{"id":20275635,"url":"https://github.com/softsec-kaist/meandiff","last_synced_at":"2025-09-02T08:43:15.784Z","repository":{"id":67413499,"uuid":"101034315","full_name":"SoftSec-KAIST/MeanDiff","owner":"SoftSec-KAIST","description":"Testing Intermediate Representations for Binary Analysis (ASE '17)","archived":false,"fork":false,"pushed_at":"2018-12-05T06:51:20.000Z","size":378,"stargazers_count":81,"open_issues_count":29,"forks_count":11,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-08-31T17:42:08.412Z","etag":null,"topics":["binary-analysis","differential-testing","fsharp","semantic-bugs","symbolic-execution"],"latest_commit_sha":null,"homepage":"https://softsec-kaist.github.io/MeanDiff/","language":"F#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SoftSec-KAIST.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2017-08-22T07:26:47.000Z","updated_at":"2025-08-04T07:38:45.000Z","dependencies_parsed_at":"2023-02-21T04:31:25.506Z","dependency_job_id":null,"html_url":"https://github.com/SoftSec-KAIST/MeanDiff","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/SoftSec-KAIST/MeanDiff","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SoftSec-KAIST%2FMeanDiff","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SoftSec-KAIST%2FMeanDiff/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SoftSec-KAIST%2FMeanDiff/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SoftSec-KAIST%2FMeanDiff/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SoftSec-KAIST","download_url":"https://codeload.github.com/SoftSec-KAIST/MeanDiff/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SoftSec-KAIST%2FMeanDiff/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273257740,"owners_count":25073531,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-02T02:00:09.530Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary-analysis","differential-testing","fsharp","semantic-bugs","symbolic-execution"],"created_at":"2024-11-14T13:10:23.547Z","updated_at":"2025-09-02T08:43:15.726Z","avatar_url":"https://github.com/SoftSec-KAIST.png","language":"F#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MeanDiff\n\nIf you want to see the details about the system, go to\n[here](https://softsec-kaist.github.io/MeanDiff/).\n\n## Table of Contents\n\n* [Installation](#installation)\n* [Usage](#usage)\n* [Testing additional lifters](#testing-additional-lifters)\n  * [UIR](#uir)\n    * [Abstract Syntax](#abstract-syntax)\n    * [Semantics](#semantics)\n  * [Writing translator for UIR](#writing-translator-to-uir)\n  * [Adding translator to MeanDiff](#adding-translator-to-meandiff)\n* [Citing MeanDiff](#citing-meandiff)\n* [License](#license)\n* [Acknowledgement](#acknowledgement)\n\n## Installation\n\nAs MeanDiff has several external dependencies due to lifters and external\nlibraries, the whole build system is containerized with docker.\n\nAll docker images (for each lifter, etc.) are based to the `BaseImage` (T.B.D\nLink), which used `ubuntu:16.10`.\n\n### Building\n\nStart by building submodules. This could take some time as the docker images\nneeds to be downloaded and built.\n\n    make init\n    make lifters\n    make external\n\nNow, MeanDiff can be built either\n * A. Inside the docker container\n * B. In your native environment\n\nFor option B., you can find dependencies in the respective `Dockerfile`s.\n\nThe resulting binaries are found in the `build` directory.\n\n#### A.\nTo build and setup docker environment:\n\n    ./build_image.sh\n    ./build_src.sh\n\n#### B.\nIf you want to run MeanDiff outside docker, just type `make`.\n\n## Usage\n\nT.B.D.\n\nTo log into the docker container for MeanDiff, taged `build_meandiff`:\n\n    docker run -v $(pwd):/src -ti build_meandiff:latest\n\n## Testing additional lifters\n\n### UIR\n\nUIR stands for `Unified Intermediate Representation`. UIR is used for unifying\nevery BBIR into a single form. UIR is a simple, but Turing-complete language. It\nis also designed to be explicit and self-contained.\n\n#### Abstract Syntax\n\n```\n\u003cEndianT\u003e ::= BE | LE\n\n\u003cUnOpT\u003e   ::= NEG | NOT\n\n\u003cBinOpT\u003e  ::= ADD | SUB | UMUL | SMUL | UDIV | SDIV | UMOD | SMOD | SHL | USHR\n            | SSHR | AND | OR | XOR | CONCAT\n\n\u003cRelOpT\u003e  ::= EQ | NEQ | ULT | SLT | ULE | SLE\n\n\u003cCastOpT\u003e ::= LOW | HIGH | ZERO | SIGN\n\n\u003cExpr\u003e    ::= \u003cNum\u003e | \u003cVar\u003e | [\u003cExpr\u003e]:\u003cSize\u003e | \u003cUnOpT\u003e \u003cExpr\u003e\n            | \u003cExpr\u003e \u003cBinOpT\u003e \u003cExpr\u003e | \u003cExpr\u003e \u003cRelOpT\u003e \u003cExpr\u003e\n            | \u003cExpr\u003e -\u003e \u003cCastOpT\u003e:\u003cSize\u003e | If \u003cExpr\u003e \u003cExpr\u003e \u003cExpr\u003e | Undefined\n\n\u003cStmt\u003e    ::= Start \u003cValue\u003e \u003cSize\u003e \u003cEndianT\u003e | \u003cReg\u003e := \u003cExpr\u003e\n            | [\u003cExpr\u003e] := \u003cExpr\u003e | \u003cSymbol\u003e | If \u003cExpr\u003e \u003cSymbol\u003e \u003cSymbol\u003e\n            | End \u003cExpr\u003e | Unrecognized\n\n\u003cStmts\u003e   ::= \u003cStmt\u003e :: \u003cStmts\u003e | []\n\n\u003cAST\u003e     ::= \u003cStmts\u003e | \u003cUninterpretable\u003e | \u003cIncapable\u003e\n```\n\n#### Semantics\n\nHere, only non-trivial semantics of UIR are shown.\n\nPrimitive types: `\u003cNum\u003e`, `\u003cVar\u003e`, `\u003cSize\u003e`, `\u003cSymbol\u003e`\n\n`\u003cExpr\u003e`:\n - `[\u003cExpr\u003e]:\u003cSize\u003e`: Load a value of size `\u003cSize\u003e` from `\u003cExpr\u003e`.\n - `\u003cExpr\u003e -\u003e \u003cCastOpT\u003e:\u003cSize\u003e`: Enlarge or shorten `\u003cExpr\u003e` of size `\u003cSize\u003e` by\n    referencing `\u003cCastOpT\u003e`.\n - `If \u003cExpr0\u003e \u003cExpr1\u003e \u003cExpr2\u003e`: If-Then-Else expression. `\u003cExpr1\u003e` and\n    `\u003cExpr2\u003e` should have same type.\n\n`\u003cStmt\u003e`:\n - `Start \u003cValue\u003e \u003cSize\u003e \u003cEndianT\u003e`: Indicate information aboutn an instruction\n    and system. The target instruction is placed at `\u003cValue\u003e` with length\n    `\u003cSize\u003e`, and has the endianness of `\u003cEndianT\u003e`.\n - `[\u003cExpr1\u003e] := \u003cExpr2\u003e`: Store `\u003cExpr2\u003e` into the memory pointed by `\u003cExpr1\u003e`.\n - `End \u003cExpr\u003e`: Indicates the end of control-flow of IR statements. `\u003cExpr\u003e`\n    represents the address of next instruction.\n\n### Writing translator for UIR\n\nThere are some rules for a translator from your IR to our UIR.\n - Register names must be in lower cases\n - For each expression and statement, we have a simple type system. See\n    `src/MeanDiff/Type.fs`\n - The first item in `\u003cStmts\u003e` should be `Start`\n - `End` must be placed at the end of the instruction semantics.\n\n### Adding translator to MeanDiff\n\nIn order to add your translator to MeanDiff, you need to manually modify\n`src/MeanDiff/Report.fs` appropriately.\n\n## Citing MeanDiff\n\nTo cite our paper:\n\n```\n@INPROCEEDINGS{kim:ase2017,\n    author = {Soomin Kim, Markus Faerevaag, Minkyu Jung, SeungIl Jung, DongYeop Oh, JongHyup Lee, and Sang Kil Cha},\n    title = {Testing Intermediate Representations for Binary Analysis},\n    booktitle = {Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering},\n    year = {2017},\n    pages = {353--364}\n}\n```\n\n## License\n\nThis project is licensed under the [MIT License](LICENSE.md).\n\n## Acknowledgement\n\nThe work was supported by Institute for Information \u0026 communications Technology Promotion (IITP) grant funded by the Korea government (MSIT).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoftsec-kaist%2Fmeandiff","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsoftsec-kaist%2Fmeandiff","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoftsec-kaist%2Fmeandiff/lists"}