Vine: The BitBlaze Static Analysis Component
[Overview] [Publications / Documentation] [Downloads] [Acknowledgement] [Mailing List] [Back to BitBlaze]


In order to reason about assembly (and in particular, x86 assembly), it is necessary to accurately model the effects of each instruction. However, this is a difficult task, since x86 consists of hundreds of instructions. Compounding the problem is the fact that x86 has instructions with implicit side effects (e.g., setting the EFLAGS register), complex instructions (e.g., single instruction loops using "rep"), several register addressing modes, and even the semantics of the instruction themselves may change depending on the operand (e.g., "shl" does not set EFLAGS when the shift amount is 0, else it does). In order to address these problems, we have developed Vine, an intermediate language (IL) for reasoning about assembly. We lift up all x86 instructions to the Vine IL, which is a simple, RISC like language that makes subsequent analysis possible. Our IL reduces the hundreds of x86 instructions to about a dozen different statements. Note our IL is not a decompilation: our goal is not to recover a higher-level language representation of the code, but to analyze assembly as a first class language. Vine also provides an infrastructure for manipulating and performing automated analysis on our IL. We currently have the ability to: Our Vine component consists of code written in C++ to lift x86 to the IL, and OCaml to then perform additional analysis.

Publications and Documentation

BitBlaze: A New Approach to Computer Security via Binary Analysis
Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, and Prateek Saxena. Keynote Invited Paper, In Proceedings of the 4th International Conference on Information Systems Security, December 2008. A high-level overview covering Vine, TEMU, and Rudder.

Vine Installation and User Manual (HTML) (or PDF)
Describes how to build Vine, and gives a tutorial-style introduction to its language and usage.


Vine 1.0 is now available for download under the GNU General Public License. The release includes C++ and OCaml source code and appropriate versions of the VEX library and the STP decision procedure for recent Linux/x86 systems.

The version 1.0 release contains some of the core Vine functionality related to the IL and trace processing, but we have plans to release more parts of Vine in the future: stay subscribed to the bitblaze-announcements list for updates.

vine-1.0.tar.gz (3.3MB)

Acknowledgement and Citation

To acknowledge the use of the downloaded software, please include both of the following two citations:
  author = {Dawn Song and David Brumley and Heng Yin and Juan Caballero and
    Ivan Jager and Min Gyung Kang and Zhenkai Liang and James Newsome and
    Pongsin Poosankam and Prateek Saxena},
  title = {{BitBlaze}: A New Approach to Computer Security via Binary Analysis},
  booktitle = {Proceedings of the 4th International Conference on Information Systems Security. Keynote invited paper.},
  address = {Hyderabad, India},
  year = 2008,
  month = dec,

  key = {BitBlaze},
  title = {{BitBlaze}: Binary Analysis for Computer Security},
  note = {\url{}}

Mailing List and Contact

Though we are not providing formal support for Vine at this time, we would like to hear if you are making use of it, if you run into any bugs or problems, or if you have suggestions for feature additions. Please subscribe to the bitblaze-users mailing list (via Google Groups) and share your experiences.

For general questions regarding the BitBlaze project, please send email to bitblaze at

To receive announcements about code releases and other bitblaze related updates, please subscribe to the Bitblaze Announcement List

Back to BitBlaze