Deterministic Fully-Static Whole-Binary Translation Without Heuristics
6 hours ago
- #static-analysis
- #binary-translation
- #x86-64-to-AArch64
- Elevator is the first binary translator that statically translates entire x86-64 executables to AArch64 without debug info, source code, or code layout assumptions.
- Unlike existing systems using heuristics or runtime fallbacks, Elevator considers all possible byte interpretations as data, opcodes, or arguments, generating separate control flow paths for each feasible one, pruned only if they lead to abnormal termination.
- Translations are built by composing code 'tiles' derived from a high-level source ISA description, resulting in a deterministic, nimble framework that produces complete, self-contained binaries with no runtime component in the trusted code base.
- The main cost is substantial code size expansion, but the key benefit is enabling testing, validation, certification, and cryptographic signing prior to deployment, reducing risk compared to emulators or JIT compilers.
- Evaluated on real-world binaries like the SPECint 2006 suite, Elevator demonstrates practical and reliable static full-program binary translation, with performance on par or better than QEMU's user-mode JIT emulation.