Hongxu Cai
ABSTRACT
Self-modifying code (SMC), in this paper, broadly refers to anyprogram that loads, generates, or mutates code at runtime. It is widely used in many of the world's critical software systems tosupport runtime code generation and optimization, dynamic loading and linking, OS boot loader, just-in-time compilation, binary translation,or dynamic code encryption and obfuscation. Unfortunately, SMC is alsoextremely difficult to reason about: existing formal verification techniques-including Hoare logic and type system-consistentlyassume that program code stored in memory is fixedand immutable; this severely limits their applicability and power.
This paper presents a simple but novel Hoare-logic-like framework that supports modular verification of general von-Neumann machine code with runtime code manipulation. By dropping the assumption that code memory is fixed and immutable, we are forced to apply local reasoningand separation logic at the very beginning, and treat program code uniformly as regular data structure. We address the interaction between separation and code memory and show how to establish the frame rules for local reasoning even in the presence of SMC. Our frameworkis realistic, but designed to be highly generic, so that it can support assembly code under all modern CPUs (including both x86 andMIPS). Our system is expressive and fully mechanized. We prove itssoundness in the Coq proof assistant and demonstrate its power by certifying a series of realistic examples and applications-all of which can directly run on the SPIM simulator or any stock x86 hardware.
- A. W. Appel. Foundational proof-carrying code. In Proc. 16th IEEE Symp. on Logic in Computer Science, pages 247--258, June 2001. Google Scholar
Digital Library
- A. W. Appel and A. P. Felty. A semantic model of types and machine instructions for proof-carrying code. In Proc. 27th ACM Symposium on Principles of Programming Languages, pages 243--253, Jan. 2000. Google ScholarDigital Library
- D. Aucsmith. Tamper resistant software: An implementation. In Proceedings of the First International Workshop on Information Hiding, pages 317--333, London, UK, 1996. Springer-Verlag. Google ScholarDigital Library
- V. Bala, E. Duesterwald, and S. Banerjia. Dynamo: a transparent dynamic optimization system. In Proc. 2000 ACM Conf. on Prog. Lang. Design and Implementation, pages 1--12, 2000. Google ScholarDigital Library
- H. Cai, Z. Shao, and A. Vaynberg. Certified self-modifying code (extended version & coq implementation). Technical Report YALEU/DCS/TR-1379, Yale Univ., Dept. of Computer Science, Mar. 2007. http://flint.cs.yale.edu/publications/smc.html.Google Scholar
- K. Crary. Toward a foundational typed assembly language. In Proc. 30th ACM Symposium on Principles of Programming Languages, pages 198--212, Jan. 2003. Google ScholarDigital Library
- S. Debray and W. Evans. Profile-guided code compression. In Proc. 2002 ACM Conf. on Prog. Lang. Design and Implementation, pages 95--105, New York, NY, 2002. Google ScholarDigital Library
- R. W. Floyd. Assigning meaning to programs. Communications of the ACM, Oct. 1967.Google ScholarCross Ref
- N. Glew and G. Morrisett. Type-safe linking and modular assembly language. In Proc. 26th ACM Symposium on Principles of Programming Languages, pages 250--261, Jan. 1999. Google ScholarDigital Library
- N. A. Hamid, Z. Shao, V. Trifonov, S. Monnier, and Z. Ni. A syntactic approach to foundational proof-carrying code. In Proc. 17th Annual IEEE Symp. on Logic in Computer Science, pages 89--100, July 2002. Google ScholarDigital Library
- G. M. Henry. Flexible high-performance matrix multiply via a self-modifying runtime code. Technical Report TR-2001-46, Department of Computer Sciences, The University of Texas at Austin, Dec. 2001.Google Scholar
- CAR. Hoare. Proof of a program: FIND. Communications of the ACM, Jan. 1971. Google ScholarDigital Library
- L. Hornof and T. Jim. Certifying compilation and run-time code generation. Higher Order Symbol. Comput., 12(4):337--375, 1999. Google ScholarDigital Library
- S. S. Ishtiaq and P. W. O'Hearn. BI as an assertion language for mutable data structures. In Proc. 28th ACM Symposium on Principles of Programming Languages, pages 14--26, 2001. Google ScholarDigital Library
- Y. Kanzaki, A. Monden, M. Nakamura, and Kichi Matsumoto. Exploiting self-modification mechanism for program protection. In COMPSAC '03, page 170, 2003. Google ScholarDigital Library
- L. Lamport. The temporal logic of actions. ACM Transactions on Programming Languages and Systems, 16(3):872--923, May 1994. Google ScholarDigital Library
- J. Larus. SPIM: a MIPS32 simulator. v7.3, 2006.Google Scholar
- K. Lawton. BOCHS: IA-32 emulator project. v2.3, 2006.Google Scholar
- P. Lee and M. Leone. Optimizing ML with run-time code generation. In Proc. 1996 ACM Conf. on Prog. Lang. Design and Implementation, pages 137--148. ACM Press, 1996. Google ScholarDigital Library
- H. Massalin. Synthesis: An Efficient Implementation of Fundamental Operating System Services. PhD thesis, Columbia University, 1992. Google ScholarDigital Library
- N. G. Michael and A. W. Appel. Machine instruction syntax and semantics in higher order logic. In International Conference on Automated Deduction, pages 7--24, 2000. Google ScholarDigital Library
- G. Morrisett, D. Walker, K. Crary, and N. Glew. From system F to typed assembly language. ACM Transactions on Programming Languages and Systems, 21(3):527--568, 1999. Google ScholarDigital Library
- G. Necula. Proof-carrying code. In Proc. 24th ACM Symposium on Principles of Programming Languages, pages 106--119, New York, Jan. 1997. ACM Press. Google ScholarDigital Library
- Z. Ni and Z. Shao. Certified assembly programming with embedded code pointers. In Proc. 33rd ACM Symposium on Principles of Programming Languages, Jan. 2006. Google ScholarDigital Library
- P. Nordin and W. Banzhaf. Evolving turing-complete programs for a register machine with self-modifying code. In Proc. of the 6th International Conf. on Genetic Algorithms, pages 318--327, 1995. Google ScholarDigital Library
- B. C. Pierce. Advanced Topics in Types and Programming Languages. The MIT Press, Cambridge, MA, 2005. Google ScholarDigital Library
- Ralph. Basics of SMC. http://web.archive.org/web/20010425070215/awc.rejects.net/files/text/sm%c.txt, 2000.Google Scholar
- J. Reynolds. Separation logic: a logic for shared mutable data structures. In Proc. 17th IEEE Symp. on Logic in Computer Science, 2002. Google ScholarDigital Library
- F. M. Smith. Certified Run-Time Code Generation. PhD thesis, Cornell University, Jan. 2002. Google ScholarDigital Library
- The Coq Development Team, INRIA. The Coq proof assistant reference manual. The Coq release v8.0, 2004--2006.Google Scholar
- D. Yu, N. A. Hamid, and Z. Shao. Building certified libraries for PCC: Dynamic storage allocation. Science of Computer Programming, 50(1--3):101--127, Mar. 2004. Google ScholarDigital Library
Index Terms
- Certified self-modifying code
Recommendations
Dynamic Self-modifying Code Detection Based on Backward Analysis
ICCAE 2018: Proceedings of the 2018 10th International Conference on Computer and Automation EngineeringSelf-modifying code (SMC) is widely used in obfuscated program for enhancing the difficulty in reverse engineering. The typical mode of self-modifying code is restore-execute-hide, it drives program to conceal real behaviors at most of the time, and ...
Certified self-modifying code
Proceedings of the 2007 PLDI conferenceSelf-modifying code (SMC), in this paper, broadly refers to anyprogram that loads, generates, or mutates code at runtime. It is widely used in many of the world's critical software systems tosupport runtime code generation and optimization, dynamic ...
Self-Modifying Code: A Provable Technique for Enhancing Program Obfuscation
This article describes how code obfuscation techniques aim to conceal the functionality of a program by mystifying the code so that it is unreadable or in an incomprehensible format. Since the objective of this article is to make a program obfuscated, ...
Comments