Joe Hendrix

Projects

Reopt Github

Reopt is a general purpose decompilation and recompilation tool for repurposing application logic. It does this by analyzing machine code to recover a more flexible program representation -- specifically the LLVM assembly language. Once in this format, one can then apply optimization tools to optimize the LLVM, recompile the application into optimized or security hardened object code, and use Reopt to merge the recompiled code back into the original executable.

Grackle

https://grackle.galois.com

Grackle is a symbolic execution tool designed for symbolically executing MATLAB and LLVM code, and evaluating those expressions using SAT and SMT solvers such as ABC and Yices. Grackle is intended to enable engineers to reason symbolically about numerical programs. It can be used to, for example, find inputs that may crash a system or exceeds physical tolerances, model compression and decompression routines, or integrate numerical and symbolic solvers.

Galois Program Analysis Libraries

While at Galois, I lead initial development of many of the core libraries used for program analysis and verification. This includes:

Crucible Github

Crucible is a symbolic simulation framework that lets one construct formal mathematical expressions that precisely capturing the semantics of code. It uses the what4 library to send these expressions to automated provers such as SAT and SMT solvers so that you can verify programs correct or find bugs. Crucible supports symbolic execution of many languages including C/C++, Java, and Matlab.

Macaw Github

Macaw is a library that analyzes machine code binaries to understand their structure and the semantics of the code. It uses program analysis to identify functions in a binary, understand the organization of code within each function, and then generates control flow graphs describing the semantics.

What4 Github

What4 is a Haskell library developed at Galois that presents a generic interface to SMT solvers (Z3, Yices, etc.) as well as some specialized solvers such as abc and blt. It makes it easy to generate problems for the solvers, run satisfiability checks and obtain results including counterexamples.

Parameterized-utils Github

Parameterized-utils is a collection of typeclasses and data structures for working with parameterized types, that is types that are polymorphic over a parameter. One example would be a map of type Map k v that for each type tp, maps a key of type k tp to a value of type v tp. This generalizes the normal key-value map in the Haskell containers package to

Microsoft Attack Surface Analyzer 1.0

The Microsoft Attack Surface Analyzer helps software developers, Independent Software Vendors (ISVs) and IT Professionals better understand changes in Windows systems’ attack surface resulting from the installation of new applications.

The Maude Inductive Theorem Prover

The Maude Inductive Theorem Prover is an proof assistant for proving properties about Maude specifications. It supports structural and coverset induction schemes, rewriting-based simplification and an arithmetic decision procedure.

The Maude Sufficient Completness Checker

The Maude Sufficient Completeness Checker is a pair tool designed to check that one has completely defined operations in Maude specifications. The tool currently comes in two different versions, each with different features: (1) a narrowing-based tool integrated with the Maude Inductive Theorem Prover for checking the sufficient completeness of specifications with conditions; (2) a tree automata-based tool for checking the sufficient completeness of specifications with rewriting modulo associativity, commutativity, and identity.

Combining Equational Tree Automata (CETA)

Ceta is a library for reasoning about combinations of equational tree languages. It supports emptiness testing of tree languages definable by a Boolean combination of regular tree automaton over an equational theory containing operators that are associative and/or commutative with identity symbols.

Presentations

• Verified Binary Lifting (slides)
  High Confidence Software and Systems Conference (HCSS) 2021
• Towards Verified Decompilation using Lean 4 Youtube
  Lean Together 2021
  
• High-Assurance Blockchains: Applications and Verification.
  HCSS 2018
• Mobile Connected Devices: Security Challenges and Opportunities.
  SOCC 2016
• Verification of Elliptic Curve Cryptography.
  HCSS 2012
• Cryptol Tutorial.
  with Levent Erkök and Sean Weaver
  HCSS 2011

Publications

PhD Dissertation

Decision Procedures for Equationally Based Reasoning (2008)
University of Illinois at Urbana-Champaign

Conferences and Workshops

• Towards Verified Binary Raising.
  Joe Hendrix, Guannan Wei, Simon Winwood.
  Workshop on Instruction Set Architecture Specification (SpISA 2019)
• Dependently typed Haskell in industry (experience report).
  David Thrane Christiansen, Iavor S. Diatchki, Robert Dockins, Joe Hendrix, and Tristan Ravitch.
  Proc. ACM Program. Lang. 3 (ICFP): 100:1-100:16 (2019)
• Constructing Semantic Models of Programs with the Software Analysis Workbench.
  Robert Dockins, Adam Foltzer, Joe Hendrix, Brian Huffman, Dylan McNamee, and Aaron Tomb.
  VSTTE 2016: 56-72
• Bounded Integer Linear Constraint Solving via Lattice Search. pdf
  Joe Hendrix and Benjamin Jones.
  13th International Workshop on Satisfiability Modulo Theories (SMT 2015)
• SAW: The Software Analysis Workbench.
  Kyle Carter, Adam Foltzer, Joe Hendrix, Brian Huffman, Aaron Tomb.
  Proceedings of 2013 conference on High Integrity Language Technology (HILT 2013)
• Order-sorted Equational Unification Revisited.
  Joe Hendrix and José Meseguer.
  Electron. Notes Theor. Comput. Sci. 290: 37-50 (2012)
• Coverset Induction with Partiality and Subsorts: A Powerlist Case Study
  Joe Hendrix, Deepak Kapur, and José Meseguer.
  ITP, First International Conference (Edinburgh, UK) Volume 6172 of LNCS Springer, 2010: 275--290
• Linear Functional Fixed-points.
  Nikolaj Bjorner and Joe Hendrix.
  CAV, 21st International Conference (Grenoble, France) Volume 5643 of LNCS Springer, 2009: 124--139
• Combining Equational Tree Automata Over AC and ACI Theories.
  Joe Hendrix and Hitoshi Ohsaki.
  Proceedings of RTA (Hagenberg, Austria) Volume 5117 of LNCS. Springer, 2008: 142--156
• Order-sorted Unification.
  Joe Hendrix and José Meseguer.
  RULE 2008 (Hagenberg, Austria)
• The Maude Formal Tool Environment.
  Manuel Clavel, Francisco Durán, Joe Hendrix, Salvador Lucas, José Meseguer and Peter Csaba Ölveczky.
  Proceedings of CALCO (Bergen, Norway) Volume 4624 of LNCS. Springer, 2007: 173--178.
• Diffie-Hellman Cryptographic Reasoning in the Maude-NRL Protocol Analyzer.
  Santiago Escobar, Joe Hendrix, Catherine Meadows, and José Meseguer.
  Proceedings of SecReT (Paris, France), 2007
• On the Completeness of Context-Sensitive Order-sorted Specifications.
  Joe Hendrix and José Meseguer.
  Proceedings of RTA (Paris, France) Volume 4533 of LNCS. Springer, 2007: 229--245.
• A Sufficient Completeness Checker for Linear Order-Sorted Specifications Modulo Axioms.
  Joe Hendrix, José Meseguer, and Hitoshi Ohsaki.
  Proceedings of IJCAR (Seattle, Washington). Volume 4130 of LNCS. Springer, 2006: 151--155.
• Propositional Tree Automata.
  Joe Hendrix, Hitoshi Ohsaki and Mahesh Viswanathan.
  Proceedings of RTA (Seattle, Washington) Volume 4098 of LNCS. Springer, 2006: 50--65.
• A Sufficient Completeness Reasoning Tool for Partial Specifications.
  Joe Hendrix, Manuel Clavel, and Jose Meseguer.
  Proceedings of RTA (Nara, Japan) Volume 3467 of LNCS. Springer, 2005: 165--174.
• Matrices in ACL2.
  Joe Hendrix.
  Proceedings of ACL2 Workshop (Boulder, Colorado), 2003