Reusing Single-Language Analyses for Static Analysis of Multi-language Programs DOI
Tobias Roth

Published: Oct. 19, 2023

State-of-the-art software is crafted in multiple programming languages. Such multi-language challenges static analyses: Since many analyses are focused on analyzing single-language programs, they inherently unsound or imprecise cross-language interaction. Existing approaches that perform analysis not analysis- language independent and thus lack extensibility for new We will develop an extensible, language-, framework-, analysis-independent architecture to reuse existing software. Our hypotheses that, our allows reusing improves precision soundness compared the state of art. evaluate with a points-to data flow Java, JavaScript, C/C++ code compare it against

Language: Английский

Modular Unification of Unilingual Pointer Analyses to Multilingual FFI-Based Programs DOI Creative Commons
Jyoti Prakash, Abhishek Tiwari, Christian Hammer

et al.

Science of Computer Programming, Journal Year: 2025, Volume and Issue: unknown, P. 103278 - 103278

Published: Feb. 1, 2025

Language: Английский

Citations

0
Unveiling security weaknesses in autonomous driving systems: An in-depth empirical study DOI

Wenyuan Cheng,

Zengyang Li, Peng Liang

et al.

Information and Software Technology, Journal Year: 2025, Volume and Issue: unknown, P. 107709 - 107709

Published: March 1, 2025

Language: Английский

Citations

0
Property-Based Testing for Cybersecurity: Towards Automated Validation of Security Protocols DOI Creative Commons
Manuel J. C. S. Reis

Computers, Journal Year: 2025, Volume and Issue: 14(5), P. 179 - 179

Published: May 6, 2025

The validation of security protocols remains a complex and critical task in the cybersecurity landscape, often relying on labor-intensive testing or formal verification techniques with limited scalability. In this paper, we explore property-based (PBT) as powerful yet underutilized methodology for automated protocols. PBT enables generation large diverse input spaces guided by declarative properties, making it well-suited to uncover subtle vulnerabilities protocol logic, state transitions, access control flows. We introduce principles demonstrate its applicability through selected use cases involving authentication mechanisms, cryptographic APIs, session further discuss integration strategies existing pipelines highlight key challenges such property specification, oracle design, Finally, outline future research directions aimed at bridging gap between methods, goal advancing automation reliability secure system development.

Language: Английский

Citations

0
Challenges of Multilingual Program Specification and Analysis DOI
Carlo A. Furia, Abhishek Tiwari

Lecture notes in computer science, Journal Year: 2024, Volume and Issue: unknown, P. 124 - 143

Published: Oct. 29, 2024

Language: Английский

Citations

2
Analysis of information flow security using software implementing business logic based on stored database program blocks DOI Creative Commons

A. А. Timakov

Russian Technological Journal, Journal Year: 2024, Volume and Issue: 12(2), P. 16 - 27

Published: April 5, 2024

Objectives . Verification of software security is typically performed using dynamic and static analysis tools. The corresponding types do not usually consider the business logic rely on data access control policies. A modern approach to resolving this problem implement language-based information flow control. Despite a large amount research, mechanisms for in are widely used practice. This because they complex impose increased demands developers. aim work transfer from language level formal verification. will enable functions controlling integrity confidentiality be isolated into separate task, which can resolved by analysts. Methods research based general methods computer systems verification methods. algorithm developed author checking specifications violations uses temporal actions. Results technology presented as step-by-step specific tasks, including following: designing database (DB) storing processing sensitive information; analyzing dependencies identifying relevant sets program blocks DB; generating TLA+ identified blocks; labeling according global policy rules additional constraints; applying specification algorithm, while providing recommendations procedure also involves labeled data, order spread verified block output values external modules. Conclusions herein does require developers include redundant annotations describing rules. function flows with reference predefined restrictions moved stage development life cycle.

Language: Английский

Citations

0
AXA: Cross-Language Analysis through Integration of Single-Language Analyses DOI
Tobias Roth, Julius Näumann, Dominik Helm

et al.

Published: Oct. 18, 2024

Language: Английский

Citations

0
Automated detection of inter-language design smells in multi-language deep learning frameworks DOI
Zengyang Li, Xiaoyong Zhang, Wenshuo Wang

et al.

Information and Software Technology, Journal Year: 2024, Volume and Issue: unknown, P. 107656 - 107656

Published: Dec. 1, 2024

Language: Английский

Citations

0
Learning to Detect and Localize Multilingual Bugs DOI
Haoran Yang, Yu Nong, Tao Zhang

et al.

Proceedings of the ACM on software engineering., Journal Year: 2024, Volume and Issue: 1(FSE), P. 2190 - 2213

Published: July 12, 2024

Increasing studies have shown bugs in multi-language software as a critical loophole modern quality assurance, especially those induced by language interactions (i.e., multilingual bugs). Yet existing tool support for bug detection/localization remains largely limited to single-language software, despite the long-standing prevalence of systems various real-world domains. Extant static/dynamic analysis and deep learning (DL) based approaches all face major challenges addressing bugs. In this paper, we present xLoc, DL-based technique/tool detecting localizing Motivated results our bug-characteristics study on top locations bugs, xLoc first learns general knowledge relevant differentiating control-flow structures. This is achieved pre-training Transformer model with customized position encoding against novel objectives. Then, task-specific task detection/localization, through another new scheme (based cross-language API vicinity) that allows attend particularly constructs bear most during fine-tuning. We implemented Python-C curated dataset 3,770 buggy 15,884 non-buggy samples, which enabled extensive evaluation two state-of-the-art baselines: fine-tuned CodeT5 zero-shot ChatGPT. Our show 94.98% F1 87.24%@Top-1 accuracy, are significantly (up 162.88% 511.75%) higher than baselines. Ablation further confirmed significant contributions each design elements xLoc. With respective bug-location characteristics labeled datasets fine-tuning, may be applied other combinations beyond Python-C.

Language: Английский

Citations

0
Reusing Single-Language Analyses for Static Analysis of Multi-language Programs DOI
Tobias Roth

Published: Oct. 19, 2023

State-of-the-art software is crafted in multiple programming languages. Such multi-language challenges static analyses: Since many analyses are focused on analyzing single-language programs, they inherently unsound or imprecise cross-language interaction. Existing approaches that perform analysis not analysis- language independent and thus lack extensibility for new We will develop an extensible, language-, framework-, analysis-independent architecture to reuse existing software. Our hypotheses that, our allows reusing improves precision soundness compared the state of art. evaluate with a points-to data flow Java, JavaScript, C/C++ code compare it against

Language: Английский

Citations

0