Corpus ID: 15940038

Dynamically Translating x86 to LLVM using QEMU

@inproceedings{Chipounov2010DynamicallyTX,
  title={Dynamically Translating x86 to LLVM using QEMU},
  author={Vitaly Chipounov and George Candea},
  year={2010}
}
QEMU. [...] Key Method TheLLVM backend converts the guest instruction set toLLVM bitcode, optimizes this bitcode, and turns it backto x86, using the JIT capabilities of the LLVM run-time.We build upon an existing attempt to write an LLVMbackend for QEMU [6].The LLVM backend can be used for several purposes.We interfaced QEMU with the KLEE symbolic exe-cution engine to test OS kernel, drivers, and applica-tions [3]; we also use the LLVM backend for devicedriver testing [4] and reverse engineering [2].The paper…Expand
DBILL: an efficient and retargetable dynamic binary instrumentation framework using llvm backend
TLDR
This paper presents DBILL, a cross-ISA and re- targetable dynamic binary instrumentation framework that builds on both QEMU and LLVM, and enables LLVM-based static instrumentation tools to become DBI ready, and deployable to different target architectures.
LnQ: Building High Performance Dynamic Binary Translators with Existing Compiler Backends
TLDR
An LLVM+QEMU (LnQ)framework for building high performance and retargetable binary translators with existing compiler modules with existing optimizers and code generation back ends is presented.
Sulong : Memory Safe and Efficient Execution of LLVM-Based Languages
Memory errors in C/C++ can allow an attacker to read sensitive data, corrupt the memory, or crash the executing process. The renowned top 25 of most dangerous software errors as published by the SANS
bin2llvm: Analysis of Binary Programs Using LLVM Intermediate Representation
TLDR
A novel approach for static analysis is presented that is based on decompilation of binaries to an intermediate language similar to assembly code, the LLVM Intermediate Representation (IR), by using the open source decompiler Dagger.
An LLVM-based hybrid binary translation system
TLDR
A hybrid binary translation (HBT) system which combines the merits of both SBT and DBT, which leverages the LLVM infrastructure to translate source binary code, optimize, and generate target binary code.
Atomic Instruction Translation Towards A Multi-Threaded QEMU
TLDR
An implementation design of ARM atomic instructions for a multi-threaded version of QEMU (the Quick EMUlator), currently under development, is presented, showing a high degree of accuracy and fidelity of the emulated instructions.
Boosting Instruction Set Simulator Performance with Parallel Block Optimisation and Replacement
TLDR
In-place-block-replacement is used to produce improvements in the performance of the popular QEMU functional simulator using the LLVM JIT running on spare processor cores to incrementally build an alternate code generator within an existing ISS framework without incurring a substantial runtime cost.
Sulong, and Thanks for All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model
TLDR
A novel approach to finding bugs during the execution of a program by mapping data structures in C to those of the high-level language that performs automatic checks, which can find bugs that state-of-the-art tools overlook.
Lifting Assembly to Intermediate Representation: A Novel Approach Leveraging Compilers
TLDR
This work presents a learning-based approach for automating the translation of assembly instructions to a compiler's architecture-neutral IL, and presents an experimental evaluation that demonstrates the ability of this approach to easily support many architectures, including their advanced instruction sets.
Introspection for C and its Applications to Library Robustness
TLDR
An introspection interface is devised that allows C programmers to access run-time information and to query object bounds, object lifetimes, object types, and information about variadic arguments that enables library writers to check for invalid input or program states and thus to implement custom error handling that maintains system availability and does not terminate on benign errors.
...
1
2
3
...

References

SHOWING 1-6 OF 6 REFERENCES
LLVM: a compilation framework for lifelong program analysis & transformation
  • Chris Lattner, V. Adve
  • Computer Science
    International Symposium on Code Generation and Optimization, 2004. CGO 2004.
  • 2004
TLDR
The design of the LLVM representation and compiler framework is evaluated in three ways: the size and effectiveness of the representation, including the type information it provides; compiler performance for several interprocedural problems; and illustrative examples of the benefits LLVM provides for several challenging compiler problems.
QEMU, a Fast and Portable Dynamic Translator
  • Fabrice Bellard
  • Computer Science
    USENIX Annual Technical Conference, FREENIX Track
  • 2005
TLDR
QEMU supports full system emulation in which a complete and unmodified operating system is run in a virtual machine and Linux user mode emulation where a Linux process compiled for one target CPU can be run on another CPU.
Selective Symbolic Execution
TLDR
This paper describes a prototype that can symbolically execute arbitrary portions of a full system, including applications, libraries, operating system, and device drivers, while transparently converting system state from symbolic to concrete and back.
Testing Closed-Source Binary Device Drivers with DDT
TLDR
This paper applies DDT to several closed-source Microsoft-certified Windows device drivers and discovered 14 serious new bugs, which envision DDT being useful not only to developers and testers, but also to consumers who want to avoid running buggy drivers in their OS kernels.
Reverse engineering of binary device drivers with RevNIC
This paper presents a technique that helps automate the reverse engineering of device drivers. It takes a closed-source binary driver, automatically reverse engineers the driver's logic, and
LLVM-QEMU Google Summer of Code
  • http://code.google.com/p/llvm-qemu/,
  • 2007