• The Journal of the Convergence on Culture Technology
• /
• v.5 no.1
• /
• pp.395-399
• /
• 2019

In order to support various parallel computing systems, it is necessary to extend LLVM IR to more efficiently support vector / matrix and to design LLVM IR to machine code as a new algorithm. As shown in the IR example, RISC instruction generation is naturally generated because the RISC instruction is basically composed of the RISC instruction, and the vector instruction is also not supported. There is a need for new IR structures, command generation algorithms and related extensions to support vector / matrix more robustly. To do this, it is important to map each instruction in the LLVM IR to the appropriate instruction in the target architecture (vector / matrix) (instruction selection algorithm). It is necessary to understand the meaning of LLVM IR command, to compare the meaning of each instruction of the target architecture with syntax, and to select the instruction that matches the pattern to make mapping efficient.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.06c
• /
• pp.545-549
• /
• 2010

LLVM(Low-level Virtual machine)은 최적화된 컴파일 코드 생성을 위한 컴파일러 프레임워크를 목적으로 제작되었다. LLVM은 C언어로 작성된 코드를 효과적으로 머신에 비종속적인 중간코드로 표현하여 사용하므로 이를 잘 활용한다면 C언어를 위한 머신 비종속적인 '가상머신'으로 사용할 수 있다. 하지만 LLVM은 효과적인 컴파일러라는 원래의 설계목적 때문에 전반적으로 동적 수행에 대해 큰 고민 없이 디자인되었다. 이러한 디자인상의 한계는 가상 머신으로서의 성능에는 좋지 않은 영향을 끼치므로 이에 대한 보안이 필요하다. 우리는 LLVM의 명령어 셋에 추가명령어를 제안하여 LLVM 해석기의 성능향상을 얻어낼 것이다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.31-40
• /
• 2024

Recently, static analysis-based signature and pattern detection technologies have limitations due to the advanced IT technologies. Moreover, It is a compatibility problem of multiple architectures and an inherent problem of signature and pattern detection. Malicious codes use obfuscation and packing techniques to hide their identity, and they also avoid existing static analysis-based signature and pattern detection techniques such as code rearrangement, register modification, and branching statement addition. In this paper, We propose an LLVM IR image-based automated static analysis of malicious code technology using machine learning to solve the problems mentioned above. Whether binary is obfuscated or packed, it's decompiled into LLVM IR, which is an intermediate representation dedicated to static analysis and optimization. "Therefore, the LLVM IR code is converted into an image before being fed to the CNN-based transfer learning algorithm ResNet50v2 supported by Keras". As a result, we present a model for image-based detection of malicious code.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.171-179
• /
• 2022

Self-Modifying-Code is a code that changes the code by itself during execution time. This technique is particularly abused by malicious code to bypass static analysis. Therefor, in order to effectively detect such malicious codes, it is important to identify self-modifying-codes. In the meantime, Self-modify-codes have been analyzed using dynamic analysis methods, but this is time-consuming and costly. If static analysis can detect self-modifying-code it will be of great help to malicious code analysis. In this paper, we propose a static analysis method to detect self-modified code for binary executable programs converted to LLVM IR and apply this method by making a self-modifying-code benchmark. As a result of the experiment in this paper, the designed static analysis method was effective for the standardized LLVM IR program that was compiled and converted to the benchmark program. However, there was a limitation in that it was difficult to detect the self-modifying-code for the unstructured LLVM IR program in which the binary was lifted and transformed. To overcome this, we need an effective way to lift the binary code.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.1135-1137
• /
• 2017

본 논문은 IoT 장치에서 동작하는 가상기계의 중간코드를 LLVM IR 코드로 변환하는 코드 변환기를 설계 및 구현하였다. LLVM 인터프리터를 통해 RSIL 코드로부터 변환된 LLVM IR 코드를 실행하고, 그 결과를 비교하여 IoT 가상기계의 중간코드를 검증하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.225-227
• /
• 2022

CFI(Control Flow Integrity)는 제어 흐름을 검증해 프로그램을 보호하는 기법이다. Windows에서는 CFG(Control Flow Guard)란 이름으로 CFI 를 지원하고 LLVM 에서는 동일하게 CFI 란 이름으로 지원한다. 본 논문에서는 Windows CFG 의 몇 가지 한계점을 LLVM IFCC 와 비교해서 찾아보고 대안책을 제안한다. CFG 에 성능, 확장성, 보안 측면에서 LLVM IFCC 와 비교하여 한계점이 존재한다는 것을 확인하였다. 본 논문에서는 각 항에 대한 이론적 근거를 제시하고 문제를 해결할 수 있는 몇 가지 대응책을 소개한다.

• ETRI Journal
• /
• v.37 no.5
• /
• pp.1001-1011
• /
• 2015

Since just-in-time (JIT) has considerable overhead to detect hot spots and compile them at runtime, using sophisticated optimization techniques for embedded devices means that any resulting performance improvements will be limited. In this paper, we introduce a novel static Dalvik bytecode optimization framework, as a complementary compilation of the Dalvik virtual machine, to improve the performance of Android applications. Our system generates optimized Dalvik bytecodes by using Low Level Virtual Machine (LLVM). A major obstacle in using LLVM for optimizing Dalvik bytecodes is determining how to handle the high-level language features of the Dalvik bytecode in LLVM IR and how to optimize LLVM IR conforming to the language information of the Dalvik bytecode. To this end, we annotate the high-level language features of Dalvik bytecode to LLVM IR and successfully optimize Dalvik bytecodes through instruction selection processes. Our experimental results show that our system with JIT improves the performance of Android applications by up to 6.08 times, and surpasses JIT by up to 4.34 times.

• IEIE Transactions on Smart Processing and Computing
• /
• v.3 no.2
• /
• pp.96-102
• /
• 2014

The embedded processor market has grown rapidly and consistently with the appearance of mobile devices. In an embedded system, the power consumption and execution time are important factors affecting the performance. The system performance is determined by both hardware and software. Although the hardware architecture is high-end, the software runs slowly due to the low quality of codes. This study compared the performance of two major compilers, LLVM and GCC on a32-bit EISC embedded processor. The dynamic instructions and static code sizes were evaluated from these compilers with the EEMBC benchmarks.LLVM generally performed better in the ALU intensive benchmarks, whereas GCC produced a better register allocation and jump optimization. The dynamic instruction count and static code of GCCwere on average 8% and 7% lower than those of LLVM, respectively.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.53-56
• /
• 2014

Application specific instruction-set processor (ASIP) is a suitable design choice for system designers who seek both flexibility to handle various applications in the domain together with the performance. Successful development of an ASIP, however, requires a software development kit (SDK) to be provided along with the processor. Synopsys Processor Designer is an ASIP development tool, which takes as input a set of files written in a high-level architecture description language called LISA (Language for Instruction Set Architecture), and generates SDK as well as RTL. Recently, they have added support for the generation of LLVM compiler backend, though some manual work is required. In this paper, we introduce some details in porting LLVM compiler to a custom processor architecture in Synopsys Processor Designer.

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06a
• /
• pp.268-270
• /
• 2012

동적 코드 분석 도구는 동적 컴파일(Just-in-Time Compile)을 통한 코드 변환 기술을 이용하여 응용프로그램 실행 중 기계어 수준의 코드를 분석한다. 기존의 동적 코드 분석 도구는 변환과정에서의 부하가 크기 때문에 리얼타임 프로그램에 적용하기 어렵다. 본 논문에서는 기존 동적 코드 분석 도구의 동적 컴파일 기법과 컴파일 프레임워크인 LLVM의 동적 컴파일 기법의 성능을 비교, 분석하였다. 이를 통해 LLVM의 동적 컴파일 기법을 이용한 높은 수행 성능을 가진 동적 코드 분석 도구의 설계 방안을 모색한다.