# TrABin: Trustworthy Analyses of Binaries

**Authors:** Andreas Lindner, Roberto Guanciale, Roberto Metere

arXiv: 1901.05456 · 2019-01-23

## TL;DR

TrABin is a formal binary analysis platform built on HOL4 that ensures trustworthy translation and analysis of binary code through formal proofs and certificates, enhancing reliability in critical software verification.

## Contribution

The paper introduces a formal, proof-producing binary analysis platform that guarantees correctness of translation and analysis, addressing trust issues in existing binary analysis tools.

## Key findings

- Successfully formalized a binary intermediate language in HOL4
- Developed proof-producing transpilers for ARMv8 and CortexM0
- Benchmarked with an AES encryption implementation

## Abstract

Verification of microkernels, device drivers, and crypto routines requires analyses at the binary level. In order to automate these analyses, in the last years several binary analysis platforms have been introduced. These platforms share a common design: the adoption of hardware-independent intermediate representations, a mechanism to translate architecture dependent code to this representation, and a set of architecture independent analyses that process the intermediate representation. The usage of these platforms to verify software introduces the need for trusting both the correctness of the translation from binary code to intermediate language (called transpilation) and the correctness of the analyses. Achieving a high degree of trust is challenging since the transpilation must handle (i) all the side effects of the instructions, (ii) multiple instruction encodings (e.g. ARM Thumb), and (iii) variable instruction length (e.g. Intel). Similarly, analyses can use complex transformations (e.g. loop unrolling) and simplifications (e.g. partial evaluation) of the artifacts, whose bugs can jeopardize correctness of the results. We overcome these problems by developing a binary analysis platform on top of the interactive theorem prover HOL4. First, we formally model a binary intermediate language and we prove correctness of several supporting tools (i.e. a type checker). Then, we implement two proof-producing transpilers, which respectively translate ARMv8 and CortexM0 programs to the intermediate language and generate a certificate. This certificate is a HOL4 proof demonstrating correctness of the translation. As demonstrating analysis, we implement a proof-producing weakest precondition generator, which can be used to verify that a given loop-free program fragment satisfies a contract. Finally, we use an AES encryption implementation to benchmark our platform.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1901.05456/full.md

## Figures

10 figures with captions in the complete paper: https://tomesphere.com/paper/1901.05456/full.md

## References

31 references — full list in the complete paper: https://tomesphere.com/paper/1901.05456/full.md

---
Source: https://tomesphere.com/paper/1901.05456