Reachability from a program variable v to a program variable w states that from v, it is possible to follow a path of memory locations that leads to the object bound to w. We present a new abstract domain for the stat...
详细信息
Reachability from a program variable v to a program variable w states that from v, it is possible to follow a path of memory locations that leads to the object bound to w. We present a new abstract domain for the static analysis of possible reachability between program variables or, equivalently, definite unreachability between them. This information is important for improving the precision of other static analyses, such as side-effects, field initialization, cyclicity and path-length analysis, as well as more complex analyses built upon them, such as nullness and termination analysis. We define and prove correct our reachability analysis for java bytecode, defined as a constraint-based analysis, where the constraint is a graph whose nodes are the program points and whose arcs propagate reachability information in accordance to the abstract semantics of each bytecode instruction. For each program point p, our reachability analysis produces an overapproximation of the ordered pairs of variables < v, w > such that v might reach w at p. Seen the other way around, if a pair < v, w > is not present in the overapproximation at p, then v definitely does not reach w at p. We have implemented the analysis inside the Julia static analyzer. Our experiments of analysis of nontrivial java and Android programs show the improvement of precision due to the presence of reachability information. Moreover, reachability analysis actually reduces the overall cost of nullness and termination analysis.
In this paper we analyze the SHKQ software watermarking algorithm, originally due to Stern, Hachez, Koeune and Quisquater. The algorithm has been implemented within the SANDMARK framework, a system designed to allow e...
详细信息
In this paper we analyze the SHKQ software watermarking algorithm, originally due to Stern, Hachez, Koeune and Quisquater. The algorithm has been implemented within the SANDMARK framework, a system designed to allow effective study of software protection algorithms (such as code obfuscation, software watermarking, and code tamper-proofing) targeting java bytecode. The SHKQ algorithm embeds a watermark in a program using a spread spectrum technique. The idea is to spread the watermark over the entire application by modifying instruction frequencies. Spreading the watermark over the code provides a high level of stealth and some manner of resilience against attack. In this paper we describe the implementation of the SHKQ algorithm, in particular the issues that arise when targeting java bytecodes. We then present an empirical examination of the robustness of the watermark against a wide variety of attacks. We conclude that SHKQ, while stealthy, is easily attacked by simple distortive transformations.
A fundamental area of software engineering that remains a challenge is the delivery of software with the minimum of remaining defects. The principal technique currently used in the software industry for the verificati...
详细信息
ISBN:
(纸本)9780954414511
A fundamental area of software engineering that remains a challenge is the delivery of software with the minimum of remaining defects. The principal technique currently used in the software industry for the verification and validation of software is dynamic software testing where the software under consideration is actually executed using test data. The actual generation of test data for the purpose of automated software testing is still however mainly a manual task. This problem is further compounded for java programmers because testing criteria can be imposed at the java bytecode level rather than at the source level. To alleviate these difficulties an Interactive bytecode Inspection System (IBIS) has been developed that allows examination of the java bytecode and the automatic generation and execution of test data.
暂无评论