Search
Now showing items 1-5 of 5
PostHat and All That: Attaining Most-Precise Inductive Invariants
(2013-04-16)
In abstract interpretation, the choice of an abstract domain fixes a
limit on the precision of the inductive invariants that one can
express; however, for a given abstract domain A, there is a
most-precise (``strongest'', ...
An Abstract Domain for Bit-Vector Inequalities
(University of Wisconsin-Madison Department of Computer Sciences, 2013-04-16)
This paper advances the state of the art in abstract interpretation of
machine code. It tackles two of the biggest challenges in machine-code
analysis: (1) holding onto invariants about values in memory, and
(2) identifying ...
Software-Architecture Recovery from Machine Code
(2013-03-13)
In this paper, we present a tool, called Lego, which recovers object-oriented software architecture from stripped binaries. Lego takes a stripped binary as input, and uses information obtained from dynamic analysis to (i) ...
Slicing Machine Code
(2015-10-07)
Machine-code slicing is an important primitive for building binary analysis and rewriting tools, such as taint trackers, fault localizers, and partial evaluators. However, it is not easy to create a machine-code slicer ...
Partial Evaluation of Machine Code
(2015-08-21)
This paper presents an algorithm for off-line partial evaluation of machine code. The algorithm follows the classical two-phase approach of binding-time analysis (BTA) followed by specialization. However, machine-code ...