基于QEMU的动态函数调用跟踪

向勇; 曹睿东; 毛英明

doi:10.7544/issn1000-1239.2017.20160094

基于QEMU的动态函数调用跟踪

¹(清华大学计算机科学与技术系北京 100084)
²(北京理工大学计算机学院北京 100081) (xyong@csnet4.cs.tsinghua.edu.cn)

基金项目: “核高基”国家科技重大专项基金项目(2012ZX01039-004-41，2012ZX01039-003)

详细信息

中图分类号: TP391
计量
- 文章访问数: 1720
- HTML全文浏览量: 3
- PDF下载量: 588
出版历程
- 发布日期: 2017-06-30

QEMU-Based Dynamic Function Call Tracing

¹(Department of Computer Science and Technology, Tsinghua University, Beijing 100084)
²(School of Computer Science, Beijing Institute of Technology, Beijing 100081)

摘要

摘要: 函数调用一直是Linux内核分析研究领域的重点.获得函数调用信息主要有2种方法:静态分析和动态分析.动态跟踪方法可实时和准确地获取函数调用关系信息，在分析和调试软件程序时有极大的帮助作用.针对现有工具存在跟踪信息不全面、需要编译选项支持等不足，基于开源的QEMU模拟器，设计并实现了支持多种CPU平台的通用动态函数调用跟踪工具，可在x86_32，x86_64，ARM共3种体系架构上动态跟踪包括Linux内核启动过程在内的函数调用和返回信息.该工具在程序运行时截获调用和返回的指令，并记录相关信息，利用此种指令只会在QEMU翻译块的最后一条出现的性质，减少检查指令的数量，提高运行效率；可不依赖源代码，只依据函数符号表进行函数调用关系分析.实验结果表明:跟踪和分析结果与源代码行为一致，相比于S2E提升了分析性能和支持的CPU平台种类，且能更好地扩展至其他平台.
- 函数调用 /
- 动态跟踪 /
- 模拟器 /
- 多平台 /
- Linux内核分析
Abstract: Function call has always been an important research topic in Linux kernel analysis. There are two main approaches to obtain function calls, static analysis and dynamic analysis. Using dynamic tracing approach can provide accurate and real-time function calls. It is great help to analyze and debug software programs. Considering that existing tools need some particular compile options or their tracing data is not very comprehensive, a new dynamic function call tracing tool that supports multiple CPU architectures based on an open source emulator QEMU is designed and implemented. It can provide function call and function return information including those in the Linux kernel booting phase on three architectures, x86_32, x86_64 and ARM. When the system is running, this tool intercepts procedure call and return assembly instructions. Then it logs necessary state information to file. Based on the property that these kinds of instructions must be the last one of a QEMU translation block, the amount of checked instructions is lowered and the efficiency is promoted. Only the symbol table of the program not the source code is needed to parse function call data. Test result shows that the behavior indicated by tracing data concurs with the corresponding source code. This tool has higher performance and supports more CPU architectures than S2E. It is easier to extend to other architectures.
- function call /
- dynamic tracing /
- emulator /
- multiple platform /
- Linux kernel analysis

HTML全文

参考文献(0)

施引文献(17)

期刊类型引用(9)

1.	黄翔东，陈红红，甘霖. 基于频率-时间扩张密集网络的语音增强方法. 计算机研究与发展. 2023(07): 1628-1638 . 本站查看
2.	许春冬，徐琅，周滨. 结合优化U-Net和残差神经网络的单通道语音增强算法. 现代电子技术. 2022(09): 35-40 . 百度学术
3.	葛宛营，张天骐，范聪聪，张天. 噪声情况下采用稀疏非负矩阵分解与深度吸引子网络的人声分离算法. 声学学报. 2021(01): 55-66 . 百度学术
4.	GE Wanying，ZHANG Tianqi，FAN Congcong，ZHANG Tian. Monaural noisy speech separation combining sparse non-negative matrix factorization and deep attractor network. Chinese Journal of Acoustics. 2021(02): 266-280 . 必应学术
5.	王静红，梁丽娜，李昊康，周易. 基于注意力网络特征的社区发现算法. 山东大学学报(理学版). 2021(09): 1-12+20 . 百度学术
6.	张天骐，柏浩钧，叶绍鹏，刘鉴兴. 基于门控残差卷积编解码网络的单通道语音增强方法. 信号处理. 2021(10): 1986-1995 . 百度学术
7.	曹丽静. 语音增强技术研究综述. 河北省科学院学报. 2020(02): 30-36 . 百度学术
8.	张天骐，张晓艳，周琳，胡延平. 基于稀疏性的相位谱补偿语音增强算法. 信号处理. 2020(11): 1867-1876 . 百度学术
9.	时文华，张雄伟，邹霞，孙蒙. 利用深度全卷积编解码网络的单通道语音增强. 信号处理. 2019(04): 631-640 . 百度学术