TypeDevil: Dynamic Type Inconsistency Analysis for JavaScript
|
|
- Clifton Quentin Carson
- 6 years ago
- Views:
Transcription
1 TypeDevil: Dynamic Type Inconsistency Analysis for JavaScript Michael Pradel 1, Parker Schuh 2, Koushik Sen 2 1 TU Darmstadt, 2 UC Berkeley 1
2 Motivation JavaScript: Dynamic and permissive Problems remain unnoticed Purely static analysis is limited 2
3 Motivation JavaScript: Dynamic and permissive Problems remain unnoticed Purely static analysis is limited This talk: Mostly dynamic analysis to find otherwise missed errors 2
4 Example function addwrapped(x, y) { if (y) return x.v + y.v; else return x.v; function Wrapper(v) { this.v = v; addwrapped({v:23); addwrapped({v:20, new Wrapper(3)); addwrapped({v:"18", new Wrapper(5)); 3
5 Example function addwrapped(x, y) { if (y) return x.v + y.v; else return x.v; function Wrapper(v) { this.v = v; addwrapped({v:23); addwrapped({v:20, new Wrapper(3)); addwrapped({v:"18", new Wrapper(5)); 3
6 Example function addwrapped(x, y) { if (y) return x.v + y.v; else return x.v; function Wrapper(v) { this.v = v; addwrapped({v:23); addwrapped({v:20, new Wrapper(3)); addwrapped({v:"18", new Wrapper(5)); 3
7 Example function addwrapped(x, y) { if (y) return x.v + y.v; else return x.v; function Wrapper(v) { this.v = v; addwrapped({v:23); addwrapped({v:20, new Wrapper(3)); addwrapped({v:"18", new Wrapper(5)); 3
8 Example function addwrapped(x, y) { if (y) return x.v + y.v; else return x.v; function Wrapper(v) { this.v = v; addwrapped({v:23); addwrapped({v:20, new Wrapper(3)); addwrapped({v:"18", new Wrapper(5)); 3
9 Example function addwrapped(x, y) { if (y) return x.v + y.v; else return x.v; function Wrapper(v) { this.v = v; Incorrect behavior, but no obvious sign of misbehavior addwrapped({v:23); // 23 addwrapped({v:20, new Wrapper(3)); // 23 addwrapped({v:"18", new Wrapper(5)); // "185" 3
10 Observations 1) Most code follows implicit type rules A single type per variable A single type per object property Functions have fixed signatures 2) Many bugs are violations of these rules 4
11 Example function addwrapped(x, y) { if (y) return x.v + y.v; else return x.v; function Wrapper(v) { this.v = v; addwrapped({v:23); addwrapped({v:20, new Wrapper(3)); addwrapped({v:"18", new Wrapper(5)); 5
12 Example function addwrapped(x, y) { if (y) return x.v + y.v; else return x.v; function Wrapper(v) { this.v = v; addwrapped({v:23); addwrapped({v:20, new Wrapper(3)); addwrapped({v:"18", new Wrapper(5)); x.v has types number and string 5
13 Example function addwrapped(x, y) { if (y) return x.v + y.v; else return x.v; function Wrapper(v) { this.v = v; addwrapped({v:23); addwrapped({v:20, new Wrapper(3)); addwrapped({v:"18", new Wrapper(5)); Returns both number and string 5
14 This Talk: TypeDevil Find inconsistent types of local variables properties of objects function signatures Challenges: No static type information No nominal types Intended polymorphism 6
15 Overview JavaScript program Gather type observations Summarize observations into type graph Find, merge, and filter inconsistencies Warnings about inconsistent types 7
16 Types Type = Primitive type or record type Property names Sets of types Record types represent: Object types Array types Function types this and return as properties Frame types Local variables as properties 8
17 Gather Type Observations One type per allocation site and function definition site Store unique name as shadow value Gather type observations through dynamic analysis Observation = (base, property, type) 9
18 Example function addwrapped(x, y) { if (y) return x.v + y.v; else return x.v; function Wrapper(v) { this.v = v; addwrapped({v:23); addwrapped({v:20, new Wrapper(3)); addwrapped({v:"18", new Wrapper(5)); 10
19 Example function addwrapped(x, y) { if (y) return x.v + y.v; else return x.v; function Wrapper(v) { this.v = v; addwrapped({v:23); addwrapped({v:20, new Wrapper(3)); addwrapped({v:"18", new Wrapper(5)); object1 has property v of type number 10
20 Example function addwrapped(x, y) { if (y) return x.v + y.v; else return x.v; function Wrapper(v) { this.v = v; addwrapped({v:23); addwrapped({v:20, new Wrapper(3)); addwrapped({v:"18", new Wrapper(5)); addwrapped has local variable y of type undefined 10
21 Example function addwrapped(x, y) { if (y) return x.v + y.v; else return x.v; function Wrapper(v) { this.v = v; addwrapped({v:23); addwrapped({v:20, new Wrapper(3)); addwrapped({v:"18", new Wrapper(5)); function addwrapped returns number 10
22 Type Graph Nodes = type, edges = properties number string undefined object1 v object2 v object3 v object4 v object5 v locals of addwrapped x y 11
23 Condensed Type Graph Summarize graph by merging equivalent types number string undefined object1235 v object4 v locals of addwrapped x y 12
24 Reporting Inconsistencies Report nodes with multiple outgoing edges for the same property 13
25 Reporting Inconsistencies Report nodes with multiple outgoing edges for the same property number string undefined object1235 v object4 v locals of addwrapped x y 13
26 Inconsistencies: Example function addwrapped(x, y) { if (y) return x.v + y.v; else return x.v; function Wrapper(v) { this.v = v; addwrapped({v:23); addwrapped({v:20, new Wrapper(3)); addwrapped({v:"18", new Wrapper(5)); 14
27 Inconsistencies: Example function addwrapped(x, y) { if (y) return x.v + y.v; else return x.v; function Wrapper(v) { this.v = v; addwrapped({v:23); addwrapped({v:20, new Wrapper(3)); addwrapped({v:"18", new Wrapper(5)); x.v has types number and string 14
28 Inconsistencies: Example function addwrapped(x, y) { if (y) return x.v + y.v; else return x.v; function Wrapper(v) { this.v = v; addwrapped({v:23); addwrapped({v:20, new Wrapper(3)); addwrapped({v:"18", new Wrapper(5)); y has types object and undefined 14
29 Prune and Merge Warnings Prune likely false positives: Via belief analysis By degree of inconsistency By size of type diff Structural subtypes null-related Merge warnings with same root cause: By dataflow relations By type diff By array type 15
30 Prune and Merge Warnings Prune likely false positives: Via belief analysis By degree of inconsistency By size of type diff Structural subtypes null-related Merge warnings with same root cause: By dataflow relations By type diff By array type 15
31 Prune via Belief Analysis Problem: Intended polymorphism 16
32 Prune via Belief Analysis Problem: Intended polymorphism function BigInteger(a, b, c) { if (a!= null) if ( number == typeof a) this.fromnumber(a, b, c); else if (b == null && string!= typeof a) this.fromstring(a, 256); else this.fromstring(a, b); Code from Octane s crypto benchmark 16
33 Prune via Belief Analysis Problem: Intended polymorphism Naive approach: Warnings about inconsistent argument types function BigInteger(a, b, c) { if (a!= null) if ( number == typeof a) this.fromnumber(a, b, c); else if (b == null && string!= typeof a) this.fromstring(a, 256); else this.fromstring(a, b); Code from Octane s crypto benchmark 16
34 Prune via Belief Analysis Approach: Infer programmer beliefs from code Omit warnings about expected types 16
35 Prune via Belief Analysis Approach: Infer programmer beliefs from code Omit warnings about expected types function BigInteger(a, b, c) { if (a!= null) if ( number == typeof a) this.fromnumber(a, b, c); else if (b == null && string!= typeof a) this.fromstring(a, 256); else this.fromstring(a, b); Code from Octane s crypto benchmark 16
36 Prune via Belief Analysis Approach: Infer programmer beliefs from code Omit warnings about expected types function BigInteger(a, b, c) { if (a!= null) if ( number == typeof a) this.fromnumber(a, b, c); else if (b == null && string!= typeof a) this.fromstring(a, 256); else this.fromstring(a, b); a may be undefined or null Code from Octane s crypto benchmark 16
37 Prune via Belief Analysis Approach: Infer programmer beliefs from code Omit warnings about expected types function BigInteger(a, b, c) { if (a!= null) if ( number == typeof a) this.fromnumber(a, b, c); else if (b == null && string!= typeof a) this.fromstring(a, 256); else this.fromstring(a, b); a may be number Code from Octane s crypto benchmark 16
38 Prune via Belief Analysis Approach: Infer programmer beliefs from code Omit warnings about expected types function BigInteger(a, b, c) { if (a!= null) if ( number == typeof a) this.fromnumber(a, b, c); else if (b == null && string!= typeof a) this.fromstring(a, 256); else this.fromstring(a, b); Code from Octane s crypto benchmark Refined approach: No warning 16
39 Merge by Dataflow Relations Problem: Multiple references may refer to a single value 17
40 Merge by Dataflow Relations Problem: Multiple references may refer to a single value function f(x) { return g(x); function g(a) { return a; f(23); f({p:"abc"); 17
41 Merge by Dataflow Relations Problem: Multiple references may refer to a single value function f(x) { return g(x); function g(a) { return a; f(23); f({p:"abc"); Variable x 17
42 Merge by Dataflow Relations Problem: Multiple references may refer to a single value function f(x) { return g(x); function g(a) { return a; f(23); f({p:"abc"); Variable a 17
43 Merge by Dataflow Relations Problem: Multiple references may refer to a single value function f(x) { return g(x); function g(a) { return a; f(23); f({p:"abc"); g s return value 17
44 Merge by Dataflow Relations Problem: Multiple references may refer to a single value function f(x) { return g(x); function g(a) { return a; f(23); f({p:"abc"); f s return value 17
45 Merge by Dataflow Relations Problem: Multiple references may refer to a single value function f(x) { return g(x); function g(a) { return a; f(23); f({p:"abc"); Variable x f s return value Variable a g s return value Naive approach: 4 warnings 17
46 Merge by Dataflow Relations Approach: Approximate dataflow via call graph Merge warnings that may refer to the same value 17
47 Merge by Dataflow Relations Approach: Approximate dataflow via call graph Merge warnings that may refer to the same value function f(x) { return g(x); function g(a) { return a; f(23); f({p:"abc"); Variable x f s return value Variable a g s return value 17
48 Merge by Dataflow Relations Approach: Approximate dataflow via call graph Merge warnings that may refer to the same value function f(x) { return g(x); function g(a) { return a; f(23); f({p:"abc"); Refined approach: 1 warning 17
49 Implementation Instrumentation-based implementation on top of Jalangi * Hooks into execution Browser + node.js Firefox.js instrumented.js Jalangi * Sen et al.,
50 Evaluation Setup: Sunspider, Octane, and 7 web apps Main results: Finds relevant problems: 33 warnings, 15 are relevant Pruning and merging is crucial: 578 warnings 33 warnings 19
51 Example SunSpider s regexp-dna: var dnaoutputstr; for (i in seqs) { dnaoutputstr += seqs[i].source; 20
52 Example SunSpider s regexp-dna: var dnaoutputstr; for (i in seqs) { dnaoutputstr += seqs[i].source; string and undefined Problem: Incorrect string value undefinedgtagg... 20
53 Other Problems Correctness problems Crash when dereferencing undefined Performance problems Arrays with holes Dangerous coding practices Variable string sometimes holds a number 21
54 Related Work Type inference and checking Thiemann 2005, Jensen 2009, Guha 2011, Heidegger 2010 Many false positives Type inference by JIT compilers Logozzo 2010, Hackett 2012, Rastogi 2012 Speculative optimizations Type annotations TypeScript Manual effort 22
55 Conclusion Find inconsistent types in JavaScript: Observe types and summarize them into type graph Deal with intended polymorphism Dynamic analysis: Powerful alternative to static checking 23
56 Conclusion Find inconsistent types in JavaScript: Observe types and summarize them into type graph Deal with intended polymorphism Dynamic analysis: Powerful alternative to static checking Thanks! 23
JITProf: Pinpointing JIT-Unfriendly JavaScript Code
JITProf: Pinpointing JIT-Unfriendly JavaScript Code Liang Gong 1, Michael Pradel 2, Koushik Sen 1 1 UC Berkeley, 2 TU Darmstadt 1 Motivation JavaScript: One of the most popular languages Performance: Crucial
More informationDLint: Dynamically Checking Bad Coding Practices in JavaScript
DLint: Dynamically Checking Bad Coding Practices in JavaScript Liang Gong 1, Michael Pradel 2, Manu Sridharan 3 and Koushik Sen 1 1 UC Berkeley 2 TU Darmstadt 3 Samsung Research America Why JavaScript?
More informationDLint: Dynamically Checking Bad Coding Practices in JavaScript
DLint: Dynamically Checking Bad Coding Practices in JavaScript Lian Gong, Michael Pradel, Manu Sridharan and Koushik Sen Presented by Adriano Lages dos Santos Belo Horizonte - 16/04/2015 Introduction Javascript
More informationStatic Analysis of JavaScript. Ben Hardekopf
Static Analysis of JavaScript Insights and Challenges Ben Hardekopf Department of Computer Science University of California, Santa Barbara Setting Expectations What this talk is about Brief introduction
More informationDLint: Dynamically Checking Bad Coding Practices in JavaScript
DLint: Dynamically Checking Bad Coding Practices in JavaScript Liang Gong 1, Michael Pradel 2, Manu Sridharan 3 and Koushik Sen 1 1 UC Berkeley 2 TU Darmstadt 3 Samsung Research America Why JavaScript?
More informationDLint and JITProf. [FSE 15] JITProf: Pinpointing JIT-unfriendly JavaScript code Liang Gong, Michael Pradel, Koushik Sen
DLint and JITProf DLint: Dynamically Checking JS Coding Practice [ISSTA 15] DLint: Dynamically Checking Bad Coding Practices in JavaScript Liang Gong, Michael Pradel, Manu Sridharan, Koushik Sen JITProf:
More informationUnderstanding and Automatically Preventing Injection Attacks on Node.js
Understanding and Automatically Preventing Injection Attacks on Node.js Michael Pradel TU Darmstadt Joint work with Cristian Staicu (TU Darmstadt) and Ben Livshits (Microsoft Research, Redmond) 1 Why JavaScript?
More informationTransparent Object Proxies for JavaScript
Transparent Object Proxies for JavaScript Matthias Keil 1, Omer Farooq 1, Sankha Narayan Guria 2, Andreas Schlegel 1, Manuel Geffken 1, Peter Thiemann 1 1 University of Freiburg, Germany, 2 Indian Institute
More informationAn Actionable Performance Profiler for Optimizing the Order of Evaluations
An Actionable Performance Profiler for Optimizing the Order of Evaluations Marija Selakovic TU Darmstadt Germany m.selakovic89@gmail.com ABSTRACT The efficiency of programs often can be improved by applying
More information6.858 Quiz 2 Review. Android Security. Haogang Chen Nov 24, 2014
6.858 Quiz 2 Review Android Security Haogang Chen Nov 24, 2014 1 Security layers Layer Role Reference Monitor Mandatory Access Control (MAC) for RPC: enforce access control policy for shared resources
More informationThe Good, the Bad, and the Ugly: An Empirical Study of Implicit Type Conversions in JavaScript
The Good, the Bad, and the Ugly: An Empirical Study of Implicit Type Conversions in JavaScript Michael Pradel 1 and Koushik Sen 2 1 TU Darmstadt Department of Computer Science Germany michael@binaervarianz.de
More informationFinding User/Kernel Pointer Bugs with Type Inference p.1
Finding User/Kernel Pointer Bugs with Type Inference Rob Johnson David Wagner rtjohnso,daw}@cs.berkeley.edu. UC Berkeley Finding User/Kernel Pointer Bugs with Type Inference p.1 User/Kernel Pointer Bugs
More informationB l o c k B i n d i n g s
1 Block Bindings Traditionally, the way variable declarations work has been one tricky part of programming in JavaScript. In most C-based languages, variables (more formally known as bindings, as a name
More informationStatic Detection of Brittle Parameter Typing
Static Detection of Brittle Parameter Typing Michael Pradel, Severin Heiniger, and Thomas R. Gross Department of Computer Science ETH Zurich 1 Motivation void m(a a) {... } Object A.. B C D E F 2 Motivation
More informationIntroduction to JavaScript p. 1 JavaScript Myths p. 2 Versions of JavaScript p. 2 Client-Side JavaScript p. 3 JavaScript in Other Contexts p.
Preface p. xiii Introduction to JavaScript p. 1 JavaScript Myths p. 2 Versions of JavaScript p. 2 Client-Side JavaScript p. 3 JavaScript in Other Contexts p. 5 Client-Side JavaScript: Executable Content
More informationJAVASCRIPT AND JQUERY: AN INTRODUCTION (WEB PROGRAMMING, X452.1)
Technology & Information Management Instructor: Michael Kremer, Ph.D. Class 2 Professional Program: Data Administration and Management JAVASCRIPT AND JQUERY: AN INTRODUCTION (WEB PROGRAMMING, X452.1) AGENDA
More information22c:111 Programming Language Concepts. Fall Types I
22c:111 Programming Language Concepts Fall 2008 Types I Copyright 2007-08, The McGraw-Hill Company and Cesare Tinelli. These notes were originally developed by Allen Tucker, Robert Noonan and modified
More informationProgram Testing and Analysis: Manual Testing Prof. Dr. Michael Pradel Software Lab, TU Darmstadt
Program Testing and Analysis: Manual Testing Prof. Dr. Michael Pradel Software Lab, TU Darmstadt Partly based on slides from Peter Müller, ETH Zurich 1 Warm-up Quiz What does the following code print?
More informationCompilers and computer architecture: Semantic analysis
1 / 1 Compilers and computer architecture: Semantic analysis Martin Berger Alex Jeffery October 2018 Recall the function of compilers 2 / 1 3 / 1 Recall the structure of compilers Source program Lexical
More informationRefinement Types for TypeScript
Refinement Types for TypeScript Panagiotis Vekris Benjamin Cosman Ranjit Jhala University of California, San Diego PLDI 16 Thursday, June 16 Extensible static analyses for modern scripting languages 2
More informationPrinciples of Programming Languages
Principles of Programming Languages www.cs.bgu.ac.il/~ppl172 Lesson 4 - Type Checking Collaboration and Management Dana Fisman 1 Why declare types? Declaring types allows the compiler to detect errors
More informationInterprocedural Type Specialization of JavaScript Programs Without Type Analysis
Interprocedural Type Specialization of JavaScript Programs Without Type Analysis Maxime Chevalier-Boisvert joint work with Marc Feeley ECOOP - July 20th, 2016 Overview Previous work: Lazy Basic Block Versioning
More informationCog VM Evolution. Clément Béra. Thursday, August 25, 16
Cog VM Evolution Clément Béra Cog VM? Smalltalk virtual machine Default VM for Pharo Squeak Newspeak Cuis Cog Philosophy Open source (MIT) Simple Is the optimization / feature worth the added complexity?
More informationA brief introduction to C programming for Java programmers
A brief introduction to C programming for Java programmers Sven Gestegård Robertz September 2017 There are many similarities between Java and C. The syntax in Java is basically
More informationTopic 9: Type Checking
Recommended Exercises and Readings Topic 9: Type Checking From Haskell: The craft of functional programming (3 rd Ed.) Exercises: 13.17, 13.18, 13.19, 13.20, 13.21, 13.22 Readings: Chapter 13.5, 13.6 and
More informationTopic 9: Type Checking
Topic 9: Type Checking 1 Recommended Exercises and Readings From Haskell: The craft of functional programming (3 rd Ed.) Exercises: 13.17, 13.18, 13.19, 13.20, 13.21, 13.22 Readings: Chapter 13.5, 13.6
More informationToday Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues
Finding Bugs Last time Run-time reordering transformations Today Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues CS553 Lecture Finding
More informationExperimental New Directions for JavaScript
Experimental New Directions for JavaScript Andreas Rossberg, V8/Google Motivation Broad need for (more) scalable JavaScript Usability, esp. maintainability Performance, esp. predictability ES6 opens up
More informationAutomatic Testing of Sequential and Concurrent Substitutability
Automatic Testing of Sequential and Concurrent Substitutability Michael Pradel and Thomas R. Gross Department of Computer Science ETH Zurich 1 Motivation void bar(foo f) { f.m();... } bar() expects functionality
More informationMarija Selakovic September 25th, 2015 JSConf, Berlin
Let's make JavaScript programs faster Marija Selakovic September 25th, 2015 JSConf, Berlin About me PhD student @TU Darmstadt First time @JSConf Performance, program analysis and refactorings Focus on
More informationPrinciples of Programming Languages
Principles of Programming Languages Lesson 14 Type Checking Collaboration and Management Dana Fisman www.cs.bgu.ac.il/~ppl172 1 Type Checking We return to the issue of type safety we discussed informally,
More informationJavaScript: Introduction, Types
JavaScript: Introduction, Types Computer Science and Engineering College of Engineering The Ohio State University Lecture 19 History Developed by Netscape "LiveScript", then renamed "JavaScript" Nothing
More informationMidterm Exam. 5. What is the character - (minus) used for in JavaScript? Give as many answers as you can.
First Name Last Name CSCi 90.3 March 23, 2010 Midterm Exam Instructions: For multiple choice questions, circle the letter of the one best choice unless the question explicitly states that it might have
More informationDependent Types for JavaScript
Dependent Types for JavaScript Ravi Chugh Ranjit Jhala University of California, San Diego David Herman Mozilla Research Dependent Why Types for JavaScript? Pervasive Used at Massive Scale Why Add Types?
More informationInformation Flow Analysis and Type Systems for Secure C Language (VITC Project) Jun FURUSE. The University of Tokyo
Information Flow Analysis and Type Systems for Secure C Language (VITC Project) Jun FURUSE The University of Tokyo furuse@yl.is.s.u-tokyo.ac.jp e-society MEXT project toward secure and reliable software
More information2 Blending static and dynamic typing
2 Blending static and dynamic typing We begin this chapter presenting a little bit of the history behind combining static and dynamic typing in the same language. Then, we introduce optional type systems
More informationStephen McLaughlin. From Uncertainty to Belief: Inferring the Specification Within
From Uncertainty to Belief: Inferring the Specification Within Overview Area: Program analysis and error checking / program specification Problem: Tools lack adequate specification. Good specifications
More informationPractical Mostly-Static Information Flow Control. Andrew Myers MIT Lab for Computer Science
Practical Mostly-Static Information Flow Control Andrew Myers MIT Lab for Computer Science Privacy Old problem (secrecy, confidentiality) : prevent programs from leaking data Untrusted, downloaded code:
More informationClient-Side Web Technologies. JavaScript Part I
Client-Side Web Technologies JavaScript Part I JavaScript First appeared in 1996 in Netscape Navigator Main purpose was to handle input validation that was currently being done server-side Now a powerful
More informationCS558 Programming Languages
CS558 Programming Languages Winter 2017 Lecture 7b Andrew Tolmach Portland State University 1994-2017 Values and Types We divide the universe of values according to types A type is a set of values and
More informationQuickly Detecting Relevant Program Invariants
Quickly Detecting Relevant Program Invariants Michael Ernst, Adam Czeisler, Bill Griswold (UCSD), and David Notkin University of Washington http://www.cs.washington.edu/homes/mernst/daikon Michael Ernst,
More informationUnderstanding the Dynamics of JavaScript
Understanding the Dynamics of JavaScript Sylvain Lebresne, Gregor Richards, Johan Östlund, Tobias Wrigstad, Jan Vitek Purdue University July 6, 2009 1 / 28 1 Introduction 2 JavaScript 3 Measurements 4
More informationFinding and Fixing Bugs in Liquid Haskell. Anish Tondwalkar
Finding and Fixing Bugs in Liquid Haskell Anish Tondwalkar Overview Motivation Liquid Haskell Fault Localization Fault Localization Evaluation Predicate Discovery Predicate Discovery Evaluation Conclusion
More informationCascade: A Universal Programmer-assisted Type Qualifier Inference Tool
Cascade: A Universal Programmer-assisted Type Qualifier Inference Tool Mohsen Vakilian* Amarin Phaosawasdi* Michael D. Ernst Ralph E. Johnson* *University of Illinois at Urbana-Champaign University of
More informationLecture 2: SML Basics
15-150 Lecture 2: SML Basics Lecture by Dan Licata January 19, 2012 I d like to start off by talking about someone named Alfred North Whitehead. With someone named Bertrand Russell, Whitehead wrote Principia
More informationHow Many of All Bugs Do We Find? A Study of Static Bug Detectors
How Many of All Bugs Do We Find? A Study of Static Bug Detectors ABSTRACT Andrew Habib andrew.a.habib@gmail.com Department of Computer Science TU Darmstadt Germany Static bug detectors are becoming increasingly
More informationTypes and Type Inference
Types and Type Inference Mooly Sagiv Slides by Kathleen Fisher and John Mitchell Reading: Concepts in Programming Languages, Revised Chapter 6 - handout on the course homepage Outline General discussion
More informationHeapMD: Identifying Heap-based Bugs using Anomaly Detection
HeapMD: Identifying Heap-based Bugs using Anomaly Detection Trishul M. Chilimbi Microsoft Research Redmond, WA trishulc@microsoft.com Vinod Ganapathy University of Wisconsin Madison, WI vg@cs.wisc.edu
More informationJFlow: Practical Mostly-Static Information Flow Control
JFlow: Practical Mostly-Static Information Flow Control A.Myers and B.Liskov. A Decentralized Model for Information Flow Control (SOSP 1997). Andrew C. Myers and Barbara Liskov. Protecting privacy using
More informationJSAI: A STATIC ANALYSIS PLATFORM FOR JAVASCRIPT
JSAI: A STATIC ANALYSIS PLATFORM FOR JAVASCRIPT Vineeth Kashyap, Kyle Dewey, Ethan A. Kuefner, John Wagner, Kevin Gibbons, John Sarracino, BenWiedermann, Ben Hardekopf PAPER BACKGROUND Symposium on Foundations
More informationSome instance messages and methods
Some instance messages and methods x ^x y ^y movedx: dx Dy: dy x
More informationWhidbey Enhancements to C# Jeff Vaughan MSBuild Team July 21, 2004
Whidbey Enhancements to C# Jeff Vaughan MSBuild Team July 21, 2004 Outline Practical Partial types Static classes Extern and the namespace alias qualifier Cool (and practical too) Generics Nullable Types
More informationA Serializability Violation Detector for Shared-Memory Server Programs
A Serializability Violation Detector for Shared-Memory Server Programs Min Xu Rastislav Bodík Mark Hill University of Wisconsin Madison University of California, Berkeley Serializability Violation Detector:
More informationTowards automated detection of buffer overrun vulnerabilities: a first step. NDSS 2000 Feb 3, 2000
Towards automated detection of buffer overrun vulnerabilities: a first step David Wagner Eric A. Brewer Jeffrey S. Foster Alexander Aiken NDSS 2000 Feb 3, 2000 1 Introduction The state of computer security
More informationTypes and Type Inference
CS 242 2012 Types and Type Inference Notes modified from John Mitchell and Kathleen Fisher Reading: Concepts in Programming Languages, Revised Chapter 6 - handout on Web!! Outline General discussion of
More informationCS558 Programming Languages
CS558 Programming Languages Winter 2017 Lecture 4a Andrew Tolmach Portland State University 1994-2017 Semantics and Erroneous Programs Important part of language specification is distinguishing valid from
More informationThe gradual typing approach to mixing static and dynamic typing
1 / 38 The gradual typing approach to mixing static and dynamic typing Jeremy G. Siek University of Colorado = Indiana University TFP 2013 at Provo, Utah, May 2013 The Goals of Gradual Typing Enjoy the
More informationRun-time characteristics of JavaScript
Run-time characteristics of JavaScript http://d3s.mff.cuni.cz CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics Part I Introduction On paper An analysis of the Dynamic Behavior of the JavaScript
More informationG Programming Languages Spring 2010 Lecture 6. Robert Grimm, New York University
G22.2110-001 Programming Languages Spring 2010 Lecture 6 Robert Grimm, New York University 1 Review Last week Function Languages Lambda Calculus SCHEME review 2 Outline Promises, promises, promises Types,
More informationContents. I. Classes, Superclasses, and Subclasses. Topic 04 - Inheritance
Contents Topic 04 - Inheritance I. Classes, Superclasses, and Subclasses - Inheritance Hierarchies Controlling Access to Members (public, no modifier, private, protected) Calling constructors of superclass
More informationNomen est Omen: Exploring and Exploiting Name Similarities between Arguments and Parameters
Nomen est Omen: Exploring and Exploiting Name Similarities between Arguments and Parameters Hui Liu 1 Qiurong Liu 1 Cristian-Alexandru Staicu 2 Michael Pradel 2 Yue Luo 1 1 Beijing Institute of Technology
More informationNick Senger & Jesse van den Kieboom
Using TypeScript with the ArcGIS API for JavaScript Nick Senger & Jesse van den Kieboom Live version of this presentation is available on: https://jkieboom.github.io/devsummit-palm-springs-2018/presentations/typescript-arcgis-js-api
More informationTYPES, VALUES AND DECLARATIONS
COSC 2P90 TYPES, VALUES AND DECLARATIONS (c) S. Thompson, M. Winters 1 Names, References, Values & Types data items have a value and a type type determines set of operations variables Have an identifier
More informationOutline. Computer programming. Debugging. What is it. Debugging. Hints. Debugging
Outline Computer programming Debugging Hints Gathering evidence Common C errors "Education is a progressive discovery of our own ignorance." Will Durant T.U. Cluj-Napoca - Computer Programming - lecture
More informationTRANSLATING DART TO EFFICIENT JAVASCRIPT. Kasper Lund Google
TRANSLATING DART TO EFFICIENT JAVASCRIPT Kasper Lund Google Translating Dart to efficient JavaScript Kasper Lund, Google Who am I? Kasper Lund, software engineer at Google Projects OOVM: Embedded Smalltalk
More informationJavaScript. Training Offer for JavaScript Introduction JavaScript. JavaScript Objects
JavaScript CAC Noida is an ISO 9001:2015 certified training center with professional experience that dates back to 2005. The vision is to provide professional education merging corporate culture globally
More informationCIS 341 Final Examination 4 May 2017
CIS 341 Final Examination 4 May 2017 1 /14 2 /15 3 /12 4 /14 5 /34 6 /21 7 /10 Total /120 Do not begin the exam until you are told to do so. You have 120 minutes to complete the exam. There are 14 pages
More informationStatic Analysis in Practice
in Practice 17-654/17-754: Analysis of Software Artifacts Jonathan Aldrich 1 Quick Poll Who is familiar and comfortable with design patterns? e.g. what is a Factory and why use it? 2 1 Outline: in Practice
More informationSymbols. accessor properties, attributes, creating, adding properties, 8 anonymous functions, 20, 80
Index Symbols { } (braces) for function contents, 18 and object properties, 9 == (double equals operator), 5 === (triple equals operator), 5 [ ] (square brackets) for array literals, 10 for property access,
More informationA Novel Approach to Explain the Detection of Memory Errors and Execution on Different Application Using Dr Memory.
A Novel Approach to Explain the Detection of Memory Errors and Execution on Different Application Using Dr Memory. Yashaswini J 1, Tripathi Ashish Ashok 2 1, 2 School of computer science and engineering,
More informationCOS 320. Compiling Techniques
Topic 5: Types COS 320 Compiling Techniques Princeton University Spring 2016 Lennart Beringer 1 Types: potential benefits (I) 2 For programmers: help to eliminate common programming mistakes, particularly
More informationCode verification. CSE 331 University of Washington. Michael Ernst
Code verification CSE 331 University of Washington Michael Ernst Specification and verification To find an error, compare two things Mental model Verification Specification Program Example input & output
More informationJSJS - Project Proposal
JSJS - Project Proposal A general purpose, strongly typed programming language for the web Jain Bahul Srivastav Prakhar Jain Ayush Sadekar Gaurang bkj2111 ps2894 aj2672 gss2147 Description JSJS is a strongly
More informationStatic Analysis of Dynamically Typed Languages made Easy
Static Analysis of Dynamically Typed Languages made Easy Yin Wang School of Informatics and Computing Indiana University Overview Work done as two internships at Google (2009 summer and 2010 summer) Motivation:
More informationClock-directed Modular Code-generation for Synchronous Data-flow Languages
1 Clock-directed Modular Code-generation for Synchronous Data-flow Languages Dariusz Biernacki Univ. of Worclaw (Poland) Jean-Louis Colaço Prover Technologies (France) Grégoire Hamon The MathWorks (USA)
More informationJITProf: Pinpointing JIT-Unfriendly JavaScript Code
JITProf: Pinpointing JIT-Unfriendly JavaScript Code Liang Gong 1, Michael Pradel 2, and Koushik Sen 1 1 EECS Department, University of California, Berkeley, USA 2 Department of Computer Science, TU Darmstadt,
More informationCollaborative Verification of Information Flow for a High-Assurance App Store
Collaborative Verification of Information Flow for a High-Assurance App Store Michael D. Ernst, René Just, Suzanne Millstein, Werner Dietl*, Stuart Pernsteiner, Franziska Roesner, Karl Koscher, Paulo Barros,
More informationAutomatic Inference of Reference Count Invariants. David Detlefs Sun Microsystems Laboratories SPACE Jan. 2004
Automatic Inference of Reference Count Invariants David Detlefs Sun Microsystems Laboratories SPACE Jan. 2004 1 Goal of this Work A form of compile-time GC. Escape analysis: Region inference: Mostly short-lived
More informationCPS 506 Comparative Programming Languages. Programming Language
CPS 506 Comparative Programming Languages Object-Oriented Oriented Programming Language Paradigm Introduction Topics Object-Oriented Programming Design Issues for Object-Oriented Oriented Languages Support
More informationUnderstanding Undefined Behavior
Session Developer Tools #WWDC17 Understanding Undefined Behavior 407 Fred Riss, Clang Team Ryan Govostes, Security Engineering and Architecture Team Anna Zaks, Program Analysis Team 2017 Apple Inc. All
More informationJavaScript: More Syntax and Using Events
JavaScript: Me Syntax and Using Events CISC 282 October 4, 2017 null and undefined null is synonymous with nothing i.e., no value, nothing there undefined in synonymous with confusion i.e., what's this?
More informationType Checking in COOL (II) Lecture 10
Type Checking in COOL (II) Lecture 10 1 Lecture Outline Type systems and their expressiveness Type checking with SELF_TYPE in COOL Error recovery in semantic analysis 2 Expressiveness of Static Type Systems
More informationA Run-Time Type-Checking Debugger for C
A Run-Time Type-Checking Debugger for C Alexey Loginov, Suan Yong, Susan Horwitz, and Thomas Reps University of Wisconsin 1 Introduction This document outlines progress to date on the run-time type-checking
More informationProgramming Languages Assignment #7
Programming Languages Assignment #7 December 2, 2007 1 Introduction This assignment has 20 points total. In this assignment, you will write a type-checker for the PolyMinML language (a language that is
More informationModular and Verified Automatic Program Repairs
Modular and Verified Automatic Program Repairs from Francesco Logozzo and Thomas Ball at Microsoft Research, Redmond presenter name(s) removed for FERPA considerations Introduction Your programs will have
More informationINF 102 CONCEPTS OF PROG. LANGS FUNCTIONAL COMPOSITION. Instructors: James Jones Copyright Instructors.
INF 102 CONCEPTS OF PROG. LANGS FUNCTIONAL COMPOSITION Instructors: James Jones Copyright Instructors. Topics Recursion Higher-order functions Continuation-Passing Style Monads (take 1) Identity Monad
More informationJavaScript: Sort of a Big Deal,
: Sort of a Big Deal, But Sort of Quirky... March 20, 2017 Lisp in C s Clothing (Crockford, 2001) Dynamically Typed: no static type annotations or type checks. C-Like Syntax: curly-braces, for, semicolons,
More informationPOLYMORPHISM 2 PART. Shared Interface. Discussions. Abstract Base Classes. Abstract Base Classes and Pure Virtual Methods EXAMPLE
Abstract Base Classes POLYMORPHISM 2 PART Abstract Classes Static and Dynamic Casting Common Programming Errors class B { // base class virtual void m( ) =0; // pure virtual function class D1 : public
More informationMetacircular Virtual Machine Layering for Run-Time Instrumentation. Erick Lavoie, Bruno Dufour, Marc Feeley Université de Montréal ericklavoie.
Metacircular Virtual Machine Layering for Run-Time Instrumentation Erick Lavoie, Bruno Dufour, Marc Feeley Université de Montréal ericklavoie.com 1 Motivation 2 2 Context Program comprehension Benchmark
More informationJAVASCRIPT AND JQUERY: AN INTRODUCTION (WEB PROGRAMMING, X452.1)
Technology & Information Management Instructor: Michael Kremer, Ph.D. Class 1 Professional Program: Data Administration and Management JAVASCRIPT AND JQUERY: AN INTRODUCTION (WEB PROGRAMMING, X452.1) WHO
More informationPOLYMORPHISM 2 PART Abstract Classes Static and Dynamic Casting Common Programming Errors
POLYMORPHISM 2 PART Abstract Classes Static and Dynamic Casting Common Programming Errors CSC 330 OO Software Design 1 Abstract Base Classes class B { // base class virtual void m( ) =0; // pure virtual
More informationMicrosoft SAGE and LLVM KLEE. Julian Cohen Manual and Automatic Program Analysis
Microsoft SAGE and LLVM KLEE Julian Cohen HockeyInJune@isis.poly.edu Manual and Automatic Program Analysis KLEE KLEE [OSDI 2008, Best Paper Award] Based on symbolic execution and constraint solving techniques
More informationFully Automatic and Precise Detection of Thread Safety Violations
Fully Automatic and Precise Detection of Thread Safety Violations Michael Pradel and Thomas R. Gross Department of Computer Science ETH Zurich 1 Motivation Thread-safe classes: Building blocks for concurrent
More informationLeveraging Data Invariants in Model Inference for Test Case Generation
Leveraging Data Invariants in Model Inference for Test Case Generation Roykrong Sukkerd Abstract Testing is an effective mean to find bugs in systems, but manually writing test cases is often tedious.
More informationCPSC 427a: Object-Oriented Programming
CPSC 427a: Object-Oriented Programming Michael J. Fischer Lecture 5 September 15, 2011 CPSC 427a, Lecture 5 1/35 Functions and Methods Parameters Choosing Parameter Types The Implicit Argument Simple Variables
More informationINF5750. Introduction to JavaScript and Node.js
INF5750 Introduction to JavaScript and Node.js Outline Introduction to JavaScript Language basics Introduction to Node.js Tips and tools for working with JS and Node.js What is JavaScript? Built as scripting
More informationFunctor abstract domain by example
A Parametric Segmentation Functor for Fully Automatic and Scalable Array Content Analysis Scalability Patrick Cousot, NYU & ENS Radhia Cousot, CNRS & ENS & MSR Francesco Logozzo, MSR Precision // here:
More informationSoftware Verification : Introduction
Software Verification : Introduction Ranjit Jhala, UC San Diego April 4, 2013 What is Algorithmic Verification? Algorithms, Techniques and Tools to ensure that Programs Don t Have Bugs (What does that
More informationProgramming Languages: Application and Interpretation
Programming Languages: Application and Interpretation Version 6.7 October 26, 2016 This is the documentation for the software accompanying the textbook Programming Languages: Application and Interpretation
More informationType Systems. Seman&cs. CMPT 379: Compilers Instructor: Anoop Sarkar. anoopsarkar.github.io/compilers-class
Type Systems Seman&cs CMPT 379: Compilers Instructor: Anoop Sarkar anoopsarkar.github.io/compilers-class 1 Equality of types Main seman&c tasks involve liveness analysis and checking equality Equality
More information