BAP: a binary analysis platform
David Brumley,Ivan Jager,Thanassis Avgerinos,Edward J. Schwartz +3 more
- 14 Jul 2011
- pp 463-469
TL;DR: BAP explicitly represents all side effects of instructions in an intermediate language (IL), making syntaxdirected analysis possible and used to routinely generate and solve verification conditions that are hundreds of megabytes in size and encompass 100,000's of assembly instructions.
read more
Abstract: BAP is a publicly available infrastructure for performing program verification and analysis tasks on binary (i.e., executable) code. In this paper, we describe BAP as well as lessons learned from previous incarnations of binary analysis platforms. BAP explicitly represents all side effects of instructions in an intermediate language (IL), making syntaxdirected analysis possible. We have used BAP to routinely generate and solve verification conditions that are hundreds of megabytes in size and encompass 100,000's of assembly instructions.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
S2E: a platform for in-vivo multi-path analysis of software systems
Vitaly Chipounov,Volodymyr Kuznetsov,George Candea +2 more
- 05 Mar 2011
TL;DR: S2E's use in developing practical tools for comprehensive performance profiling, reverse engineering of proprietary software, and bug finding for both kernel-mode and user-mode binaries is demonstrated.
Unleashing Mayhem on Binary Code
Sang Kil Cha,Thanassis Avgerinos,Alexandre Rebert,David Brumley +3 more
- 20 May 2012
TL;DR: This paper proposes two novel techniques: 1) hybrid symbolic execution for combining online and offline (concolic) execution to maximize the benefits of both techniques, and 2) index-based memory modeling, a technique that allows Mayhem to efficiently reason about symbolic memory at the binary level.
A Survey of Symbolic Execution Techniques
TL;DR: A survey of the main challenges, challenges, and solutions for symbolic execution can be found in this paper, where the authors provide an overview of main ideas, challenges and solutions developed in the area.
501
Program-Adaptive Mutational Fuzzing
Sang Kil Cha,Maverick Woo,David Brumley +2 more
- 17 May 2015
TL;DR: The design of an algorithm to maximize the number of bugs found for black-box mutational fuzzing given a program and a seed input is presented, and the result is promising: it finds an average of 38.6% more bugs than three previous fuzzers over 8 applications using the same amount of fuzzing time.
Enhancing symbolic execution with veritesting
Thanassis Avgerinos,Alexandre Rebert,Sang Kil Cha,David Brumley +3 more
- 31 May 2014
TL;DR: Veritesting allows MergePoint to find twice as many bugs, explore orders of magnitude more paths, and achieve higher code coverage than previous dynamic symbolic execution systems.
References
All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)
Edward J. Schwartz,Thanassis Avgerinos,David Brumley +2 more
- 16 May 2010
TL;DR: The algorithms for dynamic taint analysis and forward symbolic execution are described as extensions to the run-time semantics of a general language to highlight important implementation choices, common pitfalls, and considerations when using these techniques in a security context.
A decision procedure for bit-vectors and arrays
Vijay Ganesh,David L. Dill +1 more
- 03 Jul 2007
TL;DR: Experimental results indicate that the above mix of algorithms along with the overall architecture is far more effective, for a variety of applications, than a direct translation of the original formula to SAT or other comparable decision procedures.
TIE: Principled Reverse Engineering of Types in Binary Programs
JongHyup Lee,Thanassis Avgerinos,David Brumley +2 more
- 01 Feb 2011
TL;DR: Novel techniques for reverse engineering data type abstractions from binary programs are developed and a novel type reconstruction system based upon binary code analysis is developed that is both more accurate and more precise at recovering high-level types than existing mechanisms.
CodeSurfer/x86—A platform for analyzing x86 executables
Gogul Balakrishnan,Radu B. Gruian,Thomas Reps,Tim Teitelbaum +3 more
- 04 Apr 2005
TL;DR: CodeSurfer/x86 is a prototype system for analyzing x86 executables that uses a static-analysis algorithm called value-set analysis (VSA) to recover intermediate representations that are similar to those that a compiler creates for a program written in a high-level language.
Jakstab: A Static Analysis Platform for Binaries
Johannes Kinder,Helmut Veith +1 more
- 07 Jul 2008
TL;DR: This work presents their fully configurable binary analysis platform Jakstab, which resolves indirect branches by multiple rounds of disassembly interleaved with dataflow analysis, and demonstrates that this iterative disassembling strategy achieves better results than the state-of-the-art tool IDA Pro.
Related Papers (5)
Nicholas Nethercote,Julian Seward +1 more
- 10 Jun 2007
Leonardo de Moura,Nikolaj Bjørner +1 more
- 29 Mar 2008