SUDS: An Infrastructure for Creating Bug Detection Tools - PowerPoint PPT Presentation

suds an infrastructure for creating bug detection tools n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
SUDS: An Infrastructure for Creating Bug Detection Tools PowerPoint Presentation
Download Presentation
SUDS: An Infrastructure for Creating Bug Detection Tools

play fullscreen
1 / 10
SUDS: An Infrastructure for Creating Bug Detection Tools
106 Views
Download Presentation
vaughan
Download Presentation

SUDS: An Infrastructure for Creating Bug Detection Tools

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. SUDS: An Infrastructure for Creating Bug Detection Tools Eric Larson October 1, 2007 Seattle University

  2. What is SUDS? • SUDS is an infrastructure to facilitate the construction of software bug detection tools. • SUDS primarily used to create dynamic bug detection tools. • Contains static analysis phases used to improve / focus dynamic bug detection. • At the heart of SUDS is a C to (instrumented) C converter.

  3. Parse Simplify Analyze Instrumentation Model Instrument Link Overview of SUDS SUDS Program (preprocessed C source code) AST Simplified AST Analysis Results Instrumented Source Code Instrumented Executable

  4. Static Analysis • Standard compiler analyses • Control flow graph / call graph • Data flow analysis (mostly intraprocedural) • Flow-sensitive pointer analysis (Hind et. al.) • Tainted propagation • Propagates tainted attribute of variables (forward) • User can modify infrastructure to change what tainted means • Program slicing • Propagates interesting uses backwards • User can modify slicing criterion (can be all statements that have this property or characteristic) • Context-insensitive

  5. Instrumentation • Direct SUDS where to add instrumentation. • Add instrumentation based on statement, expression, or event. • Support functions allow users to easily pass parameters into the instrumentation functions. • Write the instrumentation routines. • Can use provided state table: allows the instrumented program to keep track of additional state when the program is running. • Can take advantage of results from static analysis phases.

  6. Example of how SUDS is used • Goal: To detect buffer overflows for array references that uses data that came from input. • Tainted analysis: All input data is tainted. • Program slicing: All data that can lead to an array reference is in the slice. • Instrumentation: • Track all arrays and their sizes. • Track pointers to arrays. • Track integers that are tainted and in the slice. • At array references, check for bugs.

  7. Results: Finding Bugs

  8. Results: Performance

  9. Future Work • Add phase(s) that attempt to detect bugs using static analysis. • Certain types of bugs can use data flow analysis but need to prune false alarms. • Develop static analysis phases that improve the quality of dynamic bug detection, not just the performance.

  10. Questions