Method for extracting the structure of an input for a binary program

The invention claimed is: 1 . A method for extracting a structure of a binary program, comprising: (a) providing a state machine; (b) providing one or more inputs comprising a serialized representation of a data structure, wherein said data structure comprises one or more fields and wherein such fields are atomic or composite; wherein each atomic field of the data structure comprises one or more values, comprising a sequence of bytes; wherein a token comprises an abstract representation of the values of the atomic field; (c) producing a taint trace comprising a sequence of tuples, wherein the sequence of tuples comprises: an instruction address; an abstracted calling context; and a set of taints, comprising the union of all taints of all operands of an instruction during an invocation of the instruction; (d) from the taint-trace, identifying the one or more field values and each field value's corresponding source index; (e) constructing a taint interval tree; (f) deriving one or more field tokens; (g) classifying each of a set of instructions that accesses the one or more values of the field; (h) inferring a field type for each set of instructions using the classifications of each set; (i) constructing a structure transition graph; and (j) applying each of these steps recursively to construct a recursive state machine. 2 . A method for extracting a structure of a binary program, comprising: (a) providing a state machine, further comprising constructing a state machine from a frontier, comprising: (i) ordering one or more taint interval graph nodes in the frontier according to their start offsets; (ii) for each source index in the frontier, creating a node in the state machine; (iii) marking the source index of the last node in the frontier as the final node of the state machine; (iv) adding a new node; (v) marking the new node as the start node; (vi) annotating each node with the token, type, and data encoding of its respective source index; (vii) adding edges to the taint interval graph; and (viii) adding a start edge; (b) providing one or more inputs comprising a serialized representation of a data structure, wherein said data structure comprises one or more fields and wherein such fields are atomic or composite, and wherein a field may be a numeric type or a string type; wherein each atomic field of the data structure comprises one or more values, comprising a sequence of bytes; wherein a token comprises an abstract representation of the values of the atomic field; (c) producing a taint trace comprising a sequence of tuples; (d) from the taint-trace, identifying the one or more field values and each field value's corresponding source index; (e) constructing a taint interval tree; (f) deriving one or more field tokens; (g) classifying each of a set of instructions that accesses the one or more values of the field; (h) inferring a field type for each set of instructions using the classifications of each set; (i) constructing a structure transition graph; and (i) applying each of these steps recursively to construct a recursive state machine.