Dynamic Self-modifying Code Detection Based on Backward Analysis

Shi, Dawei; Delong, Lv; Zhibin, Ye

doi:10.1145/3192975.3193016

Cited by 3 publications

(2 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The majority of prior studies have focused on detecting [12], modelling [2], analyzing [3], and verifying [11,35] SMC. SMC is of particular interest in the area of security where it can be employed to either improve the security of systems [1,24,48], or to obfuscate code in order to trick malware detectors [13,38] or to prevent reverseengineering [33].…”

Section: Related Workmentioning

confidence: 99%

Just-In-Time Compilation on ARM—A Closer Look at Call-Site Code Consistency

Hartley

2022

ACM Trans. Archit. Code Optim.

View full text Add to dashboard Cite

The increase in computational capability of low-power Arm architectures has seen them diversify from their more traditional domain of portable battery powered devices into data center servers, personal computers, and even Supercomputers. Thus, managed languages (Java, Javascript, etc.) that require a managed runtime environment (MRE) need to be ported to the Arm architecture, requiring an understanding of different design trade-offs. This paper studies how the lack of strong hardware support for Self Modifying Code (SMC) in low-power architectures (e.g. absence of cache coherence between instruction cache and data caches), affects Just-In-Time (JIT) compilation and runtime behavior in MREs. Specifically, we focus on the implementation and treatment of call-sites, that must maintain code consistency in the face of concurrent execution and modification to redirect control (patching) by the MRE. The lack of coherence, is compounded with the maximum distance (reach of) a call-site can jump to as the reach is more constrained (smaller distance) in Arm when compared with Intel/AMD. We present four different robust implementations for call-sites and discuss their advantages and disadvantages in the absence of strong hardware support for SMC. Finally, we evaluate each approach using a microbenchmark, further evaluating the best three techniques using three JVM benchmark suites and the open source MaxineVM showcasing performance differences up to 12%. Based on these observations, we propose extending code-cache partitioning strategies for JIT compiled code to encourage more efficient local branching for architectures with limited direct branch ranges.

show abstract

Section: Related Workmentioning

confidence: 99%

Just-In-Time Compilation on ARM—A Closer Look at Call-Site Code Consistency

Hartley

2022

ACM Trans. Archit. Code Optim.

View full text Add to dashboard Cite

show abstract

“…The majority of prior studies has focused on detecting [10], modelling [3], analysing [4], and verifying [9,23] SMC. SMC is of main interest in the area of security where it can be potentially utilised to either improve the security of systems [2,14,27], or to obfuscate code in order to trick malware detectors [11,24] or to prevent reverse-engineering [21].…”

Section: Related Workmentioning

confidence: 99%

An analysis of call-site patching without strong hardware support for self-modifying-code

Hartley

Zakkak

Kotselidis

et al. 2019

Proceedings of the 16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes

View full text Add to dashboard Cite

With micro-services continuously gaining popularity and low-power processors making their way into data centers, efficient execution of managed runtime systems on low-power architectures is also gaining interest. Apart from the inherent performance differences between high and low power processors, porting a managed runtime system to a low-power architecture may result in spuriously introducing additional overheads and design trade-offs. In this work we investigate how the lack of strong hardware support for Self Modifying Code (SMC) in low-power architectures, influences Just-In-Time (JIT) compilation and execution in modern virtual machines. In particular, we examine how low-power architectures, with no or limited hardware support for SMC, impose restrictions on call-site implementations, when the latter need to be patchable by the runtime system. We present four different memory-safe implementations for call-site generation and discuss their advantages and disadvantages in the absence of strong hardware support for SMC. Finally, we evaluate each technique on different workloads using micro-benchmarks and we evaluate the best two techniques on the Dacapo benchmark suite showcasing performance differences up to 15%. CCS Concepts • Software and its engineering → Software performance; Just-in-time compilers; Runtime environments.

show abstract

Reachability Analysis of Concurrent Self-modifying Code

Messahel,

Touili

2024

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Dynamic Self-modifying Code Detection Based on Backward Analysis

Cited by 3 publications

References 17 publications

Just-In-Time Compilation on ARM—A Closer Look at Call-Site Code Consistency

Just-In-Time Compilation on ARM—A Closer Look at Call-Site Code Consistency

An analysis of call-site patching without strong hardware support for self-modifying-code

Reachability Analysis of Concurrent Self-modifying Code

Contact Info

Product

Resources

About