block is the instruction unit and the function unit has been described, but the present invention is not limited to this, and the unit of the code block and the characteristic of the execution code may be designed and modified in various forms according to the purpose of the instrumentation .

Then, the instrument code execution unit 230 loads the instrument code found in the memory and executes the instru- ment code. The instrument code execution unit 230 can execute the instrument code stored in the system memory by loading the instrument code received from the instrument code search unit 220.

The instruction code execution unit 230 transmits at least one of an execution core context read instruction, an instruction transmission instruction, and an instruction execution instruction to the execution core control unit 210 according to the implementation of the instruction code, Can be received and stored. At this time, the instrument code execution unit 230 may collect and store at least one of the executed core context value and the instruction execution result in response to the instruction.

The instrument code execution unit 230 may store observation information, which is information collected and processed by execution of the instrument code, in the storage device during execution of the instrument code.

Finally, the code block controller 240 includes at least one of the information of the breakpoint (information of the current instrument point) entered by the execution core, the number of breakpoints, the setting of the breakpoint and the setting value of the breakpoint The status information of the breakpoint to be stored can be received and stored.

The code block controller 240 calculates the position of the next code block from the current instrument point based on at least one of the state information of the breakpoint and the memory. In addition, the code block control unit 240 releases the current break point in which the instrument code is executed.

The code block control unit 240 can set a break point in the next code block based on the position of the next code block. At this time, the code block control unit 240 can transmit the information of the break point to be set to the next code block to the execution core control unit 210 to set the break point.

The code block control unit 240 transmits a breakpoint setting command including information on at least one of the type of the break point, the address at which the break point is to be set and the break point hardware to be used to the execution core control unit 210, A breakpoint can be set.

Here, the code block may be an instrument unit of at least one of a basic block unit, an instruction unit, a function unit, and an image unit.

Hereinafter, a dynamic binary instrumentation method using a multicore, which is performed by a dynamic binary instrumentation apparatus using a multicore according to an embodiment of the present invention, will be described in detail with reference to FIG. 3 and FIG.

3 is a flowchart illustrating a dynamic binary instrumentation method using a multicore according to an embodiment of the present invention.

First, the dynamic binary instrumentation apparatus 200 using a multicore sets a break point in an execution core (S310).

The dynamic binary instrumentation apparatus 200 using a multicore includes a breakpoint (at least one of an instruction-breakpoint and a data-breakpoint) in an execution core 10 executing a target program Breakpoint).

The dynamic binary instrumentation apparatus 200 using the multicore receives a debug event from the execution core (S320).

The on-chip debug logic of the execution core 10 generates a debug event at a point corresponding to the breakpoint. For example, if the execution core 10 intends to execute a code (instruction) located at a specific address for which an instruction breakpoint is set, the on-chip debug logic may generate a debug event.

Also, when a data load, a data read, or a write instruction (data store, data write) is executed on data of a specific address, which is generally set as a data breakpoint called a watchpoint, Debug events can occur.

Generally, a debug event is classified into a software event and a hardware event, and a software event or a hardware event can be generated according to the setting for the same breakpoint. In the present invention, it is possible to use only one or more breakpoints without using a software breakpoint to modulate the code memory of the target program. At this time, the number of breakpoints may vary depending on the on-chip debug logic of the CPU core implemented in the system.

The dynamic binary instrumentation apparatus 200 using a multicore according to an embodiment of the present invention can perform a hardware event that can be transferred from the on-chip debug logic of the execution core 10 to another core, .

The dynamic binary instrumentation apparatus 200 using the multicore switches the execution core into the stop mode (S330).

When a debug event occurs, the dynamic binary instrumentation apparatus 200 using the multicore can stop execution by switching the execution core 10 to a halt mode according to the setting. In the stop mode, the execution of the target program is also stopped.

In the normal mode, the debug event can be processed by the in-system software such as an operating system executed in the execution core. However, since the execution core 10 is stopped in the stop mode, the generated debug event must be processed by an external device in terms of the execution core, such as another core, another CPU, or external hardware of the system.

That is, the execution core can not process the generated hardware debug event, so the hardware debug event must be handled by an external hardware device connected to the debug port, or processed by another processor of the multiprocessor system or another core of the multicore system.

The process of generating the debug event in step S320 of FIG. 3 and the process of switching the execution core 10 to the halt mode in step S330 are divided into steps S320 and S330 for convenience of description , S320, and S330 may be performed simultaneously.

Next, the dynamic binary instrumentation apparatus 200 using the multicore executes the instrument code (S340).

The dynamic binary instrumentation apparatus 200 using the multicore identifies an instrument point corresponding to the received break point and retrieves an instrument code corresponding to the instrument point. The dynamic binary instrumentation apparatus 200 using the multicore executes the retrieved instrument code.

The dynamic binary instrumentation apparatus 200 using the multicore stores the execution result of the instrument code (S350).

While executing the instrument code, the dynamic binary instrumentation apparatus 200 using the multicore can store observation information processed or collected according to the execution of the instrument code.

The dynamic binary instrumentation apparatus 200 using the multicore sets a break point in the next code block (S360).

The dynamic binary instrumentation apparatus 200 using the multicore calculates the position of the next code block based on the instru- ment point, which is the point at which the current breakpoint occurred. And the dynamic binary instrumentation apparatus 200 using the multicore can set a break point in the next code block. At this time, the dynamic binary instrumentation apparatus 200 using multicore can execute step S360 after all of the instrument codes are executed.

FIG. 4 is a flowchart illustrating a method of setting a break point in a next code block in step S360 of FIG.

As shown in Fig. 4, the dynamic binary instrumentation apparatus 200 using multicore calculates the position of the next code block (S410).

Then, the dynamic binary instrumentation apparatus 200 using the multicore releases the current break point (S420).

After releasing the current breakpoint, the dynamic binary instrumentation apparatus 200 using multicore can set a breakpoint in the next code block (S430).

In dynamic binary instrumentation (DBI), the size of a code block can be variously implemented. A code block can be a basic block unit or a function unit. The entire image of the target program can be a single code block, and the CPU instruction (machine code) can be a single code block. have.

Here, the basic block is a term used in computing, which means a small code area of a program that has no incoming branch other than the entry but no outgoing branch other than the exit, and the code is executed sequentially in the basic block.

3, the dynamic binary instrumentation apparatus 200 using multicore switches the execution core to the normal mode and resumes the execution core (S370).

When the final code of the execution program is reached, the dynamic binary instrumentation apparatus 200 using the multicore ends the instrumentation process, and when the last code is not the dynamic code, the dynamic binary instrumentation apparatus 200 using multi- S370 may be repeatedly performed.

When one core of the CPU is in the stop mode, the core can execute the instruction only by controlling other cores of the CPU, an internal chip of the system, or external hardware of the system. That is, the execution core in the stop mode can be switched to the normal mode by control of another core (instrument core), another processor or external hardware. In the present invention, the dynamic binary The instrumentation apparatus 200 can switch the execution core to the normal mode.

Hereinafter, a method of controlling an execution core according to an embodiment of the present invention will be described in detail with reference to FIGS. 5 and 6. FIG.

5 is a diagram for explaining a method of controlling an execution core according to an embodiment of the present invention.

As shown in FIG. 5, a dynamic binary instrumentation apparatus using a multicore according to an embodiment of the present invention performs dynamic binary instrumentation on the instrument core 20, rather than the execution core 10.

The execution core 10 means a CPU core executing a code of a target program to be observed, and the target program can be executed in one or more execution cores 10. [ The on-chip debug logic 30 is connected to each execution core 10 and the execution core control unit 510 of the dynamic binary instrumentation apparatus using the multicore is connected to on-chip debug logic 30 To control the execution core 10. [

A dynamic binary instrumentation apparatus using a multicore according to an embodiment of the present invention executes a DBI in an execution core (20) different from an execution core (10) in which a target program is executed, and modifies a file or memory of a target program , The target program can not detect that it is being instrumented.

And a dynamic binary instrumentation apparatus using multicore located in the instrument core 20 transmits core control data to one or more execution cores 10 and receives core state data (state information) from one or more execution cores 10, Lt; / RTI >

At this time, the execution core control unit 510 of the dynamic binary instrumentation apparatus generates core control data corresponding to the CPU architecture of the execution core 10 through the architecture-specific control function, Can be interpreted. That is, the instrument execution unit 520 generates a generalized core control command irrespective of the CPU architecture, transfers the generalized core control command to the execution core control unit 510, and transmits the generalized core control command to the execution core control unit 510 through the execution core control unit 510 Core state information.

5, a dynamic binary instrumentation apparatus using a multicore, including an execution core control unit 510 and an instrument execution unit 520, uses an on-chip debug logic 30, A breakpoint may be set before and after the code block of the program and a debug event occurring at the breakpoint point when the execution core 10 executes the target program. At this time, the dynamic binary instrumentation apparatus using the multicore can switch the execution core 10 from the breakpoint point to the halt mode.

The dynamic binary instrumentation apparatus using the multicore can recognize the break point position of the received debug event and execute the instrument code corresponding to the break point. After the execution of the instrument code is completed, the dynamic binary instrumentation apparatus using the multicore sets the breakpoint at the next code block point and then switches the target core 10 to the normal mode, Can be re-executed.

6 is a diagram illustrating an instrument core to which a dynamic binary instrumentation apparatus using a multicore according to another embodiment of the present invention is applied.

6, the instrument execution unit 520 located in the instrument core 20 includes an instrument code search module 521, an instrument code execution module 523, and a code block control Module 525, as shown in FIG.

Here, the instrument codes retrieval module 521 is substantially the same as the instrument code retrieval unit 220 of FIG. 2, and the instrument code execution module 523 is the same as the instrument code execution unit 230, and the code block control module 525 may be substantially the same as the code block control block 240 of FIG. For the sake of convenience and brevity, a description overlapping with FIG. 2 will be omitted.

6, when the execution core 10 reaches theinstruction point where the breakpoint is set, the execution core control unit 510 instructs the instrument code search module 521 to determine the position of the execution core, An address, and an execution core context. The instrument code retrieval module 521 receiving the execution core break information can retrieve the instrument code from the instrument code information storage 610.

The instrument code execution unit 523 transmits a first control command for at least one of an execution core context read command, an instruction transmission instruction, and an execution instruction to the execution core control unit 510, 1 < / RTI > control command in response to the first control response, the execution core context value, and the instruction execution result. In addition, the instrument code execution unit 523 may store observation information according to the execution of the instrument code in the observation information storage 620. [

The code block controller 525 transmits a second control command for reading the state information of the breakpoint to the execution core controller 510. In response to the first control command from the execution core controller 510, A second control response including at least any one of a moment point information, a number of breakpoints, setting information, and setting value information.

In addition, the instrument code execution unit 523 can transmit the first control command to the execution core control unit 510 using the second control response. Here, the first control command may include at least one of a breakpoint type, an address at which a breakpoint is set, and breakpoint hardware information to be used.

As described above, the dynamic binary instrumentation apparatus using the multicore according to the embodiment of the present invention operates in the instrument core, not the execution core, and executes the instrument code in a core different from the execution core in which the target program is executed , The target program execution area and the instrumentation execution area can be logically and physically separated without modulating the target program. Through this, the DBI is not detected by the target program in the dynamic binary instrumentation apparatus using the multicore.

Further, the dynamic binary instrumentation apparatus using multicore according to the present invention can be applied to fields utilizing DBI such as taint analysis, symbol execution, and vulnerability analysis.

As described above, the apparatus and method for dynamic binary instrumentation using multicore according to the present invention are not limited to the configurations and methods of the embodiments described above, but the embodiments may be modified in various ways All or some of the embodiments may be selectively combined.

10: Execution core
20: Instrument core
30: On-Chip Debug Logic
200: Dynamic Binary Instrumentation Device Using Multicore
210: Execution core control unit
220: Instruction code search unit
230: Instruction code execution unit
240: code block control unit
510: Execution code control section
520: Instruction execution unit
521: Instrument code search module
523: Instruction code execution module
525: Code block control module
610: Instruction code information store
620: Observation information store
630: Program memory storage

Claims (20)

  1. In a dynamic binary instrumentation method performed by a dynamic binary instrumentation apparatus using a multicore,
    Setting a breakpoint at an execution core executing the target program,
    Receiving the debug event from the execution core that enters the breakpoint and generates a debug event,
    Checking the breakpoint where the debug event occurred, and executing an instrument code corresponding to the breakpoint,
    Storing the execution result of the instrument code, and
    Setting the breakpoint in a next code block, and rerunning the execution core. ≪ Desc / Clms Page number 22 >
  2. The method according to claim 1,
    Wherein the step of executing the instrument code comprises:
    Retrieving the instrument code corresponding to the breakpoint entered by the execution core; and
    And loading the searched instrument code into a memory and executing the loaded instrument code.
  3. 3. The method of claim 2,
    Wherein storing the execution result of the instrument code comprises:
    Core context value that is a response to at least one of an execution core context read instruction, an instruction transmission instruction, and an instruction execution instruction, and an instruction execution result. .
  4. The method of claim 3,
    Wherein storing the execution result of the instrument code comprises:
    And receiving and storing status information of the breakpoint including at least one of the breakpoint information on which the execution core has entered, the number of breakpoints, the setting of the breakpoint, and the setting value of the breakpoint A dynamic binary instrumentation method using a multicore.
  5. 5. The method of claim 4,
    Setting the breakpoint in the next code block, and re-executing the execution core,
    Calculating a position of the next code block based on at least one of the state information of the breakpoint and the memory,
    Releasing the current breakpoint that executed the instrument code,
    And setting the breakpoint in the next code block based on the position of the next code block. ≪ Desc / Clms Page number 21 >
  6. The method according to claim 1,
    The code block includes:
    Wherein the basic unit is an instrument unit that is at least one of a basic block unit, an instruction unit, a function unit, and an image unit.
  7. The method according to claim 1,
    When the debug event occurs, switching the execution core to a halt mode, and
    Further comprising setting the breakpoint in the next code block and then switching the execution core to a normal mode to re-execute the execution core.
  8. 8. The method of claim 7,
    And repeating the step of re-executing the execution core after setting the break point in the next code block until the last code of the target program is executed.
  9. The method according to claim 1,
    Wherein setting the breakpoint comprises:
    And setting one or more hardware breakpoints in the execution core.
  10. An execution core control unit for setting a breakpoint in an execution core that executes the target program, receiving the debug event from the execution core that enters the breakpoint and generates a debug event, and
    The method comprising: confirming the breakpoint at which the debug event occurred; executing an instrument code corresponding to the breakpoint; storing an execution result of the instrument code; setting the breakpoint in a next code block; And an instruction execution unit for re-executing the execution core.
  11. 11. The method of claim 10,
    Wherein the instrument execution unit comprises:
    An instrument code retrieval module for retrieving the instrument code corresponding to the break point at which the execution core has entered;
    And an instrument code execution module for loading and executing the searched instrument code in a memory.
  12. 12. The method of claim 11,
    Wherein the instrument code execution module comprises:
    Core context value, which is a response to at least one of an execution core context read instruction, an instruction transmission instruction, and an instruction execution instruction, and an instruction execution result. .
  13. 13. The method of claim 12,
    Wherein the instrument execution unit comprises:
    A code for receiving and storing status information of the breakpoint including at least one of the breakpoint information on which the execution core has entered, the number of breakpoints, the setting of the breakpoint, and the setting value of the breakpoint And a block control module for controlling the dynamic binary instru- mentation device.
  14. 14. The method of claim 13,
    Wherein the code block control module comprises:
    Calculating a position of the next code block based on at least one of the state information of the breakpoint and the memory, releasing the current breakpoint that executed the instruction code, And the breakpoint is set in the next code block based on the breakpoint.
  15. 11. The method of claim 10,
    The code block includes:
    Wherein the instruction unit is an instrument unit that is at least one of a basic block unit, an instruction unit, a function unit, and an image unit.
  16. 11. The method of claim 10,
    The execution core control unit,
    Wherein the execution core is switched to a halt mode when the debug event occurs, the breakpoint is set in the next code block, the execution core is switched to a normal mode, And a dynamic binary instrumentation apparatus using the multi-core.
  17. 17. The method of claim 16,
    The execution core control unit,
    And repeating the step of re-executing the execution core after setting the break point in the next code block until the last code of the target program is executed.
  18. 11. The method of claim 10,
    Wherein at least one hardware breakpoint is set in the execution core. ≪ RTI ID = 0.0 > 8. < / RTI >
  19. A breakpoint is set in an execution core that executes a target program among a plurality of cores and the debug event is entered from the execution core that enters the breakpoint and generates a debug event by using the on- An execution core control unit,
    An instrument code search unit for searching for an instrument code corresponding to the break point at which the debug event occurred;
    An instrument code execution unit for executing the searched instrument code and storing the execution result of the instrument code, and
    And a code block control unit for calculating a position of a next code block and setting the break point in the next code block.
  20. 20. The method of claim 19,
    The execution core control unit,
    The execution core is switched to a halt mode when the execution core enters the break point and the instrumement code corresponding to the break point is executed in the instrument core, Wherein the execution core is switched to a normal mode after the execution of the multicore core is completed.
KR1020170177828A 2017-12-22 2017-12-22 Apparatus and method for dynamic binary instrumentation using multi-core KR20190076217A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020170177828A KR20190076217A (en) 2017-12-22 2017-12-22 Apparatus and method for dynamic binary instrumentation using multi-core

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020170177828A KR20190076217A (en) 2017-12-22 2017-12-22 Apparatus and method for dynamic binary instrumentation using multi-core

Publications (1)

Publication Number Publication Date
KR20190076217A true KR20190076217A (en) 2019-07-02

Family

ID=67258009

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020170177828A KR20190076217A (en) 2017-12-22 2017-12-22 Apparatus and method for dynamic binary instrumentation using multi-core

Country Status (1)

Country Link
KR (1) KR20190076217A (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20170055933A (en) 2015-11-12 2017-05-22 삼성전자주식회사 Method and apparatus for protecting kernel control-flow integrity using static binary instrumentaiton

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20170055933A (en) 2015-11-12 2017-05-22 삼성전자주식회사 Method and apparatus for protecting kernel control-flow integrity using static binary instrumentaiton

Similar Documents

Publication Publication Date Title
US9268666B2 (en) System and method for debugging of computer programs
Zhou et al. AccMon: Automatically detecting memory-related bugs via program counter-based invariants
JP6058020B2 (en) Computer program product, method, and system for implementing runtime instrumentation sampling in transactional execution mode (runtime instrumentation sampling in transactional execution mode)
US7962798B2 (en) Methods, systems and media for software self-healing
US8478948B2 (en) Method and system for efficient tracing and profiling of memory accesses during program execution
Hong et al. QED: Quick error detection tests for effective post-silicon validation
US6925584B2 (en) Systems and methods for testing processors
US6889167B2 (en) Diagnostic exerciser and methods therefor
US8266608B2 (en) Post-compile instrumentation of object code for generating execution trace data
US4910663A (en) System for measuring program execution by replacing an executable instruction with interrupt causing instruction
US9152531B2 (en) Post-compile instrumentation of object code for generating execution trace data
Carreira et al. Xception: A technique for the experimental evaluation of dependability in modern computers
JP2015515654A (en) Converting program event recording events to runtime instrumentation events
US6145123A (en) Trace on/off with breakpoint register
US7886195B2 (en) Apparatus, system, and method of efficiently utilizing hardware resources for a software test
US6959262B2 (en) Diagnostic monitor for use with an operating system and methods therefor
Cui et al. Retracer: Triaging crashes by reverse execution from partial memory dumps
US7543186B2 (en) System and method for implementing software breakpoints
US9015676B2 (en) Varying removal of internal breakpoints during debugging of code
US7334161B2 (en) Breakpoint logic unit, debug logic and breakpoint method for a data processing apparatus
US6634020B1 (en) Uninitialized memory watch
US8156475B2 (en) Device and method for testing embedded software using emulator
JP4094724B2 (en) Apparatus and method for identifying exceptions when debugging software
DE112011101364B4 (en) Troubleshooting multithreaded code
TWI464576B (en) Method and apparatus of using debug instructions and method of controlling debug behavior of a processor