A Structure-preserving Clause Form Translation
Journal of Symbolic Computation
Efficiently computing static single assignment form and the control dependence graph
ACM Transactions on Programming Languages and Systems (TOPLAS)
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Hacker's Delight
Extracting safe and precise control flow from binaries
RTCSA '00 Proceedings of the Seventh International Conference on Real-Time Systems and Applications
Recovery of Jump Table Case Statements from Binary Code
IWPC '99 Proceedings of the 7th International Workshop on Program Comprehension
HOIST: a system for automatically deriving static analyzers for embedded systems
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Decision Procedures: An Algorithmic Point of View
Decision Procedures: An Algorithmic Point of View
SLR: Path-Sensitive Analysis through Infeasible-Path Detection and Syntactic Language Refinement
SAS '08 Proceedings of the 15th international symposium on Static Analysis
Jakstab: A Static Analysis Platform for Binaries
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries
VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Model checking of software for microcontrollers
ACM Transactions on Embedded Computing Systems (TECS)
WYSINWYX: What you see is not what you eXecute
ACM Transactions on Programming Languages and Systems (TOPLAS)
Interval analysis of microcontroller code using abstract interpretation of hardware and software
Proceedings of the 13th International Workshop on Software & Compilers for Embedded Systems
Range and Set Abstraction using SAT
Electronic Notes in Theoretical Computer Science (ENTCS)
Automatic abstraction for intervals using Boolean formulae
SAS'10 Proceedings of the 17th international conference on Static analysis
Range analysis of microcontroller code using bit-level congruences
FMICS'10 Proceedings of the 15th international conference on Formal methods for industrial critical systems
Refinement-based CFG reconstruction from unstructured programs
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
Interprocedural control flow reconstruction
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
OSMOSE: automatic structural testing of executables
Software Testing, Verification & Reliability
Existential quantification as incremental SAT
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
There's plenty of room at the bottom: analyzing and verifying machine code
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Understanding the origin of alarms in ASTRÉE
SAS'05 Proceedings of the 12th international conference on Static Analysis
Abstract interpretation of microcontroller code: Intervals meet congruences
Science of Computer Programming
Runtime verification of microcontroller binary code
Science of Computer Programming
| Hi-index | 0.00 |
This paper presents a SAT-based method for control flow graph reconstruction from executable code. The key idea of the technique is to express the semantics of each basic block in a program using Boolean logic, followed by inferring pre- and postconditions for each block through interleaved forward and backward analysis. In particular, the technique relies on register-wise value-set abstractions, which are subsequently refined using alternating forward and backward analyses. Experimental evidence shows that this approach, despite being sound, recovers the control flow graph precisely for different real-world benchmarks.