Reusing Single-Language Analyses for Static Analysis of Multi-language Programs DOI
Tobias Roth

Опубликована: Окт. 19, 2023

State-of-the-art software is crafted in multiple programming languages. Such multi-language challenges static analyses: Since many analyses are focused on analyzing single-language programs, they inherently unsound or imprecise cross-language interaction. Existing approaches that perform analysis not analysis- language independent and thus lack extensibility for new We will develop an extensible, language-, framework-, analysis-independent architecture to reuse existing software. Our hypotheses that, our allows reusing improves precision soundness compared the state of art. evaluate with a points-to data flow Java, JavaScript, C/C++ code compare it against

Язык: Английский

Modular Unification of Unilingual Pointer Analyses to Multilingual FFI-Based Programs DOI Creative Commons
Jyoti Prakash, Abhishek Tiwari, Christian Hammer

и другие.

Science of Computer Programming, Год журнала: 2025, Номер unknown, С. 103278 - 103278

Опубликована: Фев. 1, 2025

Язык: Английский

Процитировано

0
Unveiling security weaknesses in autonomous driving systems: An in-depth empirical study DOI

Wenyuan Cheng,

Zengyang Li, Peng Liang

и другие.

Information and Software Technology, Год журнала: 2025, Номер unknown, С. 107709 - 107709

Опубликована: Март 1, 2025

Язык: Английский

Процитировано

0
Property-Based Testing for Cybersecurity: Towards Automated Validation of Security Protocols DOI Creative Commons
Manuel J. C. S. Reis

Computers, Год журнала: 2025, Номер 14(5), С. 179 - 179

Опубликована: Май 6, 2025

The validation of security protocols remains a complex and critical task in the cybersecurity landscape, often relying on labor-intensive testing or formal verification techniques with limited scalability. In this paper, we explore property-based (PBT) as powerful yet underutilized methodology for automated protocols. PBT enables generation large diverse input spaces guided by declarative properties, making it well-suited to uncover subtle vulnerabilities protocol logic, state transitions, access control flows. We introduce principles demonstrate its applicability through selected use cases involving authentication mechanisms, cryptographic APIs, session further discuss integration strategies existing pipelines highlight key challenges such property specification, oracle design, Finally, outline future research directions aimed at bridging gap between methods, goal advancing automation reliability secure system development.

Язык: Английский

Процитировано

0
Challenges of Multilingual Program Specification and Analysis DOI
Carlo A. Furia, Abhishek Tiwari

Lecture notes in computer science, Год журнала: 2024, Номер unknown, С. 124 - 143

Опубликована: Окт. 29, 2024

Язык: Английский

Процитировано

2
Analysis of information flow security using software implementing business logic based on stored database program blocks DOI Creative Commons

A. А. Timakov

Russian Technological Journal, Год журнала: 2024, Номер 12(2), С. 16 - 27

Опубликована: Апрель 5, 2024

Objectives . Verification of software security is typically performed using dynamic and static analysis tools. The corresponding types do not usually consider the business logic rely on data access control policies. A modern approach to resolving this problem implement language-based information flow control. Despite a large amount research, mechanisms for in are widely used practice. This because they complex impose increased demands developers. aim work transfer from language level formal verification. will enable functions controlling integrity confidentiality be isolated into separate task, which can resolved by analysts. Methods research based general methods computer systems verification methods. algorithm developed author checking specifications violations uses temporal actions. Results technology presented as step-by-step specific tasks, including following: designing database (DB) storing processing sensitive information; analyzing dependencies identifying relevant sets program blocks DB; generating TLA+ identified blocks; labeling according global policy rules additional constraints; applying specification algorithm, while providing recommendations procedure also involves labeled data, order spread verified block output values external modules. Conclusions herein does require developers include redundant annotations describing rules. function flows with reference predefined restrictions moved stage development life cycle.

Язык: Английский

Процитировано

0
Learning to Detect and Localize Multilingual Bugs DOI
Haoran Yang, Yu Nong, Tao Zhang

и другие.

Proceedings of the ACM on software engineering., Год журнала: 2024, Номер 1(FSE), С. 2190 - 2213

Опубликована: Июль 12, 2024

Increasing studies have shown bugs in multi-language software as a critical loophole modern quality assurance, especially those induced by language interactions (i.e., multilingual bugs). Yet existing tool support for bug detection/localization remains largely limited to single-language software, despite the long-standing prevalence of systems various real-world domains. Extant static/dynamic analysis and deep learning (DL) based approaches all face major challenges addressing bugs. In this paper, we present xLoc, DL-based technique/tool detecting localizing Motivated results our bug-characteristics study on top locations bugs, xLoc first learns general knowledge relevant differentiating control-flow structures. This is achieved pre-training Transformer model with customized position encoding against novel objectives. Then, task-specific task detection/localization, through another new scheme (based cross-language API vicinity) that allows attend particularly constructs bear most during fine-tuning. We implemented Python-C curated dataset 3,770 buggy 15,884 non-buggy samples, which enabled extensive evaluation two state-of-the-art baselines: fine-tuned CodeT5 zero-shot ChatGPT. Our show 94.98% F1 87.24%@Top-1 accuracy, are significantly (up 162.88% 511.75%) higher than baselines. Ablation further confirmed significant contributions each design elements xLoc. With respective bug-location characteristics labeled datasets fine-tuning, may be applied other combinations beyond Python-C.

Язык: Английский

Процитировано

0
AXA: Cross-Language Analysis through Integration of Single-Language Analyses DOI
Tobias Roth, Julius Näumann, Dominik Helm

и другие.

Опубликована: Окт. 18, 2024

Язык: Английский

Процитировано

0
Automated detection of inter-language design smells in multi-language deep learning frameworks DOI
Zengyang Li, Xiaoyong Zhang, Wenshuo Wang

и другие.

Information and Software Technology, Год журнала: 2024, Номер unknown, С. 107656 - 107656

Опубликована: Дек. 1, 2024

Язык: Английский

Процитировано

0
Reusing Single-Language Analyses for Static Analysis of Multi-language Programs DOI
Tobias Roth

Опубликована: Окт. 19, 2023

State-of-the-art software is crafted in multiple programming languages. Such multi-language challenges static analyses: Since many analyses are focused on analyzing single-language programs, they inherently unsound or imprecise cross-language interaction. Existing approaches that perform analysis not analysis- language independent and thus lack extensibility for new We will develop an extensible, language-, framework-, analysis-independent architecture to reuse existing software. Our hypotheses that, our allows reusing improves precision soundness compared the state of art. evaluate with a points-to data flow Java, JavaScript, C/C++ code compare it against

Язык: Английский

Процитировано

0