Dynamic Branch Resolution Based on Combined Static Analyses

Authors Wei-Tsun Sun, Hugues Cassé

Thumbnail PDF


  • Filesize: 0.5 MB
  • 10 pages

Document Identifiers

Author Details

Wei-Tsun Sun
Hugues Cassé

Cite AsGet BibTex

Wei-Tsun Sun and Hugues Cassé. Dynamic Branch Resolution Based on Combined Static Analyses. In 16th International Workshop on Worst-Case Execution Time Analysis (WCET 2016). Open Access Series in Informatics (OASIcs), Volume 55, pp. 8:1-8:10, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2016)


Static analysis requires the full knowledge of the overall program structure. The structure of a program can be represented by a Control Flow Graph (CFG) where vertices are basic blocks (BB) and edges represent the control flow between the BB. To construct a full CFG, all the BB as well as all of their possible targets addresses must be found. In this paper, we present a method to resolve dynamic branches, that identifies the target addresses of BB created due to the switch-cases and calls on function pointers. We also implemented a slicing method to speed up the overall analysis which makes our approach applicable on large and realistic real-time programs.
  • WCET
  • static analysis
  • dynamic branch
  • assembly
  • machine language


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. G. Balakrishnan, R. Gruian, T. Reps, and T. Teitelbaum. Compiler Construction: 14th International Conference, CC 2005, chapter CodeSurfer/x86 - A Platform for Analyzing x86 Executables, pages 250-254. Springer Berlin, 2005. Google Scholar
  2. G. Balakrishnan and T. Reps. Analyzing memory accesses in x86 executables. In Compiler Construction, volume 2985 of Lecture Notes in Computer Science, pages 2732-2733. Springer Berlin, 2004. Google Scholar
  3. G. Balakrishnan, T. Reps, D. Melski, and T. Teitelbaum. Verified Software: Theories, Tools, Experiments, chapter WYSINWYX: What You See Is Not What You eXecute, pages 202-213. Springer Berlin Heidelberg, 2008. Google Scholar
  4. S. Bardin, P. Herrmann, and F. Védrine. Refinement-based CFG reconstruction from unstructured programs, pages 54-69. Springer, 2011. Google Scholar
  5. Hugues Cassé, Florian Birée, and Pascal Sainrat. Multi-architecture value analysis for machine code. In 13th International Workshop on Worst-Case Execution Time Analysis, WCET 2013, July 9, 2013, Paris, France, pages 42-52, 2013. URL: http://dx.doi.org/10.4230/OASIcs.WCET.2013.42.
  6. P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Conference Record of the Fourth Annual ACM SIGPLAN-SIGACT, pages 238-252. ACM Press, 1977. Google Scholar
  7. Niklas Holsti, Jan Gustafsson, Linus Källberg, and Björn Lisper. Analysing switch-case code with abstract execution. In 15th International Workshop on Worst-Case Execution Time Analysis, WCET 2015, July 7, 2015, Lund, Sweden, pages 85-94, 2015. URL: http://dx.doi.org/10.4230/OASIcs.WCET.2015.85.
  8. S. S. Muchnick. Advanced Compiler Design &Implementation. Morgan Kaufmann, 1997. Google Scholar
  9. WCET Project Mälardalen University. Benchmarks. URL: http://www.mrtc.mdh.se/projects/wcet/benchmarks.html.
  10. C. Sandberg, A. Ermedahl, J. Gustafsson, and B. Lisper. Faster WCET Flow Analysis by Program Slicing. In Proceedings of the 2006 ACM SIGPLAN/SIGBED, pages 103-112. ACM, 2006. Google Scholar
  11. R. Sen and Y. N. Srikant. Executable Analysis with Circular Linear Progressions. Technical Report IISc-CSA-TR-2007-3, Computer Science and Automation Indian Institute of Science, February 2007. Google Scholar
  12. A. Silberschatz, P. B. Galvin, and G. Gagne. Operating system concepts, volume 4. Addison-Wesley Reading, 1998. Google Scholar
  13. H. Theiling. Extracting safe and precise control flow from binaries. In Proc. of 7th Conference on Real-Time Computing System and Applications, 2000. Google Scholar
  14. M. Weiser. Program slicing. In Proceedings of the 5th International Conference on Software Engineering, pages 439-449. IEEE Press, 1981. Google Scholar
  15. W. Yin, L. Jiang, Q. Yin, L. Zhou, and J. Li. A control flow graph reconstruction method from binaries based on XML. In Computer Science-Technology and Applications, 2009. IFCSTA'09. International Forum on, volume 2, pages 226-229, Dec 2009. Google Scholar