Completeness of Abstract Domains for String Analysis of Java']JavaScript Programs

被引：6

作者：

Arceri, Vincenzo ^{[1
]}

Olliaro, Martina ^{[2
,3
]}

Cortesi, Agostino ^{[2
]}

Mastroeni, Isabella ^{[1
]}

机构：

[1] Univ Verona, Verona, Italy

[2] Ca Foscari Univ Venice, Venice, Italy

[3] Masaryk Univ Brno, Brno, Czech Republic

来源：

THEORETICAL ASPECTS OF COMPUTING - ICTAC 2019 | 2019年 / 11884卷

关键词：

String abstract domains; Abstract interpretation completeness; String analysis; STATIC ANALYSIS; SMT SOLVER;

D O I：

10.1007/978-3-030-32505-3_15

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Completeness in abstract interpretation is a well-known property, which ensures that the abstract framework does not lose information during the abstraction process, with respect to the property of interest. Completeness has been never taken into account for existing string abstract domains, due to the fact that it is difficult to prove it formally. However, the effort is fully justified when dealing with string analysis, which is a key issue to guarantee security properties in many software systems, in particular for JavaScript programs where poorly managed string manipulating code often leads to significant security flaws. In this paper, we address completeness for the main JavaScript-specific string abstract domains, we provide suitable refinements of them, and we discuss the benefits of guaranteeing completeness in the context of abstract-interpretation based string analysis of dynamic languages.

引用

页码：255 / 272

页数：18

共 50 条

[21] Flow: Abstract Interpretation of Java']JavaScript for Type Checking and Beyond
Chaudhuri, Avik
PROCEEDINGS OF THE 2016 ACM WORKSHOP ON PROGRAMMING LANGUAGES AND ANALYSIS FOR SECURITY (PLAS'16), 2016, : 1 - 1
[22] A Study on Abstract Syntax Tree for Development of a Java']JavaScript Compiler
Kim, Jaehyun
Lee, Yangsun
INTERNATIONAL JOURNAL OF GRID AND DISTRIBUTED COMPUTING, 2018, 11 (06): : 37 - 47
[23] Precise String Domain for Analyzing Java']JavaScript Arrays and Objects
Almashfi, Nabil
Lu, Lunjin
2020 3RD INTERNATIONAL CONFERENCE ON INFORMATION AND COMPUTER TECHNOLOGIES (ICICT 2020), 2020, : 17 - 23
[24] Finding Broken Promises in Asynchronous Java']JavaScript Programs
Alimadadi, Saba
Zhong, Di
Madsen, Magnus
Tip, Frank
PROCEEDINGS OF THE ACM ON PROGRAMMING LANGUAGES-PACMPL, 2018, 2
[25] Towards a type system for analyzing Java']JavaScript programs
Thiemann, P
PROGRAMMING LANGUAGES AND SYSTEMS, PROCEEDINGS, 2005, 3444 : 408 - 422
[26] Ahead-of-time compilation of Java']JavaScript programs
Zhuykov, R.
Sharygin, E.
PROGRAMMING AND COMPUTER SOFTWARE, 2017, 43 (01) : 51 - 59
[27] M-String Segmentation: a Refined Abstract Domain for String Analysis in C Programs
Cortesi, Agostino
Olliaro, Martina
PROCEEDINGS 2018 12TH INTERNATIONAL SYMPOSIUM ON THEORETICAL ASPECTS OF SOFTWARE ENGINEERING (TASE 2018), 2018, : 1 - 8
[28] String Test Data Generation for Java']Java Programs
Wang, Miaomiao
Cui, Baoquan
Yan, Jiwei
Yan, Jun
Zhang, Jian
2022 IEEE 33RD INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE 2022), 2022, : 251 - 262
[29] Automatic Detection for Java']JavaScript Obfuscation Attacks in Web Pages through String Pattern Analysis
Choi, YoungHan
Kim, TaeGhyoon
Choi, SeokJin
INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2010, 4 (02): : 13 - 26
[30] Automatic Detection for Java']JavaScript Obfuscation Attacks in Web Pages through String Pattern Analysis
Choi, YoungHan
Kim, TaeGhyoon
Choi, SeokJin
Lee, CheolWon
FUTURE GENERATION INFORMATION TECHNOLOGY, PROCEEDINGS, 2009, 5899 : 160 - 172

← 1 2 3 4 5 →