Presentation is loading. Please wait.

Presentation is loading. Please wait.

Johannes Lerch and Ben Hermann

Published byVirginia Ruiz Correa Modified over 6 years ago

Similar presentations

Presentation on theme: "Johannes Lerch and Ben Hermann"— Presentation transcript:

1 Johannes Lerch and Ben Hermann {lastname}@cs.tu-darmstadt.de
Design Your Analysis! A Case Study on Implementation Reusability of Data-Flow Functions Johannes Lerch and Ben Hermann @stg_darmstadt 21. November 2018 | Software Technology Group

2 Concerns of Analyses Native Code Cast Expressions Exceptions
(Un-)boxing of Types Return Values Assignments Reflection Method Invocation Static Fields Type Conversion Library Code Sanitization Instance Fields Method Arguments Taint Sinks Collections Taint Sources Callbacks Arrays

3 Analysis Frameworks Examples: Soot, WALA, OPAL
Intermediate Representations Abstractions over Instructions Algorithms/Frameworks IFDS/IDE Abstract Interpretation

4 IFDS/IDE Framework public interface FlowFunctions<N, D, M> {
FlowFunction<D> getNormalFlowFunction(N curr, N succ); FlowFunction<D> getCallFlowFunction(N callStmt, M destinationMethod); FlowFunction<D> getReturnFlowFunction(N callSite, M calleeMethod, N exitStmt, N returnSite); FlowFunction<D> getCallToReturnFlowFunction(N callSite, N returnSite); } public interface FlowFunction<D> { Set<D> computeTargets(D source);

5 Large Clients of the IFDS Framework
We were at this stage as well. The Software Engineer in ourselves was screaming, so we tried to improve our design. We came up with a new interface How to maintain this? How to test this? How to reuse this? 21. November 2018 | Software Technology Group

6 Propagator Interface public interface Propagator<N, D, M> {
boolean canHandle(D fact); KillGenInfo<D> propagateNormalFlow(D source, N curr, N succ); KillGenInfo<D> propagateCallFlow(D source, N callStmt, M destinationMethod); KillGenInfo<D> propagateReturnFlow(D source, N callSite, M calleeMethod, N exitStmt, N returnSite); KillGenInfo<D> propagateCallToReturnFlow(D source, N callSite); } FlowFunction<D> getNormalFlowFunction( N curr, N succ); public interface FlowFunction<D> { Set<D> computeTargets(D source); } One implementation per concern. How this is possible will be discussed on the next slide. First, let’s have a closer look at the interface. 1. Basically, we merged the two interfaces we had before. We replaced the result by a pair of a boolean and a set making things more explicit than before. Boolean reflects if the source taint is killed, set reflects the generated facts. 21. November 2018 | Software Technology Group

7 Phase Processing F Phase gen F Propagators F F no kill Phase gen F

8 Implementation Set<D> computeTargets(D source) {
boolean killed = false; Set<D> gens = new HashSet<D>(); for(Propagator<D>[] phase : phases) { for(Propagator<D> propagator : phase) { if(propagator.canHandle(source)) { KillGenInfo kgi = propagate*(source, ...); killed |= kgi.kill; gens.addAll(kgi.gens); } if(killed) break; return gens; phases = new Propagator[][] { { new PrimitiveTypesKiller(), new PermissionCheckPropagator(), /* ... */ }, new AssignmentPropagator(), new FieldAccessPropagator(), new StringBuilderPropagator(), new SinkHandler(), } };

9 Discussion Separation of concerns Case Study Easier to maintain
Easier to test Easier to reuse Case Study Implemented SQL-Injection, Path Traversal, Unchecked Redirect, … vulnerability detection Reused FlowTwists implementations, only source, sink, and sanitization specific Propagators implemented

Download ppt "Johannes Lerch and Ben Hermann"

Similar presentations

The Art of Avoiding Work

The Art of Avoiding Work
SENG521 (Fall SENG 521 Software Reliability & Testing Operational Profiles (Part 5b) Department of Electrical & Computer Engineering,

SENG521 (Fall SENG 521 Software Reliability & Testing Operational Profiles (Part 5b) Department of Electrical & Computer Engineering,
Framework is l Reusable Code, often domain specific (GUI, Net, Web, etc) l expressed as l a set of classes and l the way objects in those classes collaborate.

Framework is l Reusable Code, often domain specific (GUI, Net, Web, etc) l expressed as l a set of classes and l the way objects in those classes collaborate.
Specification Inference for Explicit Information Flow Problems Benjamin Livshits, Aditya V. Nori, Sriram K. Rajamani Microsoft Research Anindya Banerjee.

Specification Inference for Explicit Information Flow Problems Benjamin Livshits, Aditya V. Nori, Sriram K. Rajamani Microsoft Research Anindya Banerjee.
Code Generation Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc03.html Chapter 4.

Code Generation Mooly Sagiv html:// Chapter 4.
Recap from last time We were trying to do Common Subexpression Elimination Compute expressions that are available at each program point.

Recap from last time We were trying to do Common Subexpression Elimination Compute expressions that are available at each program point.
Software Reuse Building software from reusable components Objectives

Software Reuse Building software from reusable components Objectives
Combining Static and Dynamic Data in Code Visualization David Eng Sable Research Group, McGill University PASTE 2002 Charleston, South Carolina November.

Combining Static and Dynamic Data in Code Visualization David Eng Sable Research Group, McGill University PASTE 2002 Charleston, South Carolina November.
IPT Readings on Instrumentation, Profiling, and Tracing Seminar presentation by Alessandra Gorla University of Lugano December 7, 2006.

IPT Readings on Instrumentation, Profiling, and Tracing Seminar presentation by Alessandra Gorla University of Lugano December 7, 2006.
Data Flow Analysis 1 15-411 Compiler Design October 5, 2004 These slides live on the Web. I obtained them from Jeff Foster and he said that he obtained.

Data Flow Analysis Compiler Design October 5, 2004 These slides live on the Web. I obtained them from Jeff Foster and he said that he obtained.
Software Engineering Module 1 -Components Teaching unit 3 – Advanced development Ernesto Damiani Free University of Bozen - Bolzano Lesson 2 – Components.

Software Engineering Module 1 -Components Teaching unit 3 – Advanced development Ernesto Damiani Free University of Bozen - Bolzano Lesson 2 – Components.
SWE Introduction to Software Engineering

SWE Introduction to Software Engineering
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 11 Slide 1 Architectural Design.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 11 Slide 1 Architectural Design.
Abstraction, Inheritance, and Polymorphism in Java.

Abstraction, Inheritance, and Polymorphism in Java.
Chapter 1 Introduction Dr. Frank Lee. 1.1 Why Study Compiler? To write more efficient code in a high-level language To provide solid foundation in parsing.

Chapter 1 Introduction Dr. Frank Lee. 1.1 Why Study Compiler? To write more efficient code in a high-level language To provide solid foundation in parsing.
McLab Tutorial www.sable.mcgill.ca/mclab Part 5 – Introduction to the McLab Analysis Framework Exploring the Main Components Creating a Simple Analysis.

McLab Tutorial Part 5 – Introduction to the McLab Analysis Framework Exploring the Main Components Creating a Simple Analysis.
Data Abstraction UW CSE 140 Winter 2014 1. What is a program? – A sequence of instructions to achieve some particular purpose What is a library? – A collection.

Data Abstraction UW CSE 140 Winter What is a program? – A sequence of instructions to achieve some particular purpose What is a library? – A collection.
Copyright © 2002, Systems and Computer Engineering, Carleton University. 94.204-14-Patterns.ppt 1 94.204* Object-Oriented Software Development Part 11.

Copyright © 2002, Systems and Computer Engineering, Carleton University Patterns.ppt * Object-Oriented Software Development Part 11.
SWE © Solomon Seifu 2010 1 ELABORATION. SWE © Solomon Seifu 2010 2 Lesson 10 Use Case Design.

SWE © Solomon Seifu ELABORATION. SWE © Solomon Seifu Lesson 10 Use Case Design.
CSE 219 Computer Science III Program Design Principles.

CSE 219 Computer Science III Program Design Principles.

Similar presentations

Ads by Google