Our experiments (see Fig. 1) were run on a single core of a single-processor quad-core 3.0 GHz Xeon computer running Windows XP, configured so that a user process has 4 GB of memory. They were designed to test various aspects of a DPG algorithm and to handle various intricacies that arise in machine code (some of which are not visible in source code). We compiled the programs with Visual Studio 8.0, and ran MCVETO on the resulting object files (without using symbol-table information). 4 The examplesex5,ex6, andex8 are from the NECLA Static Analysis Benchmarks. The examples barber,berkeley,cars,efm are multi-procedure versions of the larger examples on which SYNERGY  was tested. (SYNERGY was tested using single-procedure versions only.) Instraliasing illustrates the ability to handle instruction aliasing. (The instruction count for this example was obtained via static disassembly, and hence is only approximate.) Smc1 illustrates the ability of MCVETO to handle self-modifying code. Underflow is taken from a DHS tutorial on security vulnerabilities. It illustrates a strncpy vulnerability. The examples are small, but challenging. They demonstrate MCVETO’s ability to reason automatically about low-level details of machine code using a sequence of sound abstractions. The question of whether the cost of soundness is inherent, or whether there is some way that the well-behavedness of (most) code could be exploited to make the analysis scale better is left for future research
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.