analyzing java with the sawja framework
play

ANALYZING JAVA WITH THE SAWJA FRAMEWORK F ROM RESEARCH - PowerPoint PPT Presentation

May 09, 2023 •45 likes •585 views

ANALYZING JAVA WITH THE SAWJA FRAMEWORK F ROM RESEARCH SPECIFICATIONS TO REALISTIC TOOLS Laurent Hubert and David Pichardie INRIA Rennes, France FMCO 2010 COST Action IC0701 Session 30 November 2010 Tuesday, November 30, 2010 1 Static

  1. ANALYZING JAVA WITH THE SAWJA FRAMEWORK F ROM RESEARCH SPECIFICATIONS TO REALISTIC TOOLS Laurent Hubert and David Pichardie INRIA Rennes, France FMCO 2010 COST Action IC0701 Session 30 November 2010 Tuesday, November 30, 2010 1

  2. Static Analysis & Type Systems • Powerful and automatic verification techniques • Should never miss a true alarm • a soundness proof ensures it • Necessarily incomplete (i.e., raise false alarms ) • static analyses return «I don’t know» • some correct programs do not type checked • an experimental evaluation should ensure that false alarms does not appear too often in practice Tuesday, November 30, 2010 2

  3. Static Verification of Java Tuesday, November 30, 2010 3

  4. Static Verification of Java • Provides already a strong type system (BCV) class Point{ _x,_y; Point( x, y){ _x = x; _y = y; } equal( p){...} } Tuesday, November 30, 2010 3

  5. Static Verification of Java • Provides already a strong type system (BCV) class Point{ _x,_y; Float Point( x, y){ int int _x = x; _y = y; } boolean equal( p){...} Point } Tuesday, November 30, 2010 3

  6. Static Verification of Java • Provides already a strong type system (BCV) class Point{ _x,_y; Float Point( x, y){ int int _x = x; _y = y; Error! } boolean equal( p){...} Point } Tuesday, November 30, 2010 3

  7. Static Verification of Java • Provides already a strong type system (BCV) • Many extensions are possible class Point{ • Java annotation system _x,_y; Float • allows to specify new types Point( x, y){ int int _x = x; _y = y; Error! } boolean equal( p){...} Point } Tuesday, November 30, 2010 3

  8. Static Verification of Java • Provides already a strong type system (BCV) • Many extensions are possible class Point{ @NonNull • Java annotation system _x,_y; Float • allows to specify new types Point( x, y){ int int • e.g., overrides, _x = x; _y = y; Error! nullness type system } @overrides boolean equal( p){...} Point } Error! Tuesday, November 30, 2010 3

  9. Static Verification of Java • Provides already a strong type system (BCV) !"#$"% • Many extensions are possible -./%0.% &'()*+$&, class Point{ $"'$1%#0%, @NonNull • Java annotation system _x,_y; Float • allows to specify new types Point( x, y){ int int • e.g., overrides, _x = x; _y = y; Error! nullness type system } • but does not provide support @overrides boolean for type checking them equal( p){...} Point } Error! Tuesday, November 30, 2010 3

  10. Tuesday, November 30, 2010 4

  11. Soundness Formal specification and proof Tuesday, November 30, 2010 4

  12. Precision Soundness Formal specification Prototype and proof Tuesday, November 30, 2010 4

  13. Precision Soundness Formal specification Prototype and proof Exceptions Proved JVM spec Lazy class loading on a toy compliant language Interfaces ... Tuesday, November 30, 2010 4

  14. Formal specification Prototype and proof Exceptions Proved JVM spec Lazy class loading on a toy compliant language Interfaces ... Tuesday, November 30, 2010 4

  15. Formal specification a backend: Prototype and the Sawja framework proof Exceptions Proved JVM spec Lazy class loading on a toy compliant language Interfaces ... Tuesday, November 30, 2010 4

  16. Outlines • The Sawja framework [FoVeOOS'10] • A type system for Secure Object Initialization [ESORICS'10] • An implementation based on Sawja Tuesday, November 30, 2010 5

  17. Sawja • OCaml library for developing Java bytecode static analyses (Gnu LGPL) • High level intermediate representation (language) • Transformation proven sound • High level API for efficient browsing of class hierarchy Did you ever look at the method resolution specification ? • Implements a large part of the JVM Specification (structural constraints, resolution, lookups, control flow, etc.) • Efficient Tuesday, November 30, 2010 6

  18. Intermediate Representation • In a few words • Stackless representation, no sub-routines, etc. • Stingy with local variables • Time efficient • Formally proved on paper • More information D. Demange, T. Jensen, and D. Pichardie. A provably correct stackless intermediate representation for Java bytecode . APLAS’10. Tuesday, November 30, 2010 7

  19. Several code representations type jopcode = | OpF2L | OpLoad of jvm_type * int | OpF2D | OpStore of jvm_type * int | OpD2I type opcode = | OpF2I | OpIInc of int * int | OpD2L | OpNop | OpF2L | OpPop | OpD2F | OpAConstNull | OpF2D | OpPop2 | OpI2B | OpIConst of int32 | OpD2I | OpDup | OpI2C | OpLConst of int64 | OpD2L | OpDupX1 | OpI2S | OpFConst of float | OpD2F | OpDupX2 | OpCmp of [ `DG | `DL | `FG | `FL | `L ] | OpDConst of float | OpI2B | OpDup2 | OpIf of [ `Eq | `Ge | `Gt | `Le | `Lt | `Ne | `NonNull | | OpBIPush of int | OpI2C | OpDup2X1 `Null ] * int | OpSIPush of int | OpI2S | OpDup2X2 | OpIfCmp of [ `AEq | `ANe | `IEq | `IGe | `IGt | `ILe | `ILt | | OpLdc1 of int | OpLCmp | OpSwap `INe ] * int | OpLdc1w of int | OpFCmpL | OpConst of [ `ANull | `Byte of int | OpGoto of int | OpLdc2w of int | OpFCmpG | `Class of object_type | OpJsr of int | OpLoad of jvm_basic_type * int | OpDCmpL | `Double of float | `Float of float | `Int of int32 Default | OpRet of int | OpALoad of int | OpDCmpG | `Long of int64 | `Short of int | `String of string ] | OpTableSwitch of int * int32 * int32 * int array | OpArrayLoad of [ `Double | `Float | `Int | `Long ] | OpIfEq of int | OpAdd of jvm_basic_type | OpLookupSwitch of int * (int32 * int) list | OpAALoad | OpIfNe of int | OpSub of jvm_basic_type | OpNew of class_name | OpBALoad | OpIfLt of int | OpMult of jvm_basic_type | OpNewArray of value_type | OpCALoad | OpIfGe of int | OpDiv of jvm_basic_type | OpAMultiNewArray of object_type * int | OpSALoad | OpIfGt of int Instruction | OpRem of jvm_basic_type representation | OpCheckCast of object_type | OpStore of jvm_basic_type * int | OpIfLe of int | OpNeg of jvm_basic_type | OpInstanceOf of object_type | OpAStore of int | OpICmpEq of int | OpIShl | OpGetStatic of class_name * field_signature | OpArrayStore of [ `Double | `Float | `Int | `Long ] | OpICmpNe of int | OpLShl | OpPutStatic of class_name * field_signature | OpAAStore | OpICmpLt of int | OpIShr | OpGetField of class_name * field_signature | OpBAStore | OpICmpGe of int | OpLShr | OpPutField of class_name * field_signature | OpCAStore | OpICmpGt of int | OpIUShr | OpArrayLength | OpSAStore | OpICmpLe of int | OpLUShr sets | OpArrayLoad of jvm_array_type | OpPop | OpACmpEq of int | OpIAnd | OpArrayStore of jvm_array_type | OpPop2 | OpACmpNe of int | OpLAnd | OpInvoke of [ `Interface of class_name | OpDup | OpGoto of int | OpIOr | `Special of class_name | OpDupX1 | OpJsr of int | OpLOr | `Static of class_name | OpDupX2 | OpRet of int | OpIXor | `Virtual of object_type ] * method_signature | OpDup2 | OpTableSwitch of int * int32 * int32 * int array | OpLXor | OpReturn of jvm_return_type | OpDup2X1 | OpLookupSwitch of int * (int32 * int) list | OpI2L | OpThrow | OpDup2X2 | OpReturn of jvm_basic_type | OpI2F | OpMonitorEnter | OpSwap | OpAReturn | OpI2D | OpMonitorExit | OpAdd of jvm_basic_type | OpReturnVoid | OpL2I Low level | OpNop | OpSub of jvm_basic_type | OpGetStatic of int | OpL2F | OpBreakpoint | OpMult of jvm_basic_type | OpPutStatic of int | OpL2D | OpInvalid | OpDiv of jvm_basic_type | OpGetField of int | OpF2I | OpRem of jvm_basic_type | OpPutField of int | OpNeg of jvm_basic_type | OpInvokeVirtual of int representation | OpIShl | OpInvokeNonVirtual of int type instr = | OpLShl | OpInvokeStatic of int | Nop | OpIShr | OpInvokeInterface of int * int | AffectVar of var * expr | OpLShr | OpNew of int | AffectArray of expr * expr * expr | OpIUShr | OpNewArray of java_basic_type | AffectField of expr * class_name * field_signature * expr Intermediate | OpLUShr | OpANewArray of int | AffectStaticField of class_name * field_signature * expr | OpIAnd | OpArrayLength | Goto of int | OpLAnd | OpThrow | Ifd of ([ `Eq | `Ge | `Gt | `Le | `Lt | `Ne ] * expr * expr) * int | OpIOr | OpCheckCast of int | Throw of expr | OpLOr | OpInstanceOf of int | Return of expr option representation | OpIXor | OpMonitorEnter | New of var * class_name * value_type list * expr list | OpLXor | OpMonitorExit | NewArray of var * value_type * expr list | OpIInc of int * int | OpAMultiNewArray of int * int | InvokeStatic of var option * class_name * method_signature * expr list | OpI2L | OpIfNull of int | InvokeVirtual of var option * expr * virtual_call_kind * method_signature * expr list | OpI2F | OpIfNonNull of int | InvokeNonVirtual of var option * expr * class_name * method_signature * expr list | OpI2D | OpGotoW of int | MonitorEnter of expr | OpL2I | OpJsrW of int | MonitorExit of expr | OpL2F | OpBreakpoint | MayInit of class_name | OpL2D | OpInvalid | Check of check Tuesday, November 30, 2010 8

  20. Overview Sawja Static Analysis .class oriented Javalib (IR, CFG file oriented computation, etc.) (parsing, etc.) Tuesday, November 30, 2010 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Java Collections Framework 6 May 2019 OSU CSE 1 Overview The Java Collections Framework

Java Collections Framework 6 May 2019 OSU CSE 1 Overview The Java Collections Framework

Java Collections Framework 6 May 2019 OSU CSE 1 Overview The Java Collections Framework (JCF) is a group of interfaces and classes similar to the OSU CSE components The similarities will become clearly evident from examples See

836 views • 61 slides
QtJambi Java bindings for the powerful Qt framework Qt Powerful framework for C++ GUI, XML,

QtJambi Java bindings for the powerful Qt framework Qt Powerful framework for C++ GUI, XML,

QtJambi Java bindings for the powerful Qt framework Qt Powerful framework for C++ GUI, XML, Database, IO, Network, Threads... Crossplatfrom including embedded systems Double license - GPL & commertial Bindings for Java, Python,Perl, PHP

367 views • 10 slides
Using A Cost-Based Framework For Analyzing Denial Of Service Presented By: Joan Paul A

Using A Cost-Based Framework For Analyzing Denial Of Service Presented By: Joan Paul A

Using A Cost-Based Framework For Analyzing Denial Of Service Presented By: Joan Paul A Cost-Based Framework for Analysis of Denial of Service in Networks Catherine Meadows (2001) Analyzing DoS-Resistance of Protocols Using a

287 views • 28 slides
The Java Collections Framework Definition Set of interfaces, abstract and concrete classes that

The Java Collections Framework Definition Set of interfaces, abstract and concrete classes that

The Java Collections Framework Definition Set of interfaces, abstract and concrete classes that define common abstract data types in Java e.g. list, stack, queue, set, map Part of the java.util package Implementation Extensive use of

669 views • 22 slides
Elinor Ostrom: A General Framework for Analyzing Sustainability

Elinor Ostrom: A General Framework for Analyzing Sustainability

Elinor Ostrom: A General Framework for Analyzing Sustainability of Socio-Ecological Systems. Science 325:419-422. (2009) . Danielle V. Dolan April 17, 2014 ESP 212B

342 views • 19 slides
Java Generics Generics n Since JDK 1.5 (Java 5), the Collections framework has been

Java Generics Generics n Since JDK 1.5 (Java 5), the Collections framework has been

Java Generics Generics n Since JDK 1.5 (Java 5), the Collections framework has been parameterized. n A class that is defined with a parameter for a type is called a generic or a parameterized class. In C++, there were referred to as

300 views • 12 slides
Ja Java va Co Coll llection ection Fra ramew ework ork Version March 2009 Framework

Ja Java va Co Coll llection ection Fra ramew ework ork Version March 2009 Framework

Ja Java va Co Coll llection ection Fra ramew ework ork Version March 2009 Framework Interfaces (ADT, Abstract Data Types) Implementations (of ADT) Algorithms (sort) java.util.* Java 5 released! Lots of changes about

1k views • 71 slides
JAVA Java vs. Java Java Language Specification

JAVA Java vs. Java Java Language Specification

BR 10/05 JAVA Java vs. Java Java Language Specification http://java.sun.com/docs/books/jls/second_edition/html/j.title.doc.html Java programming language is compiled into java byte code Java Virtual Machine Specification

1.07k views • 44 slides
Java Programming Languages in Depth Series JDBC Spring Framework Web Services Marco Piccioni

Java Programming Languages in Depth Series JDBC Spring Framework Web Services Marco Piccioni

Chair of Software Engineering Java Programming Languages in Depth Series JDBC Spring Framework Web Services Marco Piccioni May 31st 2007 What will we be talking about Java Data Base Connectivity The Spring Framework: introduction

1.11k views • 71 slides
A Framework for Analyzing Verifiability in Traditional and Electronic Exams Jannik Dreier 1 ,

A Framework for Analyzing Verifiability in Traditional and Electronic Exams Jannik Dreier 1 ,

A Framework for Analyzing Verifiability in Traditional and Electronic Exams Jannik Dreier 1 , Rosario Giustolisi 2 , Ali Kassem 3 , Pascal Lafourcade 4 and Gabriele Lenzini 2 1 Institute of Information Security, ETH Zurich 2 SnT/University of

676 views • 30 slides
Java Programming Unit 8 Selected Java Collec5ons.

Java Programming Unit 8 Selected Java Collec5ons.

Java Programming Unit 8 Selected Java Collec5ons. Generics. (c) Yakov Fain 2014 Java Collec5ons Framework Classes and interfaces from

763 views • 24 slides
Towards a Logic-Based Framework for Analyzing Stream Reasoning Harald Beck Minh Dao-Tran Thomas

Towards a Logic-Based Framework for Analyzing Stream Reasoning Harald Beck Minh Dao-Tran Thomas

Towards a Logic-Based Framework for Analyzing Stream Reasoning Harald Beck Minh Dao-Tran Thomas Eiter Michael Fink 3rd International Workshop on Ordering and Reasoning October 20, 2014 Motivation Streams Logical Framework Conclusions

547 views • 52 slides
Spatial Statistics A Framework for Analyzing Geographically Referenced Data in Insurance

Spatial Statistics A Framework for Analyzing Geographically Referenced Data in Insurance

Spatial Statistics A Framework for Analyzing Geographically Referenced Data in Insurance Ratemaking Satadru Sengupta Personal Market Liberty Mutual Group CAS Ratemaking & Product Management Seminar Chicago March 2010 Antitrust Notice

526 views • 26 slides
Analyzing Effects of RCEP on Foreign Direct Investment in a Firm Heterogeneity CGE Framework

Analyzing Effects of RCEP on Foreign Direct Investment in a Firm Heterogeneity CGE Framework

Analyzing Effects of RCEP on Foreign Direct Investment in a Firm Heterogeneity CGE Framework Qiaomin Li Supervisor: Robert Scollay Department of Economics University of Auckland New Zealand August 2014 1 1. Introduction Two of my previous

762 views • 59 slides
Advanced Java Concurrency Framework By Nisarg Shah Rutvi Joshi Advanced Java Concurrency

Advanced Java Concurrency Framework By Nisarg Shah Rutvi Joshi Advanced Java Concurrency

Advanced Java Concurrency Framework By Nisarg Shah Rutvi Joshi Advanced Java Concurrency Framework - By Nisarg Shah and Rutvi Joshi Concurrency in Java Developers had to create their own solution to solve concurrency problems Such

352 views • 23 slides
JUNIT JUnit ( http://www.junit.org ) is a framework for writing tests in Java, written by Erich

JUNIT JUnit ( http://www.junit.org ) is a framework for writing tests in Java, written by Erich

JUNIT JUnit ( http://www.junit.org ) is a framework for writing tests in Java, written by Erich Gamma (of Design Patterns fame) and Kent Beck (creator of Extreme Programming methodology). It has become the unofcial standard for Java testing

528 views • 7 slides
Free your papers, researchers! Dissemin team (Ryan Lahfa) July 22, 2016 1 Introduction: what is

Free your papers, researchers! Dissemin team (Ryan Lahfa) July 22, 2016 1 Introduction: what is

Free your papers, researchers! Dissemin team (Ryan Lahfa) July 22, 2016 1 Introduction: what is a researcher? A Pokemon? Not yet. Research is: The systematic investigation into and study of materials and sources in order to establish facts

1.2k views • 70 slides
MetaObj: Very High Level Objects in MetaPost Denis Roegel, University of Nancy, France TUG 2002

MetaObj: Very High Level Objects in MetaPost Denis Roegel, University of Nancy, France TUG 2002

MetaObj: Very High Level Objects in MetaPost Denis Roegel, University of Nancy, France TUG 2002 Thiruvananthapuram, Kerala, India 47 September 2002 1 Summary The need for high-level objects How high-level objects can be

819 views • 43 slides
Peer-to-Peer Networks 13 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 13 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 13 Security Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Attacks Denial-of-Service Attacks (DoS) Timing attacks - or distributed denial of service - messages

419 views • 27 slides
The Cordova Development Lifecycle Andrew Grieve ApacheCon April 2014 http://goo.gl/bTGMNW

The Cordova Development Lifecycle Andrew Grieve ApacheCon April 2014 http://goo.gl/bTGMNW

The Cordova Development Lifecycle Andrew Grieve ApacheCon April 2014 http://goo.gl/bTGMNW Vanity Slide Why Google and Cordova Cordova is good for the web Basis for Chrome Packaged Apps Why Google and Cordova Get to it already!

1.34k views • 96 slides
SECTION 2: What is a loop invariant? Loop Reasoning An assertion that always holds at

SECTION 2: What is a loop invariant? Loop Reasoning An assertion that always holds at

Review: Reasoning about loops SECTION 2: What is a loop invariant? Loop Reasoning An assertion that always holds at the top of a loop & HW3 Setup Why do we need invariants? Most code is not straight line Most

451 views • 14 slides
The KPIs That Matter & Data Visualization IMPACT LIve - August 2017 by Peter Caputa IV, CEO,

The KPIs That Matter & Data Visualization IMPACT LIve - August 2017 by Peter Caputa IV, CEO,

The KPIs That Matter & Data Visualization IMPACT LIve - August 2017 by Peter Caputa IV, CEO, Databox Why Inbound Marketing Isnt Working as Good As It Used To (& What to Do About it) Dont worry: Ill still cover KPIs and the

665 views • 42 slides
High Warehouse Racks: Optimal Feedback Control and High Warehouse Racks: Optimal Feedback Control

High Warehouse Racks: Optimal Feedback Control and High Warehouse Racks: Optimal Feedback Control

High Warehouse Racks: Optimal Feedback Control and High Warehouse Racks: Optimal Feedback Control and Adaptive Control Improvement Adaptive Control Improvement Christof Bskens skens Christof B INRIA, Optimal Control: Algorithms and

862 views • 57 slides
Case Study: How ECI Telecom increased CTR and conversions at the top of the funnel by over 200%

Case Study: How ECI Telecom increased CTR and conversions at the top of the funnel by over 200%

Case Study: How ECI Telecom increased CTR and conversions at the top of the funnel by over 200% Michelle Mogelson Levy Associate Vice President, Marketing Programs ECI Telecom Most challenging processes in the marketing-sales funnel

665 views • 23 slides

More recommend