Journal of Computer and System Sciences
Reverse-Engineering Instruction Encodings
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
HOIST: a system for automatically deriving static analyzers for embedded systems
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Programming by sketching for bit-streaming programs
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Deriving abstract transfer functions for analyzing embedded software
Proceedings of the 2006 ACM SIGPLAN/SIGBED conference on Language, compilers, and tool support for embedded systems
Modular development of certified program verifiers with a proof assistant
Proceedings of the eleventh ACM SIGPLAN international conference on Functional programming
Combinatorial sketching for finite programs
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
EMSOFT '08 Proceedings of the 8th ACM international conference on Embedded software
The semantics of x86-CC multiprocessor machine code
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Synthesizing Switching Logic Using Constraint Solving
VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Proceedings of the eighteenth international symposium on Software testing and analysis
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Oracle-guided component-based program synthesis
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Proceedings of the 19th international symposium on Software testing and analysis
Testing system virtual machines
Proceedings of the 19th international symposium on Software testing and analysis
Dynamic test generation to find integer bugs in x86 binary linux programs
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
A simple inductive synthesis methodology and its applications
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Switching logic synthesis for reachability
EMSOFT '10 Proceedings of the tenth ACM international conference on Embedded software
Automating string processing in spreadsheets using input-output examples
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Synthesizing geometry constructions
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
BAP: a binary analysis platform
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Optimizing database-backed applications with query synthesis
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
An orchestrated survey of methodologies for automated software test case generation
Journal of Systems and Software
Data-driven equivalence checking
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
Hi-index | 0.00 |
Symbolic execution is a key component of precise binary program analysis tools. We discuss how to automatically boot-strap the construction of a symbolic execution engine for a processor instruction set such as x86, x64 or ARM. We show how to automatically synthesize symbolic representations of individual processor instructions from input/output examples and express them as bit-vector constraints. We present and compare various synthesis algorithms and instruction sampling strategies. We introduce a new synthesis algorithm based on smart sampling which we show is one to two orders of magnitude faster than previous synthesis algorithms in our context. With this new algorithm, we can automatically synthesize bit-vector circuits for over 500 x86 instructions (8/16/32-bits, outputs, EFLAGS) using only 6 synthesis templates and in less than two hours using the Z3 SMT solver on a regular machine. During this work, we also discovered several inconsistencies across x86 processors, errors in the x86 Intel spec, and several bugs in previous manually-written x86 instruction handlers.