Prolog to reason about methods and classes in c++ binaries

Just stumbled over this talk …



Similar work can be found for other languages, notably Java. An example is JTransformer:

What i liked about the talk is how the presented justified the need for using Prolog, and the limits of C++ (an imperative language) to do what they needed.

Beside, of course, seeing an example of Prolog use (albeit in academia) …


What I found interesting was that they did not use symbolic execution of the code which gives deep level understanding and should help in the analysis.

I was surprised that some of the runs took a full day to run.

Also they should have considered that their numbers were being compared against a hypothetical idea written version of the code. I am sure the authors of the analyzed code did not do as much analysis of their code and refactor it into such and idea version. It is often common to leave production code in a less ideal state so that it is easier to maintain. In other words, in their example they were expecting certain methods to be in the base case if two or more methods used them in inherited classes, but as we know copy and paste seems to be king. So the number of edits they record might not be correct and would be lower in their favor. In stead they should have two sets of edit values, one between the actual code and the idea code and another between their code and the idea code.

I guess, they wanted to keep to static analysis …


I consider symbolic execution a form of static analysis, it doesn’t run the code the same way it is done on physical hardware so it doesn’t meet the definition of dynamic analysis. If it is not dynamic analysis and most people only consider the analysis to be either static or dynamic, then it must be a form of static analysis, or a new category created for it.