1 / 10

SUDS: An Infrastructure for Creating Bug Detection Tools

SUDS: An Infrastructure for Creating Bug Detection Tools. Eric Larson October 1, 2007 Seattle University. What is SUDS?. SUDS is an infrastructure to facilitate the construction of software bug detection tools. SUDS primarily used to create dynamic bug detection tools.

vaughan
Download Presentation

SUDS: An Infrastructure for Creating Bug Detection Tools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SUDS: An Infrastructure for Creating Bug Detection Tools Eric Larson October 1, 2007 Seattle University

  2. What is SUDS? • SUDS is an infrastructure to facilitate the construction of software bug detection tools. • SUDS primarily used to create dynamic bug detection tools. • Contains static analysis phases used to improve / focus dynamic bug detection. • At the heart of SUDS is a C to (instrumented) C converter.

  3. Parse Simplify Analyze Instrumentation Model Instrument Link Overview of SUDS SUDS Program (preprocessed C source code) AST Simplified AST Analysis Results Instrumented Source Code Instrumented Executable

  4. Static Analysis • Standard compiler analyses • Control flow graph / call graph • Data flow analysis (mostly intraprocedural) • Flow-sensitive pointer analysis (Hind et. al.) • Tainted propagation • Propagates tainted attribute of variables (forward) • User can modify infrastructure to change what tainted means • Program slicing • Propagates interesting uses backwards • User can modify slicing criterion (can be all statements that have this property or characteristic) • Context-insensitive

  5. Instrumentation • Direct SUDS where to add instrumentation. • Add instrumentation based on statement, expression, or event. • Support functions allow users to easily pass parameters into the instrumentation functions. • Write the instrumentation routines. • Can use provided state table: allows the instrumented program to keep track of additional state when the program is running. • Can take advantage of results from static analysis phases.

  6. Example of how SUDS is used • Goal: To detect buffer overflows for array references that uses data that came from input. • Tainted analysis: All input data is tainted. • Program slicing: All data that can lead to an array reference is in the slice. • Instrumentation: • Track all arrays and their sizes. • Track pointers to arrays. • Track integers that are tainted and in the slice. • At array references, check for bugs.

  7. Results: Finding Bugs

  8. Results: Performance

  9. Future Work • Add phase(s) that attempt to detect bugs using static analysis. • Certain types of bugs can use data flow analysis but need to prune false alarms. • Develop static analysis phases that improve the quality of dynamic bug detection, not just the performance.

  10. Questions

More Related