Automatic uninitialized value usage detection during full-system emulation

Developed method, which is described in this paper, is capable of automated detection of uninitialized values within the scope of full-system emulation. This method is of immediate interest for low-level software, such as BIOS or initial loader, which initializes hardware and loads the operating system. Errors in this kind of software are the most dangerous and lead to system shutdown. This sort of software is difficult to test on real hardware, consequently emulators of different architectures are used for these tasks. In the context of this work a new method of using shadow memory for storing and tracking register states and guest system memory cells. Criteria for detection of uninitialized variables usage and error reporting were defined. For example, these situations fall under the criteria: uninitialized value is the address for loading and unloading values from and to the memory, conditional jump is performed based on uninitialized value or to an uninitialized memory chunk. Developed method was implemented and tested in the guest system of x86 architecture in full-system emulator QEMU. System consists of few instructions, which initialize a processor and transfers control to a user application. Testing was performed on three simple examples for each of the criteria for unitialized values detection. Developed method demonstrated correct results on all examples.

automatic uninitialized value usage detection, full-system emulation, instrumentation

1. Smith J., Nair R. Virtual Machines: Versatile Platforms for Systems and Processes (The Morgan Kaufmann Series in Computer Architecture and Design). Morgan Kaufmann Publishers Inc., San Francisco, CA, USA, 2005, 656 p.

2. QEMU Emulator User Documentation (online publication). Available at: http://qemu.weilnetz.de/qemu-doc.html, accessed 13.11.2014.

3. Android Memory Checker Component (online publication). Available at: https://github.com/android/platform_external_qemu/blob/791e96ffc61d52eae80f94129a93ff67474f3ff9/docs/ANDROID-MEMCHECK.TXT, accessed 3.12.2014.

4. Memcheck: a memory error detector (online publication). Available at: http://valgrind.org/docs/manual/mc-manual.html, accessed 16.11.2014.

5. Bellard F. QEMU, a Fast and Portable Dynamic Translator. Proceedings of the Annual Conference on USENIX Annual Technical Conference, 2005, p. 41.

6. Seward J., Nethercote N. Using Valgrind to Detect Undefined Value Errors with Bit-precision. Proceedings of the Annual Conference on USENIX Annual Technical Conference, 2005, p. 2.