SpringerLink
Log in

Turna: a control flow graph reconstruction tool for RISC-V architecture

  • Regular Paper
  • Published:
Computing Aims and scope Submit manuscript

Abstract

A control flow graph (CFG) is a type of directed graph that shows the execution paths of the programs. It is a mathematical structure that is actively used in software testing. It can be constructed from the source or the executable of the program. Construction of the CFG from the executable is called CFG reconstruction. CFG reconstruction is used in many areas of computer science, like reverse engineering, security analysis, and worst-case execution time analysis. CFG reconstruction can be performed using a static, dynamic, or hybrid approach. This paper introduces a new CFG reconstruction tool named Turna that uses a hybrid approach. Turna works on programs that are compiled for RISC-V architecture. One of the main phases of CFG reconstruction is basic block detection. Therefore, together with Turna, a new rule set and an algorithm for basic block detection from RISC-V executables are also introduced. The CFG reconstruction process and the outputs of Turna are shared and discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Data availibility statement

The test results of Turna can be obtained from Turna’s repository [11, 12].

Code Availability

Turna is open-source and can be obtained over the internet [11, 12].

References

  1. Paul A, Jeff O (2016) Introduction to software testing, 2nd edn. Cambridge University Press, Cambridge. https://doi.org/10.1017/9781316771273

    Book  MATH  Google Scholar 

  2. Davis RI, Cucu-Grosjean L (2019) A survey of probabilistic timing analysis techniques for real-time systems. Leibniz Trans Embed Syst (LITES) 6(1):3–1360. https://doi.org/10.4230/LITES-v006-i001-a003

    Article  Google Scholar 

  3. Cazorla FJ, Kosmidis L, Mezzetti E, Hernandez C, Abella J, Vardanega T (2019) Probabilistic worst-case timing analysis: taxonomy and comprehensive survey. ACM Comput Surv 52(1):14–11435. https://doi.org/10.1145/3301283

    Article  Google Scholar 

  4. Wilhelm R, Mitra T, Mueller F, Puaut I, Puschner P, Staschulat J, Stenström P, Engblom J, Ermedahl A, Holsti N, Thesing S, Whalley D, Bernat G, Ferdinand C, Heckmann R (2008) The worst-case execution-time problem-overview of methods and survey of tools. ACM Trans Embed Comput Syst 7(3):1–53. https://doi.org/10.1145/1347375.1347389

    Article  Google Scholar 

  5. Patterson DA, Hennessy JL (2007) Computer organization and design: the hardware software interface, 3rd edn. Morgan Kaufmann, Massachusetts

    MATH  Google Scholar 

  6. Waterman A, Asanovi K (eds) (2019) The RISC-V instruction set manual, volume I: unprivileged ISA, document version 20190608-Base-Ratified. RISC-V Foundation, California

  7. Waterman A, Asanovi K (eds) (2019) The RISC-V instruction set manual volume II: privileged architecture document version 20190608-Priv-MSU-Ratified. RISC-V Foundation, California

  8. RISC-V Foundation (2022) RISC-V foundation instruction set architecture (ISA). https://riscv.org. Accessed 29 July 2022

  9. Binkert N, Sardashti S, Sen R, Sewell K, Shoaib M, Vaish N, Hill MD, Wood DA, Beckmann B, Black G, Reinhardt SK, Saidi A, Basu A, Hestness J, Hower DR, Krishna T (2011) The gem5 simulator. ACM SIGARCH Comput Archit News 39(2):1. https://doi.org/10.1145/2024716.2024718

    Article  Google Scholar 

  10. gem5: gem5 homepage (2022). http://gem5.org. Accessed 29 July 2022

  11. Sakarya University (2022) Sakarya University real-time systems research laboratory. https://rtsrlab.sakarya.edu.tr. Accessed 29 July 2022

  12. Sakarya University (2022) Turna—GitHub repository. https://github.com/veyselharun/Turna. Accessed 29 July 2022

  13. Kinder J (2010) Static analysis of x86 executables. PhD thesis, Technische Universität Darmstadt

  14. Schwartz EJ, Lee J, Woo M, Brumley D (2013) Native x86 decompilation using semantics-preserving structural analysis and iterative control-flow structuring. In: 22nd USENIX security symposium (USENIX Security 13). USENIX Association, Washington, D.C, pp 353–368

  15. Panchenko M, Auler R, Nel, B, Ottoni, G (2019) BOLT: a practical binary optimizer for data centers and beyond. In: 2019 IEEE/ACM international symposium on code generation and optimization (CGO). IEEE, Washington, DC, USA, pp 2–14. https://doi.org/10.1109/CGO.2019.8661201

  16. Zhou R, Jones TM (2019) Janus: statically-driven and profile-guided automatic dynamic binary parallelisation. In: 2019 IEEE/ACM international symposium on code generation and optimization (CGO). IEEE, Washington, DC, USA, pp 15–25. https://doi.org/10.1109/CGO.2019.8661196

  17. Kästner D, Pister M, Wegener S, Ferdinand C (2019) TimeWeaver: a tool for hybrid worst-case execution time analysis. In: Altmeyer S (ed) 19th International workshop on worst-case execution time analysis (WCET 2019). OpenAccess Series in Informatics (OASIcs), vol 72. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, pp 1–1111. https://doi.org/10.4230/OASIcs.WCET.2019.1

  18. Meng X, Miller BP (2016) Binary code is not easy. In: Proceedings of the 25th international symposium on software testing and analysis. ACM, Saarbrücken Germany, pp 24–35. https://doi.org/10.1145/2931037.2931047

  19. **g J, Lie-Hui J, Tie-Ming L, Zhen-Yu W, Rui-Min W (2013) A precision-tunable CFG reconstruction algorithm. In: Proceedings 2013 international conference on mechatronic sciences, electric engineering and computer (MEC). IEEE, Shengyang, China, pp 2095–2099. https://doi.org/10.1109/MEC.2013.6885396

  20. Yin W, Jiang L, Yin Q, Zhou L, Li J (2009) A control flow graph reconstruction method from binaries based on XML. In: 2009 International forum on computer science-technology and applications. IEEE, Chongqing, China, pp 226–229. https://doi.org/10.1109/IFCSTA.2009.176

  21. Dariz L, Ruggeri M, Selvatici M (2015) A static microcode analysis tool for programmable load drivers. In: 2015 IEEE 15th international working conference on source code analysis and manipulation (SCAM). IEEE, Bremen, pp 265–270. https://doi.org/10.1109/SCAM.2015.7335424

  22. Bermudo N, Krall A, Horspool N (2005) Control flow graph reconstruction for assembly language programs with delayed instructions. In: Fifth IEEE international workshop on source code analysis and manipulation (SCAM’05). IEEE, Budapest, Hungary, pp 107–118. https://doi.org/10.1109/SCAM.2005.6

  23. Yount C, Patil H, Islam MS (2015) Graph-matching-based simulation-region selection for multiple binaries. In: 2015 IEEE international symposium on performance analysis of systems and software (ISPASS). IEEE, Philadelphia, PA, USA, pp 52–61. https://doi.org/10.1109/ISPASS.2015.7095784

  24. Gruber F, Selva M, Sampaio D, Guillon C, Moynault A, Pouchet L-N, Rastello F (2019) Data-flow/dependence profiling for structured transformations. In: Proceedings of the 24th symposium on principles and practice of parallel programming. ACM, Washington District of Columbia, pp 173–185. https://doi.org/10.1145/3293883.3295737

  25. Xu L, Sun F, Su Z (2009) Constructing precise control flow graphs from binaries. Technical report, University of California, Davis, CA

  26. Rimsa A, Nelson Amaral J, Pereira FMQ (2021) Practical dynamic reconstruction of control flow graphs. Softw Pract Exp 51(2):353–384. https://doi.org/10.1002/spe.2907

    Article  Google Scholar 

  27. Hu Y, Zhang Y, Li J, Wang H, Li B, Gu D (2018) BinMatch: a semantics-based hybrid approach on binary code clone analysis. In: 2018 IEEE international conference on software maintenance and evolution (ICSME). IEEE, Madrid, pp 104–114. https://doi.org/10.1109/ICSME.2018.00019

  28. Wright D (2017) WCET analysis of object code with zero instrumentation. https://www.rapitasystems.com/blog/wcet-analysis-object-code-zero-instrumentation. Accessed 29 July 2022

  29. NetworkX (2023) NetworkX home page. https://networkx.org. Accessed 08 Jan 2023

  30. Graphviz (2023) Graphviz home page. https://graphviz.org. Accessed 08 Jan 2023

  31. Ellson J, Gansner ER, Koutsofios E, North SC, Woodhull G (2004) Graphviz and dynagraph—static and dynamic graph drawing tools. In: Jünger M, Mutzel P (eds) Graph drawing software. Springer, Berlin, Heidelberg, pp 127–148. https://doi.org/10.1007/978-3-642-18638-7_6

  32. Wohlin C, Runeson P, Höst M, Ohlsson MC, Regnell B, Wesslén A (2012) Experimentation in software engineering computer science. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29044-2

    Book  MATH  Google Scholar 

  33. Gustafsson J, Betts A, Ermedahl A, Lisper B (2010) The Mälardalen WCET benchmarks: past, present and future. In: Lisper B (ed) 10th International workshop on worst-case execution time analysis (WCET 2010), vol 15. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, pp 136–146. https://doi.org/10.4230/OASIcs.WCET.2010.136

  34. Mälardalen Real-Time Research Center (2013) The Mälardalen WCET Benchmarks homepage. http://www.mrtc.mdh.se/projects/wcet/benchmarks.html. Accessed 27 July 2022

Download references

Funding

The author did not receive support from any organization for the submitted work.

Author information

Authors and Affiliations

  1. Department of Software Engineering, Sakarya University, 54050, Serdivan, Sakarya, Turkey

    Veysel Harun Sahin

Authors
  1. Veysel Harun Sahin
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Not applicable.

Corresponding author

Correspondence to Veysel Harun Sahin.

Ethics declarations

Conflict of interest

The author declare he has no financial interest.

Ethics approval

Not applicable.

Consent to participate

Not applicable.

Consent for publication

Not applicable.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sahin, V.H. Turna: a control flow graph reconstruction tool for RISC-V architecture. Computing 105, 1821–1845 (2023). https://doi.org/10.1007/s00607-023-01172-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00607-023-01172-y

Keywords

Mathematics Subject Classification

Search

Navigation