DBI-Go:动态插桩定位Go二进制的非法内存引用

DBI-Go:Dynamic Binary Instrumentation for Pinpointing Illegal Memory References in Go Binaries

Go语言,也称Golang,由于其语法简单、原生支持并发、自动内存管理等特性,近年受到很多开发者的欢迎.Go语言期望开发者不必了解变量或对象是分配在栈上还是在堆中,而由Go编译器的逃逸分析来决定分配位置,再由Go垃圾收集器自动回收无用的堆对象.Go的逃逸分析必须正确决定对象的分配位置以保证内存状态的正确性.然而,目前Go社区中逃逸相关问题频发,潜在导致程序崩溃等致命问题,而目前对该方面的研究缺失.为有效检测编译器生成的代码是否存在可能引起运行时崩溃的非法内存引用,填补研究空白,对Go程序执行进行抽象建模,并提出两条判定写入违例的规则.基于这两条规则,克服Go二进制中高层语义缺失、运行时信息不便获取等挑战,设计一个轻量化的分析工具DBI-Go.DBI-Go采用静态分析加动态二进制插桩的分析方式,基于动态二进制分析框架Pin来实现,可以识别Go二进制中违例的store指令.实验结果表明,DBI-Go可以检测出Go社区中所有已知的逃逸相关Issues;DBI-Go还发现一个目前Go社区未知的问题,该问题已经得到确认.在实际项目上的应用则表明DBI-Go可以帮助开发人员找出逃逸算法的错误.测试结果还表明DBI-Go采取的措施可以有效降低误报率且在93.3%的情况下带来的额外运行时开销小于原先的2倍.同时,DBI-Go无需修改Go的编译运行时,可以适配不同版本的Go,有较高的适用性.

The Go programming language,also known as Golang,has become popular with developers in recent years due to its simple syntax,native support for concurrency,and automatic memory management.This language expects that developers do not need to know whether variables or objects are allocated on the stack or in the heap.The escape analysis of the Go compiler determines the allocation location,and then the garbage collector automatically recycles unreachable heap objects.Go’s escape analysis must correctly determine the allocation location of the object to ensure the memory state correctness.However,escape analysis related problems frequently occur in the Go community at present,potentially causing fatal problems such as program crashes,and there is currently a lack of research on this aspect.To effectively detect whether the code generated by the compiler has illegal memory references that may cause runtime crashes and fill the research gap,this study conducts abstract modeling on the Go program and proposes two rules for verifying the validity of store instructions.Based on these two rules,it overcomes the challenges of lacking high-level semantics in Go binaries and inconvenient access to runtime information and designs a lightweight analysis tool DBI-Go.DBI-Go adopts static analysis plus dynamic binary instrumentation and is implemented based on Pin,a dynamic binary analysis framework.Meanwhile,DBI-Go can identify illegal store instructions in Go binaries.Evaluation results show that DBI-Go can detect all known escape-related issues in the Go community,and also discover an issue that is previously unknown to the Go community.Finally,this issue has been confirmed.The applications in actual projects show that DBI-Go can assist developers in finding bugs in escape analysis algorithms.Evaluation results also show that the measures adopted by DBI-Go can reduce the false positive rate,and the extra runtime overhead brought by DBI-Go in 93.3%of the cases is less than twice the original.Additionally,DBI-Go can be adapted to different versions of Go without modifying Go’s compilation and runtime,therefore yielding wide applicability.