Signedness-Agnostic Program Analysis: Precise Integer Bounds for Low-Level Code.

We show how program analysis can simultaneously consider each bit-string to be both signed and unsigned, thus improving precision, and we implement the idea for the specific case of integer bounds analysis ... Many compilers target common back-ends, thereby avoiding the need to implement the same analyses for many different source languages. This has led to interest in static analysis of LLVM code. ... We thank Fernando Pereira, Victor Campos, Douglas do Couto, and Igor Rafael for fruitful discussions and for making their LLVM SSI construction pass available. ...

doi:10.1007/978-3-642-35182-2_9 fatcat:pqdnbt7phfbxjk7tuf6rh7uray

We present a novel integer interval abstract domain that correctly handles wrap-around. The analysis is signedness agnostic. ... Yet much work to date on program analysis and verification of integer computations treats integers as having infinite precision, and most analyses that do respect fixed width lose precision when overflow ... ACKNOWLEDGMENTS We would like to thank John Regehr, Jie Liu, Douglas Teixeira and Fernando Pereira for helpful discussions about interval analysis and LLVM. ...

doi:10.1145/2651360 fatcat:xwhuupxo5jcvfezmxildkmime4

This paper presents an abstract interpretation-based bound inference approach along with symbolic analysis for Whiley programs. ... The bound analysis results provide conservative estimates of the ranges of integer variables and array sizes so that efficient code can be generated and integer overflows avoided. ... Acknowledgement Thanks for Dr. David J. Pearce's technical support and to Google for some funding support for this project via a grant to Dr Utting. ...

doi:10.1016/j.entcs.2016.01.005 fatcat:qjp7rhd3svcdhj2qurbveq5rpu

Open Access

The lack of high-level, semantically rich information about data structures and control constructs makes the analysis of program properties harder to scale. ... However, the importance of binary analysis is on the rise. In many situations binary analysis is the only possible way to prove (or disprove) properties about the code that is actually executed. ... Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. ...

doi:10.1109/sp.2016.17 dblp:conf/sp/Shoshitaishvili16 fatcat:dw3axxn4mbczjmhpwhwd5jnfe4

In the context of fixed-precision integers, as used in assembly languages for example, the use of classical difference logic is unsound. ... Difference logic is commonly used in program verification and analysis. ... We wish to improve static analysis techniques for low-level programming languages that use w-bit fixed-precision integers, that is, we are interested in the particular case m " 2 w . ...

doi:10.1007/978-3-642-38574-2_15 fatcat:xjv5qppofvahdjoodlsjr6shfm

An important reason for this brokenness is that much of language design is implementation-driven. ... The problem is only getting worse with programming languages proliferating and hardware becoming more complicated. ... Integers do not have signedness, but concrete operations, including UDIV and SDIV, may treat integer operands as signed or unsigned. ...

doi:10.4230/lipics.snapl.2015.321 dblp:conf/snapl/WangLBNH15 fatcat:7l56h52odzc5fcv2kk2fjenbwy

Memory corruption bugs in software written in low-level languages like C or C++ are one of the oldest problems in computer security. ... Especially important is performance, as experience shows that only solutions whose overhead is in reasonable bounds get deployed. ... Sekar, Stephen McCamant, and Dan Caselden for their insightful reviews, helpful comments and proofreading. ...

doi:10.1109/sp.2013.13 dblp:conf/sp/SzekeresPWS13 fatcat:slxnjwdqhrcx3crwc7dtjyxpqq

Code reuse attacks such as return-oriented programming (ROP) have become prevalent techniques to exploit memory corruption vulnerabilities in software programs. ... We demonstrate that many of these defenses that do not consider object-oriented C++ semantics precisely can be generically bypassed in practice. ... ACKNOWLEDGMENT We thank the anonymous reviewers and Herbert Bos for their constructive comments that guided the final version of this paper. ...

doi:10.1109/sp.2015.51 dblp:conf/sp/SchusterTLDSH15 fatcat:zokjzurkevaw3jnliawvwlzaki

Besides the successful static analysis of smaller eWASM contracts, the work also represents a stepping stone for future work in this area. ... Ethereum is such a cryptocurrency platform, which supports the execution of programs, called smart contracts, on its blockchain. ... WASM is a portable and low-level bytecode, intended mainly as compilation target for higher-languages. ...

doi:10.34726/hss.2019.72720 fatcat:2idjm7lt6vg6vcs2r3h6stphfe

Diese Arbeit ist in englischer Sprache verfasst. i Abstract Applicable and Sound Polyhedral Optimization of Low-Level Programs by Johannes Rudolf Doerfert Compiler Design Lab Saarland University Computers ... While it is widely acknowledged for its analytical powers and transformation capabilities, it is also widely assumed to be too restrictive and fragile for real-world programs. ... and optimizations for polyhedral model based tools on low-level programs. ...

doi:10.22028/d291-29814 fatcat:umymkehqoff4bhxsmbta4ohvrq

In this dissertation, we argue that automatic code reuse detection enables an efficient data reduction of a high volume of incoming malware for downstream analysis and enhances software security by efficiently ... In order to demonstrate the benefits of automatic software similarity detection, we discuss two representative problems that are remedied by scalable analysis: malware triage and unpatched code clone detection ... Listing 6.13 shows an example of an unpatched code clone that is present but not vulnerable. The patch fixes an integer signedness bug in various BSD kernels. ...

doi:10.1184/r1/6721400.v1 fatcat:symltpk725f4xjuy2f3c5rpi54

This research was supported by the Chair for Operating Systems at RWTH Aachen University. ... The authors like to thank Christian Ferdinand, Michael Schmidt and the anonymous reviewers for their valuable comments. Acknowledgments. ... The input is the program to analyse, more precisely its binary code required for low-level analyses. Its source code can be useful for path analyses. ...

doi:10.4230/oasics.wcet.2015 fatcat:6qmphddzvrgs3c3547ukedj6am

Open Access

An important reason for this brokenness is that much of language design is implementation-driven. ... The problem is only getting worse with programming languages proliferating and hardware becoming more complicated. ... Integers do not have signedness, but concrete operations, including UDIV and SDIV, may treat integer operands as signed or unsigned. ...

fatcat:nx52fv2rhfhsbacfgkvpc2era4

To this end, we begin with libdft, a DFT framework for COTS binaries running atop commodity OSes and we then introduce two major optimization approaches based on statically and dynamically analyzing program ... We then apply classic compiler optimizations to eliminate redundant tracking logic and minimize interference with the target program. ... This calls for an approach that would widen the scope of analysis by restoring higher-level program semantics (e.g., function or CFG) not limited to an instruction level analysis. ...

doi:10.7916/d8mg7p9d fatcat:mof2c5wdwrbcpjwogdpuqpirbi

Existing language development platforms have failed to provide the right level of abstraction, and forced implementers to reinvent low-level mechanisms in order to obtain performance. ... This low-level mechanism underpins run-time feedback-directed optimisation, which is key to the efficient implementation of dynamic languages. ... In fact, most operations (such as ADD and XOR) are sign-agnostic, and the only operations involving signedness are sign extensions and the conversion between integers and floating point numbers. ...

doi:10.25911/5d612129114fa fatcat:tdr7733oqzfkhg26iyzmzrrzg4

Signedness-Agnostic Program Analysis: Precise Integer Bounds for Low-Level Code [chapter]

Preserved Fulltext

Interval Analysis and Machine Arithmetic

Preserved Fulltext

Bound Analysis for Whiley Programs

Preserved Fulltext

SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis

Preserved Fulltext

Solving Difference Constraints over Modular Arithmetic [chapter]

Preserved Fulltext

Draining the Swamp: Micro Virtual Machines as Solid Foundation for Language Development

Preserved Fulltext

SoK: Eternal War in Memory

Preserved Fulltext

Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications

Preserved Fulltext

Static analysis of eWASM contracts

Preserved Fulltext

Applicable and sound polyhedral optimization of low-level programs [article]

Preserved Fulltext

Scaling Software Security Analysis to Millions of Malicious Programs and Billions of Lines of Code

Preserved Fulltext

OASIcs, Volume 47, WCET'15, Complete Volume [article]

Preserved Fulltext

Draining the Swamp: Micro Virtual Machines as Solid Foundation for Language Development

Preserved Fulltext

On Efficiency and Accuracy of Data Flow Tracking Systems

Preserved Fulltext

Micro Virtual Machines: A Solid Foundation for Managed Language Implementation [article]

Preserved Fulltext