Abstract
In this paper, we present a technique to synthesize machine-code instructions from a semantic specification, given as a Quantifier-Free Bit-Vector (QFBV) logic formula. Our technique uses an instantiation of the Counter-Example Guided Inductive Synthesis (CEGIS) framework, in combination with search-space pruning heuristics to synthesize instruction-sequences. To counter the exponential cost inherent in enumerative synthesis, our technique uses a divide-and-conquer strategy to break the input QFBV formula into independent sub-formulas, and synthesize instructions for the sub-formulas. Synthesizers created by our technique could be used to create semantics-based binary rewriting tools such as optimizers, partial evaluators, program obfuscators/de-obfuscators, etc. Our experiments for Intel's IA-32 instruction set show that, in comparison to our baseline algorithm, our search-space pruning heuristics reduce the synthesis time by a factor of 473, and our divide-and-conquer strategy reduces the synthesis time by a further 3 to 5 orders of magnitude.
- G. Balakrishnan and T. Reps. WYSINWYX: What You See Is Not What You eXecute. TOPLAS, 32(6), 2010. Google Scholar
Digital Library
- S. Bansal and A. Aiken. Automatic generation of peephole superoptimizers. In ASPLOS, 2006. Google Scholar
Digital Library
- S. Bansal and A. Aiken. Binary translation using peephole superoptimizers. In OSDI, 2008. Google Scholar
Digital Library
- D. Brumley, I. Jager, T. Avgerinos, and E. Schwartz. BAP: A Binary Analysis Platform. In CAV, 2011. Google Scholar
Digital Library
- M. Christodorescu and S. Jha. Testing malware detectors. In ISSTA, 2004. Google Scholar
Digital Library
- M. Christodorescu, S. Jha, S. Seshia, D. Song, and R. Bryant. Semantics-aware malware detection. In S&P, 2005. Google Scholar
Digital Library
- B. Dutertre and L. de Moura. Yices: An SMT solver, 2006. http://yices.csl.sri.com/.Google Scholar
- U. Erlingsson and F. Schneider. SASI enforcement of security policies: A retrospective. In Workshop on New Security Paradigms, pages 87–95, 1999. Google Scholar
Digital Library
- S. Gulwani, S. Jha, A. Tiwari, and R. Venkatesan. Synthesis of loopfree programs. In PLDI, 2011. Google Scholar
Digital Library
- J. Henning. SPEC CPU2006 Benchmark descriptions. SIGARCH Comput. Archit. News, 34(4):1–17, 2006. Google Scholar
Digital Library
- N. Jones, C. Gomard, and P. Sestoft. Partial Evaluation and Automatic Program Generation. Prentice-Hall, Inc., 1993. Google Scholar
Digital Library
- R. Joshi, G. Nelson, and K. Randall. Denali: A goal-directed superoptimizer. In PLDI, 2002. Google Scholar
Digital Library
- J. Lim and T. Reps. TSL: A system for generating abstract interpreters and its application to machine-code analysis. TOPLAS, 35(4), 2013. Google Scholar
Digital Library
- J. Lim, A. Lal, and T. Reps. Symbolic analysis via semantic reinterpretation. Softw. Tools for Tech. Transfer, 13(1):61–87, 2011. Google Scholar
Digital Library
- H. Massalin. Superoptimizer: A look at the smallest program. In ASPLOS, 1987. Google Scholar
Digital Library
- N. Ramsey and M. Fernández. Specifying representations of machine instructions. TOPLAS, 19(3), 1997. Google Scholar
Digital Library
- E. Schkufza, R. Sharma, and A. Aiken. Stochastic superoptimization. In ASPLOS, 2013. Google Scholar
Digital Library
- A. Solar-Lezama. Program Synthesis by Sketching. PhD thesis, Univ. of Calif., Berkeley, CA, 2008. Google Scholar
Digital Library
- A. Solar-Lezama, R. Rabbah, R. Bodik, and K. Ebcio˘glu. Programming by sketching for bit-streaming programs. In PLDI, 2005. Google Scholar
Digital Library
- A. Solar-Lezama, L. Tancau, R. Bodik, S. Seshia, and V. Saraswat. Combinatorial sketching for finite programs. In ASPLOS, 2006. Google Scholar
Digital Library
- A. Solar-Lezama, G. Arnold, L. Tancau, R. Bodik, V. Saraswat, and S. Seshia. Sketching stencils. In PLDI, 2007. Google Scholar
Digital Library
- A. Solar-Lezama, C. Jones, and R. Bodik. Sketching concurrent data structures. In PLDI, 2008. Google Scholar
Digital Library
- D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena. BitBlaze: A new approach to computer security via binary analysis. In International Conference on Information Systems Security, 2008. Google Scholar
Digital Library
- A. Udupa, A. Raghavan, J. Deshmukh, S. Mador-Haim, M. Martin, and R. Alur. TRANSIT: Specifying protocols with concolic snippets. In PLDI, 2013. Google Scholar
Digital Library
Recommendations
Synthesis of machine code from semantics
PLDI '15: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and ImplementationIn this paper, we present a technique to synthesize machine-code instructions from a semantic specification, given as a Quantifier-Free Bit-Vector (QFBV) logic formula. Our technique uses an instantiation of the Counter-Example Guided Inductive ...
Speeding up machine-code synthesis
OOPSLA 2016: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and ApplicationsMachine-code synthesis is the problem of searching for an instruction sequence that implements a semantic specification, given as a formula in quantifier-free bit-vector logic (QFBV). Instruction sets like Intel's IA-32 have around 43,000 unique ...
Speeding up machine-code synthesis
OOPSLA '16Machine-code synthesis is the problem of searching for an instruction sequence that implements a semantic specification, given as a formula in quantifier-free bit-vector logic (QFBV). Instruction sets like Intel's IA-32 have around 43,000 unique ...






Comments