Results 1 -
6 of
6
Static program analysis for Java Card applets
"... Abstract. The Java Card API provides a framework of classes and interfaces that hides the details of the underlying smart card interface, thus relieving developers from going through the swamps of microcontroller programming. This allows application developers to concentrate most of their efforts on ..."
Abstract
-
Cited by 4 (2 self)
- Add to MetaCart
(Show Context)
Abstract. The Java Card API provides a framework of classes and interfaces that hides the details of the underlying smart card interface, thus relieving developers from going through the swamps of microcontroller programming. This allows application developers to concentrate most of their efforts on the details of application, assuming proper use of the Java Card API calls regarding (i) the correctness of the methods ’ invocation targets and their arguments and (ii) temporal safety, i.e. the requirement that certain method calls have to be used in certain orders. Several characteristics of the Java Card applets and their multiple-entry-point program structure make it possible for a potentially unhandled exception to reach the invoked entry point. This contingency opens a possibility of leaving the applet in an unpredictable state that is potentially dangerous for the application’s security. Our work introduces automatic static program analysis as a means for the early detection of misused and therefore dangerous API calls. The shown analyses have been implemented within the FindBugs bug detector, an open source framework that applies static analysis functions on the applet bytecode.
Detecting Data Race and Atomicity Violation via Typestate-Guided Static Analysis
"... The correctness of typestate properties in a multithreaded program often depends on the assumption of certain concurrency invariants. However, standard typestate analysis and concurrency analysis are disjoint in that the former is unable to understand threading effects and the latter does not take t ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
(Show Context)
The correctness of typestate properties in a multithreaded program often depends on the assumption of certain concurrency invariants. However, standard typestate analysis and concurrency analysis are disjoint in that the former is unable to understand threading effects and the latter does not take typestate properties into consideration. We combine these two previously separate approaches and develop a novel typestate-driven concurrency analysis for detecting race conditions and atomicity violations. Our analysis is based on a reformulation of typestate systems in which state transitions of a shared variable are controlled by the locking state of that variable. By combining typestate checking with lockset analysis, we can selectively transfer the typestate to a transient state to simulate the thread interference effect, thus uncovering a new class of typestate errors directly related to low-level or high-level data races. Such a concurrency bug is more likely to be harmful, compared with those found by existing concurrency checkers, because there exists a concrete evidence that it may eventually lead to a typestate error as well. We have implemented a race and atomicity checker for C/C++ programs by extending a NULL pointer dereference analysis. To support large legacy code, our approach does not require a priori annotations; instead, it automatically infers the lock/data guardianship relation and variable correlations. We have applied the toolset to check a future version of the Windows operating system, finding many concurrency errors that cannot be discovered by previous tools.
SUMMARY-BASED POINTER ANALYSIS FRAMEWORK FOR MODULAR BUG FINDING
, 2007
"... Modern society is irreversibly dependent on computers and, consequently, on software. However, as the complexity of programs increase, so does the number of defects within them. To alleviate the problem, automated techniques are constantly used to improve software quality. Static analysis is one suc ..."
Abstract
-
Cited by 2 (2 self)
- Add to MetaCart
Modern society is irreversibly dependent on computers and, consequently, on software. However, as the complexity of programs increase, so does the number of defects within them. To alleviate the problem, automated techniques are constantly used to improve software quality. Static analysis is one such approach in which violations of correctness properties are searched and reported. Static analysis has many advantages, but it is necessarily conservative because it symbolically executes the program instead of using real inputs, and it considers all possible executions simultaneously. Being conservative often means issuing false alarms, or missing real program errors. Pointer variables are a challenging aspect of many languages that can force static analyis tools to be overly conservative. It is often unclear what variables are affected by pointer-manipulating expressions, and aliasing between variables is one of the banes of program analysis. To alleviate that, a common solution is to allow the programmer to provide annotations such as declaring a variable as unaliased in a given scope, or providing special constructs such as the “never-null” pointer of Cyclone. However, programmers rarely keep these annotations up-to-date. The solution is to provide some form of pointer analysis, which derives useful information about pointer variables in the program. An appropriate pointer analysis equips the static tool so that it is
On temporal path conditions in dependence graphs
- Journal of Automated Software Engineering
"... Abstract Program dependence graphs are a well-established device to represent possible information flow in a program. Path conditions in dependence graphs have been proposed to express more detailed circumstances of a particular flow; they provide precise necessary conditions for information flow a ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
Abstract Program dependence graphs are a well-established device to represent possible information flow in a program. Path conditions in dependence graphs have been proposed to express more detailed circumstances of a particular flow; they provide precise necessary conditions for information flow along a path or chop in a dependence graph. Ordinary boolean path conditions, however, cannot express temporal properties, e.g. that for a specific flow it is necessary that some condition holds, and later another specific condition holds. In this contribution, we introduce temporal path conditions, which extend ordinary path conditions by temporal operators in order to express temporal dependencies between conditions for a flow. We present motivating examples, generation and simplification rules, application of model checking to generate witnesses for a specific flow, and a case study. We prove the following soundness property: if a temporal path condition for a path is satisfiable, then the ordinary boolean path condition for the path is satisfiable. The converse does not hold, indicating that temporal path conditions are more precise.
Scalable Path-Sensitive Program Analysis via Dynamic Programming
"... Path-sensitivity improves program analysis by excluding infeasible paths and avoiding the merging of paths into a single abstraction if they exhibit different behavior. The main challenge however is that path-sensitive analysis is not scalable. In this paper, we present a symbolic execution-based fr ..."
Abstract
- Add to MetaCart
(Show Context)
Path-sensitivity improves program analysis by excluding infeasible paths and avoiding the merging of paths into a single abstraction if they exhibit different behavior. The main challenge however is that path-sensitive analysis is not scalable. In this paper, we present a symbolic execution-based framework which uses dynamic programming (DP) in order to reuse analyses arising from symbolic execution already performed. A straightforward implementation of DP, however, will allow little reuse. This is because symbolic execution repeatedly considers similar subtrees with different contexts. The first of our contributions to use a method of interpolation in order to generalize the result of symbolic execution so that it can be reused in another context. This has the effect of pruning the symbolic execution space, and is the basis of making our analysis scalable. However, interpolation introduces inaccuracy because some of the paths pruned may in fact be infeasible. We therefore introduce a technique to ensure precision by testing that a notion of witness paths that concretely demonstrate a particular analysis, and we require that pruned paths satisfy the witness criterion. In the end, we show that, in a sense defined by traditional abstract interpretation, our framework loses no accuracy beyond the abstraction that is required to close loops via their invariants. We finally demonstrate practicality of our framework by instantiating it with a driving application: static backward slicing analysis. We show that our approach can produce slices significantly smaller than a path-insensitive version scaling up to tens of thousand of lines of C code. 1.
SEE PROFILE
, 2016
"... Abstract. The Java Card API provides a framework of classes and interfaces that hides the details of the underlying smart card interface, thus relieving de-velopers from going through the swamps of microcontroller programming. This allows application developers to concentrate most of their efforts o ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. The Java Card API provides a framework of classes and interfaces that hides the details of the underlying smart card interface, thus relieving de-velopers from going through the swamps of microcontroller programming. This allows application developers to concentrate most of their efforts on the details of application, assuming proper use of the Java Card API calls regarding (i) the correctness of the methods ’ invocation targets and their arguments and (ii) temporal safety, i.e. the requirement that certain method calls have to be used in certain orders. Several characteristics of the Java Card applets and their multi-ple-entry-point program structure make it possible for a potentially unhandled exception to reach the invoked entry point. This contingency opens a possibil-ity of leaving the applet in an unpredictable state that is potentially dangerous for the application’s security. Our work introduces automatic static program analysis as a means for the early detection of misused and therefore dangerous API calls. The shown analyses have been implemented within the FindBugs bug detector, an open source framework that applies static analysis functions on
