BAP: A Binary Analysis Platform
BAP is a publicly available infrastructure for performing program verification and analysis tasks on binary (i.e., executable) code. In this paper, we describe BAP as well as lessons learned from previous incarnations of binary analysis platforms. BAP explicitly represents all side effects of instructions in an intermediate language (IL), making syntaxdirected analysis possible. We have used BAP to routinely generate and solve verification conditions that are hundreds of megabytes in size and encompass 100,000’s of assembly instructions.
KeywordsBinary Code Symbolic Execution Strongly Connect Component Binary Analysis Intermediate Language
Unable to display preview. Download preview PDF.
- 2.Balakrishnan, G.: WYSINWYX: What You See Is Not What You eXecute. PhD thesis, Computer Science Department, University of Wisconsin at Madison (August 2007)Google Scholar
- 3.Balakrishnan, G., Gruian, R., Reps, T., Teitelbaum, T.: Codesurfer/x86 - a platform for analyzing x86 executables. In: Proceedings of the International Conference on Compiler Construction (April 2005)Google Scholar
- 4.Binary Analysis Platform (BAP), http://bap.ece.cmu.edu
- 5.BitBlaze binary analysis project (2007), http://bitblaze.cs.berkeley.edu
- 6.Brumley, D.: http://security.ece.cmu.edu
- 7.Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: Proceedings of the Conference on Computer Aided Verification, pp. 524–536 (July 2007)Google Scholar
- 8.Jager, I., Brumley, D.: Efficient directionless weakest preconditions. Technical Report CMU-CyLab-10-002, Carnegie Mellon University, CyLab (February 2010)Google Scholar
- 10.Lee, J., Avgerinos, T., Brumley, D.: TIE: Principled reverse engineering of types in binary programs. In: Proceedings of the Network and Distributed System Security Symposium (February 2011)Google Scholar
- 11.Microsoft. Phoenix framework, http://research.microsoft.com/phoenix/ (url checked April 21, 2011)
- 12.Nethercote, N., Seward, J.: Valgrind: A program supervision framework. In: Proceedings of the Third Workshop on Runtime Verification, Boulder, Colorado, USA (July 2003)Google Scholar
- 13.Paradyn/Dyninst. Dyninst: An application program interface for runtime code generation, http://www.dyninst.org (url checked April 21, 2011)
- 14.Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 317–331 (May 2010)Google Scholar