Behave or be watched
Proceedings of the 9th Workshop on Hot Topics in Dependable Systems - HotDep '13
Finding, understanding, and fixing bugs in an operating system is challenging. Dynamic binary translation (DBT) systems provide a powerful facility for building program analysis and debugging tools. However, DBT abstractions are too low-level and provide limited contextual information for instrumentation tools. We introduce behavioral watchpoints, a new software-based watchpoint framework that simplifies the implementation of DBT-based program analysis and debugging tools. Behavioral
... havioral watchpoints extend the traditional approach of using a DBT system by providing context-specific information at the instruction level and specializing instrumentation to individual data structures. We describe four applications developed using our watchpoint framework: detecting buffer overflows, detecting read-before-write and memory freeing bugs, detecting memory leaks and enforcing fine-grained memory access policies. We implemented behavioral watchpoints using Granary, a new DBT framework. We show that the overheads are reasonable for their intended use in analyzing and debugging kernel modules.