Interprocedural side-effect analysis in linear time
PLDI '88 Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation
EEL: machine-independent executable editing
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Alias analysis of executable code
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Aggregate structure identification and its application to program analysis
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 1999 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Safety checking of machine code
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Data Dependence Analysis of Assembly Code
International Journal of Parallel Programming - Special issue on instruction-level parallelism and parallelizing compilation, part 2
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Program Flow Analysis: Theory and Application
Program Flow Analysis: Theory and Application
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
Intraprocedural Static Slicing of Binary Executables
ICSM '97 Proceedings of the International Conference on Software Maintenance
The Interprocedural Coincidence Theorem
CC '92 Proceedings of the 4th International Conference on Compiler Construction
Static Analysis of Binary Code to Isolate Malicious Behaviors
WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Efficient applicative data types
POPL '84 Proceedings of the 11th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Practical and Accurate Low-Level Pointer Analysis
Proceedings of the international symposium on Code generation and optimization
String analysis for x86 binaries
PASTE '05 Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Intermediate-representation recovery from low-level code
Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Eliminating stack overflow by abstract interpretation
ACM Transactions on Embedded Computing Systems (TECS)
Static Detection of Vulnerabilities in x86 Executables
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Thorough static analysis of device drivers
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Automating mimicry attacks using static binary analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Parameter and Return-value Analysis of Binary Executables
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 01
A theory of platform-dependent low-level software
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Wysinwyx: what you see is not what you execute
Wysinwyx: what you see is not what you execute
DIVINE: discovering variables in executables
VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
Low-level library analysis and summarization
CAV'07 Proceedings of the 19th international conference on Computer aided verification
A system for generating static analyzers for machine instructions
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
Analyzing stripped device-driver executables
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Recency-Abstraction for heap-allocated storage
SAS'06 Proceedings of the 13th international conference on Static Analysis
Analysis of low-level code using cooperating decompilers
SAS'06 Proceedings of the 13th international conference on Static Analysis
A next-generation platform for analyzing executables
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
CodeSurfer/x86—A platform for analyzing x86 executables
CC'05 Proceedings of the 14th international conference on Compiler Construction
Extended weighted pushdown systems
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Adding nesting structure to words
DLT'06 Proceedings of the 10th international conference on Developments in Language Theory
Automatic reconstruction of data types in the decompilation problem
Programming and Computing Software
Stack bounds analysis for microcontroller assembly code
WESS '09 Proceedings of the 4th Workshop on Embedded Systems Security
Context-sensitive analysis of obfuscated x86 executables
Proceedings of the 2010 ACM SIGPLAN workshop on Partial evaluation and program manipulation
WYSINWYX: What you see is not what you eXecute
ACM Transactions on Programming Languages and Systems (TOPLAS)
Interval analysis of microcontroller code using abstract interpretation of hardware and software
Proceedings of the 13th International Workshop on Software & Compilers for Embedded Systems
Programming and Computing Software
Ubiquitous verification of ubiquitous systems
SEUS'10 Proceedings of the 8th IFIP WG 10.2 international conference on Software technologies for embedded and ubiquitous systems
Side-effect analysis of assembly code
SAS'11 Proceedings of the 18th international conference on Static analysis
Context-sensitive analysis without calling-context
Higher-Order and Symbolic Computation
Static detection of unsafe component loadings
CC'12 Proceedings of the 21st international conference on Compiler Construction
Stack layout transformation: towards diversity for securing binary programs
Proceedings of the 34th International Conference on Software Engineering
Body armor for binaries: preventing buffer overflows without recompilation
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
SMARQ: Software-Managed Alias Register Queue for Dynamic Optimizations
MICRO-45 Proceedings of the 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture
Compiler directed write-mode selection for high performance low power volatile PCM
Proceedings of the 14th ACM SIGPLAN/SIGBED conference on Languages, compilers and tools for embedded systems
Abstract interpretation of microcontroller code: Intervals meet congruences
Science of Computer Programming
| Hi-index | 0.00 |
Over the last seven years, we have developed static-analysis methods to recover a good approximation to the variables and dynamically allocated memory objects of a stripped executable, and to track the flow of values through them. It is relatively easy to track the effects of an instruction operand that refers to a global address (i.e., an access to a global variable) or that uses a stack-frame offset (i.e., an access to a local scalar variable via the frame pointer or stack pointer). In our work, our algorithms are able to provide useful information for close to 100% of such "direct" uses and defs. It is much harder for a static-analysis algorithm to track the effects of an instruction operand that uses a non-stack-frame register. These "indirect" uses and defs correspond to accesses to an array or a dynamically allocated memory object. In one study, our approach recovered useful information for only 29% of indirect uses and 33% of indirect defs. However, using the technique described in this paper, the algorithm recovered useful information for 81% of indirect uses and 90% of indirect defs.