Proceedings ArticleDOI
Structured random differential testing of instruction decoders
Nathan Jay,Barton P. Miller +1 more
- pp 84-94
TLDR
A testing methodology that automatically infers structural information for an instruction set and uses the inferred structure to efficiently generate structured-random test cases independent of the instruction set being tested is presented.Abstract:
Decoding binary executable files is a critical facility for software analysis, including debugging, performance monitoring, malware detection, cyber forensics, and sandboxing, among other techniques. As a foundational capability, binary decoding must be consistently correct for the techniques that rely on it to be viable. Unfortunately, modern instruction sets are huge and the encodings are complex, so as a result, modern binary decoders are buggy. In this paper, we present a testing methodology that automatically infers structural information for an instruction set and uses the inferred structure to efficiently generate structured-random test cases independent of the instruction set being tested. Our testing methodology includes automatic output verification using differential analysis and reassembly to generate error reports. This testing methodology requires little instruction-set-specific knowledge, allowing rapid testing of decoders for new architectures and extensions to existing ones. We have implemented our testing procedure in a tool name Fleece and used it to test multiple binary decoders (Intel XED, libopcodes, LLVM, Dyninst and Capstone) on multiple architectures (x86, ARM and PowerPC). Our testing efficiently covered thousands of instruction format variations for each instruction set and uncovered decoding bugs in every decoder we tested.read more
Citations
More filters
Proceedings ArticleDOI
Differential analysis of x86-64 instruction decoders
TL;DR: Differential fuzzing has been applied successfully to cryptography software and complex application format parsers like PDF and ELF as discussed by the authors, where an implementation of a specification is said to be potentially erroneous if its behavior differs from another implementation's on the same input.
Proceedings ArticleDOI
iDEV: exploring and exploiting semantic deviations in ARM instruction processing
TL;DR: Li et al. as discussed by the authors conducted an empirical study on the ARM Instruction Semantic Deviation (ISDev) issue, and developed a framework iDEV to systematically explore the ISDev issue in existing ARM instructions processing tools and platforms via differential testing.
Journal ArticleDOI
AnICA: analyzing inconsistencies in microarchitectural code analyzers
Fabian Ritter,Sebastian Hack +1 more
TL;DR: This paper presents AnICA, a tool taking inspiration from differential testing and abstract interpretation to systematically analyze inconsistencies among microarchitectural code analyzers, and shows that AnICA can summarize thousands of inconsistencies in a few dozen descriptions that directly lead to high-level insights into the different behavior of the tools.
Journal ArticleDOI
In-depth Testing of x86 Instruction Disassemblers with Feedback Controlled DFS Algorithm
TL;DR: FedDFS as mentioned in this paper leveraged a feedback controlled DFS algorithm, which is controlled by comparing its search depth with essential search depth, and the feedback mechanism promptly increases the search depth until it reaches the proper search depth.
Proceedings ArticleDOI
In-depth Testing of x86 Instruction Disassemblers with Feedback Controlled DFS Algorithm
TL;DR: FedDFS as discussed by the authors leveraged a feedback controlled DFS algorithm, which is controlled by comparing its search depth with essential search depth, and the feedback mechanism promptly increases the search depth until it reaches the proper search depth.
References
More filters
Proceedings ArticleDOI
LLVM: a compilation framework for lifelong program analysis & transformation
Chris Lattner,Vikram Adve +1 more
TL;DR: The design of the LLVM representation and compiler framework is evaluated in three ways: the size and effectiveness of the representation, including the type information it provides; compiler performance for several interprocedural problems; and illustrative examples of the benefits LLVM provides for several challenging compiler problems.
Book ChapterDOI
BitBlaze: A New Approach to Computer Security via Binary Analysis
Dawn Song,David Brumley,Heng Yin,Juan Caballero,Ivan Jager,Min Gyung Kang,Zhenkai Liang,James Newsome,Pongsin Poosankam,Prateek Saxena +9 more
TL;DR: An overview of the BitBlaze project, a new approach to computer security via binary analysis that focuses on building a unified binary analysis platform and using it to provide novel solutions to a broad spectrum of different security problems.
Journal ArticleDOI
HPCTOOLKIT: tools for performance analysis of optimized parallel programs
Laksono Adhianto,S. Banerjee,Michael Fagan,Mark W. Krentel,Gabriel Marin,John Mellor-Crummey,Nathan R. Tallent +6 more
TL;DR: An overview of HPCTOOLKIT is provided and its utility for performance analysis of parallel applications is illustrated.
Proceedings ArticleDOI
Grammar-based whitebox fuzzing
TL;DR: Results of the experiments show that grammar-based whitebox fuzzing explores deeper program paths and avoids dead-ends due to non-parsable inputs and increased coverage of the code generation module of the IE7 JavaScript interpreter from 53% to 81% while using three times fewer tests.
Proceedings Article
Instrumentation and optimization of Win32/intel executables using Etch
Ted Romer,Geoff Voelker,Dennis Lee,Alec Wolman,Wayne Wong,Henry M. Levy,Brian N. Bershad,Brad Chen +7 more
TL;DR: Etch is a general-purpose tool for rewriting arbitrary Win32/x86 binaries without requiring source code and some of the tools that are built using it are described, including a hierarchical call graph profiler and an instruction layout optimization tool.