Hi all,
Dyninst has caught our interest at Technical University of Munich
Institute for Electronic Design Automation because of its many features
of which symbolic execution and static function analysis are most
interesting to us.
Our project is about source-binary mapping for timing analysis of
embedded software in the field of design automation. For this we need
basic blocks and a control flow graph. These are currently generated by
hand and struggle with complicated code constructs, indirect jumps and
generally optimized code.
One change we will have to make is to allow binaries to be loaded even
when they are not compiled for the same architecture as the host (always
x86). I already poked around in the code a bit and it seems to be
possible with the existing abstractions. The main features of Dyninst
like dynamic analysis and instrumentation/rewriting will obviously not
work, but those are of no interest to us anyway. Is there anything that
would make the cross-arch analysis task difficult?
Then of course the architectures of interest need to be implemented.
Currently these are ARM (32-bit) and OpenRisc. As far as I can tell this
would at least be the register file, helpers to define register
semantics and the InstructionDecoder. Apart from that some
smaller/optional stuff like jump table recognition. Did I miss something
important here?
We would also need to target Windows, but in your Readme you write that
only the rewriter is not implemented on Windows. On the other hand, our
cross-arch scenario would add dependencies to libiberty, libelf and
libdwarf. MinGW seems to come with libiberty and the others seem to
compile on Windows. Can you think of anything else problematic here?
How do you overall estimate the feasibility of our changes and the use
of Dyninst for bare-metal embedded applications? Any tips where to be
careful or locations to start would be greatly appreciated.
Regards
Rafael Stahl
|