An efficient, parametric fixpoint algorithm for analysis of java bytecode

Abstract interpretation has been widely used for the analysis of object-oriented languages and, in particular, Java source and bytecode. However, while most existing work deals with the problem of flnding expressive abstract domains that track accurately the characteristics of a particular concrete property, the underlying flxpoint algorithms have received comparatively less attention. In fact, many existing (abstract interpretation based—) flxpoint algorithms rely on relatively inefHcient techniques for solving inter-procedural caligraphs or are speciflc and tied to particular analyses. We also argüe that the design of an efficient fixpoint algorithm is pivotal to supporting the analysis of large programs. In this paper we introduce a novel algorithm for analysis of Java bytecode which includes a number of optimizations in order to reduce the number of iterations. The algorithm is parametric -in the sense that it is independent of the abstract domain used and it can be applied to different domains as "plug-ins"-, multivariant, and flow-sensitive. Also, is based on a program transformation, prior to the analysis, that results in a highly uniform representation of all the features in the language and therefore simplifies analysis. Detailed descriptions of decompilation solutions are given and discussed with an example. We also provide some performance data from a preliminary implementation of the analysis

Development of a Translator from LLVM to ACL2

In our current work a library of formally verified software components is to be created, and assembled, using the Low-Level Virtual Machine (LLVM) intermediate form, into subsystems whose top-level assurance relies on the assurance of the individual components. We have thus undertaken a project to build a translator from LLVM to the applicative subset of Common Lisp accepted by the ACL2 theorem prover. Our translator produces executable ACL2 formal models, allowing us to both prove theorems about the translated models as well as validate those models by testing. The resulting models can be translated and certified without user intervention, even for code with loops, thanks to the use of the def::ung macro which allows us to defer the question of termination. Initial measurements of concrete execution for translated LLVM functions indicate that performance is nearly 2.4 million LLVM instructions per second on a typical laptop computer. In this paper we overview the translation process and illustrate the translator's capabilities by way of a concrete example, including both a functional correctness theorem as well as a validation test for that example.Comment: In Proceedings ACL2 2014, arXiv:1406.123

The Duty to license software in a dominant market position : the essential facility doctrine

Tutkielma käsittelee tietokoneohjelmistojen pakkolisensiointia määräävässä markkina-asemassa. Tutkielman erityisenä näkökulmana aiheeseen on se, onko Euroopan unionin oikeuden mukaan tietokoneohjelmistojen pakkolisensiointi määräävässä markkina-asemassa mahdollista ja jos on, niin mitkä tekijät vaikuttavat immateriaalioikeuksien pakkolisensiointivelvoitteeseen. Tutkielma jakautuu viiteen pääjaksoon, joista ensimmäisessä esitellään tutkimusongelma sekä tutkielman rakenne tarkemmin. Toisessa pääjaksossa kuvataan yleisellä tasolla tekijänoikeuden pääperiaatteita, tietokoneohjelmistojen tekijänoikeussuojaa sekä tietokoneohjelmistoihin liittyviä erityispiirteitä että ilmiöitä. Kolmas jakso sisältää kuvauksen määräävän markkina-aseman väärinkäytöstä Euroopan unionin toiminnasta tehdyn sopimuksen 102 artiklan mukaan. Neljäs pääjakso käsittelee pakkolisensiointia määräävässä markkina-asemassa. Jakso jakaantuu neljään alajaksoon, joista ensimmäisessä alajaksossa tarkastellaan immateriaalioikeuden ja kilpailuoikeuden vastakkainasettelua. Toinen alajakso sisältää kuvauksen niin sanotusta olennainen toimintaedellytys-opista (”the essential facility doctrine”) sekä siitä, kuinka immateriaalioikeuteen liittyvät tapaukset tulisi tulkita tämän opin mukaan. Kolmannessa alajaksossa tarkastellaan Euroopan unionin oikeuskäytäntöä ja sitä kuinka olennainen toimintaedellytys-oppi on kehittynyt oikeuskäytännössä immateriaalioikeuksien osalta. Neljäs alajakso sisältää erityisiä huomioita pakkolisensioinnista, kun kyseessä ovat immateriaalioikeudet. Tutkielman viides ja viimeinen pääjakso sisältää johtopäätelmän siitä, voidaanko määräävässä markkina-asemassa oleva yhtiö velvoittaa myöntämään lisenssi tietokoneohjelmistoonsa sekä esitetään joitakin aiheeseen liittyviä avoimia kysymyksiä jatkotutkimusten kannalta. Tutkimuksessa käydään läpi aiheeseen liittyvää lainsäädäntöä ja oikeuskäytäntöä sekä aiheesta tuotettua oikeustieteellistä kirjallisuutta, joiden perusteella pyritään tulkitsemaan millä edellytyksin immateriaalioikeuksia voidaan pakkolisensioida. Tutkimuksen mukaan olemassa olevan oikeuskäytännön valossa määräävässä markkina-asemassa oleva yhtiö voidaan velvoittaa lisensioimaan tietokoneohjelmistoja tiettyjen edellytysten täyttyessä

A Human-Centric Approach For Binary Code Decompilation

Many security techniques have been developed both in academia and industry to analyze source code, including methods to discover bugs, apply taint tracking, or find vulnerabilities. These source-based techniques leverage the wealth of high-level abstractions available in the source code to achieve good precision and efficiency. Unfortunately, these methods cannot be applied directly on binary code which lacks such abstractions. In security, there are many scenarios where analysts only have access to the compiled version of a program. When compiled, all high-level abstractions, such as variables, types, and functions, are removed from the final version of the program that security analysts have access to. This dissertation investigates novel methods to recover abstractions from binary code. First, a novel pattern-independent control flow structuring algorithm is presented to recover high-level control-flow abstractions from binary code. Unlike existing structural analysis algorithms which produce unstructured code with many goto statements, our algorithm produces fully-structured goto-free decompiled code. We implemented this algorithm in a decompiler called DREAM. Second, we develop three categories of code optimizations in order to simplify the decompiled code and increase readability. These categories are expression simplification, control-flow simplification and semantics-aware naming. We have implemented our usability extensions on top of DREAM and call this extended version DREAM++. We conducted the first user study to evaluate the quality of decompilers for malware analysis. We have chosen malware since it represents one of the most challenging cases for binary code analysis. The study included six reverse engineering tasks of real malware samples that we obtained from independent malware experts. We evaluated three decompilers: the leading industry decompiler Hex-Rays and both versions of our decompiler DREAM and DREAM++. The results of our study show that our improved decompiler DREAM++ produced significantly more understandable code that outperforms both Hex-Rays and DREAM. Using DREAM++participants solved 3 times more tasks than when using Hex-Rays and 2 times more tasks than when using DREAM. Moreover, participants rated DREAM++ significantly higher than the competition

A Symmetric Approach to Compilation and Decompilation

Just as specializing a source interpreter can achieve compilation from a source language to a target language, we observe that specializing a target interpreter can achieve compilation from the target language to the source language. In both cases, the key issue is the choice of whether to perform an evaluation or to emit code that represents this evaluation. We substantiate this observation by specializing two source interpreters and two target interpreters. We first consider a source language of arithmetic expressions and a target language for a stack machine, and then the lambda-calculus and the SECD-machine language. In each case, we prove that the target-to-source compiler is a left inverse of the source-to-target compiler, i.e., it is a decompiler. In the context of partial evaluation, compilation by source-interpreter specialization is classically referred to as a Futamura projection. By symmetry, it seems logical to refer to decompilation by target-interpreter specialization as a Futamura embedding

The Design and Implementation of a High-Speed Incremental Portable Prolog Compiler

The design and implementation of a relatively portable Prolog compiler achieving 12K LIPS on the standard benchmark is described. The compiler is incremental and uses decompilation to implement retract, clause, and listing, as well as support the needs of its four-port debugger. The system supports modules, garbage collection, database pointers, and a full range of built-ins

Stateman: Using Metafunctions to Manage Large Terms Representing Machine States

When ACL2 is used to model the operational semantics of computing machines, machine states are typically represented by terms recording the contents of the state components. When models are realistic and are stepped through thousands of machine cycles, these terms can grow quite large and the cost of simplifying them on each step grows. In this paper we describe an ACL2 book that uses HIDE and metafunctions to facilitate the management of large terms representing such states. Because the metafunctions for each state component updater are solely responsible for creating state expressions (i.e., "writing") and the metafunctions for each state component accessor are solely responsible for extracting values (i.e., "reading") from such state expressions, they can maintain their own normal form, use HIDE to prevent other parts of ACL2 from inspecting them, and use honsing to uniquely represent state expressions. The last feature makes it possible to memoize the metafunctions, which can improve proof performance in some machine models. This paper describes a general-purpose ACL2 book modeling a byte-addressed memory supporting "mixed" reads and writes. By "mixed" we mean that reads need not correspond (in address or number of bytes) with writes. Verified metafunctions simplify such "read-over-write" expressions while hiding the potentially large state expression. A key utility is a function that determines an upper bound on the value of a symbolic arithmetic expression, which plays a role in resolving writes to addresses given by symbolic expressions. We also report on a preliminary experiment with the book, which involves the production of states containing several million function calls.Comment: In Proceedings ACL2 2015, arXiv:1509.0552