Abstract
BAP is a publicly available infrastructure for performing program verification and analysis tasks on binary (i.e., executable) code. In this paper, we describe BAP as well as lessons learned from previous incarnations of binary analysis platforms. BAP explicitly represents all side effects of instructions in an intermediate language (IL), making syntaxdirected analysis possible. We have used BAP to routinely generate and solve verification conditions that are hundreds of megabytes in size and encompass 100,000’s of assembly instructions.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Appel, A.: Modern Compiler Implementation in ML. Cambridge University Press, Cambridge (1998)
Balakrishnan, G.: WYSINWYX: What You See Is Not What You eXecute. PhD thesis, Computer Science Department, University of Wisconsin at Madison (August 2007)
Balakrishnan, G., Gruian, R., Reps, T., Teitelbaum, T.: Codesurfer/x86 - a platform for analyzing x86 executables. In: Proceedings of the International Conference on Compiler Construction (April 2005)
Binary Analysis Platform (BAP), http://bap.ece.cmu.edu
BitBlaze binary analysis project (2007), http://bitblaze.cs.berkeley.edu
Brumley, D.: http://security.ece.cmu.edu
Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: Proceedings of the Conference on Computer Aided Verification, pp. 524–536 (July 2007)
Jager, I., Brumley, D.: Efficient directionless weakest preconditions. Technical Report CMU-CyLab-10-002, Carnegie Mellon University, CyLab (February 2010)
Kinder, J., Veith, H.: Jakstab: A static analysis platform for binaries. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 423–427. Springer, Heidelberg (2008)
Lee, J., Avgerinos, T., Brumley, D.: TIE: Principled reverse engineering of types in binary programs. In: Proceedings of the Network and Distributed System Security Symposium (February 2011)
Microsoft. Phoenix framework, http://research.microsoft.com/phoenix/ (url checked April 21, 2011)
Nethercote, N., Seward, J.: Valgrind: A program supervision framework. In: Proceedings of the Third Workshop on Runtime Verification, Boulder, Colorado, USA (July 2003)
Paradyn/Dyninst. Dyninst: An application program interface for runtime code generation, http://www.dyninst.org (url checked April 21, 2011)
Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 317–331 (May 2010)
Thakur, A., Lim, J., Lal, A., Burton, A., Driscoll, E., Elder, M., Andersen, T., Reps, T.: Directed proof generation for machine code. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 288–305. Springer, Heidelberg (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brumley, D., Jager, I., Avgerinos, T., Schwartz, E.J. (2011). BAP: A Binary Analysis Platform. In: Gopalakrishnan, G., Qadeer, S. (eds) Computer Aided Verification. CAV 2011. Lecture Notes in Computer Science, vol 6806. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22110-1_37
Download citation
DOI: https://doi.org/10.1007/978-3-642-22110-1_37
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22109-5
Online ISBN: 978-3-642-22110-1
eBook Packages: Computer ScienceComputer Science (R0)