Nicholas Nethercote
Abstract
Dynamic binary instrumentation (DBI) frameworks make it easy to build dynamic binary analysis (DBA) tools such as checkers and profilers. Much of the focus on DBI frameworks has been on performance; little attention has been paid to their capabilities. As a result, we believe the potential of DBI has not been fully exploited.
In this paper we describe Valgrind, a DBI framework designed for building heavyweight DBA tools. We focus on its unique support for shadow values-a powerful but previously little-studied and difficult-to-implement DBA technique, which requires a tool to shadow every register and memory value with another value that describes it. This support accounts for several crucial design features that distinguish Valgrind from other DBI frameworks. Because of these features, lightweight tools built with Valgrind run comparatively slowly, but Valgrind can be used to build more interesting, heavyweight tools that are difficult or impossible to build with other DBI frameworks such as Pin and DynamoRIO.
- V. Bala, E. Duesterwald, and S. Banerjia. Dynamo: A transparent dynamic optimization system. In Proceedings of PLDI 2000, pages 1--12, Vancouver, Canada, June 2000. Google Scholar
Digital Library
- D. Bruening. Efficient, Transparent, and Comprehensive Runtime Code Manipulation. PhD thesis, MIT, Cambridge, Mass., USA, September 2004. Google ScholarDigital Library
- D. Bruening, T. Garnett, and S. Amarasinghe. An infrastructure for adaptive dynamic optimization. In Proceedings of CGO'03, pages 265--276, San Francisco, California, USA, March 2003. Google ScholarDigital Library
- M. Burrows, S. N. Freund, and J. L. Wiener. Run-time type checking for binary programs. In Proceedings of CC 2003, pages 90--105, Warsaw, Poland, April 2003. Google ScholarDigital Library
- W. Cheng. Personal communication, November 2006.Google Scholar
- W. Cheng, Q. Zhao, B. Yu, and S. Hiroshige. TaintTrace: Efficient flow tracing with dynamic binary rewriting. In Proceedings of ISCC 2006, pages 749--754, Cagliari, Sardinia, Italy, June 2006. Google ScholarDigital Library
- P. J. Guo, J. H. Perkins, S. McCamant, and M. D. Ernst. Dynamic inference of abstract types. In Proceedings of ISSTA 2006, pages 255--265, Portland, Maine, USA, July 2006. Google ScholarDigital Library
- R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proceedings of the Winter USENIX Conference, pages 125--136, San Francisco, California, USA, January 1992.Google Scholar
- K. Hazelwood. Code Cache Management in Dynamic Optimization Systems. PhD thesis, Harvard University, Cambridge, Mass., USA, May 2004.Google Scholar
- G. Lueck and R. Cohn. Personal communication, September-November 2006.Google Scholar
- C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: Building customized program analysis tools with dynamic instrumentation. In Proceedings of PLDI 2005, pages 191--200, Chicago, Illinois, USA, June 2005. Google ScholarDigital Library
- J. Maebe, M. Ronsse, and K. De Bosschere. DIOTA: Dynamic instrumentation, optimization and transformation of applications. In Proceedings of WBT-2002, Charlottesville, Virginia, USA, September 2002.Google Scholar
- S. McCamant and M. D. Ernst. Quantitative information-flow tracking for C and related languages. Technical Report MIT--CSAIL--TR--2006--076, MIT, Cambridge, Mass., USA, 2006.Google Scholar
- S. Narayanasamy, C. Pereira, H. Patil, R. Cohn, and B. Calder. Automatic logging of operation system effects to guide application-level architecture simulation. In Proceedings of SIGMetrics/Performance 2006, pages 216--227, St. Malo, France, June 2006. Google ScholarDigital Library
- N. Nethercote. Dynamic Binary Analysis and Instrumentation. PhD thesis, University of Cambridge, United Kingdom, November 2004.Google Scholar
- N. Nethercote and J. Fitzhardinge. Bounds-checking entire programs without recompiling. In Informal Proceedings of SPACE 2004, Venice, Italy, January 2004.Google Scholar
- N. Nethercote and A. Mycroft. Redux: A dynamic dataflow tracer. ENTCS, 89(2), 2003.Google Scholar
- N. Nethercote and J. Seward. Valgrind: A program supervision framework. ENTCS, 89(2), 2003.Google Scholar
- N. Nethercote and J. Seward. How to shadow every byte of memory used by a program. In Proceedings of VEE 2007, San Diego, California, USA, June 2007. Google ScholarDigital Library
- J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of NDSS'05, San Diego, California, USA, February 2005.Google Scholar
- H. Patil and C. Fischer. Low-cost, concurrent checking of pointer and array accesses in C programs. Software-Practice and Experience, 27(1):87--110, January 1997. Google ScholarDigital Library
- F. Qin. Personal communication, March 2007.Google Scholar
- F. Qin, C. Wang, Z. Li, H. Kim, Y. Zhou, and Y. Wu. Lift: A low-oeverhead practical information flow tracking system for detecting security attacks. In Proceedings of the Annual IEEE/ACM International Symposium on Microarchitecture (Micro'06), Orlando, Florida, USA, December 2006. Google ScholarDigital Library
- K. Scott, J. W. Davidson, and K. Skadron. Low-overhead software dynamic translation. Technical Report CS-2001-18, University of Virginia, Charlottesville, Virginia, USA, 2001. Google ScholarDigital Library
- J. Seward and N. Nethercote. Using Valgrind to detect undefined value errors with bit-precision. In Proceedings of the USENIX'05 Annual Technical Conference, Anaheim, California, USA, April 2005. Google ScholarDigital Library
- O. Traub, G. Holloway, and M. D. Smith. Quality and speed in linear-scan register allocation. In Proceedings of PLDI '98, pages 142--151, Montreal, Canada, June 1998. Google ScholarDigital Library
- The Valgrind Developers. 2nd official Valgrind survey, September 2005: full report. http://www.valgrind.org/gallery/survey_05/report.txt.Google Scholar
- The Valgrind Developers. Valgrind. http://www.valgrind.org/.Google Scholar
- L. Wall, T. Christiansen, and J Orwant. Programming Perl. O'Reilly, 3rd edition, 2000. Google ScholarDigital Library
Index Terms
- Valgrind: a framework for heavyweight dynamic binary instrumentation
Recommendations
Valgrind: a framework for heavyweight dynamic binary instrumentation
PLDI '07: Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and ImplementationDynamic binary instrumentation (DBI) frameworks make it easy to build dynamic binary analysis (DBA) tools such as checkers and profilers. Much of the focus on DBI frameworks has been on performance; little attention has been paid to their capabilities. ...
How to shadow every byte of memory used by a program
VEE '07: Proceedings of the 3rd international conference on Virtual execution environmentsSeveral existing dynamic binary analysis tools use shadowmemory-they shadow, in software, every byte of memory used by a program with another value that says something about it. Shadow memory is difficult to implement both efficiently and robustly. ...
Parallelisation of the Valgrind Dynamic Binary Instrumentation Framework
ISPA '08: Proceedings of the 2008 IEEE International Symposium on Parallel and Distributed Processing with ApplicationsValgrind is a dynamic binary translation and instrumentation framework. It is suited to analysing memory usage. It is used in memory validation and profiling tools. Currently, Valgrind is restricted to executing a guest with serialised thread ...
Comments