Verified Abstract Interpretation Techniques for Disassembling Low-level Self-modifying Code

Static analysis of binary code is challenging for several reasons. In particular, standard static analysis techniques operate over control flow graphs, which are not available when dealing with self-modifying programs which can modify their own code at runtime. We formalize in the Coq proof assistant some key abstract interpretation techniques that automatically extract memory safety properties from binary code. Our analyzer is formally proved correct and has been run on several self-modifying challenges, provided by Caiet al.in their PLDI 2007 paper.

[1]  Philippe Herrmann,et al.  Refinement-Based CFG Reconstruction from Unstructured Programs , 2011, VMCAI.

[2]  Andrew W. Appel,et al.  Verified heap theorem prover by paramodulation , 2012, ICFP.

[3]  David Pichardie,et al.  Formal Verification of a C Value Analysis Based on Abstract Interpretation , 2013, SAS.

[4]  Tobias Nipkow,et al.  Abstract Interpretation of Annotated Commands , 2012, ITP.

[5]  Tobias Nipkow,et al.  A machine-checked model for a Java-like language, virtual machine, and compiler , 2006, TOPL.

[6]  Thomas W. Reps,et al.  WYSINWYX: What you see is not what you eXecute , 2005, TOPL.

[7]  Magnus O. Myreen Verified just-in-time compiler on x86 , 2010, POPL '10.

[8]  Nick Benton,et al.  Coq: the world's best macro assembler? , 2013, PPDP.

[9]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[10]  Johannes Kinder Towards Static Analysis of Virtualization-Obfuscated Binaries , 2012, 2012 19th Working Conference on Reverse Engineering.

[11]  Nick Benton,et al.  High-level separation logic for low-level code , 2013, POPL.

[12]  David Cachera,et al.  A Certified Denotational Abstract Interpreter , 2010, ITP.

[13]  Xavier Leroy,et al.  A Formally-Verified Alias Analysis , 2012, CPP.

[14]  Adam Chlipala,et al.  Mostly-automated verification of low-level programs in computational separation logic , 2011, PLDI '11.

[15]  Joseph Tassarotti,et al.  RockSalt: better, faster, stronger SFI for the x86 , 2012, PLDI.

[16]  Guillaume Bonfante,et al.  A Computability Perspective on Self-Modifying Programs , 2009, 2009 Seventh IEEE International Conference on Software Engineering and Formal Methods.

[17]  Zhong Shao,et al.  Certified self-modifying code , 2007, PLDI '07.