5 research outputs found

    Static Analysis for ECMAScript String Manipulation Programs

    Get PDF
    In recent years, dynamic languages, such as JavaScript or Python, have been increasingly used in a wide range of fields and applications. Their tricky and misunderstood behaviors pose a great challenge for static analysis of these languages. A key aspect of any dynamic language program is the multiple usage of strings, since they can be implicitly converted to another type value, transformed by string-to-code primitives or used to access an object-property. Unfortunately, string analyses for dynamic languages still lack precision and do not take into account some important string features. In this scenario, more precise string analyses become a necessity. The goal of this paper is to place a first step for precisely handling dynamic language string features. In particular, we propose a new abstract domain approximating strings as finite state automata and an abstract interpretation-based static analysis for the most common string manipulating operations provided by the ECMAScript specification. The proposed analysis comes with a prototype static analyzer implementation for an imperative string manipulating language, allowing us to show and evaluate the improved precision of the proposed analysis

    Taming Strings in Dynamic Languages - An Abstract Interpretation-based Static Analysis Approach

    Get PDF
    In the recent years, dynamic languages such as JavaScript, Python or PHP, have found several fields of applications, thanks to the multiple features provided, the agility of deploying software and the seeming facility of learning such languages. In particular, strings play a central role in dynamic languages, as they can be implicitly converted to other type values, used to access object properties or transformed at run-time into executable code. In particular, the possibility to dynamically generate code as strings transformation breaks the typical assumption in static program analysis that the code is an immutable object, indeed static. This happens because program\u2019s essential data structures, such as the control-flow graph and the system of equation associated with the program to analyze, are themselves dynamically mutating objects. In a sentence: "You can\u2019t check the code you don\u2019t see". For all these reasons, dynamic languages still pone a big challenge for static program analysis, making it drastically hard and imprecise. The goal of this thesis is to tackle the problem of statically analyzing dynamic code by treating the code as any other data structure that can be statically analyzed, and by treating the static analyzer as any other function that can be recursively called. Since, in dynamically-generated code, the program code can be encoded as strings and then transformed into executable code, we first define a novel and suitable string abstraction, and the corresponding abstract semantics, able to both keep enough information to analyze string properties, in general, and keep enough information about the possible executable strings that may be converted to code. Such string abstraction will permits us to distill from a string abstract value the executable program expressed by it, allowing us to recursively call the static analyzer on the synthesized program. The final result of this thesis is an important first step towards a sound-by- construction abstract interpreter for real-world dynamic string manipulation languages, analyzing also string-to-code statements, that is the code that standard static analysis "can\u2019t see"

    Aplicaci贸n RPA para la b煤squeda y obtenci贸n de informaci贸n cient铆fica

    Get PDF
    En esta investigaci贸n se ha desarrollado una soluci贸n RPA aplicada en el 谩mbito de la investigaci贸n cient铆fica. El problema de la investigaci贸n estuvo enfocado en el efecto de la aplicaci贸n RPA (Automatizaci贸n Rob贸tica de Procesos) para la b煤squeda y obtenci贸n de informaci贸n cient铆fica, ya que muchos estudiantes, docentes e investigadores a nivel nacional e internacional que realizan investigaciones y redacciones de textos acad茅micos se ven obligados a tener que pasar muchas horas en la b煤squeda de informaci贸n y no se hab铆a encontrado una aplicaci贸n similar. Adem谩s, en algunos casos el desconocimiento de fuentes a las que acuden es un factor en contra a la hora de realizar sus escritos con car谩cter cient铆fico. Por ello, se ha realizado este estudio con la finalidad de aplicar una soluci贸n RPA para la b煤squeda y obtenci贸n de informaci贸n cient铆fica que automatice el proceso de ingresar a los repositorios de informaci贸n. La soluci贸n incluy贸 un conjunto de procesos, uso de tecnolog铆as y combinaci贸n de algoritmos que no fueron encontrados en la literatura revisada. El objetivo de esta investigaci贸n fue determinar cu谩l fue el efecto de la aplicaci贸n RPA para la b煤squeda y obtenci贸n de informaci贸n cient铆fica. El tipo de investigaci贸n ha sido aplicada, el enfoque fue cuantitativo, el dise帽o fue experimental y el tipo de dise帽o fue pre-experimental. Asimismo, el enfoque fue cuantitativo, por lo que se ha hecho uso de la estad铆stica para analizar los resultados claves que den validez a las hip贸tesis consideradas. Como resultado de la presente investigaci贸n se lleg贸 a obtener que la aplicaci贸n RPA obtuvo 82.6361% de eficacia, 97.0341% de reducci贸n de tiempo, 4.8911% de uso de CPU, 0.7995% de uso de memoria RAM y 10.2508% de uso de ancho de banda. En consecuencia, se cumpli贸 con todas las metas planteadas y se acept贸 todas las hip贸tesis. En s铆ntesis, la aplicaci贸n RPA fue asertiva y redujo el tiempo de b煤squeda y obtenci贸n de informaci贸n, as铆 como el uso de recursos del computador. Finalmente, se recomend贸 desarrollar nuevas soluciones RPA y aplicarlas en diversos campos en los que se requiera automatizar los procesos, m谩s a煤n, investigar nuevas tecnolog铆as para realizar diversos RPA que puedan manipular las computadoras de los usuarios a trav茅s de Internet

    Static Value Analysis of Python Programs by Abstract Interpretation

    No full text
    International audienceWe propose a static analysis by abstract interpretation for a significant subset of Python to infer variable values, run-time errors, and uncaught exceptions. Python is a high-level language with dynamic typing, a class-based object system, complex control structures such as generators, and a large library of builtin objects. This makes static reasoning on Python programs challenging. The control flow is highly dependent on the type of values, which we thus infer accurately.As Python lacks a formal specification, we first present a concrete collecting semantics of reachable program states. We then propose a non-relational flow-sensitive type and value analysis based on simple abstract domains for each type, and handle non-local control such as exceptions through continuations. We show how to infer relational numeric invariants by leveraging the type information we gather. Finally, we propose a relational abstraction of generators to count the number of available elements and prove that no StopIteration exception is raised.Our prototype implementation is heavily in development; it does not support some Python features, such as recursion nor the compile builtin, and it handles only a small part of the builtin objects and standard library. Nevertheless, we are able to present preliminary experimental results on analyzing actual, if small, Python code from a benchmarking application and a regression test suite
    corecore