Completeness of Abstract Domains for String Analysis of Java']JavaScript Programs

被引：6

作者：

Arceri, Vincenzo ^{[1
]}

Olliaro, Martina ^{[2
,3
]}

Cortesi, Agostino ^{[2
]}

Mastroeni, Isabella ^{[1
]}

机构：

[1] Univ Verona, Verona, Italy

[2] Ca Foscari Univ Venice, Venice, Italy

[3] Masaryk Univ Brno, Brno, Czech Republic

来源：

THEORETICAL ASPECTS OF COMPUTING - ICTAC 2019 | 2019年 / 11884卷

关键词：

String abstract domains; Abstract interpretation completeness; String analysis; STATIC ANALYSIS; SMT SOLVER;

D O I：

10.1007/978-3-030-32505-3_15

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Completeness in abstract interpretation is a well-known property, which ensures that the abstract framework does not lose information during the abstraction process, with respect to the property of interest. Completeness has been never taken into account for existing string abstract domains, due to the fact that it is difficult to prove it formally. However, the effort is fully justified when dealing with string analysis, which is a key issue to guarantee security properties in many software systems, in particular for JavaScript programs where poorly managed string manipulating code often leads to significant security flaws. In this paper, we address completeness for the main JavaScript-specific string abstract domains, we provide suitable refinements of them, and we discuss the benefits of guaranteeing completeness in the context of abstract-interpretation based string analysis of dynamic languages.

引用

页码：255 / 272

页数：18

共 42 条

[31] Mopsa-C: Modular Domains and Relational Abstract Interpretation for C Programs (Competition Contribution)
Monat, Raphael
Ouadjaout, Abdelraouf
Mine, Antoine
TOOLS AND ALGORITHMS FOR THE CONSTRUCTION AND ANALYSIS OF SYSTEMS, PT II, TACAS 2023, 2023, 13994 : 565 - 570
[32] Eval Is Evil: Analyzing Performance of Web Applications Based on PHP and Java']JavaScript by Static Analysis
Shah, Nilay
Gubbala, Praveen
COMPUTING AND NETWORK SUSTAINABILITY, 2017, 12 : 109 - 117
[33] Static Analysis of Event-Driven Node.js']js Java']JavaScript Applications
Madsen, Magnus
Tip, Frank
Lhotak, Ondrej
ACM SIGPLAN NOTICES, 2015, 50 (10) : 505 - 519
[34] Finding Server-Side Endpoints with Static Analysis of Client-Side Java']JavaScript
Sigalov, Daniil
Gamayunov, Dennis
COMPUTER SECURITY. ESORICS 2023 INTERNATIONAL WORKSHOPS, CPS4CIP, PT II, 2024, 14399 : 442 - 458
[35] Detecting Build Conflicts in Software Merge for Java']Java Programs via Static Analysis
Towqir, Sheikh Shadab
Shen, Bowen
Gulzar, Muhammad Ali
Meng, Na
PROCEEDINGS OF THE 37TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING, ASE 2022, 2022,
[36] A sound abstract memory model for static analysis of C programs
Dong, Yukun
INTERNATIONAL JOURNAL OF COMPUTATIONAL SCIENCE AND ENGINEERING, 2018, 16 (03) : 255 - 264
[37] Study of Java']JavaScript Static Analysis Tools for Vulnerability Detection in Node.js']js Packages
Brito, Tiago
Ferreira, Mafalda
Monteiro, Miguel
Lopes, Pedro
Barros, Miguel
Santos, Jose Fragoso
Santos, Nuno
IEEE TRANSACTIONS ON RELIABILITY, 2023, 72 (04) : 1324 - 1339
[38] Several lifted abstract domains for static analysis of numerical program families
Dimovski, Aleksandar S.
Apel, Sven
Legay, Axel
SCIENCE OF COMPUTER PROGRAMMING, 2022, 213
[39] Applying abstract acceleration to (co-)reachability analysis of reactive programs
Schrammel, Peter
Jeannet, Bertrand
JOURNAL OF SYMBOLIC COMPUTATION, 2012, 47 (12) : 1512 - 1532
[40] Static Loop Bound Analysis of C Programs Based on Flow Analysis and Abstract Interpretation
de Michiel, Marianne
Bonenfant, Armelle
Casse, Hugues
Sainrat, Pascal
RTCSA 2008: 14TH IEEE INTERNATIONAL CONFERENCE ON EMBEDDED AND REAL-TIME COMPUTING SYSTEMS AND APPLICATIONS - PROCEEDINGS, 2008, : 161 - +

← 1 2 3 4 5 →