[LLVMdev] converting x86 instructions to LLVM instructions

[Tilmann Scheller]

Hi Alexandre,

On Tue, Sep 29, 2009 at 4:17 PM, Alexandre Gouraud
<alexandre.gouraud at enst-bretagne.fr> wrote:
> I want to do the same. Using KLEE with machine code. With such a framework,
> I could try to do the same that what is explained here :
> http://research.microsoft.com/en-us/um/people/pg/public_psfiles/ndss2008.pdf
> But as you can deduce from the url, nothing is open source there. For this I
> need an IR I can work on easily, and I think LLVM is a good candidate
> What about your llvm-qemu implementation? You are the author aren't you? I
> could not understand from the progress status if this x86 to LLVM
> translation worked or not.
Yeah, I wrote llvm-qemu in 2007. At the moment it only supports ARM,
but due to the architecture of qemu it's very easy to change it to any
other target architecture supported by qemu (in qemu terminology:
target = architecture to emulate). I haven't really worked on it for a
long time though, so it has bitrotted quite a bit (e.g. it needs to be
built against LLVM 2.1). Still, it shouldn't be too much work to bring
it up to date (much less than implementing a translator from some
other IR to LLVM IR). I assume all of this has already been done by
the authors of the "Selective Symbolic Execution" paper, and maybe
they're willing to contribute their stuff back? Technically it's all
GPL :)

Another thing I have in the back of my mind is retargeting the current
version of qemu to LLVM which uses a new code generator called TCG
(back when llvm-qemu was written qemu used a code generator called
dyngen). Translating from TCG IR to LLVM IR seems to be rather
straightforward. Depending on how much time you want to invest this
might be an option for you too. I guess using qemu as a base for your
system is also interesting because it allows you to do full system
simulation.

Cheers,

Tilmann