Skip to main content
SpringerLink
Log in

Analysis of Low-Level Code Using Cooperating Decompilers

  • Conference paper
Static Analysis (SAS 2006)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 4134))

Included in the following conference series:

Abstract

Analysis or verification of low-level code is useful for minimizing the disconnect between what is verified and what is actually executed and is necessary when source code is unavailable or is, say, intermingled with inline assembly. We present a modular framework for building pipelines of cooperating decompilers that gradually lift the level of the language to something appropriate for source-level tools. Each decompilation stage contains an abstract interpreter that encapsulates its findings about the program by translating the program into a higher-level intermediate language. We provide evidence for the modularity of this framework through the implementation of multiple decompilation pipelines for both x86 and MIPS assembly produced by gcc, gcj, and coolc (a compiler for a pedagogical Java-like language) that share several low-level components. Finally, we discuss our experimental results that apply the BLAST model checker for C and the Cqual analyzer to decompiled assembly.

This research was supported in part by the National Science Foundation under grants CCF-0524784, CCR-0234689, CNS-0509544, and CCR-0225610; and an NSF Graduate Research Fellowship.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aiken, A.: Cool: A portable project for teaching compiler construction. ACM SIGPLAN Notices 31(7), 19–24 (1996)

    Article  Google Scholar 

  2. Alpern, B., Wegman, M.N., Zadeck, F.K.: Detecting equality of variables in programs. In: Principles of Programming Languages (POPL), pp. 1–11 (1988)

    Google Scholar 

  3. Appel, A.W.: Foundational proof-carrying code. In: Logic in Computer Science (LICS), pp. 247–258 (June 2001)

    Google Scholar 

  4. Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: Duesterwald, E. (ed.) CC 2004. LNCS, vol. 2985, pp. 5–23. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  5. Balakrishnan, G., Reps, T., Kidd, N., Lal, A.K., Lim, J., Melski, D., Gruian, R., Yong, S., Chen, C.-H., Teitelbaum, T.: Model checking x86 executables with codeSurfer/x86 and WPDS++. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 158–163. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  6. Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., M. Leino, K.R.: Boogie: A modular reusable verifier for object-oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  7. Chang, B.-Y.E., Chlipala, A., Necula, G.C.: A framework for certified program analysis and its applications to mobile-code safety. In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, pp. 174–189. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  8. Chang, B.-Y.E., Chlipala, A., Necula, G.C., Schneck, R.R.: Type-based verification of assembly language for compiler debugging. In: Types in Language Design and Implementation (TLDI), pp. 91–102 (2005)

    Google Scholar 

  9. Chang, B.-Y.E., Harren, M., Necula, G.C.: Analysis of low-level code using cooperating decompilers. Technical Report EECS-2006-86, UC Berkeley (2006)

    Google Scholar 

  10. Cifuentes, C., Simon, D., Fraboulet, A.: Assembly to high-level language translation. In: Software Maintenance (ICSM), pp. 228–237 (1998)

    Google Scholar 

  11. Codish, M., Mulkers, A., Bruynooghe, M., de la Banda, M.J.G., Hermenegildo, M.V.: Improving abstract interpretations by combining domains. ACM Trans. Program. Lang. Syst. 17(1), 28–44 (1995)

    Article  Google Scholar 

  12. Colby, C., Lee, P., Necula, G.C., Blau, F., Plesko, M., Cline, K.: A certifying compiler for Java. In: Programming Language Design and Implementation (PLDI), pp. 95–107 (2000)

    Google Scholar 

  13. Cortesi, A., Charlier, B.L., Hentenryck, P.V.: Combinations of abstract domains for logic programming. In: Principles of Programming Languages (POPL), pp. 227–239 (1994)

    Google Scholar 

  14. Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Principles of Programming Languages (POPL), pp. 234–252 (1977)

    Google Scholar 

  15. Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Principles of Programming Languages (POPL), pp. 269–282 (1979)

    Google Scholar 

  16. Cousot, P., Cousot, R.: Systematic design of program transformation frameworks by abstract interpretation. In: Principles of Programming Languages (POPL), pp. 178–190 (2002)

    Google Scholar 

  17. Foster, J., Terauchi, T., Aiken, A.: Flow-sensitive type qualifiers. In: Programming Language Design and Implementation (PLDI), pp. 1–12 (2002)

    Google Scholar 

  18. Henzinger, T.A., Jhala, R., Majumdar, R., Necula, G.C., Sutre, G., Weimer, W.: Temporal-safety proofs for systems code. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 526–538. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  19. IDA Pro disassembler, http://www.datarescue.com/idabase

  20. Johnson, R., Wagner, D.: Finding user/kernel pointer bugs with type inference. In: USENIX Security Symposium, pp. 119–134 (2004)

    Google Scholar 

  21. Lerner, S., Grove, D., Chambers, C.: Composing dataflow analyses and transformations. In: Principles of Programming Languages (POPL), pp. 270–282 (2002)

    Google Scholar 

  22. Lindholm, T., Yellin, F.: The Java Virtual Machine Specification. The Java Series. Addison-Wesley, Reading (1997)

    Google Scholar 

  23. Morrisett, J.G., Walker, D., Crary, K., Glew, N.: From system F to typed assembly language. ACM Trans. Program. Lang. Syst. 21(3), 527–568 (1999)

    Article  Google Scholar 

  24. Mycroft, A.: Type-based decompilation. In: Swierstra, S.D. (ed.) ESOP 1999. LNCS, vol. 1576, p. 208. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  25. Necula, G.C.: Proof-carrying code. In: Principles of Programming Languages (POPL), pp. 106–119 (January 1997)

    Google Scholar 

  26. Rival, X.: Abstract interpretation-based certification of assembly code. In: Zuck, L.D., Attie, P.C., Cortesi, A., Mukhopadhyay, S. (eds.) VMCAI 2003. LNCS, vol. 2575, pp. 41–55. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  27. Tröger, J., Cifuentes, C.: Analysis of virtual method invocation for binary translation. In: Reverse Engineering (WCRE), pp. 65–74 (2002)

    Google Scholar 

  28. Vallée-Rai, R., Co, P., Gagnon, E., Hendren, L.J., Lam, P., Sundaresan, V.: Soot - a Java bytecode optimization framework. In: Centre for Advanced Studies on Collaborative Research (CASCON), p. 13 (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of California, Berkeley, California, USA

    Bor-Yuh Evan Chang, Matthew Harren & George C. Necula

Authors
  1. Bor-Yuh Evan Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Matthew Harren
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. George C. Necula
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Seoul National University, P.O. Box, Korea

    Kwangkeun Yi

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chang, BY.E., Harren, M., Necula, G.C. (2006). Analysis of Low-Level Code Using Cooperating Decompilers. In: Yi, K. (eds) Static Analysis. SAS 2006. Lecture Notes in Computer Science, vol 4134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11823230_21

Download citation

  • DOI: https://doi.org/10.1007/11823230_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-37756-6

  • Online ISBN: 978-3-540-37758-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation