377 research outputs found
Coping with the reality: adding crucial features to a typestate-oriented language
Detecting programming errors and vulnerabilities in software is increasingly important,
and building tools that help with this task is an area of investigation, crucial for the
industry these days. When programming in an object-oriented language, one naturally
defines stateful objects that are non-uniform, i.e., their methods’ availability depends
on their internal state. One might represent their intended usage protocol with an automaton
or a state machine. Behavioral types allow to statically check if all the code of a
program respects the usage protocol of each object.
In this thesis we present a tool that extends Java with typestate definitions. These
typestates are associated with Java classes and define the behavior of instances of those
classes, specifying the sequences of method calls allowed. This tool checks statically that
method calls happen in order, following the specified behavior.
The tool was implemented in Kotlin as a plugin for the Checker Framework. It is a
new implementation of the Mungo tool and supports prevention of null pointer errors,
state transitions depending on return values, assurance of protocol completion, droppable
states, and association of protocols with classes from the standard Java library or
from third-party libraries. Additionally, the tool integrates behavioral types with access
permissions, allowing objects to be shared in a controlled way using a language of
assertions. This language of assertions supports concepts like packing and unpacking,
including unpacking of aliases objects, and transferring of permissions between aliases.
To relieve the programmer from manually writing all the necessary assertions, the tool
implements an inference algorithm which analyzes the code statically and, given the uses
of objects, constructs all the required assertions.A deteção de erros de programação e vulnerabilidades no software é cada vez mais
importante, e a criação de ferramentas que ajudem nesta tarefa é uma área de investigação
crucial para a indústria atualmente. Ao programar numa linguagem orientada a
objetos, definem-se naturalmente objetos com estado que não são uniformes, ou seja, a
disponibilidade dos seus métodos depende do seu estado interno. Pode-se representar
o protocolo de uso pretendido com um autómato ou uma máquina de estados. Os tipos
comportamentais permitem verificar estaticamente se todo o código de um programa
respeita o protocolo de uso de cada objeto.
Nesta tese apresentamos uma ferramenta que estende o Java com definições de typestates.
Esses estão associados às classes Java e definem o comportamento das instâncias
dessas classes, especificando as sequências de chamadas de métodos permitidas. Esta ferramenta
verifica estaticamente se as chamadas de métodos ocorrem pela ordem correta,
seguindo o comportamento especificado.
A ferramenta foi implementada em Kotlin como um plugin para o Checker Framework.
É uma implementação nova da ferramenta Mungo e suporta a prevenção de erros de
ponteiro nulo, transições de estado dependendo de valores de retorno, asseguração da
conclusão dos protocolos, objetos que podem ser «largados», e a associação de protocolos
com classes da biblioteca padrão do Java ou de terceiros. Além disso, esta integra tipos
comportamentais com permissões de acesso, permitindo que objetos possam ser partilhados
por meio de uma linguagem de asserções. Esta linguagem de asserções oferece
suporte para conceitos como packing e unpacking, incluindo unpacking de objetos partilhados,
e transferência de permissões entre variáveis que apontam para o mesmo objeto.
Para aliviar o programador de escrever manualmente todas as asserções necessárias, a
ferramenta implementa um algoritmo de inferência que analisa o código estaticamente e,
consoante os usos dos objetos, constrói todas as asserções necessárias
Modeling and Analyzing Security Requirements for Java
Defining access control policies for Java applications can be complex. This project investigates methods to simplify the process. First, static analysis was used to help determine permission requirements. The results of this analysis led towards the development of a new view of Java access control, called the Action-Centric Model. The Action-Centric Model provides a higher-level view of Java access control in order to simplify the process of creating policy and facilitate analysis of existing policies
Data dependent energy modelling for worst case energy consumption analysis
Safely meeting Worst Case Energy Consumption (WCEC) criteria requires
accurate energy modeling of software. We investigate the impact of instruction
operand values upon energy consumption in cacheless embedded processors.
Existing instruction-level energy models typically use measurements from random
input data, providing estimates unsuitable for safe WCEC analysis.
We examine probabilistic energy distributions of instructions and propose a
model for composing instruction sequences using distributions, enabling WCEC
analysis on program basic blocks. The worst case is predicted with statistical
analysis. Further, we verify that the energy of embedded benchmarks can be
characterised as a distribution, and compare our proposed technique with other
methods of estimating energy consumption
Static Analysis of Data Transformations in Jupyter Notebooks
Jupyter notebooks used to pre-process and polish raw data for data science and machine learning processes are challenging to analyze. Their data-centric code manipulates dataframes through call to library functions with complex semantics, and the properties to track over it vary widely depending on the verification task. This paper presents a novel abstract domain that simplifies writing analyses for such programs, by extracting a unique CFG from the notebook that contains all transformations applied to the data. Several properties can then be determined by analyzing such CFG, that is simpler than the original Python code. We present a first use case that exploits our analysis to infer the required shape of the dataframes manipulated by the notebook
Do Android Taint Analysis Tools Keep Their Promises?
In recent years, researchers have developed a number of tools to conduct
taint analysis of Android applications. While all the respective papers aim at
providing a thorough empirical evaluation, comparability is hindered by varying
or unclear evaluation targets. Sometimes, the apps used for evaluation are not
precisely described. In other cases, authors use an established benchmark but
cover it only partially. In yet other cases, the evaluations differ in terms of
the data leaks searched for, or lack a ground truth to compare against. All
those limitations make it impossible to truly compare the tools based on those
published evaluations.
We thus present ReproDroid, a framework allowing the accurate comparison of
Android taint analysis tools. ReproDroid supports researchers in inferring the
ground truth for data leaks in apps, in automatically applying tools to
benchmarks, and in evaluating the obtained results. We use ReproDroid to
comparatively evaluate on equal grounds the six prominent taint analysis tools
Amandroid, DIALDroid, DidFail, DroidSafe, FlowDroid and IccTA. The results are
largely positive although four tools violate some promises concerning features
and accuracy. Finally, we contribute to the area of unbiased benchmarking with
a new and improved version of the open test suite DroidBench
Typechecking protocols with Mungo and StMungo: a session type toolchain for Java
Static typechecking is an important feature of many standard programming languages. However, static typing focuses on data rather than communication, and therefore does not help programmers correctly implement communication protocols in distributed systems. The theory of session types provides a basis for tackling this problem; we use it to develop two tools that support static typechecking of communication protocols in Java. The first tool, Mungo, extends Java with typestate definitions, which allow classes to be associated with state machines defining permitted sequences of method calls: for example, communication methods. The second tool, StMungo, takes a session type describing a communication protocol, and generates a typestate specification of the permitted sequences of messages in the protocol. Protocol implementations can be validated by Mungo against their typestate definitions and then compiled with a standard Java compiler. The result is a toolchain for static typechecking of communication protocols in Java. We formalise and prove soundness of the typestate inference system used by Mungo, and show that our toolchain can be used to typecheck a client for the standard Simple Mail Transfer Protocol (SMTP)
Static Application-Level Race Detection in STM Haskell using Contracts
Writing concurrent programs is a hard task, even when using high-level
synchronization primitives such as transactional memories together with a
functional language with well-controlled side-effects such as Haskell, because
the interferences generated by the processes to each other can occur at
different levels and in a very subtle way. The problem occurs when a thread
leaves or exposes the shared data in an inconsistent state with respect to the
application logic or the real meaning of the data. In this paper, we propose to
associate contracts to transactions and we define a program transformation that
makes it possible to extend static contract checking in the context of STM
Haskell. As a result, we are able to check statically that each transaction of
a STM Haskell program handles the shared data in a such way that a given
consistency property, expressed in the form of a user-defined boolean function,
is preserved. This ensures that bad interference will not occur during the
execution of the concurrent program.Comment: In Proceedings PLACES 2013, arXiv:1312.2218. [email protected];
[email protected]
Compositional Reasoning for Explicit Resource Management in Channel-Based Concurrency
We define a pi-calculus variant with a costed semantics where channels are
treated as resources that must explicitly be allocated before they are used and
can be deallocated when no longer required. We use a substructural type system
tracking permission transfer to construct coinductive proof techniques for
comparing behaviour and resource usage efficiency of concurrent processes. We
establish full abstraction results between our coinductive definitions and a
contextual behavioural preorder describing a notion of process efficiency
w.r.t. its management of resources. We also justify these definitions and
respective proof techniques through numerous examples and a case study
comparing two concurrent implementations of an extensible buffer.Comment: 51 pages, 7 figure
- …