The case for analysis preserving language transformation

Proceedings of the 2006 International Symposium on Software Testing and Analysis, ISSTA 2006

Volumn 2006, Issue , 2006, Pages 191-201

  Zhang, Xiaolan ^a   Koved, Larry ^a   Pistoia, Marco ^a   Weber, Sam ^a   Jaeger, Trent ^a,b   Marceau, Guillaume ^a,c   Zeng, Liangzhao ^a  

^a IBM T J WATSON RESEARCH CENTER   (United States)

^b PENNSYLVANIA STATE UNIVERSITY   (United States)

^c Brown Univerity   (United States)

Author keywords

C; Java; Language transformation; Language translation; Security; Static analysis; Verification

Indexed keywords

COMPUTER AIDED SOFTWARE ENGINEERING; COMPUTER SOFTWARE; DATA FLOW ANALYSIS; PROGRAM TRANSLATORS; SEMANTICS; STATIC ANALYSIS;

ANALYSIS PRESERVING LANGUAGE TRANSFORMATION (APLT); LANGUAGE TRANSLATION; MULTI-LANGUAGE SOFTWARE; PROGRAM VERIFICATION;

COMPUTER PROGRAMMING LANGUAGES;

EID: 34247343731     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1146238.1146260     Document Type: Conference Paper

References (50)

1. Security Focus Bugtraq Posting. http://cert.unistuttgart.de/archive/ bugtraq/2001/03/msg00420.html.
2. The SUIF 2 Compiler System. Available at http://suif.stanford.edu/suif/ suif2/index.html.
3. The vortex project. Available at http://www.cs.washington.edu/research/ projects/cecil/www/vortex.html.
4. A. Aiken, M. Fahndrich, J. S. Foster, and Z. Su. A toolkit for constructing type- and constraint-based program analyses. In Types in Compilation, pages 78-96, 1998.
5. American National Standards Institute, 1430 Broadway, New York, NY 10018, USA. ANSI Fortran X3.9-1978, 1978. Approved April 3, 1978 (also known as Fortran 77).
6. T. Ball and S. Rajamani. Automatically validating temporal safety properties of interfaces. In SPIN 2001 Workshop on Model Checking of Software, May 2001.
7. T. Ball and S. Rajamani. The slam project: Debugging system software via static analysis. In Proceedings of the 29th ACM Symposium on Principles of Programming Languages (POPL02), January 2002.
8. R. M. Balzer, N. M. Goldman, and D. S. Wile. On the Transformational Implementation Approach to Programming. In Proceedings of the 2nd International Conference on Software Engineering, pages 337-344, Oct. 1986.
9. I. D. Baxter, C. Pidgeon, and M. Mehlich. DMS: Program Transformations for Practical Scalable Software Evolution. In Proceedings of the 26th International Conference on Software Engineering, pages 625-634, May 2004.
10. M. Bishop and M. Dilger. Checking for race conditions in file accesses. Computing Systems, 9(2):131-152, 1996.
11. H. Chen, D. Dean, and D. Wagner. Model Checking One Million Lines of C Code. In Proceedings of the 11th Annual Network and Distributed System Security Symposium, San Diego, CA, Feb. 4-6, 2004.
12. H. Chen and D. Wagner. MOPS: An Infrastructure for Examining Security Properties of Software. In Proceedings of the 9th ACM Conference on Computer and Communications Security, pages 235-244, 2002.
13. P. Cousot. Abstract interpretation based static analysis parameterized by semantics. In SAS '97: Proceedings of the 4th International Symposium on Static Analysis, pages 388-394, London, UK, 1997. Springer-Verlag.
14. M. Das, S. Lerner, and M. Seigle. ESP: Pathsensitive program verification in polynomial time. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '02), June 2002.
15. P. T. Devanbu. GENOA: A customizable language-and front-end independent code analyzer. In International Conference on Software Engineering, pages 307-317, 1992.
16. D. M. Doolin, J. Dongarra, and K. Seymour. JLAPACK - Compiling LAPACK Fortran to Java. Technical report, University of Tennessy, June 1998. Available at http://www.cs.utk.edu/library/TechReports/1998/ut-cs-98-390.ps.Z.
17. T. Eisenbarth, R. Koschke, and D. Simon. Aiding program comprehension by static and dynamic feature analysis. In ICSM, pages 602-611, 2001.
18. D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the Fourth Symposium on Operation System Design and Implementation (OSDI), October 2000.
19. A. M. Erosa and L. J. Hendren. Taming Control Flow: A Structured Approach to Eliminating Goto Statements. In Proceedings of the 1994 International Conference on Computer Languages, pages 229-240, May 16-19, 1994. Toulouse, France.
20. J. Field, D. Goyal, G. Ramalingam, and E. Yahav. Typestate verification: Abstraction techniques and complexity results, 2003.
21. J. Foster, M. Fahndrich, and A. Aiken. A theory of type qualifiers. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '99), pages 192-203, May 1999.
22. J. Foster, T. Terauchi, and A. Aiken. Flow-Sensitive Type Qualifiers. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '02), 2002.
23. V. Ganapathy, S. Jha, D. Chandler, D. Melski, and D. Vitek. Buffer overrun detection using linear programming and static analysis. In Proceedings of the 10th ACM Conference on Computer and Communications Security, pages 345-354, Washington, DC, 2003.
24. S. Hauern, B. Chelf, Y. Xie, and D. Engler. A system and language for building system-specific static analyses. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '02), June 2002.
25. IBM. The toronto portable optimizer.
26. S. K. Jain, G. Marceau, X. Zhang, L. Koved, and T. Jaeger. INTELLECT: INTErmediate-Language LEvel C Translator. Technical Report 23907, IBM, 2006. Available at http://domino.research.ibm.com/library/cyberdig.nsf/-index.html.
27. Jazillian, Inc. How to convert c to Java. Available at http://jazillian.com/how.html.
28. T. Jensen, D. Metayer, and T. Thorn. Verification of control flow based security properties. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, May 1999.
29. R. Johnson and D. Wagner. Finding user/kernel pointer bugs with type inference. In Proceedings of the USENIX Security Symposium, Aug. 2004.
30. L. Koved, M. Pistoia, and A. Kershenbaum. Access rights analysis for Java. In Proceedings of the 17th Annual ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2002), pages 359-372, November 2002.
31. D. Larochelle and D. Evans. Statically detecting likely buffer overflow vulnerabilities. In Proceedings of the Tenth USENIX Security Symposium, pages 177-190, 2001.
32. C. Lattner and V. Adve. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the 2004 International Symposium on Code Generation and Optimization (CGO'04), Palo Alto, California, Mar 2004.
33. J. Martin. Ephedra, - a c to Java migration environment, April 2002. Ph.D. Dissertation, University of Victoria, Kanada. Available at http://ovid.tigris.org/Ephedra/.
34. J. Morgenthaler. Static Analysis for a Software Transformation Tool. PhD thesis, 1997.
35. N. Nethercote and J. Seward. Valgrind: A program supervision framework. In Proceedings of the Third Workshop on Runtime Verification (RV'03), Boulder, Colorado, USA, July 2003.
36. Novosoft. C to Java, converter. Available at http://in.tech.yahoo.com/ 020513/94/lnxuw.html.
37. R. W. O'Callahan. The shrike toolkit. Available at http://org.eclipse. cme/contributions/shrike/.
38. M. Pistoia, R. J. Flynn, L. Koved, and V. C. Sreedhar. Interprocedural analysis for privileged code placement and tainted variable detection. In ECOOP 2005 - Object-Oriented Programming: 19th European Conference, Glasgow, UK, July 25-29, 2005. Proceedings, volume 3586 of Lecture Notes in Computer Science, pages 362-386. Springer, Aug. 2005.
39. A. Rountev, A. Milanova, and B. G. Ryder. Points-to analysis for Java using annotated constraints. In Conference on Object-Oriented, pages 43-55, 2001.
40. B. G. Ryder. Dimensions of Precision in Reference Analysis of Object-Oriented Languages. In Proceedings of the 12th International Conference on Compiler Construction, pages 126-137, Warsaw, Poland, April 2003. Invited Paper.
41. J. H. Saltzer and M. D. Schroeder. The Protection of Information in Computer Systems. In Proceedings of the IEEE, volume 63, pages 1278-1308, Sept. 1975.
42. U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting format string vulnerabilities with type qualifiers. In Proceedings of the Tenth USENIX Security Symposium, pages 201-216, 2001.
43. R. E. Strom and D. M. Yellin. Extending typestate checking using conditional liveness analysis. IEEE Transactions on Software Engineering, 19(5):478-485, May 1993.
44. R. E. Strom and S. Yemini. Typestate: A programming language concept for enhancing software reliability. IEEE Transactions on Software Engineering, 12(1):157-171, Jan. 1986.
45. M. M. Strout, J. Mellor-Crummey, and P. Hovland. Representation- independent program analysis. In Proceedings of the The sixth ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE), September 5-6 2005.
46. A. von Mayrhauser and S. Lang. On the role of static analysis during software maintenance. In Proceedings of International Workshop on Program Comprehension, pages 170-177, 1999.
47. C. Wright, C. Cowan, J. Morris, S. Smalley, and G. Kroah-Hartman. Linux security modules: General security support for the linux kernel. In Proceedings of the 11th USENIX Security Symposium, 2002.
48. E. Yahav and G. Ramalingam. Verifying safety properties using separation and heterogeneous abstractions. In PLDI '04: Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation, pages 25-34, New York, NY, USA, 2004. ACM Press.
49. X. Zhang, A. Edwards, and T. Jaeger. Using equal for static analysis of authorization hook placement. In Proceedings of the 11th USENIX Security Symposium, 2002.
50. X. Zhang, T. Jaegert, and L. Koved. Applying Static Analysis to Verifying Security Properties. In Proceedings of the 2004 Grace Hopper Celebration of Women in Computing Conference, Chicago, IL, 2004. Also available as IBM technical report RC23246 at http://domino.research.ibm.com/library/cyberdig.nsf/ index.html.