A Brute-Force Approach to Automatic Induction of Machine Code on CISC Architectures

RISC stands for " Reduced Instruction Set Computer ". On RISC architectures the instruction length is constant, e.g. 32 bit on a SPARC. For a given instruction opcode there are certain bits which encode the opcode and others which encode the parameters. This makes point mutations conserving syntactic closure straight−forward. Parameters of an instruction can be changed by only modifying the bits encoding parameters. An instruction can always be replaced by a different one since they all have the same length. String crossover operations are simple for the same reason. The crossover points have to be aligned to 32 bit boundaries in the SPARC example. CISC means " Complete/Complex Instruction Set Computer ". On CISC architectures like the Intel 32 bit architecture instruction lengths can range from 1 byte to 14 or more bytes with immediate operands, address offsets and instruction prefixes. If syntactic closure has to be ensured this requires more sophisticated point mutation and string crossover operations. Possibly one would limit the instruction set to simplify those operations giving up one strength of the CISC architecture. Debugger Services Debugger services are operating system services which allow one process in a multi− tasking operating system to control the execution of another process. This includes access to the memory and the CPU registers of the debugged process. Signals sent to the process can be intercepted. The debugging process has the choice to deliver a signal to the debugged programme, to modify it or not to deliver it at all. This is important since all errors like illegal instructions or access to unmapped addresses are reported by the operating systems by sending signals to the offending process, which usually lead to its termination. Signals generated by a timer can be caught in this way, too. Furthermore it is possible to intercept system calls from the debugged programme. Again, they can be delivered, modified or ignored. Memory Mapping In modern multi−tasking operating systems one distinguishes physical memory which is typically something between 128 and 512 MB on a workstation and the virtual address space which is 4 GB on 32 bit architecture. Each process has its own 4GB virtual address space. The translation from a virtual address to a physical memory address is called memory mapping. This is supported by a memory management unit (MMU) in the processor. The figure below illustrates the memory mapping for one typical process. Note: The Linux …