Extending typestate checking using conditional liveness analysis

Strom, Robert E.; Yellin, Daniel M.

doi:10.1109/32.232013

Cited by 59 publications

(36 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some approaches avoid the issue: e.g., the original work on typestate verification [24,23] did not allow any aliasing, and more recent work on typestate verification based on linear types [7] also restrict aliasing severely. Some other approaches (e.g.…”

Section: Related Workmentioning

confidence: 99%

“…A technique that has received particular attention is that of finite state or typestate verification (e.g., see [24,23,19,5,7,3,8,12,11,16,1]). In this model, objects of a given type may exist in one of several states; the operations permitted on an object depend on the state of the object, and the operations may potentially alter the state of the object.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Typestate Verification: Abstraction Techniques and Complexity Results

Field¹,

Goyal²,

Ramalingam³

et al. 2003

Static Analysis

View full text Add to dashboard Cite

Abstract. We consider the problem of typestate verification for shallow programs; i.e., programs where pointers from program variables to heap-allocated objects are allowed, but where heap-allocated objects may not themselves contain pointers. We prove a number of results relating the complexity of verification to the nature of the finite state machine used to specify the property. Some properties are shown to be intractable, but others which appear to be quite similar admit polynomial-time verification algorithms. While there has been much progress on many aspects of automated program verification, we are not aware of any previous work relating the difficulty of typestate verification to properties of the finite state automaton. Our results serve to provide insight into the inherent complexity of important classes of verification problems. In addition, the program abstractions used for the polynomial-time verification algorithms may be of independent interest.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Typestate Verification: Abstraction Techniques and Complexity Results

Field¹,

Goyal²,

Ramalingam³

et al. 2003

Static Analysis

View full text Add to dashboard Cite

show abstract

“…But in many cases, properties that do change are as important as properties that do not. Recognizing the benefit of capturing these changes, researchers have developed systems in which the type of the object changes as the values stored in its fields change or as the program invokes operations on the object [188,187,74,206,207,54,109,84]. These systems integrate the concept of changing object states into the type system.…”

Section: Chapter 6 Role Analysismentioning

confidence: 99%

Component Composition for Embedded Systems Using Semantic Aspect-Oriented Programming

Rinard¹

2004

View full text Add to dashboard Cite

The public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Department of Defense, Washington Headquarters Services, Directorate for Information SPONSORING/MONITORING AGENCY REPORT NUMBER(S) AFRL-IF-WP-TR-2004-1568 DISTRIBUTION/AVAILABILITY STATEMENTApproved for public release; distribution is unlimited. SUPPLEMENTARY NOTES ABSTRACTThe goal of our research was to develop technologies and techniques in support of real-time systems for the defense community. Our research focused on Real-Time Java implementation and analysis techniques. Real-Time Java is important for the defense community because it holds out the promise of enabling developers to apply COTS Java technology to specialized military embedded systems. It also promises to allow the defense community to utilize a large Java-literate workforce for building defense systems.Our research has delivered several techniques that may make Real-Time Java a better platform for developing embedded systems. These techniques include ways to implement scoped memories (a key Real-Time Java construct) without the possibility of introducing unexpected and potentially catastrophic delays in the execution of real-time threads, analyses that ensure the correct use of Real-Time Java scoped memories, analyses that compute how much memory is required to execute a given Real-Time Java program (potentially helping developers calculate how much memory must be including in a given system to ensure that the system will execute without running out of memory), and optimizations that reduce the amount of memory required to execute a Real-Time Java program.

show abstract

“…Originally called type-state analysis [18], taint analysis has been largely adopted to detect inadequate or missing input validation, resulting in cross site scripting [22] [10], SQL-injection [9] and buffer overflow [16] vulnerabilities. In order to mitigate inaccuracy of pure taint analysis due to conservativity, more sophisticated analyses have been integrated, such as string analysis [22], program slicing [11], points-to analysis [12] and model checking [20].…”

Section: Related Workmentioning

confidence: 99%

Towards security testing with taint analysis and genetic algorithms

Avancini

Ceccato

2010

Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems

View full text Add to dashboard Cite

Cross site scripting is considered the major threat to the security of web applications. Removing vulnerabilities from existing web applications is a manual expensive task that would benefit from some level of automatic assistance. Static analysis represents a valuable support for security review, by suggesting candidate vulnerable points to be checked manually. However, potential benefits are quite limited when too many false positives, safe portions of code classified as vulnerable, are reported.In this paper, we present a preliminary investigation on the integration of static analysis with genetic algorithms. We show that this approach can suggest candidate false positives reported by static analysis and provide input vectors that expose actual vulnerabilities, to be used as test cases in security testing.

show abstract

Extending typestate checking using conditional liveness analysis

Cited by 59 publications

References 11 publications

Typestate Verification: Abstraction Techniques and Complexity Results

Typestate Verification: Abstraction Techniques and Complexity Results

Component Composition for Embedded Systems Using Semantic Aspect-Oriented Programming

Towards security testing with taint analysis and genetic algorithms

Contact Info

Product

Resources

About