Verified Abstract Interpretation Techniques for Disassembling Low-level Self-modifying Code

  • Sandrine Blazy
  • Vincent Laporte
  • David Pichardie
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8558)


Static analysis of binary code is challenging for several reasons. In particular, standard static analysis techniques operate over control flow graphs, which are not available when dealing with self-modifying programs which can modify their own code at runtime. We formalize in the Coq proof assistant some key abstract interpretation techniques that automatically extract memory safety properties from binary code. Our analyzer is formally proved correct and has been run on several self-modifying challenges, provided by Caiet their PLDI 2007 paper.


Abstract Interpretation Abstract Domain Program Point Execution Step Static Analysis Technique 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Balakrishnan, G., Reps, T.W.: WYSINWYX: What you see is not what you eXecute. ACM Trans. Program. Lang. Syst. 32(6) (2010)Google Scholar
  2. 2.
    Bardin, S., Herrmann, P., Védrine, F.: Refinement-Based CFG Reconstruction from Unstructured Programs. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol. 6538, pp. 54–69. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Blazy, S., Laporte, V., Maroneze, A., Pichardie, D.: Formal Verification of a C Value Analysis Based on Abstract Interpretation. In: Logozzo, F., Fähndrich, M. (eds.) SAS 2013. LNCS, vol. 7935, pp. 324–344. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  4. 4.
    Bonfante, G., Marion, J.Y., Reynaud-Plantey, D.: A Computability Perspective on Self-Modifying Programs. In: SEFM, pp. 231–239 (2009)Google Scholar
  5. 5.
    Cachera, D., Pichardie, D.: A Certified Denotational Abstract Interpreter. In: Kaufmann, M., Paulson, L.C. (eds.) ITP 2010. LNCS, vol. 6172, pp. 9–24. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Cai, H., Shao, Z., Vaynberg, A.: Certified Self-Modifying Code. In: PLDI, pp. 66–77. ACM (2007)Google Scholar
  7. 7.
    Chlipala, A.: Mostly-automated verification of low-level programs in computational separation logic. In: PLDI. ACM (2011)Google Scholar
  8. 8.
  9. 9.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252. ACM (1977)Google Scholar
  10. 10.
    Jensen, J., Benton, N., Kennedy, A.: High-Level Separation Logic for Low-Level Code. In: POPL. ACM (2013)Google Scholar
  11. 11.
    Kennedy, A., et al.: Coq: The world’s best macro assembler? In: PPDP, pp. 13–24. ACM (2013)Google Scholar
  12. 12.
    Kinder, J.: Towards static analysis of virtualization-obfuscated binaries. In: WCRE, pp. 61–70 (2012)Google Scholar
  13. 13.
    Klein, G., Nipkow, T.: A Machine-Checked Model for a Java-Like Language, Virtual Machine and Compiler. ACM TOPLAS 28(4), 619–695 (2006)CrossRefGoogle Scholar
  14. 14.
    Morrisett, G., et al.: RockSalt: better, faster, stronger SFI for the x86. In: PLDI, pp. 395–404 (2012)Google Scholar
  15. 15.
    Myreen, M.O.: Verified just-in-time compiler on x86. In: POPL, pp. 107–118. ACM (2010)Google Scholar
  16. 16.
    Nipkow, T.: Abstract Interpretation of Annotated Commands. In: Beringer, L., Felty, A. (eds.) ITP 2012. LNCS, vol. 7406, pp. 116–132. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  17. 17.
    Robert, V., Leroy, X.: A Formally-Verified Alias Analysis. In: Hawblitzel, C., Miller, D. (eds.) CPP 2012. LNCS, vol. 7679, pp. 11–26. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Stewart, G., Beringer, L., Appel, A.W.: Verified heap theorem prover by paramodulation. In: ICFP, pp. 3–14. ACM (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Sandrine Blazy
    • 1
  • Vincent Laporte
    • 1
  • David Pichardie
    • 2
  1. 1.IRISA, InriaUniversité Rennes 1France
  2. 2.IRISA, InriaENS RennesFrance

Personalised recommendations