Side-Effect Analysis of Assembly Code

  • Andrea Flexeder
  • Michael Petter
  • Helmut Seidl
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6887)


In this paper we present a light-weight interprocedural side-effect analysis on assembly code. We represent the modifying potential of a procedure f by classifying all write accesses, occurring within f, relative to the parameter registers. In particular our approach is the first to accurately handle reference parameters. We demonstrate the usefulness of this approach by integrating this analysis into our assembly analyser and provide an evaluation of the precision of our approach. Approximately 50 per cent of all procedures can be statically shown to have side-effects.


Memory Location Global Memory Procedure Call Program Point Assembly Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Balakrishnan, G., Reps, T.: Recovery of Variables and Heap Structure in x86 Executables. Technical report, University of Wisconsin, Madison (2005)Google Scholar
  2. 2.
    Balakrishnan, G., Reps, T.: Recency-abstraction for heap-allocated storage. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 221–239. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Banning, J.P.: An efficient way to find the side effects of procedure calls and the aliases of variables. In: POPL 1979: Proceedings of the 6th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pp. 29–41. ACM, New York (1979)Google Scholar
  4. 4.
    Choi, J.-D., Burke, M., Carini, P.: Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects. In: POPL 1993: Proceedings of the 20th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 232–245. ACM, New York (1993)Google Scholar
  5. 5.
    Cooper, K.D., Kennedy, K.: Interprocedural side-effect analysis in linear time. In: PLDI 1988: Proceedings of the ACM SIGPLAN 1988 Conference on Programming Language Design and Implementation, pp. 57–66. ACM, New York (1988)CrossRefGoogle Scholar
  6. 6.
    Cousot, P., Cousot, R.: Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation. In: Bruynooghe, M., Wirsing, M. (eds.) PLILP 1992. LNCS, vol. 631, pp. 269–295. Springer, Heidelberg (1992)CrossRefGoogle Scholar
  7. 7.
    Cousot, P., Halbwachs, N.: Automatic Discovery of Linear Restraints among Variables of a Program. In: 5th Ann. ACM Symposium on Principles of Programming Languages (POPL), pp. 84–97 (1978)Google Scholar
  8. 8.
    Debray, S., Muth, R., Weippert, M.: Alias analysis of executable code. In: POPL 1998: Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 12–24. ACM, New York (1998)Google Scholar
  9. 9.
    Dormoy, F.-X., Technologies, E.: SCADE 6 A Model Based Solution For Safety Critical Software Development (2008),
  10. 10.
    Dullien, T., Porst, S.: REIL: A platform-independent intermediate representation of disassembled code for static code analysis (2009),
  11. 11.
    Emami, M., Ghiya, R., Hendren, L.J.: Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers. In: Proceedings of the ACM SIGPLAN 1994 Conference on Programming Language Design and Implementation, PLDI 1994, pp. 242–256. ACM, New York (1994)CrossRefGoogle Scholar
  12. 12.
    Flexeder, A., Mihaila, B., Petter, M., Seidl, H.: Interprocedural control flow reconstruction. In: Ueda, K. (ed.) APLAS 2010. LNCS, vol. 6461, pp. 188–203. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Flexeder, A., Petter, M., Seidl, H.: Analysis of executables for WCET concerns. Technical Report, Institutfür Informatik (2008),
  14. 14.
    Frey, B.: PowerPC Architecture Book, Version 2.02 (November 2005),
  15. 15.
    Guo, B., Bridges, M.J., Triantafyllis, S., Ottoni, G., Raman, E., August, D.I.: Practical and Accurate Low-Level Pointer Analysis. In: CGO 2005: Proceedings of the International Symposium on Code Generation and Optimization, pp. 291–302. IEEE Computer Society, Washington, DC, USA (2005)Google Scholar
  16. 16.
    Kinder, J., Veith, H.: Jakstab: A static analysis platform for binaries. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 423–427. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Kinder, J., Zuleger, F., Veith, H.: An abstract interpretation-based framework for control flow reconstruction from binaries. In: Jones, N.D., Müller-Olm, M. (eds.) VMCAI 2009. LNCS, vol. 5403, pp. 214–228. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Landi, W., Ryder, B.G., Zhang, S.: Interprocedural Modification Side Effect Analysis With Pointer Aliasing. In: Proceedings of the SIGPLAN 1993 Conference on Programming Language Design and Implementation, pp. 56–67 (1993)Google Scholar
  19. 19.
    Linn, C., Debray, S., Andrews, G., Schwarz, B.: Stack Analysis of x86 Executables (2004),
  20. 20.
    Moore, R.E., Bierbaum, F.: Methods and Applications of Interval Analysis (SIAM Studies in Applied and Numerical Mathematics) (Siam Studies in Applied Mathematics, 2). Soc. for Industrial & Applied Math., Philadelphia (1979)Google Scholar
  21. 21.
    Müller-Olm, M., Seidl, H.: Precise Interprocedural Analysis through Linear Algebra. In: 31st ACM Symp. on Principles of Programming Languages (POPL), pp. 330–341 (2004)Google Scholar
  22. 22.
    Müller-Olm, M., Seidl, H.: Upper adjoints for fast inter-procedural variable equalities. In: Gairing, M. (ed.) ESOP 2008. LNCS, vol. 4960, pp. 178–192. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  23. 23.
    Reps, T., Balakrishnan, G.: Improved memory-access analysis for x86 executables. In: Hendren, L. (ed.) CC 2008. LNCS, vol. 4959, pp. 16–35. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  24. 24.
    Reps, T., Balakrishnan, G., Lim, J.: Intermediate-representation recovery from low-level code. In: PEPM 2006: Proceedings of the 2006 ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation, pp. 100–111. ACM, New York (2006)CrossRefGoogle Scholar
  25. 25.
    Sălcianu, A., Rinard, M.C.: Purity and side effect analysis for java programs. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 199–215. Springer, Heidelberg (2005)Google Scholar
  26. 26.
    Sankaranarayanan, S., Ivancic, F., Gupta, A.: Program analysis using symbolic ranges. In: Riis Nielson, H., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 366–383. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  27. 27.
    Sharir, M., Pnueli, A.: Two Approaches to Interprocedural Data Flow Analysis. In: Program Flow Analysis: Theory and Application, pp. 189–234 (1981)Google Scholar
  28. 28.
    Song, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Saxena, P.: BitBlaze: A new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 1–25. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  29. 29.
    Sicherheitsgarantien Unter REALzeitanforderungen (2010),
  30. 30.
  31. 31.
    Wilson, R.P., Lam, M.S.: Efficient context-sensitive pointer analysis for C programs. In: PLDI 1995: Proceedings of the ACM SIGPLAN 1995 Conference on Programming Language Design and Implementation, pp. 1–12. ACM, New York (1995)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Andrea Flexeder
    • 1
  • Michael Petter
    • 1
  • Helmut Seidl
    • 1
  1. 1.Technische Universität MünchenGarchingGermany

Personalised recommendations