This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Unpredication, Unscheduling, Unspeculation: Reverse Engineering Itanium Executables
February 2005 (vol. 31 no. 2)
pp. 99-115
EPIC (Explicitly Parallel Instruction Computing) architectures, exemplified by the Intel Itanium, support a number of advanced architectural features, such as explicit instruction-level parallelism, instruction predication, and speculative loads from memory. However, compiler optimizations that take advantage of these features can profoundly restructure the program's code, making it potentially difficult to reconstruct the original program logic from an optimized Itanium executable. This paper describes techniques to undo some of the effects of such optimizations and thereby improve the quality of reverse engineering such executables.

[1] S. Burford, “Reverse Engineering Linux ELF Binaries on the x86 Platform,” 2002, www.linuxsa.org.au/meetingsreveng-0.2.pdf .
[2] E.J. Byrne, “Software Reverse Engineering: A Case Study,” Software— Practice and Experience, vol. 21, no. 12, pp. 1349-1364, 1991.
[3] C. Cifuentes and K.J. Gough, “Decompilation of Binary Programs,” Software— Practice and Experience, vol. 25, no. 7, pp. 811-829, July 1995.
[4] C. Cifuentes and D. Simon, “Procedural Abstraction Recovery From Binary Code,” Proc. European Conf. Software Maintenance and Reeng., Mar. 2000.
[5] C. Cifuentes and M. Van Emmerik, “UQBT: Adaptable Binary Translation at Low Cost,” Computer, vol. 33, no. 3, pp. 60-66, Mar. 2000.
[6] C. Cifuentes and M. Van Emmerik, “Recovery of Jump Table Case Statements from Binary Code,” Science of Computer Programming, vol. 40, nos. 2-3, pp. 171-188, July 2001.
[7] D.M. Gillies, D.R. Ju, R. Johnson, and M. Schlansker, “Global Predicate Analysis and Its Application to Register Allocation,” Proc. 29th Ann. Int'l Symp. Microarchitecture, pp. 114-125, 1996.
[8] P.A.V. Hall, Software Reuse, Reverse Engineering, and Re-Engineering, pp. 3-31, Software Reuse and Reverse Engineering in Practice. 1992.
[9] C.R. Hollander, “Decompilation of Object Programs,” PhD thesis, Stanford Univ., 1973.
[10] R. Johnson and M. Schlansker, “Analysis Techniques for Predicated Code,” Proc. 29th Ann. Int'l Symp. Microarchitecture, pp. 100-113, 1996.
[11] J.B. Kam and J.D. Ullman, “Global Data Flow Analysis and Iterative Algorithms,” J. ACM, vol. 23, no. 1, pp. 158-171, Jan. 1976.
[12] J.B. Kam and J.D. Ullman, “Monotone Data Flow Analysis Frameworks,” Acta Informatica, vol. 7, pp. 305-317, 1977.
[13] Á. Kiss, J. Jász, G. Lehotai, and T. Gyimóthy, “Interprocedural Static Slicing of Binary Executables,” Proc. Third IEEE Int'l Workshop Source Code Analysis and Manipulation (SCAM 2003), pp. 118-127, Sept. 2003.
[14] K. Lano and H. Haughton, Reverse Engineering and Software Maintenance— A Practical Approach. McGraw-Hill, 1994.
[15] S.S. Liao, P.H. Wang, H. Wang, G. Hoflehner, D. Lavery, and J.P. Shen, “Post-Pass Binary Adaptation for Software-Based Speculative Precomputation,” Proc. ACM SIGPLAN'02 Conf. Programming Language Design and Implementation (PLDI), June 2002.
[16] T.A. Proebsting and S.A. Watterson, “Krakatoa: Decompilation in Java (does bytecode reveal source?),” Proc. Third USENIX Conf. Object-Oriented Technologies and Systems, pp. 185-197, 1997.
[17] W. Pugh, “The Omega Test: A Fast and Practical Integer Programming Algorithm for Dependence Analysis,” Comm. ACM, vol. 35, pp. 102-114, Aug. 1992.
[18] B. Schwarz, S.K. Debray, and G.R. Andrews, “Disassembly of Executable Code Revisited,” Proc. IEEE 2002 Working Conf. Reverse Eng. (WCRE), pp. 45-54, Oct. 2002.
[19] J.W. Sias, W.W. Hwu, and D.I. August, “Accurate and Efficient Predicate Analysis with Binary Decision Diagrams,” Proc. 33rd Ann. Int'l Symp. Microarchitecture, pp. 112-123, 2000.
[20] N. Snavely, S.K. Debray, and G.R. Andrews, “Predicate Analysis and If-Conversion in an Itanium Link-Time Optimizer,” Proc. Workshop Explicitly Parallel Instruction Set (EPIC) Architectures and Compilation Techniques (EPIC-2), Nov. 2002.
[21] N. Snavely, S.K. Debray, and G.R. Andrews, “Unscheduling, Unpredication, Unspeculation: Reverse Engineering Itanium Executables,” Proc. 2003 IEEE Working Conf. Reverse Eng., Nov. 2003.
[22] N. Snavely, S.K. Debray, and G.R. Andrews, “Unspeculation,” technical report, Dept. of Computer Science, Univ. of Arizona, May 2003.
[23] T. Systä, K. Koskimies, and H. Müller, “Shimba: An Environment for Reverse Engineering Java Software Systems,” Software Practice and Experience, vol. 31, no. 4, pp. 371-394, Apr. 2001.

Index Terms:
Reverse engineering, EPIC architectures, speculation, predication, code optimization.
Citation:
Noah Snavely, Saumya Debray, Gregory R. Andrews, "Unpredication, Unscheduling, Unspeculation: Reverse Engineering Itanium Executables," IEEE Transactions on Software Engineering, vol. 31, no. 2, pp. 99-115, Feb. 2005, doi:10.1109/TSE.2005.27
Usage of this product signifies your acceptance of the Terms of Use.