Filters








17,925 Hits in 3.6 sec

Flow-insensitive type qualifiers

Jeffrey S. Foster, Robert Johnson, John Kodumal, Alex Aiken
2006 ACM Transactions on Programming Languages and Systems  
We describe flow-insensitive type qualifiers, a lightweight, practical mechanism for specifying and checking properties not captured by traditional type systems.  ...  Our results suggest that inference and visualization make type qualifiers lightweight, that type qualifier inference scales to large programs, and that type qualifiers are applicable to a wide variety  ...  Flow-Insensitive Type Qualifiers Specific examples of flow-insensitive type qualifiers have been proposed to solve a number of problems.  ... 
doi:10.1145/1186632.1186635 fatcat:tavwrllrfjbunk7bxp2kkvivwa

Flow-sensitive type qualifiers

Jeffrey S. Foster, Tachio Terauchi, Alex Aiken
2002 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation - PLDI '02  
We present a system for extending standard type systems with flow-sensitive type qualifiers. Users annotate their programs with type qualifiers, and inference checks that the annotations are correct.  ...  We demonstrate the usefulness of flow-sensitive type qualifiers by finding a number of new locking bugs in the Linux kernel.  ...  Flow-insensitive analysis consists of the alias and effect inference of Figure 1 together with flow-insensitive qualifier inference [16] .  ... 
doi:10.1145/512529.512531 dblp:conf/pldi/FosterTA02 fatcat:bh3ig4tscbcpjdtpfbgaoeyoyy

Applying flow-sensitive CQUAL to verify MINIX authorization check placement

Timothy Fraser, Nick L. Petroni, William A. Arbaugh
2006 Proceedings of the 2006 workshop on Programming languages and analysis for security - PLAS '06  
Our analysis of MINIX 3 system servers and discovery of a non-exploitable Time-Of-Check/Time-Of-Use bug demonstrate the effectiveness of flowsensitive CQUAL and its advantage over earlier flow-insensitive  ...  We present the first use of flow-sensitive CQUAL to verify the placement of operating system authorization checks.  ...  Analysts state facts about a C program by annotating its types with CQUAL type qualifiers that are similar to C's const qualifier.  ... 
doi:10.1145/1134744.1134747 dblp:conf/pldi/FraserPA06 fatcat:ov6znkinhng6xc22iakcmamjgi

Implementing a Language with Flow-Sensitive and Structural Typing on the JVM

David J. Pearce, James Noble
2011 Electronical Notes in Theoretical Computer Science  
The Whiley language aims to hit a sweet spot between dynamic and static typing. This is achieved through structural subtyping and by typing variables in a flow-sensitive fashion.  ...  However, static type systems traditionally require every variable to have one type, and that relationships between types (e.g. subclassing) be declared explicitly.  ...  CQual is a flow-sensitive qualifier inference supporting numerous type qualifiers, including those for synchronisation and file I/O [21, 22] .  ... 
doi:10.1016/j.entcs.2011.11.005 fatcat:ld27j6corranxmcqg4k35na4xq

Context-sensitive auto-sanitization in web templating languages using type qualifiers

Mike Samuel, Prateek Saxena, Dawn Song
2011 Proceedings of the 18th ACM conference on Computer and communications security - CCS '11  
We propose a novel and principled type-qualifier based mechanism that can be bolted onto existing web templating frameworks.  ...  A standard flow-insensitive type inference algorithm would infer that such an untrusted input has no single precise context qualifier because of its ambiguous usage in multiple different contexts.  ...  To handle such context ambiguity, we design our type system to be flow-sensitive-a flow-sensitive type system permits program variables to have varying type qualifiers at different program locations [  ... 
doi:10.1145/2046707.2046775 dblp:conf/ccs/SamuelSS11 fatcat:z7pxkyberzboroqtvuvdrc4nrm

Scalable and precise taint analysis for Android

Wei Huang, Yao Dong, Ana Milanova, Julian Dolby
2015 Proceedings of the 2015 International Symposium on Software Testing and Analysis - ISSTA 2015  
Concretely, we present DFlow, a context-sensitive information flow type system, and DroidInfer, the corresponding type inference analysis for detecting privacy leaks in Android apps.  ...  We propose a type-based taint analysis for Android.  ...  Type Qualifiers In our type-based approach, each variable is typed by a type qualifier.  ... 
doi:10.1145/2771783.2771803 dblp:conf/issta/HuangDMD15 fatcat:d47qvfdoffgfxehfrvuzwx2ley

Transparent proxies for java futures

Polyvios Pratikakis, Jaime Spacco, Michael Hicks
2004 SIGPLAN notices  
flow-sensitivity.  ...  Second, we use a simple form of flow-sensitivity to avoid coercing the same expression more than once.  ...  Once again, the flow-insensitive analysis had essentially the same running time as Spark points-to analysis (not shown), and the flow-insensitive version added some overhead.  ... 
doi:10.1145/1035292.1028994 fatcat:vc33ejj365hmnn6utyq4xyueqi

Transparent proxies for java futures

Polyvios Pratikakis, Jaime Spacco, Michael Hicks
2004 Proceedings of the 19th annual ACM SIGPLAN Conference on Object-oriented programming, systems, languages, and applications - OOPSLA '04  
flow-sensitivity.  ...  Second, we use a simple form of flow-sensitivity to avoid coercing the same expression more than once.  ...  Once again, the flow-insensitive analysis had essentially the same running time as Spark points-to analysis (not shown), and the flow-insensitive version added some overhead.  ... 
doi:10.1145/1028976.1028994 dblp:conf/oopsla/PratikakisSH04 fatcat:jlse37f5vbct7gguvlpidv4q5u

Type qualifier inference for java

David Greenfieldboyce, Jeffrey S. Foster
2007 SIGPLAN notices  
First, we introduce opaque and enum qualifiers to track C pointers and enumerations that flow through Java code via the JNI.  ...  These results suggest that type qualifiers and type qualifier inference are a useful addition to Java.  ...  Similarly, in type qualifier inference, our goal is to determine how qualifiers flow through the program, and then additionally to check that the flow is valid with respect to the programmer-supplied qualifier  ... 
doi:10.1145/1297105.1297051 fatcat:7tejhd6d3zfrpcspyesvlpzeqa

Type qualifier inference for java

David Greenfieldboyce, Jeffrey S. Foster
2007 Proceedings of the 22nd annual ACM SIGPLAN conference on Object oriented programming systems and applications - OOPSLA '07  
First, we introduce opaque and enum qualifiers to track C pointers and enumerations that flow through Java code via the JNI.  ...  These results suggest that type qualifiers and type qualifier inference are a useful addition to Java.  ...  Similarly, in type qualifier inference, our goal is to determine how qualifiers flow through the program, and then additionally to check that the flow is valid with respect to the programmer-supplied qualifier  ... 
doi:10.1145/1297027.1297051 dblp:conf/oopsla/GreenfieldboyceF07 fatcat:cwdungrvtjag7hhpbtth6apnoe

A Semantic Framework for Declassification and Endorsement [chapter]

Aslan Askarov, Andrew Myers
2010 Lecture Notes in Computer Science  
The framework is flexible enough to recover and to improve on the previously introduced notions of robustness and qualified robustness.  ...  Further, the new security conditions can be soundly enforced by a security type system.  ...  This security condition, which has both progress-sensitive and progress-insensitive versions, expresses roughly the same idea as qualified robustness [13] , but in a more natural and direct way.  ... 
doi:10.1007/978-3-642-11957-6_5 fatcat:nd72zgaapnflbie4fiw2qgee2u

Mixing type checking and symbolic execution

Yit Phang Khoo, Bor-Yuh Evan Chang, Jeffrey S. Foster
2010 SIGPLAN notices  
MIXY checks for potential null dereferences by mixing a null/non-null type qualifier inference system with a symbolic executor.  ...  In this paper, we present MIX, a novel system that mixes type checking and symbolic execution.  ...  MIXY mixes a (flow-insensitive) type qualifier inference system with a symbolic executor.  ... 
doi:10.1145/1809028.1806645 fatcat:pnb5pyusufbvzlun5lrhdxpzxe

Mixing type checking and symbolic execution

Yit Phang Khoo, Bor-Yuh Evan Chang, Jeffrey S. Foster
2010 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation - PLDI '10  
MIXY checks for potential null dereferences by mixing a null/non-null type qualifier inference system with a symbolic executor.  ...  In this paper, we present MIX, a novel system that mixes type checking and symbolic execution.  ...  MIXY mixes a (flow-insensitive) type qualifier inference system with a symbolic executor.  ... 
doi:10.1145/1806596.1806645 dblp:conf/pldi/KhooCF10 fatcat:26wxyru2grgehc3crnhyp6x4zq

Inference and checking of context-sensitive pluggable types

Ana Milanova, Wei Huang
2012 Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering - FSE '12  
Unfortunately, pluggable types require annotations, which imposes a burden on programmers. We propose a framework for specifying, inferring and checking of context-sensitive pluggable types.  ...  Pluggable types can help find bugs such as null-pointer dereference or unwanted mutation (or they can prove the absence of such bugs).  ...  Although JQual's flow analysis has a field-sensitive/context-sensitive mode, it scales only in its field-insensitive/context-insensitive mode according to [1] .  ... 
doi:10.1145/2393596.2393626 dblp:conf/sigsoft/MilanovaH12 fatcat:3svnxrl6hvbmvoblq5wuylivjm

Type-Based Taint Analysis for Java Web Applications [chapter]

Wei Huang, Yao Dong, Ana Milanova
2014 Lecture Notes in Computer Science  
We present SFlow, a context-sensitive type system for secure information flow, and SFlow-Infer, a corresponding worst-case cubic inference analysis.  ...  In this paper, we advocate type-based taint analysis.  ...  Note that in the context-insensitive typing above, methods append and toString must be typed as follows (code throughout the paper makes parameter this explicit): The poly qualifiers must be interpreted  ... 
doi:10.1007/978-3-642-54804-8_10 fatcat:aydbrd7xtnd6zkbxf67kpy2azm
« Previous Showing results 1 — 15 out of 17,925 results