Completeness of Abstract Domains for String Analysis of Java']JavaScript Programs

被引：6

作者：

Arceri, Vincenzo ^{[1
]}

Olliaro, Martina ^{[2
,3
]}

Cortesi, Agostino ^{[2
]}

Mastroeni, Isabella ^{[1
]}

机构：

[1] Univ Verona, Verona, Italy

[2] Ca Foscari Univ Venice, Venice, Italy

[3] Masaryk Univ Brno, Brno, Czech Republic

来源：

THEORETICAL ASPECTS OF COMPUTING - ICTAC 2019 | 2019年 / 11884卷

关键词：

String abstract domains; Abstract interpretation completeness; String analysis; STATIC ANALYSIS; SMT SOLVER;

D O I：

10.1007/978-3-030-32505-3_15

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Completeness in abstract interpretation is a well-known property, which ensures that the abstract framework does not lose information during the abstraction process, with respect to the property of interest. Completeness has been never taken into account for existing string abstract domains, due to the fact that it is difficult to prove it formally. However, the effort is fully justified when dealing with string analysis, which is a key issue to guarantee security properties in many software systems, in particular for JavaScript programs where poorly managed string manipulating code often leads to significant security flaws. In this paper, we address completeness for the main JavaScript-specific string abstract domains, we provide suitable refinements of them, and we discuss the benefits of guaranteeing completeness in the context of abstract-interpretation based string analysis of dynamic languages.

引用

页码：255 / 272

页数：18

共 39 条

[1] Norn: An SMT Solver for String Constraints [J].

Abdulla, Parosh Aziz ;

Atig, Mohamed Faouzi ;

Chen, Yu-Fang ;

Holik, Lukas ;

Rezine, Ahmed ;

Rummer, Philipp ;

Stenman, Jari .

COMPUTER AIDED VERIFICATION, PT I, 2015, 9206 :462-469

[2] A Novel Approach to String Constraint Solving [J].

Amadini, Roberto ;

Gange, Graeme ;

Stuckey, Peter J. ;

Tack, Guido .

PRINCIPLES AND PRACTICE OF CONSTRAINT PROGRAMMING (CP 2017), 2017, 10416 :3-20

[3] Combining String Abstract Domains for Java']JavaScript Analysis: An Evaluation [J].

Amadini, Roberto ;

Jordan, Alexander ;

Gange, Graeme ;

Gauthier, Francois ;

Schachte, Peter ;

Sondergaard, Harald ;

Stuckey, Peter J. ;

Zhang, Chenyi .

TOOLS AND ALGORITHMS FOR THE CONSTRUCTION AND ANALYSIS OF SYSTEMS, TACAS 2017, PT I, 2017, 10205 :41-57

[4] Reference Abstract Domains and Applications to String Analysis [J].

Amadini, Roberto ;

Gange, Graeme ;

Gauthier, Francois ;

Jordan, Alexander ;

Schachte, Peter ;

Sondergaard, Harald ;

Stuckey, Peter J. ;

Zhang, Chenyi .

FUNDAMENTA INFORMATICAE, 2018, 158 (04) :297-326

[5]

Arceri V., 2019, VPT 2019

[6] Abstract Domains for Type Juggling [J].

Arceri V. ;

Maffeis S. .

Electronic Notes in Theoretical Computer Science, 2017, 331 :41-55

[7]

Bultan T., 2017, String Analysis for Software Verification and Security, V10, DOI DOI 10.1007/978-3-319-68670-7

[8]

Chen LQ, 2008, LECT NOTES COMPUT SC, V5356, P3

[9]

Christensen AS, 2003, LECT NOTES COMPUT SC, V2694, P1

[10] The octahedron abstract domain [J].

Clariso, Robert ;

Cortadella, Jordi .

SCIENCE OF COMPUTER PROGRAMMING, 2007, 64 (01) :115-139

← 1 2 3 4 →