Research At GrammaTech

The subject of GrammaTech's research is automatic program analysis. Our work can be categorized along three dimensions:

Static Analysis / Dynamic Analysis:

We work on both static analysis and dynamic analysis, and combinations of the two. Static analyses derive program properties that hold for any possible run of the program (on any possible input). Dynamic analyses are based on observations collected while running a program (on some given set of inputs).

Source Code / Binary Code:

We work on both source code analysis and machine code analysis. Analyses on source code can make use of high-level concepts such as variable types, procedure signatures, and structured control constructs, and are typically portable, i.e., results apply to executables built with any compiler for the language. In contrast, machine-code analysis must infer such high-level concepts from the low-level instructions, but can take advantage of the compilation decisions of the specific compiler used to build the executable. Our research also includes the use of source-code hints to improve (and/or validate) the results of machine-code analyses.

Applications:

Our research can be roughly divided into four application areas:

reverse engineering. We develop tools that help engineers understand program artifacts given either in source code or machine code.
assurance. We develop tools for finding bugs and security vulnerabilities in software. Our research in this area led to CodeSonar®, a commercial flaw-finding tool.
protection. We also work on the converse of reverse engineering: tools that provide software protection. We are developing a toolkit for high-fidelity and pervasive rewriting of software executables.
producibility. We develop tools that aim to lower the cost of software production and maintenance.