research-article

Synthesis of machine code from semantics

Authors:

Venkatesh Srinivasan,

Thomas RepsAuthors Info & Claims

PLDI '15: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 596 - 607

https://doi.org/10.1145/2737924.2737960

Published: 03 June 2015 Publication History

Abstract

In this paper, we present a technique to synthesize machine-code instructions from a semantic specification, given as a Quantifier-Free Bit-Vector (QFBV) logic formula. Our technique uses an instantiation of the Counter-Example Guided Inductive Synthesis (CEGIS) framework, in combination with search-space pruning heuristics to synthesize instruction-sequences. To counter the exponential cost inherent in enumerative synthesis, our technique uses a divide-and-conquer strategy to break the input QFBV formula into independent sub-formulas, and synthesize instructions for the sub-formulas. Synthesizers created by our technique could be used to create semantics-based binary rewriting tools such as optimizers, partial evaluators, program obfuscators/de-obfuscators, etc. Our experiments for Intel's IA-32 instruction set show that, in comparison to our baseline algorithm, our search-space pruning heuristics reduce the synthesis time by a factor of 473, and our divide-and-conquer strategy reduces the synthesis time by a further 3 to 5 orders of magnitude.

References

[1]

G. Balakrishnan and T. Reps. WYSINWYX: What You See Is Not What You eXecute. TOPLAS, 32(6), 2010.

Digital Library

[2]

S. Bansal and A. Aiken. Automatic generation of peephole superoptimizers. In ASPLOS, 2006.

Digital Library

[3]

S. Bansal and A. Aiken. Binary translation using peephole superoptimizers. In OSDI, 2008.

Digital Library

[4]

D. Brumley, I. Jager, T. Avgerinos, and E. Schwartz. BAP: A Binary Analysis Platform. In CAV, 2011.

Digital Library

[5]

M. Christodorescu and S. Jha. Testing malware detectors. In ISSTA, 2004.

Digital Library

[6]

M. Christodorescu, S. Jha, S. Seshia, D. Song, and R. Bryant. Semantics-aware malware detection. In S&P, 2005.

Digital Library

[7]

B. Dutertre and L. de Moura. Yices: An SMT solver, 2006. http://yices.csl.sri.com/.

[8]

U. Erlingsson and F. Schneider. SASI enforcement of security policies: A retrospective. In Workshop on New Security Paradigms, pages 87–95, 1999.

Digital Library

[9]

S. Gulwani, S. Jha, A. Tiwari, and R. Venkatesan. Synthesis of loopfree programs. In PLDI, 2011.

Digital Library

[10]

J. Henning. SPEC CPU2006 Benchmark descriptions. SIGARCH Comput. Archit. News, 34(4):1–17, 2006.

Digital Library

[11]

N. Jones, C. Gomard, and P. Sestoft. Partial Evaluation and Automatic Program Generation. Prentice-Hall, Inc., 1993.

Digital Library

[12]

R. Joshi, G. Nelson, and K. Randall. Denali: A goal-directed superoptimizer. In PLDI, 2002.

Digital Library

[13]

J. Lim and T. Reps. TSL: A system for generating abstract interpreters and its application to machine-code analysis. TOPLAS, 35(4), 2013.

Digital Library

[14]

J. Lim, A. Lal, and T. Reps. Symbolic analysis via semantic reinterpretation. Softw. Tools for Tech. Transfer, 13(1):61–87, 2011.

Digital Library

[15]

H. Massalin. Superoptimizer: A look at the smallest program. In ASPLOS, 1987.

Digital Library

[16]

N. Ramsey and M. Fernández. Specifying representations of machine instructions. TOPLAS, 19(3), 1997.

Digital Library

[17]

E. Schkufza, R. Sharma, and A. Aiken. Stochastic superoptimization. In ASPLOS, 2013.

Digital Library

[18]

A. Solar-Lezama. Program Synthesis by Sketching. PhD thesis, Univ. of Calif., Berkeley, CA, 2008.

Digital Library

[19]

A. Solar-Lezama, R. Rabbah, R. Bodik, and K. Ebcio˘glu. Programming by sketching for bit-streaming programs. In PLDI, 2005.

Digital Library

[20]

A. Solar-Lezama, L. Tancau, R. Bodik, S. Seshia, and V. Saraswat. Combinatorial sketching for finite programs. In ASPLOS, 2006.

Digital Library

[21]

A. Solar-Lezama, G. Arnold, L. Tancau, R. Bodik, V. Saraswat, and S. Seshia. Sketching stencils. In PLDI, 2007.

Digital Library

[22]

A. Solar-Lezama, C. Jones, and R. Bodik. Sketching concurrent data structures. In PLDI, 2008.

Digital Library

[23]

D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena. BitBlaze: A new approach to computer security via binary analysis. In International Conference on Information Systems Security, 2008.

Digital Library

[24]

A. Udupa, A. Raghavan, J. Deshmukh, S. Mador-Haim, M. Martin, and R. Alur. TRANSIT: Specifying protocols with concolic snippets. In PLDI, 2013.

Digital Library

Cited By

Kim HKim SLee JCha SChristakis MPradel M(2024)AsFuzzer: Differential Testing of Assemblers with Error-Driven Grammar InferenceProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680345(1099-1111)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680345
Hu JChong SSeltzer M(2024)Parallel Assembly SynthesisLogic-Based Program Synthesis and Transformation10.1007/978-3-031-71294-4_1(3-26)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-71294-4_1
Hu JLu EHolland DKawaguchi MChong SSeltzer M(2023)Towards Porting Operating Systems with Program SynthesisACM Transactions on Programming Languages and Systems10.1145/356394345:1(1-70)Online publication date: 3-Mar-2023
https://dl.acm.org/doi/10.1145/3563943
Show More Cited By

Recommendations

Speeding up machine-code synthesis
OOPSLA 2016: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications

Machine-code synthesis is the problem of searching for an instruction sequence that implements a semantic specification, given as a formula in quantifier-free bit-vector logic (QFBV). Instruction sets like Intel's IA-32 have around 43,000 unique ...
Synthesis of machine code from semantics
PLDI '15

In this paper, we present a technique to synthesize machine-code instructions from a semantic specification, given as a Quantifier-Free Bit-Vector (QFBV) logic formula. Our technique uses an instantiation of the Counter-Example Guided Inductive ...
Speeding up machine-code synthesis
OOPSLA '16

Machine-code synthesis is the problem of searching for an instruction sequence that implements a semantic specification, given as a formula in quantifier-free bit-vector logic (QFBV). Instruction sets like Intel's IA-32 have around 43,000 unique ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PLDI '15: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation

June 2015

630 pages

ISBN:9781450334686

DOI:10.1145/2737924

General Chair:
David Grove
IBM Research, USA
,
Program Chair:
Steve Blackburn
Australian National University, Australia

ACM SIGPLAN Notices Volume 50, Issue 6
PLDI '15
June 2015
630 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2813885
Editor:
Andy Gill
University of Kansas, Lawrence, KS
Issue’s Table of Contents

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 June 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

PLDI '15

Sponsor:

SIGPLAN

PLDI '15: ACM SIGPLAN Conference on Programming Language Design and Implementation

June 13 - 17, 2015

OR, Portland, USA

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
435
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)1

Reflects downloads up to 17 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kim HKim SLee JCha SChristakis MPradel M(2024)AsFuzzer: Differential Testing of Assemblers with Error-Driven Grammar InferenceProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680345(1099-1111)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680345
Hu JChong SSeltzer M(2024)Parallel Assembly SynthesisLogic-Based Program Synthesis and Transformation10.1007/978-3-031-71294-4_1(3-26)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-71294-4_1
Hu JLu EHolland DKawaguchi MChong SSeltzer M(2023)Towards Porting Operating Systems with Program SynthesisACM Transactions on Programming Languages and Systems10.1145/356394345:1(1-70)Online publication date: 3-Mar-2023
https://dl.acm.org/doi/10.1145/3563943
Hu JVaithilingam PChong SSeltzer MGlassman E(2021)Assuage: Assembly Synthesis Using A Guided ExplorationThe 34th Annual ACM Symposium on User Interface Software and Technology10.1145/3472749.3474740(134-148)Online publication date: 10-Oct-2021
https://dl.acm.org/doi/10.1145/3472749.3474740
Mukherjee MKant PLiu ZRegehr J(2020)Dataflow-based pruning for speeding up superoptimizationProceedings of the ACM on Programming Languages10.1145/34282454:OOPSLA(1-24)Online publication date: 13-Nov-2020
https://dl.acm.org/doi/10.1145/3428245
Ghaffarinia MHamlen KCavallaro LKinder JWang XKatz J(2019)Binary Control-Flow TrimmingProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security10.1145/3319535.3345665(1009-1022)Online publication date: 6-Nov-2019
https://dl.acm.org/doi/10.1145/3319535.3345665
Dasgupta SPark DKasampalis TAdve VRoşu GMcKinley KFisher K(2019)A complete formal semantics of x86-64 user-level instruction set architectureProceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3314221.3314601(1133-1148)Online publication date: 8-Jun-2019
https://dl.acm.org/doi/10.1145/3314221.3314601
Collie BGinsbach PO'Boyle M(2019)Type-Directed Program Synthesis and Constraint Generation for Library PortabilityProceedings of the International Conference on Parallel Architectures and Compilation Techniques10.1109/PACT.2019.00013(55-67)Online publication date: 23-Sep-2019
https://dl.acm.org/doi/10.1109/PACT.2019.00013
Drews SAlbarghouthi AD’Antoni L(2019)Efficient Synthesis with Probabilistic ConstraintsComputer Aided Verification10.1007/978-3-030-25540-4_15(278-296)Online publication date: 12-Jul-2019
https://doi.org/10.1007/978-3-030-25540-4_15
Srinivasan VVartanian AReps T(2017)Model-assisted machine-code synthesisProceedings of the ACM on Programming Languages10.1145/31338851:OOPSLA(1-26)Online publication date: 12-Oct-2017
https://dl.acm.org/doi/10.1145/3133885
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents