Control flow analysis in scheme
PLDI '88 Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Dynamic Partitioning in Analyses of Numerical Properties
SAS '99 Proceedings of the 6th International Symposium on Static Analysis
Efficient applicative data types
POPL '84 Proceedings of the 11th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Counterexample-guided abstraction refinement for symbolic model checking
Journal of the ACM (JACM)
Structural Testing of Executables
ICST '08 Proceedings of the 2008 International Conference on Software Testing, Verification, and Validation
Jakstab: A Static Analysis Platform for Binaries
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries
VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Client-driven pointer analysis
SAS'03 Proceedings of the 10th international conference on Static analysis
DIVINE: discovering variables in executables
VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
Analyzing stripped device-driver executables
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
OSMOSE: automatic structural testing of executables
Software Testing, Verification & Reliability
Path-Sensitive dataflow analysis with iterative refinement
SAS'06 Proceedings of the 13th international conference on Static Analysis
CodeSurfer/x86—A platform for analyzing x86 executables
CC'05 Proceedings of the 14th international conference on Compiler Construction
Trace partitioning in abstract interpretation based static analyzers
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Directed proof generation for machine code
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
The BINCOA framework for binary code analysis
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Past time LTL runtime verification for microcontroller binary code
FMICS'11 Proceedings of the 16th international conference on Formal methods for industrial critical systems
Precise control flow reconstruction using boolean logic
EMSOFT '11 Proceedings of the ninth ACM international conference on Embedded software
Alternating control flow reconstruction
VMCAI'12 Proceedings of the 13th international conference on Verification, Model Checking, and Abstract Interpretation
Frama-C: a software analysis perspective
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
BinSlayer: accurate comparison of binary executables
PPREW '13 Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop
Abstract interpretation of microcontroller code: Intervals meet congruences
Science of Computer Programming
SEC'13 Proceedings of the 22nd USENIX conference on Security
Runtime verification of microcontroller binary code
Science of Computer Programming
| Hi-index | 0.00 |
This paper addresses the issue of recovering a both safe and precise approximation of the Control Flow Graph (CFG) of an unstructured program, typically an executable file. The problem is tackled in an original way, with a refinement-based static analysis working over finite sets of constant values. Requirement propagation allows the analysis to automatically adjust the domain precision only where it is needed, resulting in precise CFG recovery at moderate cost. First experiments, including an industrial case study, show that the method outperforms standard analyses in terms of precision, efficiency or robustness.