In modern research on program analysis and static vulnerability detection techniques, variables have consistently remained a critical focal point, especially concerning hazardous variables associated with crucial prog...
详细信息
This paper presents a new dataflow coverage criterion for a deeper analysis of possible refinements to the constraints on paths unfolding of software program's behavior. Such refinements represent a feasible chai...
详细信息
ISBN:
(纸本)9783031077272;9783031077265
This paper presents a new dataflow coverage criterion for a deeper analysis of possible refinements to the constraints on paths unfolding of software program's behavior. Such refinements represent a feasible chain of usages of the same variable without redefinitions in-between. An algorithm for reasonable chains selection is proposed.
Modern chip designs are getting more and more complex. To fulfill tight time-to-market constraints, third-party blocks and parts from previous designs are reused. However, these are often poorly documented, making it ...
详细信息
ISBN:
(纸本)9783981537000
Modern chip designs are getting more and more complex. To fulfill tight time-to-market constraints, third-party blocks and parts from previous designs are reused. However, these are often poorly documented, making it hard for a designer to understand the code. Therefore, automatic approaches are required which extract information about the design and support developers in understanding the design. In this paper we introduce a new dynamic data flow analysis tuned to automate design understanding. We present the use of the approach for feature localization and for understanding the design's dataflow. In the evaluation, our analysis improves feature localization by reducing the uncertainty by 41% to 98% compared to a previous approach using coverage metrics.
In this paper, we present an algorithm that efficiently updates results of dataflowanalysis in response to incremental changes. Our incremental algorithm work in two phases: it compute summaries for selected procedur...
详细信息
ISBN:
(纸本)9781665476799
In this paper, we present an algorithm that efficiently updates results of dataflowanalysis in response to incremental changes. Our incremental algorithm work in two phases: it compute summaries for selected procedures in phase 1 by traversing the call graph in bottom-up order and, in phase 2, it updates the dataflow values for selected procedures by traversing call graph in top-down order, thus making the analysis faster. The selection of procedures is done by comparing summaries across the version. We have implemented this algorithm in our proprietary static analysis tool, used by many clientele over the years, for automated defect detection. An evaluation of our algorithm on a core banking application shows that on an average it takes 90% lesser time in comparison to an exhaustive analysis, demonstrating practical benefit of our algorithm on a real-world evolving software system.
Despite the fact that most real-world software systems today are written in multiple programming languages, existing program analysis based security techniques are still limited to single-language code. In consequence...
详细信息
ISBN:
(纸本)9781939133311
Despite the fact that most real-world software systems today are written in multiple programming languages, existing program analysis based security techniques are still limited to single-language code. In consequence, security flaws (e.g., code vulnerabilities) at and across language boundaries are largely left out as blind spots. We present POLYCRUISE, a technique that enables holistic dynamic information flowanalysis (DIFA) across heterogeneous languages hence security applications empowered by DIFA (e.g., vulnerability discovery) for multilingual software. POLYCRUISE combines a light language-specific analysis that computes symbolic dependencies in each language unit with a language-agnostic online data flow analysis guided by those dependencies, in a way that overcomes language heterogeneity. Extensive evaluation of its implementation for Python-C programs against micro, medium-sized, and large-scale benchmarks demonstrated POLYCRUISE's practical scalability and promising capabilities. It has enabled the discovery of 14 unknown cross-language security vulnerabilities in real-world multilingual systems such as NumPy, with 11 confirmed, 8 CVEs assigned, and 8 fixed so far. We also contributed the first benchmark suite for systematically assessing multilingual DIFA.
The Zonal numerical domain is an efficient, weakly-relational abstract domain in static analysis by abstract interpretation. Compared to the Interval domain, the Zonal domain is capable of discovering weak relations b...
详细信息
ISBN:
(数字)9783031067730
ISBN:
(纸本)9783031067730;9783031067723
The Zonal numerical domain is an efficient, weakly-relational abstract domain in static analysis by abstract interpretation. Compared to the Interval domain, the Zonal domain is capable of discovering weak relations between two program variables. To reason about Zonal states, it is imperative that they are transformed into a canonical closed form. This task is accomplished through the transitive closure operation commonly implemented as the all-pairs shortest path algorithm, with O(n(3)) complexity, where n is the number of program variables. In this work, we explore the closed form of Zonal states in the context of a data-flowanalysis framework. Also, we present an incremental transitive closure algorithm that preserves a closed form of an updated Zonal state. The algorithm reduces the overall analysis complexity to O(n(2)). We evaluate our approach by performing intra-procedural Zonal analysis on 63 real-world programs. The results show an improvement in runtime, especially on large programs. For example, an hour-long analyzer run with the traditional Zonal implementation has been reduced to a minute with the proposed incremental Zonal variant.
Smart contracts are self-executing programs that operate on a blockchain. Once deployed, they cannot be altered, which introduces distinct maintenance challenges unlike those found in traditional software systems. Bug...
详细信息
When changing code, developers sometimes neglect updating the related comments, bringing inconsistent or outdated comments. These comments increase the cost of program understanding and greatly reduce software maintai...
详细信息
ISBN:
(纸本)9781450392983
When changing code, developers sometimes neglect updating the related comments, bringing inconsistent or outdated comments. These comments increase the cost of program understanding and greatly reduce software maintainability. Researchers have put forward some solutions, such as CUP and HEBCUP, which update comments efficiently for simple code changes (i.e. modifying of a single token), but not good enough for complex ones. In this paper, we propose an approach named HatCUP (Hybrid analysis and Attention based Comment UPdater), to provide a new mechanism for comment updating task. HatCUP pays attention to hybrid analysis and information. First, HatCUP considers the code structure change information and introduces a structure-guided attention mechanism combined with code change graph analysis and optimistic dataflow dependency analysis. With a generally popular RNN-based encoder-decoder architecture, HatCUP takes the action of the code edits, the syntax, semantics and structure code changes, and old comments as inputs and generates a structural representation of the changes in the current code snippet. Furthermore, instead of directly generating new comments, HatCUP proposes a newedit or non-edit mechanism to mimic human editing behavior, by generating a sequence of edit actions and constructing a modified RNN model to integrate newly developed components. Evaluation on a popular dataset demonstrates that HatCUP outperforms the state-of-the-art deep learning-based approaches (CUP) by 53.8% for accuracy, 31.3% for recall and 14.3% for METEOR of the original metrics. Compared with the heuristic-based approach (HEBCUP), HatCUP also shows better overall performance.
Dynamic taint tracking is a powerful information flowanalysis approach, which can be applied in many analysis scenarios, e.g., debugging, testing, and security vulnerability detection. Most dynamic taint tracking app...
详细信息
ISBN:
(数字)9781665416931
ISBN:
(纸本)9781665416931
Dynamic taint tracking is a powerful information flowanalysis approach, which can be applied in many analysis scenarios, e.g., debugging, testing, and security vulnerability detection. Most dynamic taint tracking approaches are designed for standalone systems, and cannot support inter-node taint tracking in distributed systems. Few inter-node taint tracking approaches are designed for specific distributed systems, e.g., Apache Spark, and require specific modifications to different distributed systems. In this paper, we present DisTA, a generic dynamic taint tracking tool for Java-based distributed systems. By instrumenting common network communication modules in Java, DisTA can perform inter-node taint tracking for different distributed systems with little manual efforts. We evaluate DisTA on five large-scale real-world distributed systems, e.g., ZooKeeper and Yarn, and require only 10 LOC launch script modification on average. The experimental results show that DisTA can accurately track all inter-node taints with a relatively low overhead.
Alk is an educational platform designed for writing, executing, and analyzing algorithms. The platform consists of an algorithmic language, an interpreter able to execute algorithms, and tools to understand, analyse, ...
详细信息
ISBN:
(纸本)9783031103636;9783031103629
Alk is an educational platform designed for writing, executing, and analyzing algorithms. The platform consists of an algorithmic language, an interpreter able to execute algorithms, and tools to understand, analyse, and evaluate algorithms, and to acquire a rigorous algorithm thinking. In this paper, we present Alk and show how the analysis and evaluation tools are built using symbolic execution and data-flowanalysis.
暂无评论