DrBBDup: The DynamoRIO Basic Block Duplication Extension

This is the main issue page concerning the DynamoRIO Basic Block Duplication Extension: a code builder that duplicates code of basic blocks and dispatches control according to runtime conditions so that different instrumentation of the same basic blocks may be efficiently executed.

During the app2app stage, the code of a basic block is duplicated and prepended to the original fragment in order to generate multiple copies. DrBBDup manages these copies by maintaining book-keep data per fragment and inserting dispatching code to execute the appropriate basic block copy.

For example, lets say we have the following bb:

mov ebx ecx
mov esi eax
ret

At a very high-level, DrBBDup produces code as follows

cmp [eax] 0x00000000
jz LABEL 2
  
LABEL 1 // BB Version 1
_INSTRUM CODE A_
mov ebx ecx
_INSTRUM CODE A_
mov esi eax
jmp EXIT LABEL

LABEL 2 // BB Version 2
_INSTRUM CODE B_
mov ebx ecx
_INSTRUM CODE B_
mov esi eax

EXIT LABEL
ret /* Not duplicated to abide by DR bb rules */

The number of basic block versions is customisable to suit the user's needs. In the example the dup count is 1 because we produce only one additional copy.

Apart from the main functionality of DrBBDup, this issue also encompasses the following:

1. Dynamic generation of basic block copies (contingent on #3778 being merged).
2. Gathering of general statistics, such as tracking which cases are executed most frequently.
3. Support for Arm.
4. Include sample program.

There are a number of applications which I built using the extension. For instance, with two bb copies, one can turn on/off instruction tracing via nudges during runtime. One basic block copy is instrumented with tracing code, and another version with no instrumentation at all. Depending on a flag, the user can control which basic block copy is executed at runtime, without the need to undergo expensive flushing.