192,740 research outputs found
Pruning, Pushdown Exception-Flow Analysis
Statically reasoning in the presence of exceptions and about the effects of
exceptions is challenging: exception-flows are mutually determined by
traditional control-flow and points-to analyses. We tackle the challenge of
analyzing exception-flows from two angles. First, from the angle of pruning
control-flows (both normal and exceptional), we derive a pushdown framework for
an object-oriented language with full-featured exceptions. Unlike traditional
analyses, it allows precise matching of throwers to catchers. Second, from the
angle of pruning points-to information, we generalize abstract garbage
collection to object-oriented programs and enhance it with liveness analysis.
We then seamlessly weave the techniques into enhanced reachability computation,
yielding highly precise exception-flow analysis, without becoming intractable,
even for large applications. We evaluate our pruned, pushdown exception-flow
analysis, comparing it with an established analysis on large scale standard
Java benchmarks. The results show that our analysis significantly improves
analysis precision over traditional analysis within a reasonable analysis time.Comment: 14th IEEE International Working Conference on Source Code Analysis
and Manipulatio
Modular Compilation Strategies for Aspect-Oriented Constructs
In our previous work, we presented an aspect-oriented intermediate language, named Nu, to preserve design modularity in object code. Nu is based on two primitives: bind and remove. We showed that maintaining modularity in object code significantly improved the incremental compilation time of aspect-oriented programs. The key contribution of this work is a set of compilation strategies to Nu for a number of AspectJ constructs such as control flow (cflow and cflowbelow), instantiation (perthis, pertarget, percflow, percflowbelow) and dynamic checks (if, this, target, args), as well as composition operators (&& and ||). The motivation was to determine if these high-level language constructs need to be supported in the intermediate language. Our compilation strategies are modular and textually local. To compile a construct in a module, only the information about that module\u27s implementation and the specification of other modules referenced in that module are needed. The generated intermediate code for a construct in a source module is confined to a single module in the object code. We show that our compilation strategies improve incremental compilation time of aspect-oriented programs. We also analyze our intermediate language with respect to constructs that are not directly supported
Symbolic Abstract Heaps for Polymorphic Information-flow Guard Inference (Extended Version)
In the realm of sound object-oriented program analyses for information-flow
control, very few approaches adopt flow-sensitive abstractions of the heap that
enable a precise modeling of implicit flows. To tackle this challenge, we
advance a new symbolic abstraction approach for modeling the heap in Java-like
programs. We use a store-less representation that is parameterized with a
family of relations among references to offer various levels of precision based
on user preferences. This enables us to automatically infer polymorphic
information-flow guards for methods via a co-reachability analysis of a
symbolic finite-state system. We instantiate the heap abstraction with three
different families of relations. We prove the soundness of our approach and
compare the precision and scalability obtained with each instantiated heap
domain by using the IFSpec benchmarks and real-life applications
Doctor of Philosophy
dissertationToday's smartphones house private and confidential data ubiquitously. Mobile apps running on the devices can leak sensitive information by accident or intentionally. To understand application behaviors before running a program, we need to statically analyze it, tracking what data are accessed, where sensitive data ow, and what operations are performed with the data. However, automated identification of malicious behaviors in Android apps is challenging: First, there is a primary challenge in analyzing object-oriented programs precisely, soundly and efficiently, especially in the presence of exceptions. Second, there is an Android-specific challenge|asynchronous execution of multiple entry points. Third, the maliciousness of any given behavior is application-dependent and subject to human judgment. In this work, I develop a generic, highly precise static analysis of object-oriented code with multiple entry points, on which I construct an eective malware identification system with a human in the loop. Specically, I develop a new analysis-pushdown exception-ow analysis, to generalize the analysis of normal control flows and exceptional flows in object-oriented programs. To rene points-to information, I generalize abstract garbage collection to object-oriented programs and enhance it with liveness analysis for even better precision. To tackle Android-specic challenges, I develop multientry point saturation to approximate the eect of arbitrary asynchronous events. To apply the analysis techniques to security, I develop a static taint- ow analysis to track and propagate tainted sensitive data in the push-down exception-flow framework. To accelerate the speed of static analysis, I develop a compact and ecient encoding scheme, called G odel hashes, and integrate it into the analysis framework. All the techniques are realized and evaluated in a system, named AnaDroid. AnaDroid is designed with a human in the loop to specify analysis conguration, properties of interest and then to make the nal judgment and identify where the maliciousness is, based on analysis results. The analysis results include control- ow graphs highlighting suspiciousness, permission and risk-ranking reports. The experiments show that AnaDroid can lead to precise and fast identication of common classes of Android malware
A Type-Based Complexity Analysis of Object Oriented Programs
A type system is introduced for a generic Object Oriented programming
language in order to infer resource upper bounds. A sound andcomplete
characterization of the set of polynomial time computable functions is
obtained. As a consequence, the heap-space and thestack-space requirements of
typed programs are also bounded polynomially. This type system is inspired by
previous works on ImplicitComputational Complexity, using tiering and
non-interference techniques. The presented methodology has several advantages.
First, itprovides explicit big polynomial upper bounds to the programmer,
hence its use could allow the programmer to avoid memory errors.Second, type
checking is decidable in polynomial time. Last, it has a good expressivity
since it analyzes most object oriented featureslike inheritance, overload,
override and recursion. Moreover it can deal with loops guarded by objects and
can also be extended tostatements that alter the control flow like break or
return.Comment: Information and Computation, Elsevier, A Para\^itre, pp.6
Towards Practical Graph-Based Verification for an Object-Oriented Concurrency Model
To harness the power of multi-core and distributed platforms, and to make the
development of concurrent software more accessible to software engineers,
different object-oriented concurrency models such as SCOOP have been proposed.
Despite the practical importance of analysing SCOOP programs, there are
currently no general verification approaches that operate directly on program
code without additional annotations. One reason for this is the multitude of
partially conflicting semantic formalisations for SCOOP (either in theory or
by-implementation). Here, we propose a simple graph transformation system (GTS)
based run-time semantics for SCOOP that grasps the most common features of all
known semantics of the language. This run-time model is implemented in the
state-of-the-art GTS tool GROOVE, which allows us to simulate, analyse, and
verify a subset of SCOOP programs with respect to deadlocks and other
behavioural properties. Besides proposing the first approach to verify SCOOP
programs by automatic translation to GTS, we also highlight our experiences of
applying GTS (and especially GROOVE) for specifying semantics in the form of a
run-time model, which should be transferable to GTS models for other concurrent
languages and libraries.Comment: In Proceedings GaM 2015, arXiv:1504.0244
- …