BEST: a Binary Executable Slicing Tool

We describe the implementation of BEST, a tool for slicing binary code. We aim to integrate this tool in a WCET estimation framework based on model checking. In this approach, program slicing is used to abstract the program model in order to reduce the state space of the system. In this article, we also report on the results of an evaluation of the efficiency of the abstraction technique

Branch-coverage testability transformation for unstructured programs

Test data generation by hand is a tedious, expensive and error-prone activity, yet testing is a vital part of the development process. Several techniques have been proposed to automate the generation of test data, but all of these are hindered by the presence of unstructured control flow. This paper addresses the problem using testability transformation. Testability transformation does not preserve the traditional meaning of the program, rather it deals with preserving test-adequate sets of input data. This requires new equivalence relations which, in turn, entail novel proof obligations. The paper illustrates this using the branch coverage adequacy criterion and develops a branch adequacy equivalence relation and a testability transformation for restructuring. It then presents a proof that the transformation preserves branch adequacy

Amorphous slicing of extended finite state machines

Slicing is useful for many Software Engineering applications and has been widely studied for three decades, but there has been comparatively little work on slicing Extended Finite State Machines (EFSMs). This paper introduces a set of dependency based EFSM slicing algorithms and an accompanying tool. We demonstrate that our algorithms are suitable for dependence based slicing. We use our tool to conduct experiments on ten EFSMs, including benchmarks and industrial EFSMs. Ours is the first empirical study of dependence based program slicing for EFSMs. Compared to the only previously published dependence based algorithm, our average slice is smaller 40% of the time and larger only 10% of the time, with an average slice size of 35% for termination insensitive slicing

Improved algorithm for identification of switch tables in executable code

This paper introduces novel approach for identification of switch tables in executable code. Compared to existing solutions based on SSA intermediate representation and different propagation techniques, developed algorithm is more accurate and has greater flexibility. Set of iterative algorithms based on Pearson, weighted Pearson and Spearman correlation coefficients is introduced in this paper. Simple noise value filtering and improved segmentation algorithm are described

Static Execute After algorithms as alternatives for impact analysis

Impact analysis plays an important role in many software engineering tasks such as software maintenance, regression testing and debugging. In this paper, we present a static method to compute the impact sets of particular program points. For large programs, this method is more effective than the slightly more precise slicing. Our technique can also be used on larger programs with over thousands of lines of code where no slicers can be applied since the determination of the program dependence graphs, which are the bases of slicing, is an especially expensive task. As a result, our method could be efficiently used in the field of impact analysis

Integration of Static and Dynamic Analysis Techniques for Checking Noninterference

In this article, we present an overview of recent combinations of deductive program verification and automatic test generation on the one hand and static analysis on the other hand, with the goal of checking noninterference. Noninterference is the non-functional property that certain confidential information cannot leak to certain public output, i.e., the confidentiality of that information is always preserved. We define the noninterference properties that are checked along with the individual approaches that we use in different combinations. In one use case, our framework for checking noninterference employs deductive verification to automatically generate tests for noninterference violations with an improved test coverage. In another use case, the framework provides two combinations of deductive verification with static analysis based on system dependence graphs to prove noninterference, thereby reducing the effort for deductive verification

Analysing Reverse Engineering Techniques for Interactive Systems

Reverse engineering is the process of discovering a model of a software system by analyzing its structure and functions. Reverse engineering techniques applied to interactive software applications (e.g. applications with user interfaces (UIs)) are very important and significant, as they can help engineers to detect defects in the software and then improve or complete them. There are several approaches, and many different tools, which are able to reverse-engineer software applications into formal models. These can be classified into two main types: dynamic tools and static tools. Dynamic tools interact with the application to find out the run-time behaviours of the software, simulating the actions of a user to explore the system’s state space, whereas static tools focus on static structure and architecture by analysing the code and documents. Reverse engineering techniques are not common for interactive software systems, but nowadays more and more organizations recognize the importance of interactive systems, as the trend in software used in computers is for applications with graphical user interfaces. This has in turn led to a developing interest in reverse engineering tools for such systems. Many reverse engineering tools generate very big models which make analysis slow and resource intensive. The reason for this is the large amount of information that is generated by the existing reverse engineering techniques. Slicing is one possible technique which helps with reducing un-necessary information for building models of software systems. This project focuses on static analysis and slicing, and considers how they can aid reverse engineering techniques for interactive systems, particularly with respect to the generation of a particular set of models, Presentation Models (PModels) and Presentation Interaction Models (PIMs)

Conceptual roles of data in program: analyses and applications

Program comprehension is the prerequisite for many software evolution and maintenance tasks. Currently, the research falls short in addressing how to build tools that can use domain-specific knowledge to provide powerful capabilities for extracting valuable information for facilitating program comprehension. Such capabilities are critical for working with large and complex program where program comprehension often is not possible without the help of domain-specific knowledge.;Our research advances the state-of-art in program analysis techniques based on domain-specific knowledge. The program artifacts including variables and methods are carriers of domain concepts that provide the key to understand programs. Our program analysis is directed by domain knowledge stored as domain-specific rules. Our analysis is iterative and interactive. It is based on flexible inference rules and inter-exchangeable and extensible information storage. We designed and developed a comprehensive software environment SeeCORE based on our knowledge-centric analysis methodology. The SeeCORE tool provides multiple views and abstractions to assist in understanding complex programs. The case studies demonstrate the effectiveness of our method. We demonstrate the flexibility of our approach by analyzing two legacy programs in distinct domains

srcSlice: very efficient and scalable forward static slicing

A highly efficient lightweight forward static slicing approach is presented and evaluated. The approach does not compute the program/system dependence graph but instead dependence and control information is com-puted as needed while computing the slice on a variable. The result is a list of line numbers, dependent vari-ables, aliases, and function calls that are part of the slice for all variables (both local and global) for the entire system. The method is implemented as a tool, called srcSlice, on top of srcML, an XML representation of source code. The approach is highly scalable and can generate the slices for all variables of the Linux kernel in approximately 20min on a typical desktop. Benchmark results are compared with the CodeSurfer slicing tool from GrammaTech Inc., and the approach compares well with regard to accuracy of slices. Copyright