Effective code discovery for ARM/Thumb mixed ISA binaries in a static binary translator

Jiunn Yeu Chen, Bor Yeh Shen, Quan Huei Ou, Wuu Yang, Wei Chung Hsu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

11 Scopus citations

Abstract

Code discovery has been a main challenge for static binary translation, especially when the source ISA (Instruction Set Architecture) has variable-length instructions, such as the X86 architectures. Due to embedded data such as PC-relative data, jump tables, or paddings in the code section, a binary translator may be misled to translate data as instructions. With variable length instructions, once data is mis-translated as instructions, subsequent decoding of instructions could be wrong. This paper concerns static binary translation for the ARM architectures, which dominate the embedded-system market. Although ARM is considered RISC (Reduced Instruction Set Computing) in many aspects of processors, it does allow the mix of 32-bit instructions (ARM) with 16-bit instructions (Thumb) in the ARM/Thumb mixed executables. Since the instruction lengths of ARM and Thumb are not equal, the locations of the instructions could be 4-byte or 2-byte aligned addresses, respectively. Furthermore, because ARM and Thumb instructions share encoding space, a 4-byte word could be decoded as one ARM instruction or two Thumb instructions. The correct decoding of this 4-byte word is actually determined at run time by the least significant bit of the program counter. For unstripped binaries, mapping symbols can be used to identify ARM code regions and Thumb code regions. However, for stripped binaries, such mapping symbols are not available to assist translation. We have proposed a novel solution to statically translate the stripped executables for the ARM/Thumb mixed ISA. Our static binary translator includes a translation pass which guarantees the correctness of the translated executable by generating multiple versions of translated code for runtime selection. The binary translator also includes a series of optimization analyses which discover and remove most of the code generated in the baseline translation. Based on the SPEC2006 benchmark suite, stripped ARM/Thumb mixed binaries translated by our static binary translator achieve good performance with only 25% of code size increase.

Original languageEnglish
Title of host publication2013 International Conference on Compilers, Architecture and Synthesis for Embedded Systems, CASES 2013
PublisherIEEE Computer Society
ISBN (Print)9781479914005
DOIs
StatePublished - 2013
Event2013 International Conference on Compilers, Architecture and Synthesis for Embedded Systems, CASES 2013 - Montreal, QC, Canada
Duration: 29 Sep 20134 Oct 2013

Publication series

Name2013 International Conference on Compilers, Architecture and Synthesis for Embedded Systems, CASES 2013

Conference

Conference2013 International Conference on Compilers, Architecture and Synthesis for Embedded Systems, CASES 2013
Country/TerritoryCanada
CityMontreal, QC
Period29/09/134/10/13

Keywords

  • Code discovery problem
  • Reverse engineering
  • Static binary translation

Fingerprint

Dive into the research topics of 'Effective code discovery for ARM/Thumb mixed ISA binaries in a static binary translator'. Together they form a unique fingerprint.

Cite this