| dc.identifier.uri | http://hdl.handle.net/11401/77263 | |
| dc.description.sponsorship | This work is sponsored by the Stony Brook University Graduate School in compliance with the requirements for completion of degree. | en_US |
| dc.format | Monograph | |
| dc.format.medium | Electronic Resource | en_US |
| dc.language.iso | en_US | |
| dc.publisher | The Graduate School, Stony Brook University: Stony Brook, NY. | |
| dc.type | Dissertation | |
| dcterms.abstract | Binary analysis, translation and instrumentation tools play an important role in software security. To support binaries for different processors, it is necessary to incorporate the semantics of every processor's instruction set into the tool. Unfortunately, the complexity of modern instruction sets makes the common approach of manual semantics modeling cumbersome and error-prone. Furthermore, it limits the number of processors as well as the fraction of the instruction set that is supported. In this dissertation, we propose novel architecture-neutral techniques for automatically synthesizing the semantics of instruction sets. Our approach relies on the observation that modern compilers such as GCC and LLVM already contain detailed knowledge about the semantics of many instruction sets. We therefore develop two techniques for extracting this knowledge. Our first technique relies on a learning process: observing examples of translation between a compiler's architecture-neutral internal representation and machine instructions, and inferring the mapping from these examples. We then develop a second (and complementary) method that develops symbolic execution techniques to extract this mapping from the code generator source. Unlike previous symbolic execution systems that specialize in generating a single solution to a set of constraints, our problem requires a compact representation of all possible solutions. We describe the development of such a system, based on source-to-source transformation of C-code and a runtime system that is implemented in C and Prolog with a finite-domain constraint solver (CLP-FD). To demonstrate the applicability of synthesized instruction-set semantics, we develop two applications. In the first application, we use synthesized semantics to test correctness of code generators. Specifically, we develop a new testing approach that generates and executes test cases based on the derived semantic model for each instruction. We uncovered nontrivial bugs in the GCC code generator using this technique. As a second application, we have used these models to lift binaries for x86, ARM and AVR (used in Arduino and other microcontroller) architectures to intermediate code, which can then be analyzed or instrumented in an architecture-independent manner. | |
| dcterms.available | 2017-09-20T16:52:19Z | |
| dcterms.contributor | Sekar, R | en_US |
| dcterms.contributor | Ferdman, Mike | en_US |
| dcterms.contributor | Polychronakis, Michalis | en_US |
| dcterms.contributor | Srinivas, Suresh. | en_US |
| dcterms.creator | Hasabnis, Niranjan | |
| dcterms.dateAccepted | 2017-09-20T16:52:19Z | |
| dcterms.dateSubmitted | 2017-09-20T16:52:19Z | |
| dcterms.description | Department of Computer Science. | en_US |
| dcterms.extent | 198 pg. | en_US |
| dcterms.format | Application/PDF | en_US |
| dcterms.format | Monograph | |
| dcterms.identifier | http://hdl.handle.net/11401/77263 | |
| dcterms.issued | 2015-05-01 | |
| dcterms.language | en_US | |
| dcterms.provenance | Made available in DSpace on 2017-09-20T16:52:19Z (GMT). No. of bitstreams: 1
Hasabnis_grad.sunysb_0771E_12478.pdf: 1046310 bytes, checksum: e0c319564bfe668953a84ca42caa716b (MD5)
Previous issue date: 2015 | en |
| dcterms.publisher | The Graduate School, Stony Brook University: Stony Brook, NY. | |
| dcterms.subject | automatic building assembly to IR translators, Automatic semantic synthesis, code generator correctness testing, instruction set semantics, machine learning, symbolic execution | |
| dcterms.subject | Computer science | |
| dcterms.title | Automatic Synthesis of Instruction Set Semantics and its Applications | |
| dcterms.type | Dissertation | |
