Logo des Repositoriums

Auflistung nach Schlagwort "program analysis"

1 - 2 von 2
  • Zeitschriftenartikel
    Analyzing Code Corpora to Improve the Correctness and Reliability of Programs
    (Softwaretechnik-Trends Band 42, Heft 2, 2022) Patra, Jibesh
    The goal of the dissertation summarized here is to use program analysis and novel learning-based techniques to alleviate some of the challenges faced by developers while ensuring the correctness and reliability of programs. We focus on dynamically typed languages such as JavaScript and Python for their popularity and present six approaches that leverages analysis of code corpora in aiding to solve software engineering problems. We use static analysis to generate new programs, to seed bugs in programs, and to obtain data for training neural models. We present an effective technique called Generalized Tree Reduction algorithm (GTR), to reduce arbitrary test inputs that can be represented as a tree, such as program code, PDF files, and XML documents. The efficiency of input reduction is increased by learning transformations from a corpus of example data.
  • Konferenzbeitrag
    Detecting Information Flow by Mutating Input Data
    (Software Engineering und Software Management 2018, 2018) Mathis, Björn; Avdiienko, Vitalii; Soremekun, Ezekiel O.; Böhme, Marcel; Zeller, Andreas
    [Accepted as full paper for ASE 2017] Analyzing information flow is central in assessing the security of applications. However, static and dynamic analyses of information flow are easily challenged by non-available or obscure code. We present a lightweight mutation-based analysis that systematically mutates dynamic values returned by sensitive sources to assess whether the mutation changes the values passed to sensitive sinks. If so, we found a flow between source and sink. In contrast to existing techniques, mutation-based flow analysis does not attempt to identify the specific path of the flow and is thus resilient to obfuscation. In its evaluation, our MUTAFLOW prototype for Android programs showed that mutation-based flow analysis is a lightweight yet effective complement to existing tools. Compared to the popular FLOWDROID static analysis tool, MUTAFLOW requires less than 10% of source code lines but has similar accuracy; on 20 tested real-world apps, it is able to detect 75 flows that FLOWDROID misses.