research-article

Incremental CFG patching for binary rewriting

Authors:

Weijie LiuAuthors Info & Claims

ASPLOS '21: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

Pages 1020 - 1033

https://doi.org/10.1145/3445814.3446765

Published: 17 April 2021 Publication History

Abstract

Binary rewriting has been widely used in software security, software correctness assessment, performance analysis, and debugging. One approach for binary rewriting lifts the binary to IR and then regenerates a new one, which achieves near-to-zero runtime overhead, but relies on several limiting assumptions on binaries to achieve complete binary analysis to perform IR lifting. Another approach patches individual instructions without utilizing any binary analysis, which has great reliability as it does not make assumptions about the binary, but incurs prohibitive runtime overhead.

In this paper, we introduce Incremental CFG Patching, a general binary rewriting approach, to balance the runtime overhead and binary rewriting generality. The basic idea is to utilize code patching to catch control flow that we cannot accurately rewrite and use binary analysis to rewrite as much control flow as possible. A key feature of our approach is that we opportunistically utilize binary analysis and binary meta-data to reduce runtime overhead; but for cases where binary analysis failed or there is no sufficient meta-data to support binary analysis, we can still correctly rewrite the binary with small, additional runtime overhead, or achieve partial instrumentation by skipping certain challenging functions. Our approach supports multiple architectures (x86-64, ppc64le, and aarch64), and multiple source programming languages (C/C++ including C++ exceptions, Fortran, Rust and Go), and works with both position dependent and independent code. The evaluation shows that our new approach on average incurs little runtime overhead with SPEC CPU 2017 (<1%) and small overhead on Firefox (<2%), and can successfully rewrite Docker, which is written in Go. Finally, we present a case study that speeds up an instrumentation based CPU/GPU synchronization analysis tool.

References

[1]

[n.d.]. JetStream 2-BrowserBench, https://browserbench.org/JetStream/.

[2]

[n.d.]. Web Latency Benchmark, https://google.github.io/latency-benchmark/.

[3]

Dennis Andriesse, Xi Chen, Victor Van Der Veen, Asia Slowinska, and Herbert Bos. 2016. An in-depth analysis of disassembly on full-scale x86/x64 binaries. In 25th {USENIX} Security Symposium ({USENIX} Security 16). 583-600.

[4]

Théophile Bastian, Stephen Kell, and Francesco Zappa Nardelli. 2019. Reliable and Fast DWARF-Based Stack Unwinding. Proc. ACM Program. Lang. 3, Article 146 (Oct. 2019 ), 24 pages.

Digital Library

[5]

Erick Bauman, Zhiqiang Lin, and Kevin W Hamlen. 2018. Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics. In Network and Distributed System Security Symposium (NDSS). San Diego, CA, USA.

[6]

M. Ammar Ben Khadra, Dominik Stofel, and Wolfgang Kunz. 2020. Eficient Binary-Level Coverage Analysis. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) ( Virtual Event, USA). 1153-1164. https: //doi.org/10.1145/3368089.3409694

Digital Library

[7]

Andrew R. Bernat and Barton P. Miller. 2012. Structured Binary Editing with a CFG Transformation Algebra. In 2012 19th Working Conference on Reverse Engineering (WCRE). Kingston, ON, Canada, 9-18.

[8]

Andrew R. Bernat, Kevin A. Roundy, and Barton P. Miller. 2011. Eficient, Sensitivity Resistant Binary Instrumentation. In The International Symposium on Software Testing and Analysis (ISSTA). Toronto, Canada.

[9]

BOLT. [n.d.]. Fix C+ + exceptions for shared objects, https://github.com/faceboo kincubator/BOLT/commit/57e6864676195b7d883ebde59437e3de19d6181b.

[10]

Derek Bruening, Timothy Garnett, and Saman Amarasinghe. 2003. An Infrastructure for Adaptive Dynamic Optimization. In International Symposium on Code Generation and Optimization: Feedback-directed and Runtime Optimization (CGO). San Francisco, California, USA.

[11]

Buddhika Chamith, Bo Joel Svensson, Luke Dalessandro, and Ryan R Newton. 2017. Instruction punning: Lightweight instrumentation for x86-64. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation. 320-332.

Digital Library

[12]

Thurston HY Dang, Petros Maniatis, and David Wagner. 2015. The performance cost of shadow stacks and stack canaries. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security. ACM, 555-566.

Digital Library

[13]

Alessandro Di Federico, Mathias Payer, and Giovanni Agosta. 2017. Rev.Ng: A Unified Binary Analysis Framework to Recover CFGs and Function Boundaries. In 26th International Conference on Compiler Construction (CC). Austin, TX, USA.

Digital Library

[14]

Sushant Dinesh, Nathan Burow, Dongyan Xu, and Mathias Payer. 2020. RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization. In 41st IEEE Symposium on Security and Privacy (Oakland).

[15]

Gregory J. Duck, Xiang Gao, and Abhik Roychoudhury. 2020. Binary Rewriting without Control Flow Recovery. In 41st ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). London, UK.

Digital Library

[16]

Yizi Gu and John Mellor-Crummey. 2018. Dynamic Data Race Detection for OpenMP Programs. In International Conference for High Performance Computing, Networking, Storage, and Analysis (SC). Dallas, Texas.

[17]

Yuanbo Li, Shuo Ding, Qirun Zhang, and Davide Italiano. 2020. Debug Information Validation for Optimized Code. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). London, UK, 1052-1065. https://doi.org/10.1145/3385412.3386020

Digital Library

[18]

Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geof Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. 2005. Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation. Chicago, IL, USA, 190-200.

Digital Library

[19]

Xiaozhu Meng, Jonathon M. Anderson, John Mellor-Crummey, Mark W. Krentel, Barton P. Miller, and Sr?an Milakovi?. 2020. Parallel Binary Code Analysis. arXiv: 2001. 10621 [cs.PF]

[20]

Xiaozhu Meng and Barton P. Miller. 2016. Binary Code Is Not Easy. In The International Symposium on Software Testing and Analysis (ISSTA). Saarbrücken, Germany.

[21]

Maksim Panchenko, Rafael Auler, Bill Nell, and Guilherme Ottoni. 2019. BOLT: A Practical Binary Optimizer for Data Centers and Beyond. In Proceedings of the 2019 IEEE/ACM International Symposium on Code Generation and Optimization (CGO). Washington, DC, USA, 2-14.

[22]

Paradyn Project. [n.d.]. Dyninst: Putting the Performance in High Performance Computing, http://www.dyninst.org.

[23]

Red Hat. accessed Aug. 12, 2020. Product Life Cycles. https://access.redhat.com /product-life-cycles.

[24]

Y. Shoshitaishvili, R. Wang, C. Salls, N. Stephens, M. Polino, A. Dutcher, J. Grosen, S. Feng, C. Hauser, C. Kruegel, and G. Vigna. 2016. SOK: (State of) The Art of War: Ofensive Techniques in Binary Analysis. In 2016 IEEE Symposium on Security and Privacy (SP). San Jose, CA, USA.

[25]

V. v. d. Veen, E. Göktas, M. Contag, A. Pawoloski, X. Chen, S. Rawat, H. Bos, T. Holz, E. Athanasopoulos, and C. Giufrida. 2016. A Tough Call: Mitigating Advanced Code-Reuse Attacks at the Binary Level. In 2016 IEEE Symposium on Security and Privacy (SP). San Jose, CA, USA.

[26]

Victor van der Veen, Dennis Andriesse, Enes Göktaþ, Ben Gras, Lionel Sambuc, Asia Slowinska, Herbert Bos, and Cristiano Giufrida. 2015. Practical ContextSensitive CFI. In 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS). Denver, Colorado, USA.

[27]

Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, and Giovanni Vigna. 2017. Ramblr: Making reassembly great again. In 24th Annual Symposium on Network and Distributed System Security (NDSS). San Diego, CA, USA.

[28]

Benjamin Welton and Barton P. Miller. 2019. Diogenes: Looking for an Honest CPU/GPU Performance Measurement Tool. In Proceedings of the International Conference for High Performance Computing, Networking, Storage and Analysis (Denver, Colorado) ( SC'19).

[29]

Benjamin Welton and Barton P. Miller. 2020. Identifying and (Automatically) Remedying Performance Problems in CPU/GPU Applications. In 34th ACM International Conference on Supercomputing (ICS). Barcelona, Spain, Article 27, 13 pages.

[30]

David Williams-King, Hidenori Kobayashi, Kent Williams-King, Graham Patterson, Frank Spano, Yu Jian Wu, Junfeng Yang, and Vasileios P. Kemerlis. 2020. Egalito: Layout-Agnostic Binary Recompilation. In Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). Lausanne, Switzerland.

[31]

David Williams-King and Junfeng Yang. 2019. CodeMason: Binary-Level ProfileGuided Optimization. In 3rd ACM Workshop on Forming an Ecosystem Around Software Transformation (London, United Kingdom) (FEAST'19).

Digital Library

[32]

Mingwei Zhang and R. Sekar. 2013. Control Flow Integrity for COTS Binaries. In Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13 ) (Washington, D.C.).

Cited By

Wodiany IPop ALuján MFilkov VRay BZhou M(2024)LeanBin: Harnessing Lifting and Recompilation to Debloat BinariesProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695515(1434-1446)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695515
Di Bartolomeo LMoghaddas HPayer MCalandrino JTroncoso C(2023)ARMoreProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620590(6311-6328)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620590
Liu PZheng YSun CQin CFang DLiu MSun LAamodt TSwift MJerger N(2023)FITS: Inferring Intermediate Taint Sources for Effective Vulnerability Analysis of IoT Device FirmwareProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 410.1145/3623278.3624759(138-152)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3623278.3624759
Show More Cited By

Index Terms

Incremental CFG patching for binary rewriting
1. Software and its engineering
  1. Software creation and management
    1. Software post-development issues
      1. Software reverse engineering
  2. Software organization and properties
    1. Extra-functional properties
      1. Software performance
2. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning
      1. Program analysis

Recommendations

Hybrid binary rewriting for memory access instrumentation
VEE '11: Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

Memory access instrumentation is fundamental to many applications such as software transactional memory systems, profiling tools and race detectors. We examine the problem of efficiently instrumenting memory accesses in x86 machine code to support ...
Hybrid binary rewriting for memory access instrumentation
VEE '11

Memory access instrumentation is fundamental to many applications such as software transactional memory systems, profiling tools and race detectors. We examine the problem of efficiently instrumenting memory accesses in x86 machine code to support ...
Robust Low-Overhead Binary Rewriting: Design, Extensibility, and Customizability

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASPLOS '21: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

April 2021

1090 pages

ISBN:9781450383172

DOI:10.1145/3445814

General Chair:
Tim Sherwood
University of California at Santa Barbara, USA
,
Program Chairs:
Emery Berger
University of Massachusetts at Amherst, USA
,
Christos Kozyrakis
Stanford University, USA

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 April 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Conference

ASPLOS '21

Sponsor:

SIGPLAN

ASPLOS '21: 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

April 19 - 23, 2021

Virtual, USA

Acceptance Rates

Overall Acceptance Rate 535 of 2,713 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
576
Total Downloads

Downloads (Last 12 months)61
Downloads (Last 6 weeks)3

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wodiany IPop ALuján MFilkov VRay BZhou M(2024)LeanBin: Harnessing Lifting and Recompilation to Debloat BinariesProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695515(1434-1446)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695515
Di Bartolomeo LMoghaddas HPayer MCalandrino JTroncoso C(2023)ARMoreProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620590(6311-6328)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620590
Liu PZheng YSun CQin CFang DLiu MSun LAamodt TSwift MJerger N(2023)FITS: Inferring Intermediate Taint Sources for Effective Vulnerability Analysis of IoT Device FirmwareProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 410.1145/3623278.3624759(138-152)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3623278.3624759
Zhang HRen MLei YMing JFalsafi BFerdman MLu SWenisch T(2022)One size does not fit all: security hardening of MIPS embedded systems via static binary debloating for shared librariesProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507768(255-270)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507768

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents