A System for Generating Static Analyzers for Machine Instructions

There is growing interest in analyzing executables to look for bugs and security vulnerabilities. This paper describes the design and implementation of a language for describing the semantics of an instruction set, along with a run-time system to support the static analysis of executables written in that instruction set. The work advances the state of the art by creating multiple analysis phases from a specification of the concrete operational semantics of the language to be analyzed. By exploiting this powerful infrastructure for creating analysis components, it will be possibly for recently developed analysis techniques for analyzing executables to be applied more broadly, to executables written in a variety of instructions sets