The program dependence graph and its use in optimization
ACM Transactions on Programming Languages and Systems (TOPLAS)
DOC: a practical approach to source-level debugging of globally optimized code
PLDI '88 Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation
Interprocedural slicing using dependence graphs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Efficient context-sensitive pointer analysis for C programs
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Precise interprocedural chopping
SIGSOFT '95 Proceedings of the 3rd ACM SIGSOFT symposium on Foundations of software engineering
Alias analysis of executable code
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Aggregate structure identification and its application to program analysis
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Patterns in property specifications for finite-state verification
Proceedings of the 21st international conference on Software engineering
Model checking
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Data Dependence Analysis of Assembly Code
International Journal of Parallel Programming - Special issue on instruction-level parallelism and parallelizing compilation, part 2
Symbolic Debugging of Optimized Code
ACM Transactions on Programming Languages and Systems (TOPLAS)
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
A generic approach to the static analysis of concurrent programs with procedures
POPL '03 Proceedings of the 30th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Intraprocedural Static Slicing of Binary Executables
ICSM '97 Proceedings of the International Conference on Software Maintenance
Reachability Analysis of Pushdown Automata: Application to Model-Checking
CONCUR '97 Proceedings of the 8th International Conference on Concurrency Theory
CAV '01 Proceedings of the 13th International Conference on Computer Aided Verification
Interactive source-level debugging for optimized programs (compilation, high-level)
Interactive source-level debugging for optimized programs (compilation, high-level)
Practical and Accurate Low-Level Pointer Analysis
Proceedings of the international symposium on Code generation and optimization
Weighted pushdown systems and their application to interprocedural dataflow analysis
Science of Computer Programming - Special issue: Static analysis symposium (SAS 2003)
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Weighted pushdown systems and their application to interprocedural dataflow analysis
SAS'03 Proceedings of the 10th international conference on Static analysis
Analysis of modular arithmetic
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Extended weighted pushdown systems
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Intermediate-representation recovery from low-level code
Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Techniques for software quality analysis of binaries: applied to Windows and Linux
Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009)
WYSINWYX: What you see is not what you eXecute
ACM Transactions on Programming Languages and Systems (TOPLAS)
DIVINE: discovering variables in executables
VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
Verification across intellectual property boundaries
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Improved memory-access analysis for x86 executables
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
Software model checking without source code
Innovations in Systems and Software Engineering
There's plenty of room at the bottom: analyzing and verifying machine code
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Verification across Intellectual Property Boundaries
ACM Transactions on Software Engineering and Methodology (TOSEM)
Hi-index | 0.00 |
In recent years, there has been a growing need for tools that an analyst can use to understand the workings of COTS components, plugins, mobile code, and DLLs, as well as memory snapshots of worms and virus-infected code. Static analysis provides techniques that can help with such problems; however, there are several obstacles that must be overcome: – For many kinds of potentially malicious programs, symbol-table and debugging information is entirely absent. Even if it is present, it cannot be relied upon. – To understand memory-access operations, it is necessary to determine the set of addresses accessed by each operation. This is difficult because While some memory operations use explicit memory addresses in the instruction (easy), others use indirect addressing via address expressions (difficult). Arithmetic on addresses is pervasive. For instance, even when the value of a local variable is loaded from its slot in an activation record, address arithmetic is performed. There is no notion of type at the hardware level, so address values cannot be distinguished from integer values. Memory accesses do not have to be aligned, so word-sized address values could potentially be cobbled together from misaligned reads and writes. We have developed static-analysis algorithms to recover information about the contents of memory locations and how they are manipulated by an executable. By combining these analyses with facilities provided by the IDAPro and CodeSurfer toolkits, we have created CodeSurfer/x86, a prototype tool for browsing, inspecting, and analyzing x86 executables. From an x86 executable, CodeSurfer/x86 recovers intermediate representations that are similar to what would be created by a compiler for a program written in a high-level language. CodeSurfer/x86 also supports a scripting language, as well as several kinds of sophisticated pattern-matching capabilities. These facilities provide a platform for the development of additional tools for analyzing the security properties of executables.