static software analysis
play

Static (Software) Analysis Dagstuhl 16172: Machine Learning for - PowerPoint PPT Presentation

Mar 02, 2023 •9 likes •239 views

Static (Software) Analysis Dagstuhl 16172: Machine Learning for Dynamic Software Analysis Reiner Hhnle Software Engineering Group Department of Computer Science Technische Universitt Darmstadt http://www.se.tu-darmstadt.de/

  1. Static (Software) Analysis Dagstuhl 16172: Machine Learning for Dynamic Software Analysis Reiner Hähnle Software Engineering Group Department of Computer Science Technische Universität Darmstadt http://www.se.tu-darmstadt.de/ haehnle@cs.tu-darmstadt.de 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 0

  2. What Is Static Analysis (SA) of Software? Establish a property of a program at compile time, without executing it 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 1

  3. What Is Static Analysis (SA) of Software? Establish a property of a program at compile time, without executing it Some Facts ◮ Checking done by a tool, not a human ◮ Performed usually on source or assembler code ◮ Original motivation: compiler optimization ◮ Data flow analysis, e.g., used variables ◮ Control flow analysis, e.g., reachable code ◮ Current focus: software quality ◮ Security, e.g., confidentiality, vulnerability ◮ Compliance, e.g., MISRA-C, web service protocols ◮ Defects (bug finding), e.g., memory leaks, buffer overflows ◮ Code quality, e.g., metrics, “code smells” 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 1

  4. Static Analysis in the Narrow/Wide Sense Static Analysis in the Narrow Sense ◮ Check a fixed property ◮ Low polynomial decision complexity ◮ Value-insensitive abstraction, e.g., control flow graph 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 2

  5. Static Analysis in the Narrow/Wide Sense Static Analysis in the Narrow Sense ◮ Check a fixed property ◮ Low polynomial decision complexity ◮ Value-insensitive abstraction, e.g., control flow graph Static Analysis in the Wide Sense (which is my sense) ◮ Complex properties, expressed in specification language ◮ security policy, interface protocol, functional property ◮ NP-hard or even undecidable ◮ heuristics optimize the “common case”, no guarantees ◮ interaction by human expert user ◮ Fully precise control flow and data model ◮ Often based on formal methods 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 2

  6. Static Analysis Techniques ◮ Graph-based program abstractions Algorithms ◮ Control flow graph ◮ Program dependence graph ◮ Constraint Solving ◮ Recently popular: SAT/SMT solvers as backend Search ◮ Automata-based representations ◮ Model checking Inference ◮ Abstract Interpretation ◮ Symbolic Execution ◮ Deductive Verification 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 3

  7. Static Analysis Techniques ◮ Graph-based program abstractions Algorithms ◮ Control flow graph ◮ Program dependence graph ◮ Constraint Solving ◮ Recently popular: SAT/SMT solvers as backend Search ◮ Automata-based representations ◮ Model checking Inference ◮ Abstract Interpretation ◮ Symbolic Execution ◮ Deductive Verification ML has most potential in complex SA techniques: Search ⇒ Lookup 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 3

  8. Interlude A State-of-art Tool for Complex Static Analysis By Source, Fair use, https://en.wikipedia.org/w/index.php?curid=20208543 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 4

  9. Challenges for SA Scaling ◮ Intra- vs. inter-procedural: compositionality difficult for complex SA ◮ Coverage/rapid evolution of industrial programming languages ◮ Hard to analyze language features: dynamic typing, reflection, HO closures 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 5

  10. Challenges for SA Scaling ◮ Intra- vs. inter-procedural: compositionality difficult for complex SA ◮ Coverage/rapid evolution of industrial programming languages ◮ Hard to analyze language features: dynamic typing, reflection, HO closures Precision ◮ Incompleteness, false positives ◮ “Soundiness”, see B. Livshits et al., CACM 58(2) 44–46, Feb. 2015 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 5

  11. Challenges for SA Scaling ◮ Intra- vs. inter-procedural: compositionality difficult for complex SA ◮ Coverage/rapid evolution of industrial programming languages ◮ Hard to analyze language features: dynamic typing, reflection, HO closures Precision ◮ Incompleteness, false positives ◮ “Soundiness”, see B. Livshits et al., CACM 58(2) 44–46, Feb. 2015 Modern computer architecture The deployment gap ◮ Multi-level caches, stale data ◮ Parallel computing: GPUs, weak memory models ◮ Cloud: provisioning bugs, resource-aware computing 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 5

  12. Current Trends More complex properties, often combine behavior and data ◮ Integration tasks (web interfaces, frameworks, APIs, . . . ) ◮ Security-related: information flow ◮ Evolution: regression, certification, . . . 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 6

  13. Current Trends More complex properties, often combine behavior and data ◮ Integration tasks (web interfaces, frameworks, APIs, . . . ) ◮ Security-related: information flow ◮ Evolution: regression, certification, . . . Combine Static and Dynamic Analysis ◮ Concolic or dynamic symbolic execution ◮ Incomplete static analysis to speed up runtime monitoring 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 6

  14. Current Trends More complex properties, often combine behavior and data ◮ Integration tasks (web interfaces, frameworks, APIs, . . . ) ◮ Security-related: information flow ◮ Evolution: regression, certification, . . . Combine Static and Dynamic Analysis ◮ Concolic or dynamic symbolic execution ◮ Incomplete static analysis to speed up runtime monitoring Immersion in IDEs ◮ Use machine idle time while user deliberates ◮ Improved usability 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 6

  15. Current Trends More complex properties, often combine behavior and data ◮ Integration tasks (web interfaces, frameworks, APIs, . . . ) ◮ Security-related: information flow ◮ Evolution: regression, certification, . . . Combine Static and Dynamic Analysis ◮ Concolic or dynamic symbolic execution ◮ Incomplete static analysis to speed up runtime monitoring Immersion in IDEs ◮ Use machine idle time while user deliberates ◮ Improved usability Resource Analysis Resource management and deployment become separate development phases 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 6

  16. Related Fields Static Analysis of Programs is a not a Separate Discipline Cross cutting with many other fields, distinction is blurry ◮ Type Theory ◮ Abstract Interpretation ◮ Model Checking ◮ Software Verification 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 7

  17. Program Analysis: The Two Worlds The Two Worlds Meet ◮ Glassbox ◮ Blackbox ◮ Symbolic ◮ Statistical ◮ Heuristic ◮ Complete ◮ Analysis ◮ Synthesis ◮ Static Analyses ◮ Learning Techniques ◮ Model checking ◮ Extract Behavior from Traces ◮ Abstract interpretation ◮ Learning-based Software Testing ◮ Symbolic execution ◮ Learning-based synthesis ◮ Deductive verification ◮ 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 8

  18. Program Analysis: The Two Worlds Advantages ◮ Precise, rich modelling ◮ Source code not needed ◮ Executable/compilable target ◮ Applicable to any system level ◮ Can be scalable ◮ Fully automatic ◮ Certificates possible ◮ Robust 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 8

  19. Program Analysis: The Two Worlds Disadvantages ◮ Must have/generate source code ◮ Learned models very abstract ◮ Where do the specs come from? ◮ How to map abstract to code level? ◮ Some expert interaction necessary ◮ No use of symbolic techniques ◮ Evolution of target expensive ◮ Slow convergence, small coverage ◮ Incompleteness, soundiness ◮ Doesn’t scale/not compositional 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 8

  20. Software Model ⇔ Executable Code Pivotal Issue: The Link between Models and Code Too tight: Need to hand-craft modelling abstractions Too loose: Unsatisfactory precision/coverage 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 9

  21. Software Model ⇔ Executable Code Pivotal Issue: The Link between Models and Code Too tight: Need to hand-craft modelling abstractions Too loose: Unsatisfactory precision/coverage Increase elasticity of model-code link without sacrificing precision 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 9

  22. Software Model ⇔ Executable Code Pivotal Issue: The Link between Models and Code Too tight: Need to hand-craft modelling abstractions Too loose: Unsatisfactory precision/coverage Increase elasticity of model-code link without sacrificing precision Potential Benefits ◮ Decrase dependency of glassbox from availability of specs, source code ◮ Integrate blackbox into precise/sound(y) reasoning framework ◮ Dramatically improve performance of both glass-/blackbox 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
Static and dynamic verification Software inspections Concerned with analysis of the

Static and dynamic verification Software inspections Concerned with analysis of the

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis

310 views • 12 slides
Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot & CNRS VTSA 2015 1 / 99 Static Analysis Establish

2.15k views • 186 slides
Numerical Static Analysis of Embedded Software with Interrupts Liqian Chen National University of

Numerical Static Analysis of Embedded Software with Interrupts Liqian Chen National University of

The 2016 Workshop on Static Analysis of Concurrent Software, Edinburgh, Scotland Numerical Static Analysis of Embedded Software with Interrupts Liqian Chen National University of Defense Technology, Changsha, China 11/09/2016 (Joint work with

604 views • 39 slides
Static and dynamic verification Static and dynamic V&V Software inspections Concerned

Static and dynamic verification Static and dynamic V&V Software inspections Concerned

1 2 Static and dynamic verification Static and dynamic V&V Software inspections Concerned with analysis of the static system Static representation to discover problems (static verification verification) May be supplement by

107 views • 6 slides
Detection of Software Vulnerabilities: Static Analysis (Part I) Lucas Cordeiro Department of

Detection of Software Vulnerabilities: Static Analysis (Part I) Lucas Cordeiro Department of

Systems and Software Verification Laboratory Detection of Software Vulnerabilities: Static Analysis (Part I) Lucas Cordeiro Department of Computer Science lucas.cordeiro@manchester.ac.uk Static Analysis Lucas Cordeiro (Formal Methods

1.9k views • 188 slides
Program Analysis Extracting static and dynamic information from a software system Program

Program Analysis Extracting static and dynamic information from a software system Program

Program Analysis Extracting static and dynamic information from a software system Program Analysis Extracting information, in order to present abstractions of, or answer questions about, a software system Static Analysis: Examines the

754 views • 32 slides
Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting insights at compile time Full branch coverage Terminates Doesnt rely on a test suite Types are static analysis. Lets talk about

784 views • 39 slides
Detection of Software Vulnerabilities: Static Analysis (Part II) Lucas Cordeiro Department of

Detection of Software Vulnerabilities: Static Analysis (Part II) Lucas Cordeiro Department of

Systems and Software Verification Laboratory Detection of Software Vulnerabilities: Static Analysis (Part II) Lucas Cordeiro Department of Computer Science lucas.cordeiro@manchester.ac.uk Static Analysis (Part II) Lucas Cordeiro (Formal

2.24k views • 169 slides
Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot & CNRS VTSA 2015 1 / 149 Outline Introduction 1 Formal

861 views • 68 slides
Fundamentals of (Static ic and Dynamic ic) ) Software Verif ific icatio ion Control-flow

Fundamentals of (Static ic and Dynamic ic) ) Software Verif ific icatio ion Control-flow

Fundamentals of (Static ic and Dynamic ic) ) Software Verif ific icatio ion Control-flow Analysis Data-flow Analysis Static VS Dynamic Analysis Software Testing Control Con ol Flow ow Gr Graph entry S1 Procedure AVG S1 count =

1.08k views • 104 slides
Improving Software Quality with Static Analysis William Pugh Professor Univ. of Maryland

Improving Software Quality with Static Analysis William Pugh Professor Univ. of Maryland

Improving Software Quality with Static Analysis William Pugh Professor Univ. of Maryland http://www.cs.umd.edu/~pugh TS-2007 2007 JavaOne SM Conference | Session TS-2007 | You will believe... Static analysis tools can find real bugs

991 views • 62 slides
CS510 Software Engineering Static Program Analysis Asst. Prof. Mathias Payer Department of

CS510 Software Engineering Static Program Analysis Asst. Prof. Mathias Payer Department of

CS510 Software Engineering Static Program Analysis Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Scott A. Carr Slides inspired by Xiangyu Zhang http://nebelwelt.net/teaching/15-CS510-SE Spring 2015 Static

586 views • 24 slides
Static Analysis Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * Some

Static Analysis Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * Some

Static Analysis Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * Some slides adapted from those by Trent Jaeger Prevention: Program Analysis Any automated analysis at compile or dynamic time to find potential bugs

798 views • 61 slides
Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview TDDC90: Software Security Syntactic Analysis Ahmed Rezine Abstract Interpretation IDA, Linkpings Universitet Hsttermin 2014 Static Program

75 views • 7 slides
Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ? Basic analysis ! Example : Flow analysis ! Increasing precision ! Context -, flow -, and path sensitivity Scaling it up !

527 views • 27 slides
No-Idle, No-Wait: When Shop Scheduling Meets Dominoes, Eulerian and Hamiltonian Paths J.C.

No-Idle, No-Wait: When Shop Scheduling Meets Dominoes, Eulerian and Hamiltonian Paths J.C.

No-Idle, No-Wait: When Shop Scheduling Meets Dominoes, Eulerian and Hamiltonian Paths J.C. Billaut 1 , F.Della Croce 2 , Fabio Salassa 2 , V. Tkindt 1 1 . Universit e Francois-Rabelais, CNRS, Tours, France 2 . Politecnico di Torino, Torino,

938 views • 72 slides
What is state? You see a DPS officer approaching you. Are you happy? It's late at night and

What is state? You see a DPS officer approaching you. Are you happy? It's late at night and

5.1 5.2 What is state? You see a DPS officer approaching you. Are you happy? It's late at night and ______________________. It's late at night and you've been ___________________________. Unit 5 Your interpretation is based on

349 views • 7 slides
Online Algorithms Lecture 4 Ji r Sgall Computer Science Institute of the Charles Univ.,

Online Algorithms Lecture 4 Ji r Sgall Computer Science Institute of the Charles Univ.,

Online Algorithms Lecture 4 Ji r Sgall Computer Science Institute of the Charles Univ., Praha EWSCS, Palmse, March 2020 Ji r Sgall Online Algorithms Lecture 4 A puzzle Move boxes within their ranges. Ji r Sgall

972 views • 61 slides
Scheduling and Timetabling, Lecture 14 Han Hoogeveen, Utrecht University 1 Description Parallel

Scheduling and Timetabling, Lecture 14 Han Hoogeveen, Utrecht University 1 Description Parallel

Scheduling and Timetabling, Lecture 14 Han Hoogeveen, Utrecht University 1 Description Parallel machine scheduling: each job is executed by exactly one machine, and you can choose which one. Shop scheduling: each job is divided in several

582 views • 31 slides
Cost-efficient Task Farming with ConPaaS Ana Oprescu, Thilo Kielmann Thilo Kielmann Vrije

Cost-efficient Task Farming with ConPaaS Ana Oprescu, Thilo Kielmann Thilo Kielmann Vrije

Cost-efficient Task Farming with ConPaaS Ana Oprescu, Thilo Kielmann Thilo Kielmann Vrije Universiteit, Amsterdam Haralambie Leahu, Technical University Eindhoven contrail is co-funded by the EC 7th Framework Programme 1 The Contrail Project

1.19k views • 35 slides
A compact MIP formulation for single machine scheduling to minimize a piecewise linear objective

A compact MIP formulation for single machine scheduling to minimize a piecewise linear objective

A compact MIP formulation for single machine scheduling to minimize a piecewise linear objective function Philippe Baptiste Ruslan Sadykov LIX, Ecole Polytechnique, France Optimeo08 Philippe Baptiste, Ruslan Sadykov A compact MIP

654 views • 31 slides
Towards energy-aware scheduling in data centers using machine learning Josep Llus Berral,

Towards energy-aware scheduling in data centers using machine learning Josep Llus Berral,

Towards energy-aware scheduling in data centers using machine learning Josep Llus Berral, igo Goiri, Ramon Nou, Ferran Juli, Jordi Guitart, Ricard Gavald, and Jordi Torres Universitat Politcnica de Catalunya BSC-CNS, Barcelona

1.22k views • 13 slides
COL106: Data Structures and Algorithms Ragesh Jaiswal, IIT Delhi Ragesh Jaiswal, IIT Delhi

COL106: Data Structures and Algorithms Ragesh Jaiswal, IIT Delhi Ragesh Jaiswal, IIT Delhi

COL106: Data Structures and Algorithms Ragesh Jaiswal, IIT Delhi Ragesh Jaiswal, IIT Delhi COL106: Data Structures and Algorithms Greedy Algorithms: Job Scheduling Ragesh Jaiswal, IIT Delhi COL106: Data Structures and Algorithms Greedy

258 views • 9 slides

More recommend