1 / 10

SUDS: An Infrastructure for Creating Bug Detection Tools

SUDS is an innovative infrastructure designed to facilitate the creation of software bug detection tools, primarily focusing on the development of dynamic detection mechanisms. It integrates static analysis phases to enhance dynamic capabilities. Central to SUDS is an instrumented C converter that processes C source code to create an executable capable of bug detection. Key features include control flow graphs, data flow analysis, tainted propagation, program slicing, and user-modifiable instrumentation. SUDS aims to effectively identify buffer overflows in array references and paves the way for future improvements in static-dynamic bug detection synergy.

vaughan
Télécharger la présentation

SUDS: An Infrastructure for Creating Bug Detection Tools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SUDS: An Infrastructure for Creating Bug Detection Tools Eric Larson October 1, 2007 Seattle University

  2. What is SUDS? • SUDS is an infrastructure to facilitate the construction of software bug detection tools. • SUDS primarily used to create dynamic bug detection tools. • Contains static analysis phases used to improve / focus dynamic bug detection. • At the heart of SUDS is a C to (instrumented) C converter.

  3. Parse Simplify Analyze Instrumentation Model Instrument Link Overview of SUDS SUDS Program (preprocessed C source code) AST Simplified AST Analysis Results Instrumented Source Code Instrumented Executable

  4. Static Analysis • Standard compiler analyses • Control flow graph / call graph • Data flow analysis (mostly intraprocedural) • Flow-sensitive pointer analysis (Hind et. al.) • Tainted propagation • Propagates tainted attribute of variables (forward) • User can modify infrastructure to change what tainted means • Program slicing • Propagates interesting uses backwards • User can modify slicing criterion (can be all statements that have this property or characteristic) • Context-insensitive

  5. Instrumentation • Direct SUDS where to add instrumentation. • Add instrumentation based on statement, expression, or event. • Support functions allow users to easily pass parameters into the instrumentation functions. • Write the instrumentation routines. • Can use provided state table: allows the instrumented program to keep track of additional state when the program is running. • Can take advantage of results from static analysis phases.

  6. Example of how SUDS is used • Goal: To detect buffer overflows for array references that uses data that came from input. • Tainted analysis: All input data is tainted. • Program slicing: All data that can lead to an array reference is in the slice. • Instrumentation: • Track all arrays and their sizes. • Track pointers to arrays. • Track integers that are tainted and in the slice. • At array references, check for bugs.

  7. Results: Finding Bugs

  8. Results: Performance

  9. Future Work • Add phase(s) that attempt to detect bugs using static analysis. • Certain types of bugs can use data flow analysis but need to prune false alarms. • Develop static analysis phases that improve the quality of dynamic bug detection, not just the performance.

  10. Questions

More Related