nebelwelt.net logo
About meBlogResearchStudiesTeachingProjects
navigation logo
TRuE
libdetox
fastBT
adaptSTM
PEBSI
Multimedia Kiosk
Ethernut btstack
XML Editor
Berichte und Antraege
Newspaper archive

fastBT - The Fast Binary Translation Framework

 

Description

Fast binary translation is a key component for many modern software techniques, for software transactional memory, virtualization, or debugging/analysis.  

We present a table-based dynamic (just-in-time) binary translator that uses a trace cache and trampolines to obtain efficiency in translation and execution of the translated program. The translation actions of fastBT are specified in high-level abstractions that are compiled into fastBT's translation tables that control the binary translation. This table generator allows a compact description of changes in the translated code.

 

Only code that is executed is translated and placed in the trace cache. fastBT is architecture-neutral but this paper's focus is on IA-32 Linux. To translate unmodified binaries we include signal and syscall handling and add support for the ``sysenter'' instruction. Key to fastBT's good performance are a configurable inlining mechanism and optimizations for return instructions. fastBT performs well in practice: we report an overhead of less than 6% for the majority of benchmarks.

 

You can also watch the Google TechTalk about fastBT.

 

 

Installation and configuration

The following paragraphs describe the installation, configuration, and usage of the fastBT binary translation framework.

Requirements

fastBT has the following requirements:

  • A machine with an Intel IA-32 (x86) processor
  • Linux (preferred, some changes needed for Windows or Mac OSX)
  • A C compiler (preferably GCC > 4.2) and the make utility
Installation procedure

Use the following steps to install and use fastBT on your machine:

  • Unpack the tar.bz2 archive
  • Read the INSTALL information
  • Adapt a translation table and implement the new actions that you need for your project
  • Choose options in the Makefile
    • LD_PRELOAD injection or used in the project itself
    • Select optimizations
    • Debug options
  • make && make install

 

Documentation

Different forms of documentation is available. The general aspects of the binary translator is described in the SYSTOR and  AMAS-BT papers. Further documentation about the implementation is available in the source package.

 

Downloads

If you want to hack on the table generator, then use the current fastBT-0.2.2. As soon as you have the translation table that you need you can also use the current libdetox version that is more suited towards current up-to-date machines and compiles on 64bit machines as well (with 32bit support). So if you have a working translation table or need only small instrumentation then head over to libdetox and get the version with as much security as you need. Libdetox includes all of the fastBT features plus additional security features that can be selected on demand. New bugfixes are added to libdetox.

 

Versions:

 

Contact

Mathias Payer

 

Changelog

  • fastBT 0.2.2 - 2011-01-05
  • Added a couple of new instructions and fixed the representation tables
    • especially 660f71, 660f72, 660f73 prefixed ones
  • Adapted formating and used astyle to sync indentation
  • Added lots of additional tables
    • 0x0f38 and 0x0f3b (including 0x66 and 0xf2 prefixes for these tables) These boil down to tables A4 and A5 of the intel instruction manual

       

  • fastBT 0.2.1 - 2010-03-25
  • Fixed a bug in the opcode tables (added correct src operands for movs* and cmps*)
  • Fixup of includes (removed lots of <> includes and some "" includes)
  • Bugfixing of disassembler and low level output
  • Removed dependencies on libc printf, added buffering for faster output
  • Extended debugging information and output available (for binary analysis)
  • Reimplementation of lots of system calls and library functions in libc.c and libc.h
    • System calls are possible via int 80 and sysenter
  • Removed dependencies from the libc (str functions, sysconf, memcpy)
  • Reimplementation of some system calls to reduce libc dependencies (mmap, munmap)
  • fastBT 0.2.0 - 2010-03-10
  • Removal of the bastard disassembler
  • Change of the layout of the translation table (added more auxiliary information)
  • Debugging mode includes dynamic code dumping and automatic disassembly using the same tables that are used for the translation process
  • Better documentation of the security features in the Makefile
  • Clearer structure and removal of dead code
  • fastBT 0.1.0 - 2009-11-19
  • Lots of bug fixing and straigthening of the security features
  • Public release at 26c3 (26th chaos communication congress in Berlin)
  • Lots of new optimizations
    • Return cache and fast return
    • Optimizations for indirect calls and indirect jumps
    • Adaptive optimizations that first cache then redirect to fast lookup
    • Table optimizations
  • fastBT 0.1.0pre2 - 2009-10-22
  • Lots of bug fixing
  • Some security extensions (nx enforcement, secuBT stuff)
  • Lots of new optimizations
    • Jumptable optimization
    • Fast return optimization
  • Special optimization for low-level functions to be independent from libc memory management
  • Special IO functions to be independent from libc (not reentrant)
  • fastBT 0.1.0pre - 2009-05-31
  • Initial public release
  • Used bastard disassembler
  • Complete support for ia32 tables
  • Handle pthreads