Modern architectures, such as the Intel Itanium, support speculation, a hardware mechanism that allows the early execution of expensive operations—possibly even before it is known whether the results of the operation are needed. While such speculative execution can improve execution performance considerably, it requires a significant amount of complex support code to deal with and recover from speculation failures. This greatly complicates the tasks of understanding and re-engineering speculative code. This paper describes a technique for removing speculative instructions from optimized binary programs in a way that is guaranteed to preserve program semantics, thereby making the resulting “unspeculated” programs easier to understand and more amenable to re-engineering using traditional reverse engineering techniques.
Noah Snavely, Saumya K. Debray, Gregory R. Andrews