Abstract
Analysis or verification of low-level code is useful for minimizing the disconnect between what is verified and what is actually executed and is necessary when source code is unavailable or is, say, intermingled with inline assembly. We present a modular framework for building pipelines of cooperating decompilers that gradually lift the level of the language to something appropriate for source-level tools. Each decompilation stage contains an abstract interpreter that encapsulates its findings about the program by translating the program into a higher-level intermediate language. We provide evidence for the modularity of this framework through the implementation of multiple decompilation pipelines for both x86 and MIPS assembly produced by gcc, gcj, and coolc (a compiler for a pedagogical Java-like language) that share several low-level components. Finally, we discuss our experimental results that apply the BLAST model checker for C and the Cqual analyzer to decompiled assembly.
This research was supported in part by the National Science Foundation under grants CCF-0524784, CCR-0234689, CNS-0509544, and CCR-0225610; and an NSF Graduate Research Fellowship.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aiken, A.: Cool: A portable project for teaching compiler construction. ACM SIGPLAN Notices 31(7), 19–24 (1996)
Alpern, B., Wegman, M.N., Zadeck, F.K.: Detecting equality of variables in programs. In: Principles of Programming Languages (POPL), pp. 1–11 (1988)
Appel, A.W.: Foundational proof-carrying code. In: Logic in Computer Science (LICS), pp. 247–258 (June 2001)
Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: Duesterwald, E. (ed.) CC 2004. LNCS, vol. 2985, pp. 5–23. Springer, Heidelberg (2004)
Balakrishnan, G., Reps, T., Kidd, N., Lal, A.K., Lim, J., Melski, D., Gruian, R., Yong, S., Chen, C.-H., Teitelbaum, T.: Model checking x86 executables with codeSurfer/x86 and WPDS++. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 158–163. Springer, Heidelberg (2005)
Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., M. Leino, K.R.: Boogie: A modular reusable verifier for object-oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006)
Chang, B.-Y.E., Chlipala, A., Necula, G.C.: A framework for certified program analysis and its applications to mobile-code safety. In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, pp. 174–189. Springer, Heidelberg (2005)
Chang, B.-Y.E., Chlipala, A., Necula, G.C., Schneck, R.R.: Type-based verification of assembly language for compiler debugging. In: Types in Language Design and Implementation (TLDI), pp. 91–102 (2005)
Chang, B.-Y.E., Harren, M., Necula, G.C.: Analysis of low-level code using cooperating decompilers. Technical Report EECS-2006-86, UC Berkeley (2006)
Cifuentes, C., Simon, D., Fraboulet, A.: Assembly to high-level language translation. In: Software Maintenance (ICSM), pp. 228–237 (1998)
Codish, M., Mulkers, A., Bruynooghe, M., de la Banda, M.J.G., Hermenegildo, M.V.: Improving abstract interpretations by combining domains. ACM Trans. Program. Lang. Syst. 17(1), 28–44 (1995)
Colby, C., Lee, P., Necula, G.C., Blau, F., Plesko, M., Cline, K.: A certifying compiler for Java. In: Programming Language Design and Implementation (PLDI), pp. 95–107 (2000)
Cortesi, A., Charlier, B.L., Hentenryck, P.V.: Combinations of abstract domains for logic programming. In: Principles of Programming Languages (POPL), pp. 227–239 (1994)
Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Principles of Programming Languages (POPL), pp. 234–252 (1977)
Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Principles of Programming Languages (POPL), pp. 269–282 (1979)
Cousot, P., Cousot, R.: Systematic design of program transformation frameworks by abstract interpretation. In: Principles of Programming Languages (POPL), pp. 178–190 (2002)
Foster, J., Terauchi, T., Aiken, A.: Flow-sensitive type qualifiers. In: Programming Language Design and Implementation (PLDI), pp. 1–12 (2002)
Henzinger, T.A., Jhala, R., Majumdar, R., Necula, G.C., Sutre, G., Weimer, W.: Temporal-safety proofs for systems code. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 526–538. Springer, Heidelberg (2002)
IDA Pro disassembler, http://www.datarescue.com/idabase
Johnson, R., Wagner, D.: Finding user/kernel pointer bugs with type inference. In: USENIX Security Symposium, pp. 119–134 (2004)
Lerner, S., Grove, D., Chambers, C.: Composing dataflow analyses and transformations. In: Principles of Programming Languages (POPL), pp. 270–282 (2002)
Lindholm, T., Yellin, F.: The Java Virtual Machine Specification. The Java Series. Addison-Wesley, Reading (1997)
Morrisett, J.G., Walker, D., Crary, K., Glew, N.: From system F to typed assembly language. ACM Trans. Program. Lang. Syst. 21(3), 527–568 (1999)
Mycroft, A.: Type-based decompilation. In: Swierstra, S.D. (ed.) ESOP 1999. LNCS, vol. 1576, p. 208. Springer, Heidelberg (1999)
Necula, G.C.: Proof-carrying code. In: Principles of Programming Languages (POPL), pp. 106–119 (January 1997)
Rival, X.: Abstract interpretation-based certification of assembly code. In: Zuck, L.D., Attie, P.C., Cortesi, A., Mukhopadhyay, S. (eds.) VMCAI 2003. LNCS, vol. 2575, pp. 41–55. Springer, Heidelberg (2002)
Tröger, J., Cifuentes, C.: Analysis of virtual method invocation for binary translation. In: Reverse Engineering (WCRE), pp. 65–74 (2002)
Vallée-Rai, R., Co, P., Gagnon, E., Hendren, L.J., Lam, P., Sundaresan, V.: Soot - a Java bytecode optimization framework. In: Centre for Advanced Studies on Collaborative Research (CASCON), p. 13 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chang, BY.E., Harren, M., Necula, G.C. (2006). Analysis of Low-Level Code Using Cooperating Decompilers. In: Yi, K. (eds) Static Analysis. SAS 2006. Lecture Notes in Computer Science, vol 4134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11823230_21
Download citation
DOI: https://doi.org/10.1007/11823230_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-37756-6
Online ISBN: 978-3-540-37758-0
eBook Packages: Computer ScienceComputer Science (R0)