safe
play

SAFE Formal Specification and Implementation of a Scalable Analysis - PowerPoint PPT Presentation

Sep 19, 2023 •360 likes •631 views

SAFE Formal Specification and Implementation of a Scalable Analysis Framework for ECMAscript PLRG@KAIST Hongki Lee , Sooncheol Won, Joonho Jin, Junhee Cho, and Sukyoung Ryu Contents Introduction Big Picture Formal Specification

  1. SAFE Formal Specification and Implementation of a Scalable Analysis Framework for ECMAscript PLRG@KAIST Hongki Lee , Sooncheol Won, Joonho Jin, Junhee Cho, and Sukyoung Ryu

  2. Contents • Introduction • Big Picture • Formal Specification • Implementation • Active Research • Conclusion

  3. Introduction

  4. JavaScript • ECMAScript Language Specification • Prototype-based inheritance • Dynamic Features - eval function ,with statement • Security Vulnerability Issues - XSS

  5. Previous Work • Under-documented • Not open to the public • Handwritten Parser & AST nodes • ECMAScript3 or Subset of Language • λ JS , TAJS, FBJS, Caja, Rhino, ...

  6. SAFE • Well-documented • Open Source • Auto-generated Parser & AST nodes • Full ECMAScript5 ! t p m e t t a t s r fi y r e v e h T • Formal Specification with Implementation

  7. Big Picture

  8. Hoister Disambiguator withRewriter Interpreter Result JavaScript Parser AST AST2IR IR IR2CFG CFG CloneDetector CodeCoverage Analyzer

  9. Hoister Disambiguator withRewriter Interpreter Result JavaScript Parser AST AST2IR IR IR2CFG CFG CloneDetector CodeCoverage Analyzer

  10. Formal Specification

  11. Levels of Representations • AST (Abstract Syntax Tree) - To analyze at code level • IR (Intermediate Representation) - To evaluate code • CFG (Control Flow Graph) - To trace control flows

  12. IR Semantics

  13. Translation Rule AST to IR IR to CFG

  14. AST JavaScript var i; var sum = 0; var sum; for(var i = 1; i <= 10; i++) sum = 0; sum+= i; for(i = 1; i <= 10; i++) _<>_print(sum); sum+= i; _<>_print(sum); CFG IR Entry var i var sum sum = 0 i = 1 <>break<>1 : { while(i <= 10) { <>continue<>2 : sum = sum + i <>old<>3 = i <>new<>4 = <>Global<>toNumber(<>old<>3) i = <>new<>4 + 1 Exit ExitExc <>Global<>ignore = <>new<>4 }} <>Global<>ignore = <>Global<>print(sum)

  15. Implementation

  16. Implementation • Automated tools • Java and Scala - Java Libraries - Scala Pattern Matching • Pluggable

  17. AST Refinement Hoister Disambiguator withRewriter Interpreter Result JavaScript Parser AST AST2IR IR IR2CFG CFG CloneDetector CodeCoverage Analyzer

  18. Hoister f(); function f() { x = 1 }; function f() { x = 1 }; var x; var x; f(); // x = 1 // x = 1 With Hoister, functions and variables are defined before use

  19. Disambiguator var x = 0; var x_1 = 0; function g() { function g() { x; // x = ? var x_2; var x = 1; x_2; // x = ? } x_2 = 1; } Distinguish two ‘ x ’ variables

  20. withRewriter An Empirical Study on the Rewritability of the with Statement in JavaScript - FOOL2011 var o = {x:1, y:2, z:3}; var o = {x:1, y:2, z:3}; o.p = {x:4, y:5, z:6}; o.p = {x:4, y:5, z:6}; with(o) { var $f_1 = o; with(o.p) { var $f_2 = ("o" in $f_1 ? x; $f_1.o : o).p; } ("x" in $f_2 ? } $f_2.x : ("x" in $f_1 ? $f_1.x : x));

  21. Hoister Evaluating Code Disambiguator withRewriter Interpreter Result JavaScript Parser AST AST2IR IR IR2CFG CFG CloneDetector CodeCoverage Analyzer

  22. Active Research

  23. Hoister Disambiguator withRewriter Interpreter Result JavaScript Parser AST AST2IR IR IR2CFG CFG CloneDetector CodeCoverage Analyzer Perform type-based analysis Calculate the ratio of tested code Detect clone code in AST level

  24. Conclusion • The very first attempt to provide both formal specification and implementation • Pluggable framework • ECMAScript 5 • Open Source Project available at http://plrg.kaist.ac.kr/research/safe

  25. Thank You!

Recommend

Excipients: Safe or not safe? Excipients: Safe or not safe? Viewpoint from the EMA Paediatric W

Excipients: Safe or not safe? Excipients: Safe or not safe? Viewpoint from the EMA Paediatric W

Excipients: Safe or not safe? Excipients: Safe or not safe? Viewpoint from the EMA Paediatric W orkshop- 3 1 May 2 0 1 0 , European Medicines Agency, London, UK Presented by: Joao-Pedro Franco &amp; Caroline Le Barbier, PhD Scientific

391 views • 22 slides
Safe Automotive soFtware architEcture (SAFE) Co-summit 2015, 10-11 March 2015, Berlin - Germany

Safe Automotive soFtware architEcture (SAFE) Co-summit 2015, 10-11 March 2015, Berlin - Germany

Safe Automotive soFtware architEcture (SAFE) Co-summit 2015, 10-11 March 2015, Berlin - Germany Dr. Stefan Voget Agenda SAFE Motivation makes Functional safety safe SAFE in SAFE and the project standardization landscape 2 SAFE

569 views • 20 slides
The Project About SAFE STRIP SAFE STRIP - Safe and green Sensor Technologies for self-

The Project About SAFE STRIP SAFE STRIP - Safe and green Sensor Technologies for self-

SAFE STRIP has received funding from the European Unions Horizon 2020 Research and Innovation Programme under grant agreement no 723211. The Project About SAFE STRIP SAFE STRIP - Safe and green Sensor Technologies for self- explaining

271 views • 23 slides
1 Safe Kids Worldwide | Medicine Safety Conversation starter: Ask parents and caregivers in the

1 Safe Kids Worldwide | Medicine Safety Conversation starter: Ask parents and caregivers in the

Introduction [Coalition/presenter intro] Safe Kids is raising awareness and educating families about keeping kids safe around medicine. Safe Kids has done research and developed materials about safe storage, dosing and disposal of medicine.

281 views • 27 slides
The Safe Feed/Safe Food Certification Program Comments about the Safe Feed/Safe Food

The Safe Feed/Safe Food Certification Program Comments about the Safe Feed/Safe Food

The Safe Feed/Safe Food Certification Program Comments about the Safe Feed/Safe Food Certification Program have been prepared to accompany the nine-page slide presentation that may be shared with employees, members of the community or other

387 views • 9 slides
Familiarity often breeds complacency and detachment. Safe? Who said anything about being safe?

Familiarity often breeds complacency and detachment. Safe? Who said anything about being safe?

Familiarity often breeds complacency and detachment. Safe? Who said anything about being safe? Course hes not safe. But hes good. LUKE 10:25-28 (ESV) 25 And behold, a lawyer stood up to put him to the test, saying, Teacher,

389 views • 24 slides
everyone home safe every day Keep each other safe Something to think about: By challenging y

everyone home safe every day Keep each other safe Something to think about: By challenging y

everyone home safe every day Keep each other safe Something to think about: By challenging y our colleagues Winter safety advice can often tell us things that we already know. unsafe behaviour, y ou re looking For example, we all know

654 views • 46 slides
Organophosphates in turbine oil Halvor Erikstein SAFE www.safe.no Halvor@safe.no RIGA EWHN 29.

Organophosphates in turbine oil Halvor Erikstein SAFE www.safe.no Halvor@safe.no RIGA EWHN 29.

Organophosphates in turbine oil Halvor Erikstein SAFE www.safe.no Halvor@safe.no RIGA EWHN 29. September 2006 European Work Hazards Network http://www.balpa.org/intranet/BALPA-Camp/The-Aircra/index.htm Bilde hentet fra AOPIS: Contaminated

826 views • 45 slides
Medication Safety Safe Storage, Safe Dosing, Safe Kids 1 Why is it important? Nationwide

Medication Safety Safe Storage, Safe Dosing, Safe Kids 1 Why is it important? Nationwide

Medication Safety Safe Storage, Safe Dosing, Safe Kids 1 Why is it important? Nationwide Every minute More than 67,000 children a parent or caregiver calls a are seen in emergency poison control center about departments for a medication

530 views • 22 slides
The Safe Feed/Safe Food Certification Program Feed Safety Stair Steps HAACP-SF/SF SAFE FEED/

The Safe Feed/Safe Food Certification Program Feed Safety Stair Steps HAACP-SF/SF SAFE FEED/

The Safe Feed/Safe Food Certification Program Feed Safety Stair Steps HAACP-SF/SF SAFE FEED/ SAFE FOOD COMPANY, QUALITY &amp; SAFETY PROGRAM Why Safe Feed/Safe Food Matters to Feed Mill Managers Recognition by FDA Officials Translates to

653 views • 9 slides
WFPs SAFE Programme Safe Access To Fuel and Energy Daphn Carliez WFPs SAFE focus: Saving

WFPs SAFE Programme Safe Access To Fuel and Energy Daphn Carliez WFPs SAFE focus: Saving

WFPs SAFE Programme Safe Access To Fuel and Energy Daphn Carliez WFPs SAFE focus: Saving lives to ensure food can be cooked to meet nutritional needs in emergencies Reducing protection and health risks for women and children cooking

74 views • 6 slides
Understanding the Tennessee Safe Haven Law &amp; How to Comply as a Safe Haven Facility What

Understanding the Tennessee Safe Haven Law &amp; How to Comply as a Safe Haven Facility What

Understanding the Tennessee Safe Haven Law &amp; How to Comply as a Safe Haven Facility What is a Safe Haven? It's a place where a new mom desperate to hide an unwanted baby can bring her newborn instead of abandoning the infant in an unsafe

394 views • 20 slides
Ke e p Safe is a c ommunity safe ty sc he me for pe ople with le ar ning disabilitie s E me

Ke e p Safe is a c ommunity safe ty sc he me for pe ople with le ar ning disabilitie s E me

Ke e p Safe is a c ommunity safe ty sc he me for pe ople with le ar ning disabilitie s E me r ge nc y Ke e p Safe is for he lp and suppor t whe n out and about. T o make a phone c all in c ase of e me r ge nc y to the polic e ,

201 views • 18 slides
1 Safe pressure vessels Safe pressure vessels Therefore, for safety However, if one

1 Safe pressure vessels Safe pressure vessels Therefore, for safety However, if one

Case Studies in Materials Selection Safe pressure vessels Material for a pressure vessel Cylindrical pressure vessels are containers for a fluid under pressure A safe design will be based on one of two factors Short term thermal

351 views • 8 slides
WFP SAFE Programme Safe Access To Fuel and Energy Daphne Carliez WFPs involvement in SAFE

WFP SAFE Programme Safe Access To Fuel and Energy Daphne Carliez WFPs involvement in SAFE

WFP SAFE Programme Safe Access To Fuel and Energy Daphne Carliez WFPs involvement in SAFE Addressing the serious challenges linked with access Fuel-efficient stoves to cooking fuel for the most vulnerable people in Fuel for Alternative

93 views • 8 slides
Safe School Programme National Anti-Bullying Coalition Safe Students Safe

Safe School Programme National Anti-Bullying Coalition Safe Students Safe

National Anti-Bullying Coalition Safe Students Safe Teachers Safe Schools Safer Future Safe School Programme National Anti-Bullying Coalition Safe Students Safe Teachers

491 views • 21 slides
HOW SAFE IS SAFE ENOUGH? APOCALYPTIC SCENARIOS 11 ICE HOCKEY FEDERATION 15 HUMAN

HOW SAFE IS SAFE ENOUGH? APOCALYPTIC SCENARIOS 11 ICE HOCKEY FEDERATION 15 HUMAN

HOW SAFE IS SAFE ENOUGH? APOCALYPTIC SCENARIOS 11 ICE HOCKEY FEDERATION 15 HUMAN PRACTICES DEBATE 21 22 BIOSAFETY ARE GMOs AND SYNTHETIC ORGANISMS DANGEROUS? yes 8 % 8 % 4 % i dont know enough to form an opinion some of them

793 views • 30 slides
CLEAN WATER FOR SALMON SALMON-SAFE CERTIFICATION AND THE WILLAMETTE RIVER SALMON-SAFE

CLEAN WATER FOR SALMON SALMON-SAFE CERTIFICATION AND THE WILLAMETTE RIVER SALMON-SAFE

CLEAN WATER FOR SALMON SALMON-SAFE CERTIFICATION AND THE WILLAMETTE RIVER SALMON-SAFE WILLAMETTE About Salmon-Safe Science-based standards Urban development focus Mayors Challenge with City of Portland Public education

667 views • 38 slides
Safe Scouting for All It is a fundamental Scouting belief that Scouting must be fun and safe.

Safe Scouting for All It is a fundamental Scouting belief that Scouting must be fun and safe.

Safe Scouting for All It is a fundamental Scouting belief that Scouting must be fun and safe. Camping and high adventure activities within the Boy Scouts are done with the concept of managed risk within the guidelines set forth by BSA and

558 views • 33 slides
BreakPoint Fin Mockup Review Blue A Friday, October 19, 12 BreakPoint Fin Safe Board. Safe

BreakPoint Fin Mockup Review Blue A Friday, October 19, 12 BreakPoint Fin Safe Board. Safe

BreakPoint Fin Mockup Review Blue A Friday, October 19, 12 BreakPoint Fin Safe Board. Safe Rider. Surf On. Friday, October 19, 12 Vision Safe for Surfers Safe for Surfboards High Performance Friday, October 19, 12 Sketch Model Blue A

344 views • 16 slides
F e b r u a r y 2 0 1 3 Safe Harbor In keeping with the SECs Safe Harbor guidelines,

F e b r u a r y 2 0 1 3 Safe Harbor In keeping with the SECs Safe Harbor guidelines,

F e b r u a r y 2 0 1 3 Safe Harbor In keeping with the SECs Safe Harbor guidelines, certain statements made during this presentation could be considered forward-looking and subject to certain risks and uncertainties that could cause

590 views • 31 slides
Safe Sleep San Joaquin Presentation To help us better understand how many people are using our

Safe Sleep San Joaquin Presentation To help us better understand how many people are using our

Safe Sleep San Joaquin Presentation To help us better understand how many people are using our Safe Sleep toolkit, please fill out this form each time your agency presents this Safe Sleep powerpoint to either parents or staff, attach a sign-in

320 views • 3 slides
Investor Presentation June 2018 Safe Harbor Statement Safe Harbor Statement Windstream

Investor Presentation June 2018 Safe Harbor Statement Safe Harbor Statement Windstream

Investor Presentation June 2018 Safe Harbor Statement Safe Harbor Statement Windstream Holdings, Inc. claims the protection of the safe-harbor for forward-looking statements contained in the Private Securities Litigation Reform Act of 1995.

549 views • 21 slides
Safe filling for all Higher standards in low-capacity filling 1 Safe filling for all! The Kosan

Safe filling for all Higher standards in low-capacity filling 1 Safe filling for all! The Kosan

Safe filling for all Higher standards in low-capacity filling 1 Safe filling for all! The Kosan Crisplant Group World leading provider of solutions and services to the LP gas industry Equipment installed in more than 2600 sites in

330 views • 22 slides

More recommend