Graph-Based Algorithms for Boolean Function Manipulation
IEEE Transactions on Computers
Superoptimizer: a look at the smallest program
ASPLOS II Proceedings of the second international conference on Architectual support for programming languages and operating systems
PLDI '89 Proceedings of the ACM SIGPLAN 1989 Conference on Programming language design and implementation
Implicit and incremental computation of primes and essential primes of Boolean functions
DAC '92 Proceedings of the 29th ACM/IEEE Design Automation Conference
Automatic generation and management of interprocedural program analyses
POPL '93 Proceedings of the 20th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
A high-performance microarchitecture with hardware-programmable functional units
MICRO 27 Proceedings of the 27th annual international symposium on Microarchitecture
A flexible architecture for building data flow analyzers
Proceedings of the 18th international conference on Software engineering
Reverse interpretation + mutation analysis = automatic retargeting
Proceedings of the ACM SIGPLAN 1997 conference on Programming language design and implementation
Alias analysis of executable code
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Safety checking of machine code
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Bidwidth analysis with application to silicon compilation
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Postpass Code Optimization of Pipeline Constraints
ACM Transactions on Programming Languages and Systems (TOPLAS)
System architecture directions for networked sensors
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Static checking of interrupt-driven software
ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
Composing dataflow analyses and transformations
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Automatic discovery of linear restraints among variables of a program
POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Improving the Results of Static Analyses Programs by Local Decreasing Iteration
Proceedings of the 12th Conference on Foundations of Software Technology and Theoretical Computer Science
Machine Descriptions to Build Tools for Embedded Systems
LCTES '98 Proceedings of the ACM SIGPLAN Workshop on Languages, Compilers, and Tools for Embedded Systems
Reverse-Engineering Instruction Encodings
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
RTAS '99 Proceedings of the Fifth IEEE Real-Time Technology and Applications Symposium
WCRE '01 Proceedings of the Eighth Working Conference on Reverse Engineering (WCRE'01)
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
Symbolic transfer function-based approaches to certified compilation
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Eliminating stack overflow by abstract interpretation
ACM Transactions on Embedded Computing Systems (TECS)
Deriving abstract transfer functions for analyzing embedded software
Proceedings of the 2006 ACM SIGPLAN/SIGBED conference on Language, compilers, and tool support for embedded systems
Abstractions for safe concurrent programming in networked embedded systems
Proceedings of the 4th international conference on Embedded networked sensor systems
Automatic inference of optimizer flow functions from semantic meanings
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Automatic abstraction for intervals using Boolean formulae
SAS'10 Proceedings of the 17th international conference on Static analysis
Range analysis of microcontroller code using bit-level congruences
FMICS'10 Proceedings of the 15th international conference on Formal methods for industrial critical systems
Counterexample-guided abstraction refinement for PLCs
SSV'10 Proceedings of the 5th international conference on Systems software verification
Transfer function synthesis without quantifier elimination
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
Precise control flow reconstruction using boolean logic
EMSOFT '11 Proceedings of the ninth ACM international conference on Embedded software
Automated synthesis of symbolic instruction encodings from I/O samples
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Bilateral algorithms for symbolic abstraction
SAS'12 Proceedings of the 19th international conference on Static Analysis
TSL: A System for Generating Abstract Interpreters and its Application to Machine-Code Analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
Abstract interpretation of microcontroller code: Intervals meet congruences
Science of Computer Programming
| Hi-index | 0.00 |
Embedded software must meet conflicting requirements such as be-ing highly reliable, running on resource-constrained platforms, and being developed rapidly. Static program analysis can help meet all of these goals. People developing analyzers for embedded object code face a difficult problem: writing an abstract version of each instruction in the target architecture(s). This is currently done by hand, resulting in abstract operations that are both buggy and im-precise. We have developed Hoist: a novel system that solves these problems by automatically constructing abstract operations using a microprocessor (or simulator) as its own specification. With almost no input from a human, Hoist generates a collection of C func-tions that are ready to be linked into an abstract interpreter. We demonstrate that Hoist generates abstract operations that are cor-rect, having been extensively tested, sufficiently fast, and substan-tially more precise than manually written abstract operations. Hoist is currently limited to eight-bit machines due to costs exponential in the word size of the target architecture. It is essential to be able to analyze software running on these small processors: they are important and ubiquitous, with many embedded and safety-critical systems being based on them.