Advanced Search
    Lu Shuaibing, Zhang Ming, Lin Zhechao, Li Hu, Kuang Xiaohui, Zhao Gang. Dynamic Binary Translation and Instrumentation Based Function Call Tracing[J]. Journal of Computer Research and Development, 2019, 56(2): 421-430. DOI: 10.7544/issn1000-1239.2019.20170657
    Citation: Lu Shuaibing, Zhang Ming, Lin Zhechao, Li Hu, Kuang Xiaohui, Zhao Gang. Dynamic Binary Translation and Instrumentation Based Function Call Tracing[J]. Journal of Computer Research and Development, 2019, 56(2): 421-430. DOI: 10.7544/issn1000-1239.2019.20170657

    Dynamic Binary Translation and Instrumentation Based Function Call Tracing

    • Dynamic function call tracing is one of the most important techniques for Linux kernel analysis. Existing tools suffer from the problems of insufficiently supporting instruction set architectures(ISA) and low efficiency. We design and implement a function call tracing tool to support multiple ISAs with high efficiency. Firstly, we use the binary translation system to load the kernel image and recognize the branch instruction types. Secondly, we design different instrumentation code based on different kinds of ISAs and insert instrumentation code during the translation stage to get timestamps, process IDs, thread IDs and function addresses during the kernel booting and runtime. Finally, when the kernel boots up and the shell appears, we process all the information and generate function call maps. Based on binary translation, we analyze the text, symbol and string sections of the binary image, without any source code. Enriched intermediate code and extra target code are compatible with optimization algorithms like block chain, redundant code elimination and hot path optimization, which reduces the performance overhead. The core algorithm is to design the instrumentation code and get corresponding information based on different ISAs. It is easy to implement and to migrate to multiple ISAs. Experiments on QEMU and Linux 4.9 kernel show that the traced information is accordance with the source code while instrumentation code brings about 15.24% and information processing generates 165.59% overhead of original QEMU, which is much faster than existing tools.
    • loading

    Catalog

      Turn off MathJax
      Article Contents

      /

      DownLoad:  Full-Size Img  PowerPoint
      Return
      Return