An Analysis of the Current Program Slicing and Algorithmic Debugging Based Techniques

This thesis presents a classification of program slicing based techniques. The classification allows us to identify the differences between existing techniques, but it also allows us to predict new slicing techniques. The study identifies and compares the dimensions that influence current techniques.Silva Galiana, JF. (2008). An Analysis of the Current Program Slicing and Algorithmic Debugging Based Techniques. http://hdl.handle.net/10251/14300Archivo delegad

Understanding Program Slices

Program slicing is a useful analysis for aiding different software engineering activities. In the past decades, various notions of program slices have been evolved as well as a number of methods to compute them. By now program slicing has numerous applications in software maintenance, program comprehension, reverse engineering, program integration, and software testing. Usability of program slicing for real world programs depends on many factors such as precision, speed, and scalability, which have already been addressed in the literature. However, only a little attention has been brought to the practical demand: when the slices are large or difficult to understand, which often occur in the case of larger programs, how to give an explanation for the user why a particular element has been included in the resulting slice. This paper describes a reasoning method about elements of static program slices

Chopping: A generalization of slicing

A new method for extracting partial representations of a program is described. Given two sets of variable instances, source and sink, a graph is constructed showing the statements that cause definitions of source to affect uses of sink. This criterion can express a wider range of queries than the various forms of slice criteria, which it subsumes as special cases. On the standard slice criterion (backward slicing from a use or definition) it produces better results than existing algorithms. The method is modular. By treating all statements abstractly as def-use relations, it can present a procedure call as a simple statement, so that it appears in the graph as a single node whose role may be understood without looking beyond the context of the call

Amorphous procedure extraction

The procedure extraction problem is concerned with the meaning preserving formation of a procedure from a (not necessarily contiguous) selected set of statements. Previous approaches to the problem have used dependence analysis to identify the non-selected statements which must be 'promoted' (also selected) in order to preserve semantics. All previous approaches to the problem have been syntax preserving. This work shows that by allowing transformation of the program's syntax it is possible to extract both procedures and functions in an amorphous manner. That is, although the amorphous extraction process is meaning preserving it is not necessarily syntax preserving. The amorphous approach is advantageous in a variety of situations. These include when it is desirable to avoid promotion, when a value-returning function is to be extracted from a scattered set of assignments to a variable, and when side effects are present in the program from which the procedure is to be extracted

Amorphous procedure extraction

The procedure extraction problem is concerned with the meaning preserving formation of a procedure from a (not necessarily contiguous) selected set of statements. Previous approaches to the problem have used dependence analysis to identify the non-selected statements which must be 'promoted' (also selected) in order to preserve semantics. All previous approaches to the problem have been syntax preserving. This work shows that by allowing transformation of the program's syntax it is possible to extract both procedures and functions in an amorphous manner. That is, although the amorphous extraction process is meaning preserving it is not necessarily syntax preserving. The amorphous approach is advantageous in a variety of situations. These include when it is desirable to avoid promotion, when a value-returning function is to be extracted from a scattered set of assignments to a variable, and when side effects are present in the program from which the procedure is to be extracted

A Scalable and Accurate Hybrid Vulnerability Analysis Framework

As the Internet has become an integral part of our everyday life for activities such as e-mail, online-banking, shopping, entertainment, etc., vulnerabilities in Web software arguably have greater impact than vulnerabilities in other types of software. Vulnerabilities in Web applications may lead to serious issues such as disclosure of confidential data, integrity violation, denial of service, loss of commercial confidence/customer trust, and threats to the continuity of business operations. For companies these issues can result in significant financial losses. The most common and serious threats for Web applications include injection vulnerabilities, where malicious input can be “injected” into the program to alter its intended behavior or the one of another system. These vulnerabilities can cause serious damage to a system and its users. For example, an attacker could compromise the systems underlying the application or gain access to a database containing sensitive information. The goal of this thesis is to provide a scalable approach, based on symbolic execution and constraint solving, which aims to effectively find injection vulnerabilities in the server-side code of Java Web applications and which generates no or few false alarms, minimizes false negatives, overcomes the path explosion problem and enables the solving of complex constraints