300 research outputs found
An efficient, parametric fixpoint algorithm for analysis of java bytecode
Abstract interpretation has been widely used for the analysis of object-oriented languages and, in particular, Java source and bytecode. However, while most existing work deals with the problem of flnding expressive abstract domains that track accurately the characteristics of a particular concrete property, the underlying flxpoint algorithms have received comparatively less attention. In fact, many existing (abstract interpretation based—) flxpoint algorithms rely on relatively inefHcient techniques for solving inter-procedural caligraphs or are speciflc and tied to particular analyses. We also argüe that the design of an efficient fixpoint algorithm is pivotal to supporting the analysis of large programs. In this paper we introduce a novel algorithm for analysis of Java bytecode which includes a number of optimizations in order to reduce the number of iterations. The algorithm is parametric -in the sense that it is independent of the abstract domain used and it can be applied to different domains as "plug-ins"-, multivariant, and flow-sensitive. Also, is based on a program transformation, prior to the analysis, that results in a highly uniform representation of all the features in the language and therefore simplifies analysis. Detailed descriptions of decompilation solutions are given and discussed with an example. We also provide some performance data from a preliminary implementation of the analysis
Preventing SQL Injection through Automatic Query Sanitization with ASSIST
Web applications are becoming an essential part of our everyday lives. Many
of our activities are dependent on the functionality and security of these
applications. As the scale of these applications grows, injection
vulnerabilities such as SQL injection are major security challenges for
developers today. This paper presents the technique of automatic query
sanitization to automatically remove SQL injection vulnerabilities in code. In
our technique, a combination of static analysis and program transformation are
used to automatically instrument web applications with sanitization code. We
have implemented this technique in a tool named ASSIST (Automatic and Static
SQL Injection Sanitization Tool) for protecting Java-based web applications.
Our experimental evaluation showed that our technique is effective against SQL
injection vulnerabilities and has a low overhead.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330
Magic with Dynamo -- Flexible Cross-Component Linking for Java with Invokedynamic
Modern software systems are not built from scratch. They use functionality provided by libraries. These libraries evolve and often upgrades are deployed without the systems being recompiled.
In Java, this process is particularly error-prone due to the mismatch between source and binary compatibility,
and the lack of API stability in many popular libraries.
We propose a novel approach to mitigate this problem based on the use of invokedynamic instructions for cross-component method invocations. The dispatch mechanism of invokedynamic is used to provide on-the-fly signature adaptation. We show how this idea can be used to construct a Java compiler that produces more resilient bytecode.
We present the dynamo compiler, a proof-of-concept implemented as a javac post compiler. We evaluate our approach using several benchmark examples and two case studies showing how the dynamo compiler can prevent certain types of linkage and stack overflow errors that have been observed in real-world systems
An efficient, parametric fixpoint algorithm for incremental analysis of java bytecode
Abstract interpretation has been widely used for the analysis of object-oriented languages and, more precisely, Java source and bytecode. However, while most of the existing work deals with the problem of finding expressive abstract domains that track accurately the characteristics of a particular concrete property, the underlying fixpoint
algorithms have received comparatively less attention. In fact, many existing (abstract interpretation based) fixpoint algorithms rely on relatively inefficient techniques to solve inter-procedural call graphs or are specific and tied to particular analyses. We argue that the design of an efficient fixpoint algorithm is pivotal to support the analysis of large programs. In this paper we introduce a novel algorithm for analysis of Java bytecode which includes a number of optimizations in order to reduce the number of iterations. Also, the algorithm is parametric in the sense that it is independent of the abstract domain used and it can be applied to different domains as "plug-ins". It is also incremental in the sense that, if desired, analysis data can be saved so that only a reduced amount of reanalysis is needed after a small program change, which can be instrumental for large programs. The algorithm is also multivariant and flowsensitive. Finally, another interesting characteristic of the algorithm is that it is based on a program transformation, prior to the analysis, that results in a highly uniform representation of all the features in the language and therefore simplifies analysis. Detailed descriptions of decompilation solutions are provided and discussed with an example
Magic-sets for localised analysis of Java bytecode
Static analyses based on denotational semantics can naturally modelfunctional behaviours of the code in a compositionaland completely context and flow sensitive way. But theyonly model the functional, ie., input/output behaviour of a program P,not enough if one needs P's internal behaviours,ie., from the input to some internal program points.This is, however, a frequent requirement for a useful staticanalysis. In this paper, weovercome this limitation, for the case of mono-threaded Java bytecode,with a technique used up to nowfor logic programs only. Namely, we define a programtransformation that adds new "magic" blocks of code to theprogram P, whose functional behaviours are the internal behaviours of P.We prove the transformation correct wrt. an operationalsemantics and define an equivalent denotational semantics, devised forabstract interpretation, whosedenotations for the magic blocks are hence the internal behavioursof P. We implement our transformationand instantiate it with abstract domains modellingsharing of two variables, non-cyclicity of variables,nullness of variables, class initialisation informationand size of the values bound to program variables.We get a static analyser for full mono-threaded Java bytecode that is faster andscales better than another operational pair-sharing analyser.It has the same speed but is more precisethan a constraint-based nullness analyser. It makes a polyhedralsize analysis of Java bytecode scale up to 1300 methods in a coupleof minutes and a zone-based size analysis scale to still largerapplications
A generic, context sensitive analysis framework for object oriented programs
Abstract interpreters rely on the existence of a nxpoint algorithm that calculates a least upper bound approximation of the semantics of the program. Usually, that algorithm is described in terms of the particular language in study and therefore it is not directly applicable to programs written in a different source language. In this paper we introduce
a generic, block-based, and uniform representation of the program control flow graph and a language-independent nxpoint algorithm that can be applied to a variety of languages and, in particular, Java. Two major characteristics of our approach are accuracy (obtained through a topdown, context sensitive approach) and reasonable efficiency (achieved by means of memoization and dependency tracking techniques). We have also implemented the proposed framework and show some initial experimental
results for standard benchmarks, which further support the
feasibility of the solution adopted
Coverage-Based Debloating for Java Bytecode
Software bloat is code that is packaged in an application but is actually not
necessary to run the application. The presence of software bloat is an issue
for security, for performance, and for maintenance. In this paper, we introduce
a novel technique for debloating Java bytecode, which we call coverage-based
debloating. We leverage a combination of state-of-the-art Java bytecode
coverage tools to precisely capture what parts of a project and its
dependencies are used at runtime. Then, we automatically remove the parts that
are not covered to generate a debloated version of the compiled project. We
successfully generate debloated versions of 220 open-source Java libraries,
which are syntactically correct and preserve their original behavior according
to the workload. Our results indicate that 68.3% of the libraries' bytecode and
20.5% of their total dependencies can be removed through coverage-based
debloating. Meanwhile, we present the first experiment that assesses the
utility of debloated libraries with respect to client applications that reuse
them. We show that 80.9% of the clients with at least one test that uses the
library successfully compile and pass their test suite when the original
library is replaced by its debloated version
An Overview of Ciao and its uses of DataLog for Program Analysis and Optimization
-Objectives:
•Next-generation, high-level, multiparadigm programming language: Ciao.
•Program development environments which perform, as part of compilation:
Verification / debugging(i.e., detect bugs and offer guarantees of safety, reliability, and efficiency.)
Optimization (optimized compilation, parallelization, ...)Using throughout techniques that are at the same time rigorous and practical.
•Apply in a real system, with users –reality check!
•Support also mainstream languages (e.g., Java / Java bytecode).
- Several uses of Datalog and related techniques
Experiences with Some Benchmarks for Deductive Databases and Implementations of Bottom-Up Evaluation
OpenRuleBench is a large benchmark suite for rule engines, which includes
deductive databases. We previously proposed a translation of Datalog to C++
based on a method that "pushes" derived tuples immediately to places where they
are used. In this paper, we report performance results of various
implementation variants of this method compared to XSB, YAP and DLV. We study
only a fraction of the OpenRuleBench problems, but we give a quite detailed
analysis of each such task and the factors which influence performance. The
results not only show the potential of our method and implementation approach,
but could be valuable for anybody implementing systems which should be able to
execute tasks of the discussed types.Comment: In Proceedings WLP'15/'16/WFLP'16, arXiv:1701.0014
- …