an analysis framework and additive software analysis · checkers. 20 . framework and additive...
TRANSCRIPT
![Page 1: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/1.jpg)
An Analysis Framework and Additive Software Analysis
Paul E. Black Software Quality Group Software and Systems Division
16 July 2016
![Page 2: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/2.jpg)
Certain trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation or endorsement by the National Institute of Standards and Technology (NIST), nor does it imply that the products are necessarily the best available for the purpose.
2
![Page 3: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/3.jpg)
Outline
l A Framework for Software Assurance l Additive Software Analysis
3
![Page 4: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/4.jpg)
4
Analyzer A
Reporter M
Checker Q
Analyzer F
Checker B
Tester T
![Page 5: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/5.jpg)
5
Framework for Software
Testing and Assurance
Analyzer A
Reporter M
Checker Q
Analyzer F
Checker B
Tester T
Standards for Information Exchange
![Page 6: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/6.jpg)
Functions of a Framework
l Aggregate tool outputs. l Allow software assurance checkers to
interoperate. l Pass program information between tools.
6
![Page 7: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/7.jpg)
Benefits of a Framework
l Modular and distributed development. – Existing modules may be replaced by superior ones. – Facilitate synergy between groups of researchers.
l Enable development of “hybrid” tools. – A tool uses a static analyzer module to find problematic
code locations, then uses a constraint satisfier module and a symbolic execution engine to create inputs that trigger failures.
7
![Page 8: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/8.jpg)
8
Framework for Software
Testing and Assurance
Analyzer A
Reporter M
Checker Q
Analyzer F
Checker B
Tester T
Standards for Information Exchange
![Page 9: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/9.jpg)
Possibly Useful Information
l Location in code – File name, class file, method/function name,
line number, etc. l Variables visible at a location l Possible variable values at a location
– Intervals? enumerations? relations (e.g. x < y) l Data flows l Paths l Stack traces
9
![Page 10: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/10.jpg)
Additional Information
l Origin of binary chunk in source code l Warnings of possible problems l Assertion, pre- & postcondition, invariant l Function signatures
10
![Page 11: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/11.jpg)
XKCD cartoon used with permission. Permanent link is http://xkcd.com/927/
Much of This Already Exists
l LLVM l Clang l gcc l Rose compiler infrastructure l findbugs l Yasca l TOIF, SAFES l Code Dx
![Page 12: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/12.jpg)
ADDITIVE SOFTWARE ANALYSIS
12
![Page 13: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/13.jpg)
Each analyzer or checker added gives the programmer more information.
Case 1: More Information
13
SQL Injection
Program - Target of
Evaluation
![Page 14: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/14.jpg)
Each analyzer or checker added gives the programmer more information.
Case 1: More Information
14
SQL Injection
Program - Target of
Evaluation
Deadlock
![Page 15: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/15.jpg)
Results are correlated or compared to provide better information than either one alone.
Case 2: Confirmation
15
Program - Target of
Evaluation
![Page 16: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/16.jpg)
Results are correlated or compared to provide better information than either one alone.
Case 2: Confirmation
16
Program - Target of
Evaluation
heuristic J
![Page 17: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/17.jpg)
Results are correlated or compared to provide better information than either one alone.
Case 2: Confirmation
17
Program - Target of
Evaluation
heuristic J
heuristic K
![Page 18: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/18.jpg)
Another example: tie static analysis with execution monitoring and constraint solving to get a hybrid analyzer.
Case 3: Synergy
18
extract program flow from binary
Program - Target of
Evaluation
analyze memory use w/ separation logic
![Page 19: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/19.jpg)
Additive Software Analysis Benefits
l Checkers and analyzers work together. l Foster an “ecosystem” for tools. l Growing set of problematic and virtuous
programming patterns and idioms may be checked by tools.
19
![Page 20: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/20.jpg)
Possibly Useful Information
l A descriptive taxonomy of checkers. – Inputs needed. – Languages/constructs handled. – Checking/analysis performed. – Outputs provided.
l A catalog of publically-vetted checkers and analyzers.
l A publicly accessible repository of checkers.
20
![Page 21: An Analysis Framework and Additive Software Analysis · checkers. 20 . Framework and Additive Software Analysis Together Are Powerful 21 Analyzer A Reporter M Checker Q Analyzer F](https://reader033.vdocuments.mx/reader033/viewer/2022052103/603e90f75c787006cf6fad5b/html5/thumbnails/21.jpg)
Framework and Additive Software Analysis Together Are Powerful
21
Analyzer A
Reporter M
Checker Q
Analyzer F
Checker B
Standards for Information Exchange