Type qualifier inference for java

Greenfieldboyce, David; Foster, Jeffrey S.

doi:10.1145/1297105.1297051

Cited by 11 publications

(8 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Even the most precise available inference tools leave much room for improvement. An earlier inference system for Javari [22,23] achieved even worse results, with precision of about 70% (compared to Julia's 100% precision and 98% recall). It can prove about 98% of all dereferences in a program to be safe -that is, it proves that no null value ever flows to those dereferences, so those dereferences cannot result in a null pointer exception at run time.…”

Section: Simplifying the Type Constraints And The Game Puzzlesmentioning

confidence: 86%

Verification games

Dietl

Dietzel

Ernst

et al. 2012

Proceedings of the 14th Workshop on Formal Techniques for Java-Like Programs

View full text Add to dashboard Cite

Program verification is the only way to be certain that a given piece of software is free of (certain types of) errors -errors that could otherwise disrupt operations in the field. To date, formal verification has been done by specially-trained engineers. Labor costs have heretofore made formal verification too costly to apply beyond small, critical software components.Our goal is to make verification more cost-effective by reducing the skill set required for program verification and increasing the pool of people capable of performing program verification. Our approach is to transform the verification task (a program and a goal property) into a visual puzzle task -a game -that gets solved by people. The solution of the puzzle is then translated back into a proof of correctness. The puzzle is engaging and intuitive enough that ordinary people can through game-play become experts.This paper presents a status report on the Verification Games project and our Pipe Jam prototype game.

show abstract

Section: Simplifying the Type Constraints And The Game Puzzlesmentioning

confidence: 86%

Verification games

Dietl

Dietzel

Ernst

et al. 2012

Proceedings of the 14th Workshop on Formal Techniques for Java-Like Programs

View full text Add to dashboard Cite

show abstract

“…This approach can also apply scalably to languages other than C/C++, for example JQual [19] can find bugs using taint analysis of Java code. Thus, entire classes of security bugs can in the future be eliminated from widely deployed software.…”

Section: Discussionmentioning

confidence: 99%

Large-scale analysis of format string vulnerabilities in Debian Linux

Chen

Wagner

2007

Proceedings of the 2007 Workshop on Programming Languages and Analysis for Security

View full text Add to dashboard Cite

Format-string bugs are a relatively common security vulnerability, and can lead to arbitrary code execution. In collaboration with others, we designed and implemented a system to eliminate format string vulnerabilities from an entire Linux distribution, using typequalifier inference, a static analysis technique that can find taint violations.We successfully analyze 66% of C/C++ source packages in the Debian 3.1 Linux distribution. Our system finds 1,533 format string taint warnings. We estimate that 85% of these are true positives, i.e., real bugs; ignoring duplicates from libraries, about 75% are real bugs.We suggest that the technology exists to render format string vulnerabilities extinct in the near future.

show abstract

“…CFL reachability for program analyses. A large number of program analyses have been expressed as CFL reachability problems, for example points-to analysis [26,28], many set constraint problems [11,13,19], various interprocedural analyses [23,24], and type qualifier inference [10]. Our work makes these techniques more applicable for whole-program analysis by providing a practical and sound approach to dealing with missing or hard-to-analyze portions of the program.…”

Section: Related Workmentioning

confidence: 99%

Specification Inference Using Context-Free Language Reachability

2015

View full text Add to dashboard Cite

We present a framework for computing context-free language reachability properties when parts of the program are missing. Our framework infers candidate specifications for missing program pieces that are needed for verifying a property of interest, and presents these specifications to a human auditor for validation. We have implemented this framework for a taint analysis of Android apps that relies on specifications for Android library methods. In an extensive experimental study on 179 apps, our tool performs verification with only a small number of queries to a human auditor.

show abstract

Type qualifier inference for java

Cited by 11 publications

References 33 publications

Verification games

Verification games

Large-scale analysis of format string vulnerabilities in Debian Linux

Specification Inference Using Context-Free Language Reachability

Contact Info

Product

Resources

About