POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Generic control flow reconstruction from assembly code
Proceedings of the joint conference on Languages, compilers and tools for embedded systems: software and compilers for embedded systems
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Link-time binary rewriting techniques for program compaction
ACM Transactions on Programming Languages and Systems (TOPLAS)
BIRD: Binary Interpretation using Runtime Disassembly
Proceedings of the International Symposium on Code Generation and Optimization
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Jakstab: A Static Analysis Platform for Binaries
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries
VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Refinement-based CFG reconstruction from unstructured programs
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
S2E: a platform for in-vivo multi-path analysis of software systems
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
Precise static analysis of untrusted driver binaries
Proceedings of the 2010 Conference on Formal Methods in Computer-Aided Design
Statically-directed dynamic automated test generation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Analysis of low-level code using cooperating decompilers
SAS'06 Proceedings of the 13th international conference on Static Analysis
Directed proof generation for machine code
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
BinSlayer: accurate comparison of binary executables
PPREW '13 Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop
Hi-index | 0.00 |
Unresolved indirect branch instructions are a major obstacle for statically reconstructing a control flow graph (CFG) from machine code. If static analysis cannot compute a precise set of possible targets for a branch, the necessary conservative over-approximation introduces a large amount of spurious edges, leading to even more imprecision and a degenerate CFG. In this paper, we propose to leverage under-approximation to handle this problem. We provide an abstract interpretation framework for control flow reconstruction that alternates between over- and under-approximation. Effectively, the framework imposes additional preconditions on the program on demand, allowing to avoid conservative over-approximation of indirect branches. We give an example instantiation of our framework using dynamically observed execution traces and constant propagation. We report preliminary experimental results confirming that our alternating analysis yields CFGs closer to the concrete CFG than pure over- or under-approximation.