DOCSLIB.ORG

Rapid Development of Flexible and Efficient Dynamic Program

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Rapid Development of Flexible and Efficient Dynamic Program Analysis Tools ∗ Danilo Ansaloni University of Lugano Switzerland [email protected] ABSTRACT calling-context profiling, there is a lack of tools that allow In this work, we show that it is possible to raise the abstrac- users to specify custom analyses. Moreover, since prevailing tion level of dynamic program analysis frameworks, pro- analysis tools lack the flexibility to profile only a specific viding high-level constructs to improve flexibility, efficiency, subset of the observed application, resource utilization and and usability of dynamic analysis tools. We introduce a new performance are usually measured after the implementation framework based on aspect-oriented programming that en- phase, when the program is stable enough to be deployed ables rapid development of efficient dynamic program anal- and executed. However, detecting and solving runtime issues ysis tools. Moreover, we present high-level constructs for so late in the development process often incurs high costs, the parallelization of specific code regions and for runtime particularly if it turns out that some taken design choices adaptation of the scope of the analysis. The viability and prevent good performance and the design has to be revised. benefits of our approach are confirmed with several dynamic We believe there is a need for a novel dynamic program analysis tools implemented with our framework. analysis framework that allows programmers to rapidly spec- ify custom analyses for measuring runtime performance of parts of a program, during the implementation phase. To 1. PROBLEM AND MOTIVATION this end, we identify the following shortcomings in prevailing Prevailing programming languages, such as Java, C#, dynamic analysis tools: Scala, as well as some implementations of Python and Ruby, • Limited flexibility: bytecode instrumentation is usu- can be compiled to an intermediate code representation (i.e., ally performed using low-level techniques that require bytecode) and executed on a virtual machine. This approach expert knowledge at the level of the virtual machine. allows code portability across different platforms, providing While this approach allows developers to specify any a standard abstraction of the underlying system. Moreover, possible instrumentation, tool development is tedious state-of-the-art virtual machines offer automatic memory and error-prone, and the resulting tools are often management, just-in-time compilation, and automatic code hardly extensible and customizable [2, 24, 46]. optimizations. All these features move the task of producing optimized code from the programmer to the virtual machine, • Limited efficiency: the inserted bytecode usually col- reducing development time to achieve good performance. lects dynamic information about the observed program The presence of a virtual machine layer in the software and performs some analysis. In many cases, this com- stack makes it difficult to understand the performance of putation could be done in parallel with the execution complex applications executing on modern hardware plat- of the observed application. However, only few dy- forms. For example, automatic memory management and namic program analysis tools take advantage of this runtime optimizations performed by the virtual machine opportunity to efficiently exploit under-utilized CPU may have a significant impact on overall performance. Since cores and reduce analysis overhead [3, 4]. these virtual machine activities depend on the runtime be- havior of an application, static program analysis may not • Performance interference: due to the aforementioned always locate potential hotspots. In addition, some features issues, the user is often forced to perform a set of perva- of the programming language, such as polymorphism and sive and computationally expensive analyses that may reflection, may limit the scope of static analysis tools and create some bias in the observed metrics. potentially lead to biased results. To overcome these limitations, dynamic program analysis The goal of our research is to overcome the aforemen- tools provide insight into an application’s runtime behavior tioned limitations by raising the abstraction level of current by measuring relevant system activities while the program dynamic program analysis frameworks, providing high-level is executing. Such tools are usually based on bytecode in- constructs to improve flexibility, efficiency, and usability of strumentation techniques to insert monitoring code into the dynamic analyses. bytecode of the observed application. While there are dynamic analysis tools for common tasks, 2. BACKGROUND such as data race detection, memory leak detection, and Aspect-oriented programming (AOP) [23] enables the ∗ Adviser: Prof. Walter Binder, University of Lugano, specification of cross-cutting concerns in applications, avoid- Switzerland ing related code that is scattered throughout methods, classes, or components. Aspects specify pointcuts to inter- Javassist [14] is a library for load-time structural re- cept certain points in the execution of programs (so-called flection and for defining new classes at runtime. The join points), such as method calls, field accesses, etc. Ad- API allows two different levels of abstraction: source-level vice are executed before, after, or around the intercepted and bytecode-level. Compared to the aforementioned ap- join points, and have access to contextual information of proaches, the source-level abstraction of Javassist is partic- the join points. During the weaving process, aspect weavers ularly interesting as it does not require any knowledge of modify the code of the base application to execute advice at the Java bytecode format and it allows insertion of code intercepted join points. fragments specified with source text. Traditionally, AOP has been used for disposing of“design While these low-level approaches are very flexible because smells”such as needless repetition, and for improving main- the possible transformations are not restricted, tool devel- tainability of applications. AOP has also been successfully opment is tedious and error-prone. As another drawback, applied to the development of software engineering tools, the resulting analysis tools are often complex and difficult such as profilers, debuggers, or testing tools [7,28,40], which to maintain and to extend [2]. in many cases can be specified as aspects in a concise man- ner. Hence, in a sense, AOP can be regarded as a versatile 3.2 Java Profiling Tools approach for specifying certain program transformations at Prevailing Java profilers, such as JProf 4, and JFluid [16] a high level, hiding low-level implementation details, such are good examples of current state-of-the-art profilers. They as bytecode manipulation, from the programmer. are optimized for common tasks, such as memory-leak detec- Dynamic AOP allows aspects to be changed and code tion, CPU utilization monitoring, and heap walking. How- to be rewoven in a running system, thus enabling runtime ever, prevailing profilers fall short when it comes to provide adaptation of applications. Dynamic AOP has been used a way to specify custom instrumentations to perform more for adding persistence or caching at runtime [26], or for de- specific analysis. The same limitation applies to many dy- bugging and fixing bugs in a running server [15]. However, namic analysis tools, such as *J [17], jPredictor [12], and prevailing aspect languages have not been specifically devel- THOR [34]. oped for implementing dynamic analyses, thus lacking some BTrace 5 provides an annotation-based language to let the features to express essential instrumentations for certain dy- user specify which program attributes to profile. However, namic analyses. this language is limited and does not support the specifi- cation of more advanced instrumentations. For example, a BTrace profiler cannot allocate new objects, specify synchro- 3. RELATED WORK nized blocks, or have loops. Since our framework relies on Java bytecode instrumen- AOP-based tools, such as DJProf [28], allow the devel- tation, Section 3.1 describes prevailing approaches for Java oper to define custom instrumentation by writing custom bytecode manipulation. Section 3.2 reviews common profil- aspects. However, mainstream AOP languages lack high- ing tools for Java. Section 3.3 offers a description of state- level constructs to develop efficient dynamic analysis tools of-the-art frameworks for dynamic AOP. Finally, Section 3.4 that can take advantage of modern multicore architectures. discusses how recent dynamic analysis tools take advantage of multicore machines. 3.3 Dynamic Aspect-Oriented Programming While dynamic AOP is often supported in dynamic lan- 3.1 Java Bytecode Instrumentation guages [8, 21] such as Lisp or Smalltalk, where code can be easily manipulated at runtime, it is more difficult and chal- Java bytecode instrumentation is usually performed with lenging to offer dynamic AOP for languages like Java. low-level tools that require in-depth knowledge of the byte- PROSE [27, 29, 30] is an adaptive middleware platform code format. 1 2 offering dynamic AOP. PROSE has evolved in three versions, BCEL and ASM allow programmers to analyze, create, which make use of the three different approaches to dynamic and manipulate Java class files by means of a low-level API. AOP. The latest version of PROSE supports two weaving Java classes, constant pools, methods, and bytecode instruc- strategies: advice weaving, based on method replacement, tions are represented as
Recommended publications
  • Static Analysis the Workhorse of a End-To-End Securitye Testing Strategy

    Static Analysis the Workhorse of a End-To-End Securitye Testing Strategy

    Static Analysis The Workhorse of a End-to-End Securitye Testing Strategy Achim D. Brucker [email protected] http://www.brucker.uk/ Department of Computer Science, The University of Sheffield, Sheffield, UK Winter School SECENTIS 2016 Security and Trust of Next Generation Enterprise Information Systems February 8–12, 2016, Trento, Italy Static Analysis: The Workhorse of a End-to-End Securitye Testing Strategy Abstract Security testing is an important part of any security development lifecycle (SDL) and, thus, should be a part of any software (development) lifecycle. Still, security testing is often understood as an activity done by security testers in the time between “end of development” and “offering the product to customers.” Learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, security testing should be integrated, as early as possible, into the daily development activities. The fact that static analysis can be deployed as soon as the first line of code is written, makes static analysis the right workhorse to start security testing activities. In this lecture, I will present a risk-based security testing strategy that is used at a large European software vendor. While this security testing strategy combines static and dynamic security testing techniques, I will focus on static analysis. This lecture provides a introduction to the foundations of static analysis as well as insights into the challenges and solutions of rolling out static analysis to more than 20000 developers, distributed across the whole world. A.D. Brucker The University of Sheffield Static Analysis February 8–12., 2016 2 Today: Background and how it works ideally Tomorrow: (Ugly) real world problems and challenges (or why static analysis is “undecideable” in practice) Our Plan A.D.
  • The LLVM Instruction Set and Compilation Strategy

    The LLVM Instruction Set and Compilation Strategy

    The LLVM Instruction Set and Compilation Strategy Chris Lattner Vikram Adve University of Illinois at Urbana-Champaign lattner,vadve ¡ @cs.uiuc.edu Abstract This document introduces the LLVM compiler infrastructure and instruction set, a simple approach that enables sophisticated code transformations at link time, runtime, and in the field. It is a pragmatic approach to compilation, interfering with programmers and tools as little as possible, while still retaining extensive high-level information from source-level compilers for later stages of an application’s lifetime. We describe the LLVM instruction set, the design of the LLVM system, and some of its key components. 1 Introduction Modern programming languages and software practices aim to support more reliable, flexible, and powerful software applications, increase programmer productivity, and provide higher level semantic information to the compiler. Un- fortunately, traditional approaches to compilation either fail to extract sufficient performance from the program (by not using interprocedural analysis or profile information) or interfere with the build process substantially (by requiring build scripts to be modified for either profiling or interprocedural optimization). Furthermore, they do not support optimization either at runtime or after an application has been installed at an end-user’s site, when the most relevant information about actual usage patterns would be available. The LLVM Compilation Strategy is designed to enable effective multi-stage optimization (at compile-time, link-time, runtime, and offline) and more effective profile-driven optimization, and to do so without changes to the traditional build process or programmer intervention. LLVM (Low Level Virtual Machine) is a compilation strategy that uses a low-level virtual instruction set with rich type information as a common code representation for all phases of compilation.
  • Precise and Scalable Static Program Analysis of NASA Flight Software

    Precise and Scalable Static Program Analysis of NASA Flight Software

    Precise and Scalable Static Program Analysis of NASA Flight Software G. Brat and A. Venet Kestrel Technology NASA Ames Research Center, MS 26912 Moffett Field, CA 94035-1000 650-604-1 105 650-604-0775 brat @email.arc.nasa.gov [email protected] Abstract-Recent NASA mission failures (e.g., Mars Polar Unfortunately, traditional verification methods (such as Lander and Mars Orbiter) illustrate the importance of having testing) cannot guarantee the absence of errors in software an efficient verification and validation process for such systems. Therefore, it is important to build verification tools systems. One software error, as simple as it may be, can that exhaustively check for as many classes of errors as cause the loss of an expensive mission, or lead to budget possible. Static program analysis is a verification technique overruns and crunched schedules. Unfortunately, traditional that identifies faults, or certifies the absence of faults, in verification methods cannot guarantee the absence of errors software without having to execute the program. Using the in software systems. Therefore, we have developed the CGS formal semantic of the programming language (C in our static program analysis tool, which can exhaustively analyze case), this technique analyses the source code of a program large C programs. CGS analyzes the source code and looking for faults of a certain type. We have developed a identifies statements in which arrays are accessed out Of static program analysis tool, called C Global Surveyor bounds, or, pointers are used outside the memory region (CGS), which can analyze large C programs for embedded they should address.
  • Advanced Systems Security: Symbolic Execution

    Advanced Systems Security: Symbolic Execution

    Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:! Symbolic Execution Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Problem • Programs have flaws ‣ Can we find (and fix) them before adversaries can reach and exploit them? • Then, they become “vulnerabilities” Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2 Vulnerabilities • A program vulnerability consists of three elements: ‣ A flaw ‣ Accessible to an adversary ‣ Adversary has the capability to exploit the flaw • Which one should we focus on to find and fix vulnerabilities? ‣ Different methods are used for each Systems and Internet Infrastructure Security (SIIS) Laboratory Page 3 Is It a Flaw? • Problem: Are these flaws? ‣ Failing to check the bounds on a buffer write? ‣ printf(char *n); ‣ strcpy(char *ptr, char *user_data); ‣ gets(char *ptr) • From man page: “Never use gets().” ‣ sprintf(char *s, const char *template, ...) • From gnu.org: “Warning: The sprintf function can be dangerous because it can potentially output more characters than can fit in the allocation size of the string s.” • Should you fix all of these? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 4 Is It a Flaw? • Problem: Are these flaws? ‣ open( filename, O_CREAT );
  • Static Program Analysis Via 3-Valued Logic

    Static Program Analysis Via 3-Valued Logic

    Static Program Analysis via 3-Valued Logic ¡ ¢ £ Thomas Reps , Mooly Sagiv , and Reinhard Wilhelm ¤ Comp. Sci. Dept., University of Wisconsin; [email protected] ¥ School of Comp. Sci., Tel Aviv University; [email protected] ¦ Informatik, Univ. des Saarlandes;[email protected] Abstract. This paper reviews the principles behind the paradigm of “abstract interpretation via § -valued logic,” discusses recent work to extend the approach, and summarizes on- going research aimed at overcoming remaining limitations on the ability to create program- analysis algorithms fully automatically. 1 Introduction Static analysis concerns techniques for obtaining information about the possible states that a program passes through during execution, without actually running the program on specific inputs. Instead, static-analysis techniques explore a program’s behavior for all possible inputs and all possible states that the program can reach. To make this feasible, the program is “run in the aggregate”—i.e., on abstract descriptors that repre- sent collections of many states. In the last few years, researchers have made important advances in applying static analysis in new kinds of program-analysis tools for identi- fying bugs and security vulnerabilities [1–7]. In these tools, static analysis provides a way in which properties of a program’s behavior can be verified (or, alternatively, ways in which bugs and security vulnerabilities can be detected). Static analysis is used to provide a safe answer to the question “Can the program reach a bad state?” Despite these successes, substantial challenges still remain. In particular, pointers and dynamically-allocated storage are features of all modern imperative programming languages, but their use is error-prone: ¨ Dereferencing NULL-valued pointers and accessing previously deallocated stor- age are two common programming mistakes.
  • Toward IFVM Virtual Machine: a Model Driven IFML Interpretation

    Toward IFVM Virtual Machine: a Model Driven IFML Interpretation

    Toward IFVM Virtual Machine: A Model Driven IFML Interpretation Sara Gotti and Samir Mbarki MISC Laboratory, Faculty of Sciences, Ibn Tofail University, BP 133, Kenitra, Morocco Keywords: Interaction Flow Modelling Language IFML, Model Execution, Unified Modeling Language (UML), IFML Execution, Model Driven Architecture MDA, Bytecode, Virtual Machine, Model Interpretation, Model Compilation, Platform Independent Model PIM, User Interfaces, Front End. Abstract: UML is the first international modeling language standardized since 1997. It aims at providing a standard way to visualize the design of a system, but it can't model the complex design of user interfaces and interactions. However, according to MDA approach, it is necessary to apply the concept of abstract models to user interfaces too. IFML is the OMG adopted (in March 2013) standard Interaction Flow Modeling Language designed for abstractly expressing the content, user interaction and control behaviour of the software applications front-end. IFML is a platform independent language, it has been designed with an executable semantic and it can be mapped easily into executable applications for various platforms and devices. In this article we present an approach to execute the IFML. We introduce a IFVM virtual machine which translate the IFML models into bytecode that will be interpreted by the java virtual machine. 1 INTRODUCTION a fundamental standard fUML (OMG, 2011), which is a subset of UML that contains the most relevant The software development has been affected by the part of class diagrams for modeling the data apparition of the MDA (OMG, 2015) approach. The structure and activity diagrams to specify system trend of the 21st century (BRAMBILLA et al., behavior; it contains all UML elements that are 2014) which has allowed developers to build their helpful for the execution of the models.
  • Opportunities and Open Problems for Static and Dynamic Program Analysis Mark Harman∗, Peter O’Hearn∗ ∗Facebook London and University College London, UK

    Opportunities and Open Problems for Static and Dynamic Program Analysis Mark Harman∗, Peter O’Hearn∗ ∗Facebook London and University College London, UK

    1 From Start-ups to Scale-ups: Opportunities and Open Problems for Static and Dynamic Program Analysis Mark Harman∗, Peter O’Hearn∗ ∗Facebook London and University College London, UK Abstract—This paper1 describes some of the challenges and research questions that target the most productive intersection opportunities when deploying static and dynamic analysis at we have yet witnessed: that between exciting, intellectually scale, drawing on the authors’ experience with the Infer and challenging science, and real-world deployment impact. Sapienz Technologies at Facebook, each of which started life as a research-led start-up that was subsequently deployed at scale, Many industrialists have perhaps tended to regard it unlikely impacting billions of people worldwide. that much academic work will prove relevant to their most The paper identifies open problems that have yet to receive pressing industrial concerns. On the other hand, it is not significant attention from the scientific community, yet which uncommon for academic and scientific researchers to believe have potential for profound real world impact, formulating these that most of the problems faced by industrialists are either as research questions that, we believe, are ripe for exploration and that would make excellent topics for research projects. boring, tedious or scientifically uninteresting. This sociological phenomenon has led to a great deal of miscommunication between the academic and industrial sectors. I. INTRODUCTION We hope that we can make a small contribution by focusing on the intersection of challenging and interesting scientific How do we transition research on static and dynamic problems with pressing industrial deployment needs. Our aim analysis techniques from the testing and verification research is to move the debate beyond relatively unhelpful observations communities to industrial practice? Many have asked this we have typically encountered in, for example, conference question, and others related to it.
  • Superoptimization of Webassembly Bytecode

    Superoptimization of Webassembly Bytecode

    Superoptimization of WebAssembly Bytecode Javier Cabrera Arteaga Shrinish Donde Jian Gu Orestis Floros [email protected] [email protected] [email protected] [email protected] Lucas Satabin Benoit Baudry Martin Monperrus [email protected] [email protected] [email protected] ABSTRACT 2 BACKGROUND Motivated by the fast adoption of WebAssembly, we propose the 2.1 WebAssembly first functional pipeline to support the superoptimization of Web- WebAssembly is a binary instruction format for a stack-based vir- Assembly bytecode. Our pipeline works over LLVM and Souper. tual machine [17]. As described in the WebAssembly Core Specifica- We evaluate our superoptimization pipeline with 12 programs from tion [7], WebAssembly is a portable, low-level code format designed the Rosetta code project. Our pipeline improves the code section for efficient execution and compact representation. WebAssembly size of 8 out of 12 programs. We discuss the challenges faced in has been first announced publicly in 2015. Since 2017, it has been superoptimization of WebAssembly with two case studies. implemented by four major web browsers (Chrome, Edge, Firefox, and Safari). A paper by Haas et al. [11] formalizes the language and 1 INTRODUCTION its type system, and explains the design rationale. The main goal of WebAssembly is to enable high performance After HTML, CSS, and JavaScript, WebAssembly (WASM) has be- applications on the web. WebAssembly can run as a standalone VM come the fourth standard language for web development [7]. This or in other environments such as Arduino [10]. It is independent new language has been designed to be fast, platform-independent, of any specific hardware or languages and can be compiled for and experiments have shown that WebAssembly can have an over- modern architectures or devices, from a wide variety of high-level head as low as 10% compared to native code [11].
  • The Art, Science, and Engineering of Fuzzing: a Survey

    The Art, Science, and Engineering of Fuzzing: a Survey

    1 The Art, Science, and Engineering of Fuzzing: A Survey Valentin J.M. Manes,` HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, and Maverick Woo Abstract—Among the many software vulnerability discovery techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering real-world software vulnerabilities. At a high level, fuzzing refers to a process of repeatedly running a program with generated inputs that may be syntactically or semantically malformed. While researchers and practitioners alike have invested a large and diverse effort towards improving fuzzing in recent years, this surge of work has also made it difficult to gain a comprehensive and coherent view of fuzzing. To help preserve and bring coherence to the vast literature of fuzzing, this paper presents a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature. We methodically explore the design decisions at every stage of our model fuzzer by surveying the related literature and innovations in the art, science, and engineering that make modern-day fuzzers effective. Index Terms—software security, automated software testing, fuzzing. ✦ 1 INTRODUCTION Figure 1 on p. 5) and an increasing number of fuzzing Ever since its introduction in the early 1990s [152], fuzzing studies appear at major security conferences (e.g. [225], has remained one of the most widely-deployed techniques [52], [37], [176], [83], [239]). In addition, the blogosphere is to discover software security vulnerabilities. At a high level, filled with many success stories of fuzzing, some of which fuzzing refers to a process of repeatedly running a program also contain what we consider to be gems that warrant a with generated inputs that may be syntactically or seman- permanent place in the literature.
  • DEVELOPING SECURE SOFTWARE T in an AGILE PROCESS Dejan

    DEVELOPING SECURE SOFTWARE T in an AGILE PROCESS Dejan

    Software - in an - in Software Developing Secure aBSTRACT Background: Software developers are facing in- a real industry setting. As secondary methods for creased pressure to lower development time, re- data collection a variety of approaches have been Developing Secure Software lease new software versions more frequent to used, such as semi-structured interviews, work- customers and to adapt to a faster market. This shops, study of literature, and use of historical data - in an agile proceSS new environment forces developers and companies from the industry. to move from a plan based waterfall development process to a flexible agile process. By minimizing Results: The security engineering best practices the pre development planning and instead increa- were investigated though a series of case studies. a sing the communication between customers and The base agile and security engineering compati- gile developers, the agile process tries to create a new, bility was assessed in literature, by developers and more flexible way of working. This new way of in practical studies. The security engineering best working allows developers to focus their efforts on practices were group based on their purpose and p the features that customers want. With increased their compatibility with the agile process. One well roce connectability and the faster feature release, the known and popular best practice, automated static Dejan Baca security of the software product is stressed. To de- code analysis, was toughly investigated for its use- velop secure software, many companies use secu- fulness, deployment and risks of using as part of SS rity engineering processes that are plan heavy and the process.
  • Using Static Program Analysis to Aid Intrusion Detection

    Using Static Program Analysis to Aid Intrusion Detection

    Using Static Program Analysis to Aid Intrusion Detection Manuel Egele, Martin Szydlowski, Engin Kirda, and Christopher Kruegel Secure Systems Lab Technical University Vienna fpizzaman,msz,ek,[email protected] Abstract. The Internet, and in particular the world-wide web, have be- come part of the everyday life of millions of people. With the growth of the web, the demand for on-line services rapidly increased. Today, whole industry branches rely on the Internet to do business. Unfortunately, the success of the web has recently been overshadowed by frequent reports of security breaches. Attackers have discovered that poorly written web applications are the Achilles heel of many organizations. The reason is that these applications are directly available through firewalls and are of- ten developed by programmers who focus on features and tight schedules instead of security. In previous work, we developed an anomaly-based intrusion detection system that uses learning techniques to identify attacks against web- based applications. That system focuses on the analysis of the request parameters in client queries, but does not take into account any infor- mation about the protected web applications themselves. The result are imprecise models that lead to more false positives and false negatives than necessary. In this paper, we describe a novel static source code analysis approach for PHP that allows us to incorporate information about a web application into the intrusion detection models. The goal is to obtain a more precise characterization of web request parameters by analyzing their usage by the program. This allows us to generate more precise intrusion detection models.
  • Engineering of Reliable and Secure Software Via Customizable Integrated Compilation Systems

    Engineering of Reliable and Secure Software Via Customizable Integrated Compilation Systems

    Engineering of Reliable and Secure Software via Customizable Integrated Compilation Systems Zur Erlangung des akademischen Grades eines Doktors der Ingenieurwissenschaften von der KIT-Fakultät für Informatik des Karlsruher Institut für Technologie (KIT) genehmigte Dissertation von Dipl.-Inf. Oliver Scherer Tag der mündlichen Prüfung: 06.05.2021 1. Referent: Prof. Dr. Veit Hagenmeyer 2. Referent: Prof. Dr. Ralf Reussner This document is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0): https://creativecommons.org/licenses/by-sa/4.0/deed.en Abstract Lack of software quality can cause enormous unpredictable costs. Many strategies exist to prevent or detect defects as early in the development process as possible and can generally be separated into proactive and reactive measures. Proactive measures in this context are schemes where defects are avoided by planning a project in a way that reduces the probability of mistakes. They are expensive upfront without providing a directly visible benefit, have low acceptance by developers or don’t scale with the project. On the other hand, purely reactive measures only fix bugs as they are found and thus do not yield any guarantees about the correctness of the project. In this thesis, a new method is introduced, which allows focusing on the project specific issues and decreases the discrepancies between the abstract system model and the final software product. The first component of this method isa system that allows any developer in a project to implement new static analyses and integrate them into the project. The integration is done in a manner that automatically prevents any other project developer from accidentally violating the rule that the new static analysis checks.