Generic control flow reconstruction from assembly code

Processors used in embedded systems are usually characterized by specialized irregular hardware architectures for which traditional code generation and optimization techniques fail. Especially for these types of processors the Propan system has been developed that enables high-quality machine-dependent postpass optimizers to be generated from a concise hardware specification. Optimizing code transformations as featured by Propan require the control flow graph of the input program to be known. The control flow reconstruction algorithm is generic, i.e. machine-independent, and automatically derives the required hardware-specific knowledge from the machine specification. The reconstruction is based on an extended program slicing mechanism and is tailored to assembly programs. It has been retargeted to assembly programs of two contemporary microprocessors, the Analog Devices SHARC and the Philips TriMedia TM1000. Experimental results show that the assembly-based slicing enables the control flow graph of large assembly programs to be constructed in short time. Our experiments also demonstrate that the hardware design significantly influences the precision of the control flow reconstruction and the required computation time.

[1]  David W. Binkley,et al.  Program slicing , 2008, 2008 Frontiers of Software Maintenance.

[2]  Daniel Kästner PROPAN: A Retargetable System for Postpass Optimisations and Analyses , 2000, LCTES.

[3]  Gert Goossens,et al.  Chess: retargetable code generation for embedded DSP processors , 1994, Code Generation for Embedded Processors.

[4]  R. Govindarajan Instruction Scheduling , 2002, The Compiler Design Handbook, 2nd ed..

[5]  Srinivas Devadas,et al.  Instruction selection, resource allocation, and scheduling in the AVIV retargetable code generator , 1998, Proceedings 1998 Design and Automation Conference. 35th DAC. (Cat. No.98CH36175).

[6]  Cristina Cifuentes,et al.  Interprocedural data flow decompilation , 1996, J. Program. Lang..

[7]  Hiralal Agrawal On slicing programs with jump statements , 1994, PLDI '94.

[8]  Henrik Theiling,et al.  Extracting safe and precise control flow from binaries , 2000, Proceedings Seventh International Conference on Real-Time Computing Systems and Applications.

[9]  Christopher W. Fraser,et al.  Code selection through object code optimization , 1984, TOPL.

[10]  James Robert Lyle Evaluating variations on program slicing for debugging (data-flow, ada) , 1984 .

[11]  Rainer Leupers,et al.  Retargetable Code Generation for Digital Signal Processors , 1997, Springer US.

[12]  Cristina Cifuentes,et al.  Intraprocedural static slicing of binary executables , 1997, 1997 Proceedings International Conference on Software Maintenance.

[13]  Doug Simon,et al.  Assembly to high-level language translation , 1998, Proceedings. International Conference on Software Maintenance (Cat. No. 98CB36272).

[14]  Daniel Kästner,et al.  Code Optimization by Integer Linear Programming , 1999, CC.

[15]  James R. Larus,et al.  EEL: machine-independent executable editing , 1995, PLDI '95.

[16]  Bart Demoen,et al.  On the Static Analysis of Indirect Control Transfers in Binaries , 2000, PDPTA.

[17]  Nikil D. Dutt,et al.  EXPRESSION: a language for architecture exploration through compiler/simulator retargetability , 1999, Design, Automation and Test in Europe Conference and Exhibition, 1999. Proceedings (Cat. No. PR00078).

[18]  Christopher W. Fraser,et al.  The Design and Application of a Retargetable Peephole Optimizer , 1980, TOPL.