Skip to main content

WYSINWYX: What You See Is Not What You eXecute

Professor Thomas Reps ( University of Wisconsin )
What You See Is Not What You eXecute: computers do not execute
source-code programs; they execute machine-code programs that are
generated from source code.  Not only can the WYSINWYX phenomenon
create a mismatch between what a programmer intends and what is
actually executed by the processor, it can cause analyses that are
performed on source code -- the approach followed by most
program-analysis tools -- to fail to detect bugs and security
vulnerabilities.

To address the WYSINWYX problem, we have developed algorithms to
recover information from stripped executables about the memory-access
operations that the program performs.  These algorithms are used in
the CodeSurfer/x86 tool to construct intermediate representations that
are used for browsing, inspecting, and analyzing stripped x86
executables.

Joint work with G. Balakrishnan (NEC), J. Lim (UW), and T. Teitelbaum
(Cornell and GrammaTech, Inc.).

Share this: