Introduction to the Patch API Wenbin Fang Drew
Introduction to the Patch. API Wenbin Fang, Drew Bernat Paradyn Project Paradyn / Dyninst Week Madison, Wisconsin May 2 -3, 2011
Motivation: a confluence of two tools Dyninst (3 rd party instrumentation) User Mutator Dyninst. API Code Patching find point insert snippet Patch. API delete snippet Self-propelled instrumentation (1 st party instrumentation) Process void foo () { Snippe t } void bar () { Snippe t } void baz () { Snippe t } Process void foo () { Snippe t bar() } void bar () { Snippe t baz() } void baz () { Snippe t } Introduction to the Patch. API Instrumenter. so Code Patching Patch. API 2
Dyninst and the Components = Existing Component = New Component = Proposed AST Code Gen Symtab API Parse API Binary Instruction API Process Patch API Binary Data. Flow API Stackwalker API Introduction to the Patch. API Proc. Control API 3
Self-propelled and the Components = Existing Component = New Component Process Binary Code 0101011 11001… Symtab API Parse API Binary Patch API Binary Instruction API Introduction to the Patch. API 4
Outline o Overview o Point + Snippet abstractions o Design o Challenges o Public + Plugin interfaces o Applications of Patch. API o Dyninst Reintegration o Self-propelled instrumentation Introduction to the Patch. API 5
Abstraction in Dyninst. API Snippet Func. Entry Basic Block Point Snippet . . . Function Exit points = foo->find. Point(BPatch_entry); Before Function Call Basic Block BPatch_address. Space* app = <GET ADDRESS SPACE> During Edge BPatch_function* foo = <GET FUNCTION> BPatch_snippet* Blocksnippet Entry = <GET SNIPPET> BPatch_Vector<BPatch_point*>* points = NULL; Snippet Func. Exit CFG of function foo BPatch. Snippet. Handle* handle 1 = Before Instruction points, User-defined app->insert. Snippet(snippet, Function Entry BPatch_call. Before); Dyninst AST points = foo->find. Point(BPatch_exit); Dyn. C BPatch. Snippet. Handle* handle 2 = app->insert. Snippet(snippet, points, Binary Code BPatch_call. After); . . . Introduction to the Patch. API 6
Refined Interfaces in Patch. API Snippet Basic Block Patch. Mgr. Ptr patch. Mgr = <CREATE> Func. Entry Patch. Function* foo = <GET FUNCTION> Edge. Durin Snippet. Ptr snippet = <GET SNIPPET> g Snippet Basic Block Snippet Block. Exit Basic Block Snippet Func. Exit CFG of function foo vector<Point. Ptr> points; Filter. Func myfilter; Filter-based point query patch. Mgr->find. Points(foo, Func. Entry | Func. Exit | Edge. During | Block. Exit, myfilter, back_inserter(points)); patch. Mgr->batch. Start(); for (int i = 0; i < points. size(); i++) points[i]->push_back(snippet); patch. Mgr->batch. Finish(); Transactional semantics … Introduction to the Patch. API 7
Design Challenge 1: Backward Compatibility o Patch. API has refined interfaces for code patching. o Integrating Patch. API back to dyninst should keep dyninst interfaces unchanged. Dyninst Compatibility Layer Code Patching Patch. API Functionality Patch. API Introduction to the Patch. API 8
Design Challenge 2: Flexibility 1 st Party Address Space 1 st Party 3 rd Party Binary Rewriter AST Snippet User-defined Dyn. C User-defined CFG Parsing Instrumentation Engine Stored CFG Out-of-line Introduction to the Patch. API Online Parsing Stored CFG In-line Out-of-line 9
Patch. API Public Interface Patch. API Patch. Mg r Binary Patching Tools Point Public Interface Snippet Instance Register plugins + Accept requests Location + Container Plugin Internal Interface Opaque handle Snippet instance at point Introduction to the Patch. API 10
Patch Manager o Register plugins o Filter-based point query o Enforce transactional semantics for patching o batch. Start / batch. Finish o Improve instrumentation performance o Reduce # of IPCs for 3 rd party instrumentation. Introduction to the Patch. API 11
Patch Manager (Cont. ) o Filter-based point query o Scope o function, block, edge, or instruction o Point type o Func. Entry, Block. Exit, Before. Call, Before. Insn … o Filter function o User-implemented o Fine grained control o e. g. , Function calls with function name MPI_* o e. g. , “push” instructions o… Introduction to the Patch. API 12
Example Basic Block. Exit Basic Block. Exit Func. Exit CFG of function foo // Find Points at Function Exits and Block Exits of // those having two outgoing edges class My. Filter. Func { bool operator() (Point. Ptr pt) { if (pt->type() == Func. Exit) return true; Patch. Block* block = <GET BLOCK Containing pt> If (block->targets(). size() == 2) return true; return false; } }; vector<Point. Ptr> output; My. Filter. Func myfilter; Patch. Function* foo = <GET FUNCTION> patch. Mgr->find. Points (foo, Block. Exit | Func. Exit, myfilter, back_inserter(output)); Introduction to the Patch. API 13
Point, Snippet, and Instance o Snippet insertion Instance push_back(Snippet); Instance push_front(Snippet); foo () { Point Instanc e Snippet o Instance iterator instance_iterator begin(); instance_iterator end(); o Snippet removal } bool remove(Instance); Introduction to the Patch. API 14
Patch. API Plugin Interface 1 st party, 3 rd Patch. API party, binary rewriter Address Space AST, Dyn. C, user-defined code … Snippet Binary Public Plugin Internal Patching Interface Tools Online parsing, reuse stored CFG Parsing In-line, out-of-line Introduction to the Patch. API Instrumentation Engine 15
Address Space o Memory management primitives o malloc / realloc / free o write / read o Example o 3 rd party instrumentation uses ptrace o 1 st party instrumentation uses libc Introduction to the Patch. API 16
Snippet Dyn. C AST Provided by us: if (x == 0) { inf ‘printf("x == 0n"); } else if (x > 3) { inf ‘printf("x > 3n"); } else { inf ‘printf("x < 3 but x != 0n"); } User-defined: Binary Code 55 48 89 e 5 48 83 ec 20 47 45 ec 00 00 eb 39 b 8 00 00 e 8 a 8 f 5 df ff … Introduction to the Patch. API 17
CFG Parsing User Mutator Patch. API Reuse CFG info Parse CFG info On demand parsing Patching Process Patching Reuse Stored CFG info Process Offlne Parser Introduction to the Patch. API 18
Dyninst Reintegration 3 rd Patch. API Address Space party, binary rewriter Will support Dyn. C in the future Public Dyninst Interface Parse CFG during the runtime of instrumentation Relocate a group of code, embed snippet Snippet Internal Plugin Interface CFG Parsing Instrumentation Engine Introduction to the Patch. API Dyninst Address Space AST Parse. API In-line 19
Self-propelled instrumentation 1 st Patch. API Address Space party instrumentation A small set of instructions Self. Public propelled Interface Reuse stored CFG information Out-of-line + In-line Internal libc Snippet Binary code Plugin Interface CFG Parsing Stored CFG Instrumentation Engine Introduction to the Patch. API Hybrid 20
Status √ Conception √ √ Code Refactoring Interface Design Dyninst Reintegration Build Selfpropelled instrumentation Introduction to the Patch. API 21
Summary o Patch. API from/back to Dyninst o Point and Snippet o Design of Patch. API o Public Interface o Filter-based Point Query o Transactional Semantics o Plugin Interface o Customizing Instrumentation o To be released with Dyninst 8. 0 Introduction to the Patch. API 22
Question? Introduction to the Patch. API 23
- Slides: 23
