1 / 24

Static Analysis of String Values

Static Analysis of String Values. Strings. Strings are everywhere: SQL queries Reflection Wrong use could have catastrophic effects. Sound static analysis. Prove properties at compile time (static) respected by all executions (sound) Abstract interpretation Cousot&Cousot 77/79

shel
Télécharger la présentation

Static Analysis of String Values

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Static Analysis of String Values

  2. Strings • Strings are everywhere: • SQL queries • Reflection • Wrong use could have catastrophic effects

  3. Sound static analysis • Prove properties • at compile time (static) • respected by all executions (sound) • Abstract interpretation • Cousot&Cousot 77/79 • Mathematical framework to • Define the semantics • Soundly approximate it • Ideal goal: fast and precise abstraction

  4. Bases of abstract interpretation Concrete Abstract {…, -1, 0, 1, ….} ⊤ {1, 2, ….} Concretization + 0 - Abstraction {1, 5, 8} ⊥ ∅

  5. Semantics Concrete Abstract {…, -1, 0, 1, ….} ⊤ {1, 2, ….} 0 - + x++ {1, 5, 8} {2, 6, 9} x++ ⊥ ∅

  6. Upper bound Concrete Abstract if(…) x=0; else x=1; {…, -1, 0, 1, ….} ⊤ {0, 1} 0 - + {0} {1} ⊥ ∅

  7. Numerical analyses • Common interface for several analyses • Semantics of +, -, *, /, constants, … ⊤ ⊤ x++ 0 - Even + Odd x++ [0..3] [1..4] x++ ⊥ ⊥

  8. Outline • Introduction • Generic framework for string analysis • String domains • Character inclusion • Prefix and suffix • Bricks • String graphs • Conclusion

  9. String operators • Set of standard operators on strings: • new String(“str”) • or “str” • concat(s1, s2) • or s1+s2 • readLine() • substring(b, e, s) • contains(c, s) • Each domain has a lattice structure

  10. Running example Because of approximation/user input/… string x = "a"; while(…) x = "0" + x + "1"; return x; with with

  11. Outline • Introduction • Generic framework for string analysis • String domains • Character inclusion • Prefix and suffix • Bricks • String graphs • Conclusion

  12. Character inclusion • Strings approximated through • C: characters surely contained • MC: characters possibly contained Concrete Abstract C MC

  13. Character inclusion – Running example string x = "a"; while(…) x = "0" + x + "1"; return x; C : MC : C : MC : C : MC : Concretization

  14. Prefix & Suffix • Strings approximated through • PR: prefix of the string • SU: suffix of the string Concrete Abstract PR SU

  15. Prefix & Suffix – Running example string x = "a"; while(…) x = "0" + x + "1"; return x; PR : , SU : PR : , SU : PR : SU : Concretization

  16. Bricks • Sequence of Concrete Abstract

  17. Bricks – Running example string x = "a"; while(…) x = "0" + x + "1"; return x; ) = = Widening! = = = Concretization

  18. String graphs • Adaptation of type graphs (tree automata) • Rely on their normalization and widening Concrete Abstract

  19. String graphs – Running example string x = "a"; while(…) x = "0" + x + "1"; return x; = =

  20. String graphs – Running example string x = "a"; while(…) x = "0" + x + "1"; return x; =

  21. String graphs – Running example string x = "a"; while(…) x = "0" + x + "1"; return x; Normalization

  22. String graphs – Running example string x = "a"; while(…) x = "0" + x + "1"; return x; Widening! with Concretization

  23. Outline • Introduction • Generic framework for string analysis • String domains • Character inclusion • Prefix and suffix • Bricks • String graphs • Conclusion

  24. Conclusion

More Related