In this talk, I will overview GrammaTech’s work on machine-code analysis for diverse purposes of reverse engineering, program transformation, and vulnerability detection. I will highlight some challenges and successes in the creation of intermediate representations that aim to reach the depth of information available at the source-code level. The quality of our intermediate representation has allowed us to transform programs for diversification and hardening against attacks, optimization, and intellectual-property protection without modifying program behavior, as validated by extensive test suites.

In addition to variation in the purpose of program analysis, GrammaTech’s work on machine-code analysis varies soundness guarantees afforded by different techniques. Not surprisingly, relaxing soundness guarantees can result in improved scalability and precision of analyses. However, unsound analyses require heuristics that balance weakened guarantees against increased scalability and precision. These heuristics themselves often require sophisticated analyses. I will touch on challenges that are unique to performing heuristic analysis.