Title :
Extracting safe and precise control flow from binaries
Author :
Theiling, Henrik
Author_Institution :
Saarlandes Univ., Saarbrucken, Germany
Abstract :
As a starting point for static program analysis, a control flow graph (CFG) is needed. If only the binary executable is available, this CFG has to be reconstructed from sequences of instructions. The usual way to do this is a top-down approach: the executable´s information about routines is used to split the sequence into routines, and then each instruction is analysed for branch targets in order to compute basic block boundaries. When analysing safety-critical real-time systems, safe and precise results are needed. The CFG that the analyses traverse has to satisfy the same safety and precision requirements, because the analyses inherit all deficiencies. In this paper, a bottom-up approach for CFG approximation is presented. It starts at a set of entry points and clusters the sequence of instructions into larger units like blocks and routines. In this way, the algorithm is able to account for uncertainties early enough to generate a safe CFG
Keywords :
flow graphs; program control structures; program diagnostics; real-time systems; safety-critical software; sequences; binary executables; block boundaries; bottom-up approach; branch targets; control flow graph; entry points; graph approximation; instruction blocks; instruction routines; instruction sequence clustering; safe precise control flow extraction; safety-critical real-time systems; static program analysis; uncertainties; Clustering algorithms; Computer aided instruction; Flow graphs; Information analysis; Performance analysis; Processor scheduling; Real time systems; Safety; Switches; Uncertainty;
Conference_Titel :
Real-Time Computing Systems and Applications, 2000. Proceedings. Seventh International Conference on
Conference_Location :
Cheju Island
Print_ISBN :
0-7695-0930-4
DOI :
10.1109/RTCSA.2000.896367
