Due to indirect branch instructions, analyses on executables com-monly suffer from the problem that a complete control flow graph of the programis not available. Data flow analysis has been proposed before to statically deter-mine branch targets in many cases, yet a generic strategy without assumptions oncompiler idioms or debug information is lacking. We have devised an abstract interpretation-based framework for generic lowlevel programs with indirect jumps which safely combines a pluggable abstractdomain with the notion of partial control flow graphs. Using our framework, weare able to show that the control flow reconstruction algorithm of our disassemblytool Jakstab produces the most precise overapproximation of the control flowgraph with respect to the used abstract domain.
展开▼