gtSDT

The GrammaTech Software Dynamic Translator (gtSDT) is GrammaTech's software dynamic translator for Windows XP applications running on Intel x86 processors. It constitutes the core technology for a number of applications currently being researched and developed at GrammaTech. gtSDT is not a standalone application: it is a dynamically-linked library that can be injected into an arbitrary process.

Overview

In software dynamic translation, the instructions of a program are not executed directly. Instead, a translator copies each program instruction on demand and executes the (possibly modified) copy. gtSDT was designed to work primarily as a same-ISA translator: one that translates from some instruction set architecture (ISA) to the same instruction set architecture. However, the design leaves room for ISA1-to-ISA2 translation by abstracting all ISA1 primitives behind a target interface and all ISA2 primitives behind a host interface.

gtSDT is typically injected into the address space of a new or already-running process. Once injected, it takes control of the process and starts the translation and dispatch loop. The dispatch loop maintains thread descriptors (including context information) for each thread that the host application creates. Each transfer of control in the host application causes gtSDT to translate a block at the target address, to cache the translated block, and to execute the block from cache. At the end of its execution, a block transfers control back to the dispatcher. Blocks that are already in cache are reused instead of being retranslated. After repeated executions, cached blocks are considered ‘hot’ and are chained (an operation called block linking), bypassing the dispatcher altogether. This amortizes much of the cost of translation over time. In addition to block linking, hot sequences of blocks in the host application’s execution are identified by a path selection mechanism, the corresponding blocks are linked and the resulting paths are dynamically optimized using algorithms similar to those employed by static optimizing compilers.

Features

gtSDT:

  • Has modular architecture.
  • Supports injection into already-running processes, after those processes have performed various tasks.
  • Handles some classes of self-modifying code.
  • Supports self-injection to ensure that the SDT remains in control of child processes.
  • Provides an instrumentation unit consisting of several related but distinct features: the block iterators, fixup containers, and the dynamic instrumentation API.
  • Performs the following dynamic optimizations.
    • sparse conditional constant propagation
    • no-op removal
    • direct jump elimination
    • direct call elimination
    • conditional jump flipping
    • small loop unrolling
    • dead assignment elimination
    • redundant assignment elimination
    • inlining of IDATA/read-only variables

User Extensions

When gtSDT builds, it automatically gathers and packages its own SDK - a collection of header and library files that client applications built on top of gtSDT can use to tap into its resources. Since gtSDT was designed to be migrated to various platforms and to support various ISAs, any given such port or migration exports a single SDK for that platform/ISA. The SDK defines Notification, Instrumentation, CodeBlock, CodePath, and IA32 ISA APIs.


Areas | Products | Sponsors | Publications | News | About Us © 2007-2012, GrammaTech, Inc. All rights reserved.
The Synthesizer Generator, Ada-ASSURED, Ada-Utilities, and SmashProof are trademarks of GrammaTech, Inc. CodeSurfer and CodeSonar are registered trademarks of GrammaTech, Inc.