l10 - Lecture 10 Pointer Analysis 1. Datalog 2....

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
Lecture 10 Pointer Analysis 1. Datalog 2. Context-insensitive, flow-insensitive pointer analysis 3. Context sensitivity Readings: Chapter 12 Advanced Compilers M. Lam & J. Whaley
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Advanced Compilers L10: Pointer Analysis Pointer Analysis to Improve Security Top web application security vulnerabilities SQL injection, cross-site scripting User input accessing databases Information flow analysis (taint analysis) Sound analysis that found errors in 8 out of 9 apps p 1 = req .getParameter ( ); stmt .executeQuery ( p 2 ); p 1 and p 2 point to same object? Pointer alias analysis PQL
Background image of page 2
Advanced Compilers L10: Pointer Analysis Automatic Analysis Generation BDD operations 1000s of lines 1 year tuning Datalog bddbddb ( BDD - b ased d eductive d ata b ase) with Active Machine Learning PQL BDD: 10,000s-lines library Compiler writer: Ptr analysis in 10 lines Programmer: Security analysis in 10 lines
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Advanced Compilers L10: Pointer Analysis Goals of the Lecture Pointer analysis Interprocedural, context-sensitive, flow- insensitive (Dataflow: intraprocedural, flow-sensitive) Power of languages and abstractions Elegant abstractions Logic programming BDDs: Binary decision diagrams (Most-cited CS paper a few years ago)
Background image of page 4
Advanced Compilers L10: Pointer Analysis 1. Why a Deductive Database? Pointer analysis produces “intermediate” results to be consumed in analysis. Allow query of specific subsets of results Analysis as queries Results of queries can be further queried in a uniform way
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Advanced Compilers L10: Pointer Analysis Datalog Basics p( X 1 , X 2 , … X n ) p is a predicate X 1 , X 2 , … X n are terms such as variables or constants A predicate can be viewed as a relation
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

This document was uploaded on 03/12/2012.

Page1 / 24

l10 - Lecture 10 Pointer Analysis 1. Datalog 2....

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online