Generating Decision Trees for Decoding Binaries

Tools reading binary code, like analysers, debuggers, disassemblers, etc., need to decode the target's machine code. A decision tree is often used to represent the decoding function. Manually writing a decoder is a lengthy and error-prone task. It is desirable to be able to use the vendor's instruction code manual and to easily transform the documentation into a specification that a tool can use to generate a decoder. This paper presents a novel algorithm that computes a decision tree from machine code bit patterns alone. Neither the bit fields of the machine code, nor the width of the machine command, nor the order in which the bits should be decoded need to be specified. The decoding algorithm accesses any significant bit exactly once during decoding.

[1]  Sharad Malik,et al.  Cache modeling for real-time software: beyond direct mapped instruction caches , 1996, 17th IEEE Real-Time Systems Symposium.

[2]  Henrik Theiling,et al.  Extracting safe and precise control flow from binaries , 2000, Proceedings Seventh International Conference on Real-Time Computing Systems and Applications.

[3]  Jan Gustafsson Analyzing execution-time of object-oriented programs using abstract interpretation , 2000 .

[4]  Norman Ramsey,et al.  Automatic Checking of Instruction Specifications , 1997, Proceedings of the (19th) International Conference on Software Engineering.

[5]  Sang Lyul Min,et al.  A worst case timing analysis technique for multiple-issue machines , 1998, Proceedings 19th IEEE Real-Time Systems Symposium (Cat. No.98CB36279).

[6]  Henrik Theiling,et al.  Run-Time Guarantees for Real-Time Systems - The USES Approach , 1999, GI Jahrestagung.

[7]  Bernard M. E. Moret,et al.  Decision Trees and Diagrams , 1982, CSUR.

[8]  Norman Ramsey,et al.  The New Jersey Machine-Code Toolkit , 1995, USENIX.

[9]  M E MoretBernard Decision Trees and Diagrams , 1982 .

[10]  Alain Laville Comparison of Priority Rules in Pattern Matching and Term Rewriting , 1991, J. Symb. Comput..

[11]  Sang Lyul Min,et al.  An Accurate Worst Case Timing Analysis for RISC Processors , 1995, IEEE Trans. Software Eng..

[12]  Srinivas Devadas,et al.  A methodology for accurate performance evaluation in architecture exploration , 1999, Proceedings 1999 Design Automation Conference (Cat. No. 99CH36361).

[13]  Henrik Theiling,et al.  Combining abstract interpretation and ILP for microarchitecture modelling and program path analysis , 1998, Proceedings 19th IEEE Real-Time Systems Symposium (Cat. No.98CB36279).