Completeness of Abstract Domains for String Analysis of Java']JavaScript Programs

被引：6

作者：

Arceri, Vincenzo ^{[1
]}

Olliaro, Martina ^{[2
,3
]}

Cortesi, Agostino ^{[2
]}

Mastroeni, Isabella ^{[1
]}

机构：

[1] Univ Verona, Verona, Italy

[2] Ca Foscari Univ Venice, Venice, Italy

[3] Masaryk Univ Brno, Brno, Czech Republic

来源：

THEORETICAL ASPECTS OF COMPUTING - ICTAC 2019 | 2019年 / 11884卷

关键词：

String abstract domains; Abstract interpretation completeness; String analysis; STATIC ANALYSIS; SMT SOLVER;

D O I：

10.1007/978-3-030-32505-3_15

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Completeness in abstract interpretation is a well-known property, which ensures that the abstract framework does not lose information during the abstraction process, with respect to the property of interest. Completeness has been never taken into account for existing string abstract domains, due to the fact that it is difficult to prove it formally. However, the effort is fully justified when dealing with string analysis, which is a key issue to guarantee security properties in many software systems, in particular for JavaScript programs where poorly managed string manipulating code often leads to significant security flaws. In this paper, we address completeness for the main JavaScript-specific string abstract domains, we provide suitable refinements of them, and we discuss the benefits of guaranteeing completeness in the context of abstract-interpretation based string analysis of dynamic languages.

引用

页码：255 / 272

页数：18

共 42 条

[21] TARSIS: An effective automata-based abstract domain for string analysis
Negrini, Luca
Arceri, Vincenzo
Cortesi, Agostino
Ferrara, Pietro
JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS, 2024, 36 (08)
[22] Toward Analysis and Bug Finding in Java']JavaScript Web Applications in the Wild
Ryu, Sukyoung
Park, Jihyeok
Park, Joonyoung
IEEE SOFTWARE, 2019, 36 (03) : 74 - 82
[23] Efficient Static Vulnerability Analysis for Java']JavaScript with Multiversion Dependency Graphs
Ferreira, Mafalda
Monteiro, Miguel
Brito, Tiago
Coimbra, Miguel E.
Santos, Nuno
Jia, Limin
Fragoso Santos, Jose
PROCEEDINGS OF THE ACM ON PROGRAMMING LANGUAGES-PACMPL, 2024, 8 (PLDI):
[24] Improving Precision of Java']JavaScript Program Analysis with an Extended Domain of Intervals
Younang, Astrid
Lu, Lunjin
IEEE 39TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS (COMPSAC 2015), VOL 3, 2015, : 441 - 446
[25] Investigating Static Analysis Errors in Student Java']Java Programs
Edwards, Stephen H.
Kandru, Nischel
Rajagopal, Mukund B. M.
PROCEEDINGS OF THE 2017 ACM CONFERENCE ON INTERNATIONAL COMPUTING EDUCATION RESEARCH (ICER 17), 2017, : 65 - 73
[26] Battles with False Positives in Static Analysis of Java']JavaScript Web Applications in the Wild
Park, Joonyoung
Lim, Inho
Ryu, Sukyoung
2016 IEEE/ACM 38TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING COMPANION (ICSE-C), 2016, : 61 - 70
[27] Static Analysis for ECMAScript String Manipulation Programs
Arceri, Vincenzo
Mastroeni, Isabella
Xu, Sunyi
APPLIED SCIENCES-BASEL, 2020, 10 (10):
[28] Mockingbird: A Framework for Enabling Targeted Dynamic Analysis of Java']Java Programs
Lockwood, Derrick
Holland, Benjamin
Kothari, Suresh
2019 IEEE/ACM 41ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: COMPANION PROCEEDINGS (ICSE-COMPANION 2019), 2019, : 39 - 42
[29] Static analysis of Java']JavaScript libraries in a scalable and precise way using loop sensitivity
Park, Changhee
Lee, Hongki
Ryu, Sukyoung
SOFTWARE-PRACTICE & EXPERIENCE, 2018, 48 (04): : 911 - 944
[30] Analysis of MiniJava']Java Programs via Translation to ML
Lester, Martin Mariusz
PROCEEDINGS OF THE 21ST WORKSHOP ON FORMAL TECHNIQUES FOR JAVA-LIKE PROGRAMS (FTFJP 2019), 2019,

← 1 2 3 4 5 →