static software analysis
play

Static (Software) Analysis Dagstuhl 16172: Machine Learning for - PowerPoint PPT Presentation

Mar 02, 2023 •9 likes •239 views

Static (Software) Analysis Dagstuhl 16172: Machine Learning for Dynamic Software Analysis Reiner Hhnle Software Engineering Group Department of Computer Science Technische Universitt Darmstadt http://www.se.tu-darmstadt.de/

  1. Static (Software) Analysis Dagstuhl 16172: Machine Learning for Dynamic Software Analysis Reiner Hähnle Software Engineering Group Department of Computer Science Technische Universität Darmstadt http://www.se.tu-darmstadt.de/ haehnle@cs.tu-darmstadt.de 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 0

  2. What Is Static Analysis (SA) of Software? Establish a property of a program at compile time, without executing it 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 1

  3. What Is Static Analysis (SA) of Software? Establish a property of a program at compile time, without executing it Some Facts ◮ Checking done by a tool, not a human ◮ Performed usually on source or assembler code ◮ Original motivation: compiler optimization ◮ Data flow analysis, e.g., used variables ◮ Control flow analysis, e.g., reachable code ◮ Current focus: software quality ◮ Security, e.g., confidentiality, vulnerability ◮ Compliance, e.g., MISRA-C, web service protocols ◮ Defects (bug finding), e.g., memory leaks, buffer overflows ◮ Code quality, e.g., metrics, “code smells” 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 1

  4. Static Analysis in the Narrow/Wide Sense Static Analysis in the Narrow Sense ◮ Check a fixed property ◮ Low polynomial decision complexity ◮ Value-insensitive abstraction, e.g., control flow graph 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 2

  5. Static Analysis in the Narrow/Wide Sense Static Analysis in the Narrow Sense ◮ Check a fixed property ◮ Low polynomial decision complexity ◮ Value-insensitive abstraction, e.g., control flow graph Static Analysis in the Wide Sense (which is my sense) ◮ Complex properties, expressed in specification language ◮ security policy, interface protocol, functional property ◮ NP-hard or even undecidable ◮ heuristics optimize the “common case”, no guarantees ◮ interaction by human expert user ◮ Fully precise control flow and data model ◮ Often based on formal methods 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 2

  6. Static Analysis Techniques ◮ Graph-based program abstractions Algorithms ◮ Control flow graph ◮ Program dependence graph ◮ Constraint Solving ◮ Recently popular: SAT/SMT solvers as backend Search ◮ Automata-based representations ◮ Model checking Inference ◮ Abstract Interpretation ◮ Symbolic Execution ◮ Deductive Verification 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 3

  7. Static Analysis Techniques ◮ Graph-based program abstractions Algorithms ◮ Control flow graph ◮ Program dependence graph ◮ Constraint Solving ◮ Recently popular: SAT/SMT solvers as backend Search ◮ Automata-based representations ◮ Model checking Inference ◮ Abstract Interpretation ◮ Symbolic Execution ◮ Deductive Verification ML has most potential in complex SA techniques: Search ⇒ Lookup 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 3

  8. Interlude A State-of-art Tool for Complex Static Analysis By Source, Fair use, https://en.wikipedia.org/w/index.php?curid=20208543 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 4

  9. Challenges for SA Scaling ◮ Intra- vs. inter-procedural: compositionality difficult for complex SA ◮ Coverage/rapid evolution of industrial programming languages ◮ Hard to analyze language features: dynamic typing, reflection, HO closures 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 5

  10. Challenges for SA Scaling ◮ Intra- vs. inter-procedural: compositionality difficult for complex SA ◮ Coverage/rapid evolution of industrial programming languages ◮ Hard to analyze language features: dynamic typing, reflection, HO closures Precision ◮ Incompleteness, false positives ◮ “Soundiness”, see B. Livshits et al., CACM 58(2) 44–46, Feb. 2015 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 5

  11. Challenges for SA Scaling ◮ Intra- vs. inter-procedural: compositionality difficult for complex SA ◮ Coverage/rapid evolution of industrial programming languages ◮ Hard to analyze language features: dynamic typing, reflection, HO closures Precision ◮ Incompleteness, false positives ◮ “Soundiness”, see B. Livshits et al., CACM 58(2) 44–46, Feb. 2015 Modern computer architecture The deployment gap ◮ Multi-level caches, stale data ◮ Parallel computing: GPUs, weak memory models ◮ Cloud: provisioning bugs, resource-aware computing 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 5

  12. Current Trends More complex properties, often combine behavior and data ◮ Integration tasks (web interfaces, frameworks, APIs, . . . ) ◮ Security-related: information flow ◮ Evolution: regression, certification, . . . 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 6

  13. Current Trends More complex properties, often combine behavior and data ◮ Integration tasks (web interfaces, frameworks, APIs, . . . ) ◮ Security-related: information flow ◮ Evolution: regression, certification, . . . Combine Static and Dynamic Analysis ◮ Concolic or dynamic symbolic execution ◮ Incomplete static analysis to speed up runtime monitoring 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 6

  14. Current Trends More complex properties, often combine behavior and data ◮ Integration tasks (web interfaces, frameworks, APIs, . . . ) ◮ Security-related: information flow ◮ Evolution: regression, certification, . . . Combine Static and Dynamic Analysis ◮ Concolic or dynamic symbolic execution ◮ Incomplete static analysis to speed up runtime monitoring Immersion in IDEs ◮ Use machine idle time while user deliberates ◮ Improved usability 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 6

  15. Current Trends More complex properties, often combine behavior and data ◮ Integration tasks (web interfaces, frameworks, APIs, . . . ) ◮ Security-related: information flow ◮ Evolution: regression, certification, . . . Combine Static and Dynamic Analysis ◮ Concolic or dynamic symbolic execution ◮ Incomplete static analysis to speed up runtime monitoring Immersion in IDEs ◮ Use machine idle time while user deliberates ◮ Improved usability Resource Analysis Resource management and deployment become separate development phases 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 6

  16. Related Fields Static Analysis of Programs is a not a Separate Discipline Cross cutting with many other fields, distinction is blurry ◮ Type Theory ◮ Abstract Interpretation ◮ Model Checking ◮ Software Verification 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 7

  17. Program Analysis: The Two Worlds The Two Worlds Meet ◮ Glassbox ◮ Blackbox ◮ Symbolic ◮ Statistical ◮ Heuristic ◮ Complete ◮ Analysis ◮ Synthesis ◮ Static Analyses ◮ Learning Techniques ◮ Model checking ◮ Extract Behavior from Traces ◮ Abstract interpretation ◮ Learning-based Software Testing ◮ Symbolic execution ◮ Learning-based synthesis ◮ Deductive verification ◮ 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 8

  18. Program Analysis: The Two Worlds Advantages ◮ Precise, rich modelling ◮ Source code not needed ◮ Executable/compilable target ◮ Applicable to any system level ◮ Can be scalable ◮ Fully automatic ◮ Certificates possible ◮ Robust 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 8

  19. Program Analysis: The Two Worlds Disadvantages ◮ Must have/generate source code ◮ Learned models very abstract ◮ Where do the specs come from? ◮ How to map abstract to code level? ◮ Some expert interaction necessary ◮ No use of symbolic techniques ◮ Evolution of target expensive ◮ Slow convergence, small coverage ◮ Incompleteness, soundiness ◮ Doesn’t scale/not compositional 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 8

  20. Software Model ⇔ Executable Code Pivotal Issue: The Link between Models and Code Too tight: Need to hand-craft modelling abstractions Too loose: Unsatisfactory precision/coverage 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 9

  21. Software Model ⇔ Executable Code Pivotal Issue: The Link between Models and Code Too tight: Need to hand-craft modelling abstractions Too loose: Unsatisfactory precision/coverage Increase elasticity of model-code link without sacrificing precision 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 9

  22. Software Model ⇔ Executable Code Pivotal Issue: The Link between Models and Code Too tight: Need to hand-craft modelling abstractions Too loose: Unsatisfactory precision/coverage Increase elasticity of model-code link without sacrificing precision Potential Benefits ◮ Decrase dependency of glassbox from availability of specs, source code ◮ Integrate blackbox into precise/sound(y) reasoning framework ◮ Dramatically improve performance of both glass-/blackbox 160425 | TUD CS SE | R. Hähnle | Static Analysis | Dagstuhl 16172 ML & SA | 9

Recommend

Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
Static and dynamic verification Software inspections Concerned with analysis of the

Static and dynamic verification Software inspections Concerned with analysis of the

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis

310 views • 12 slides
Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot & CNRS VTSA 2015 1 / 99 Static Analysis Establish

2.15k views • 186 slides
Numerical Static Analysis of Embedded Software with Interrupts Liqian Chen National University of

Numerical Static Analysis of Embedded Software with Interrupts Liqian Chen National University of

The 2016 Workshop on Static Analysis of Concurrent Software, Edinburgh, Scotland Numerical Static Analysis of Embedded Software with Interrupts Liqian Chen National University of Defense Technology, Changsha, China 11/09/2016 (Joint work with

604 views • 39 slides
Static and dynamic verification Static and dynamic V&V Software inspections Concerned

Static and dynamic verification Static and dynamic V&V Software inspections Concerned

1 2 Static and dynamic verification Static and dynamic V&V Software inspections Concerned with analysis of the static system Static representation to discover problems (static verification verification) May be supplement by

107 views • 6 slides
Detection of Software Vulnerabilities: Static Analysis (Part I) Lucas Cordeiro Department of

Detection of Software Vulnerabilities: Static Analysis (Part I) Lucas Cordeiro Department of

Systems and Software Verification Laboratory Detection of Software Vulnerabilities: Static Analysis (Part I) Lucas Cordeiro Department of Computer Science lucas.cordeiro@manchester.ac.uk Static Analysis Lucas Cordeiro (Formal Methods

1.9k views • 188 slides
Program Analysis Extracting static and dynamic information from a software system Program

Program Analysis Extracting static and dynamic information from a software system Program

Program Analysis Extracting static and dynamic information from a software system Program Analysis Extracting information, in order to present abstractions of, or answer questions about, a software system Static Analysis: Examines the

754 views • 32 slides
Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting insights at compile time Full branch coverage Terminates Doesnt rely on a test suite Types are static analysis. Lets talk about

784 views • 39 slides
Detection of Software Vulnerabilities: Static Analysis (Part II) Lucas Cordeiro Department of

Detection of Software Vulnerabilities: Static Analysis (Part II) Lucas Cordeiro Department of

Systems and Software Verification Laboratory Detection of Software Vulnerabilities: Static Analysis (Part II) Lucas Cordeiro Department of Computer Science lucas.cordeiro@manchester.ac.uk Static Analysis (Part II) Lucas Cordeiro (Formal

2.24k views • 169 slides
Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot & CNRS VTSA 2015 1 / 149 Outline Introduction 1 Formal

861 views • 68 slides
Fundamentals of (Static ic and Dynamic ic) ) Software Verif ific icatio ion Control-flow

Fundamentals of (Static ic and Dynamic ic) ) Software Verif ific icatio ion Control-flow

Fundamentals of (Static ic and Dynamic ic) ) Software Verif ific icatio ion Control-flow Analysis Data-flow Analysis Static VS Dynamic Analysis Software Testing Control Con ol Flow ow Gr Graph entry S1 Procedure AVG S1 count =

1.08k views • 104 slides
Improving Software Quality with Static Analysis William Pugh Professor Univ. of Maryland

Improving Software Quality with Static Analysis William Pugh Professor Univ. of Maryland

Improving Software Quality with Static Analysis William Pugh Professor Univ. of Maryland http://www.cs.umd.edu/~pugh TS-2007 2007 JavaOne SM Conference | Session TS-2007 | You will believe... Static analysis tools can find real bugs

991 views • 62 slides
CS510 Software Engineering Static Program Analysis Asst. Prof. Mathias Payer Department of

CS510 Software Engineering Static Program Analysis Asst. Prof. Mathias Payer Department of

CS510 Software Engineering Static Program Analysis Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Scott A. Carr Slides inspired by Xiangyu Zhang http://nebelwelt.net/teaching/15-CS510-SE Spring 2015 Static

586 views • 24 slides
Static Analysis Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * Some

Static Analysis Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * Some

Static Analysis Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * Some slides adapted from those by Trent Jaeger Prevention: Program Analysis Any automated analysis at compile or dynamic time to find potential bugs

798 views • 61 slides
Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview TDDC90: Software Security Syntactic Analysis Ahmed Rezine Abstract Interpretation IDA, Linkpings Universitet Hsttermin 2014 Static Program

75 views • 7 slides
Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ? Basic analysis ! Example : Flow analysis ! Increasing precision ! Context -, flow -, and path sensitivity Scaling it up !

527 views • 27 slides
Software Verification for Space Applications Part 1. Static Analysis Guillaume Brat USRA/RIACS

Software Verification for Space Applications Part 1. Static Analysis Guillaume Brat USRA/RIACS

Software Verification for Space Applications Part 1. Static Analysis Guillaume Brat USRA/RIACS Software blowup 10000 Lines of Code (Thousands) 1700 1000 430 160 100 32 8 10 3 1 Voyager Galileo Cassini MPF Shuttle ISS (1977)

495 views • 49 slides
Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that

Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that

Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that are Ubiquitous Connected Dependable Complexity Unforeseen Consequences Software Security Today The line between secure/insecure is

624 views • 48 slides
Special topics on theorem proving and static analysis: Introduction Gang Tan CSE 597 Fall 2016

Special topics on theorem proving and static analysis: Introduction Gang Tan CSE 597 Fall 2016

Special topics on theorem proving and static analysis: Introduction Gang Tan CSE 597 Fall 2016 Penn State University 1 Critical Software Systems Software is ubiquitous E-commerce E-voting Airplane control software Fly

237 views • 23 slides
1 Analysis Information Where Do Facts Hold? How much information depends on the client

1 Analysis Information Where Do Facts Hold? How much information depends on the client

711? CS711 Advanced Programming Languages Topics in Program Analysis Radu Rugina Fall 2005 CS711 Overview 2 Program Analysis Static vs. Dynamic Static analysis: inspect programs at compile-time Static analysis: Work done at

282 views • 4 slides
A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical

A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical

A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical problem and how to ignore it An example static analysis What is static analysis used for? Commercial successes Free static analysis tools you should

490 views • 37 slides
Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software

Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software

Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software Security Ahmed Rezine IDA, Linkpings Universitet Hsttermin 2019 Outline Overview Syntactic Analysis Abstract Interpretation Outline Overview

323 views • 28 slides
Static Analysis Static Analysis they are read? Will the current value of a variable ever be

Static Analysis Static Analysis they are read? Will the current value of a variable ever be

Interesting Questions Interesting Questions Is every statement reachable? Does every non- void method return a value? Compilation 2007 Compilation 2007 Will local variables definitely be assigned before Static Analysis Static

169 views • 13 slides
Using Static Code Analysis to Find Bugs Before They Become Failures Presented by Brian Walker

Using Static Code Analysis to Find Bugs Before They Become Failures Presented by Brian Walker

Using Static Code Analysis to Find Bugs Before They Become Failures Presented by Brian Walker Senior Software Engineer, Video Product Line, Tektronix, Inc. Pacific Northwest Software Quality Conference, 2010 In the Beginning, There Was Lint

486 views • 20 slides

More recommend