Understanding Limits of Linting in C Programming

Slide Note
Embed
Share

Exploring the constraints of linting tools in C programming, particularly focusing on scenarios where a linter might flag legitimate code due to inherent limitations in static analysis. The discussion delves into common anti-patterns, security considerations, and the challenges of sound bug detection and program verification. Additionally, it touches on the shift towards dynamic analysis and the necessity of balancing guarantees with practicality in software security evaluation.

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

aids
aids Follow

Uploaded on Apr 19, 2024 | 6 Views

Presentation Transcript

  1. EXERCISE #25 LINTING REVIEW Write your name and answer the following on a piece of paper Give an example of a legal program in C that a linter would nevertheless flag 1

  2. ADMINISTRIVIA AND ANNOUNCEMENTS

  3. PROGRAM INSTRUMENTATION EECS 677: Software Security Evaluation Drew Davidson

  4. 4 LAST TIME: LINTING REVIEW: LAST LECTURE REMOVINGTHE STRAY FIBERS OFA PROGRAM Analyze common anti-patterns that are likely to cause issues (security and otherwise) NOTABLEANALYSISTOOLS Lint The original analysis tool Splint Security analysis tool

  5. 5 CLASS PROGRESS MOVING ON TO DYNAMIC ANALYSIS More heuristic by nature

  6. 6 LIMITS OF STATIC ANALYSIS PROGRAM INSTRUMENTATION: BASIC IDEA PRACTICAL ISSUES - Unsoundness of bug finding / incompleteness of program verification - Scalability - Significant engineering effort

  7. 7 REVISING DYNAMIC ANALYSIS PROGRAM INSTRUMENTATION: BASIC IDEA GIVINGUPON GUARANTEES - Finding bugs (even low-hanging fruit ) is useful! ADVANTAGES - Simplest form: testing

  8. 8 BEYOND TESTING PROGRAM INSTRUMENTATION: BASIC IDEA LIMITATIONSOF PLAIN TESTING - Property may not be immediately observable from output alone - The circumstances under which the issue occurs may not be obvious

  9. 9 INSERTING PROGRAM PROBES PROGRAM INSTRUMENTATION: BASIC IDEA INSERTCHECKS / REPORTSINTOTHE ANALYSISTARGET Addresses both of the previous issues can report upon program state and even program path MANY PROGRAMMINGLANGUAGESHAVE EXPLOITABLECONSTRUCTS Programming constructs that do not operate as intended under unforeseen circumstances A NEWCONCERN THEEFFICIENCY OFTHE (INSTRUMENTED) PROGRAM Potential slowdown on each program path LACKOF HOLISTIC INFORMATION Somewhat limited by the information the probes can report

  10. 10 EXAMPLE: CONTROL PROFILING PROGRAM INSTRUMENTATION: BASIC IDEA COUNTING HOWMANYTIMESCERTAIN BEHAVIORSOFTHEPROGRAMARE EXERCISED Why is this useful? (Placing sanitizers) THISACTUALLYTURNSOUTTOBEA LITTLEBITTRICKY! Actually turns out to be a little bit tricky! We ll describe some of the issues / solution as per Ball and Larus, 96

  11. 11 BRANCH FREQUENCY PROGRAM INSTRUMENTATION: APPROACH NA VE APPROACH: INSTRUMENT PROBESATEACHEDGE Inefficient! We don t really need an A -> B counter (it s the sum of the B-> C and B -> D counters)

  12. 12 EXAMPLE: COVERAGE / FREQUENCY PROGRAM INSTRUMENTATION: APPROACH EXAMPLEOFINSTRUMENTATION: COUNTING EXECUTION FREQUENCY Why is this useful? (Placing sanitizers) Let s first consider inserting edge counters Inefficient! We don t really need an A -> B counter (it s the sum of the B-> C and B -> D counters)

  13. 13 PATH FREQUENCY PROGRAM INSTRUMENTATION: APPROACH NA VE IMPLEMENTATION: SUMUP EDGE COUNTERS

  14. 14 EFFICIENT PATH AND BRANCH COUNTERS PROGRAM INSTRUMENTATION: APPROACH BALLAND LARUS 96 Intuition: - Assign integer values to edges such that no two paths compute the same path sum (Section 3.2). Select edges to instrument using a spanning tree

  15. 15 INSTRUMENTATION APPROACHES PROGRAM INSTRUMENTATION: APPROACH STATIC INSTRUMENTATION Add probes before the program is run (i.e. rewrite the program executable) DYNAMIC INSTRUMENTATION Probe while the program is run (i.e. insert probes just-in-time or as part of the environment)

  16. 16 DYNAMIC INSTRUMENTATION TOOLS PROGRAM INSTRUMENTATION: APPROACH FREQUENTLY INVOLVEACUSTOMRUNTIME Add probes before the program is run (i.e. rewrite the program executable) EXAMPLES Intel PIN GDB

  17. 17 DYNAMIC INSTRUMENTATION EXAMPLE: GDB PROGRAM INSTRUMENTATION: APPROACH gcc -O0 g prog.c o prog gdb prog b 5 set variable a = 3 n

  18. 18 WRAP-UP WE VE DESCRIBED 2 FORMS OF ALTERING THE PROGRAM More heuristic by nature

Related


Functional Programming

Functional Programming

giulia
Programming in C: Overview and Constants Explanation

Programming in C: Overview and Constants Explanation

reef
International Collegiate Programming Contest (ICPC) Overview and Rules

International Collegiate Programming Contest (ICPC) Overview and Rules

tymon
Understanding PROC DS2 for SAS Programming

Understanding PROC DS2 for SAS Programming

argo
Understanding Algorithms and Programming Fundamentals

Understanding Algorithms and Programming Fundamentals

dorothy
Understanding Objects, Types, and Values in Programming

Understanding Objects, Types, and Values in Programming

odysseus
Comprehensive C++ Programming Certification Course Overview

Comprehensive C++ Programming Certification Course Overview

abra
Programming in C

Programming in C

adler
Exploring Coding Platforms and Modules for Kids and Teens

Exploring Coding Platforms and Modules for Kids and Teens

sachin
Introduction to 8051 Microcontroller Timer Programming

Introduction to 8051 Microcontroller Timer Programming

cade
Understanding Binomial Distribution in R Programming

Understanding Binomial Distribution in R Programming

lina
Variables, Assignment,and Data Types

Variables, Assignment,and Data Types

kiana
Understanding Modern C++ Memory Management and Smart Pointers in Programming Labs

Understanding Modern C++ Memory Management and Smart Pointers in Programming Labs

theoden
Understanding Abstract Classes and Inheritance in Object-Oriented Programming

Understanding Abstract Classes and Inheritance in Object-Oriented Programming

celina
Introduction to Fundamentals of C Programming

Introduction to Fundamentals of C Programming

mustafa
Understanding Java Application Programming Interface (API)

Understanding Java Application Programming Interface (API)

lakshmi
Understanding Algorithms and Abstraction Concepts in Programming

Understanding Algorithms and Abstraction Concepts in Programming

novi
Expanding CTE Programming for Rural Schools

Expanding CTE Programming for Rural Schools

andreas
Memory Attack Review Overview

Memory Attack Review Overview

kiaan
Comprehensive Guide to Programming in IDL with Pointers and Extensions

Comprehensive Guide to Programming in IDL with Pointers and Extensions

autumn
Principles of Programming Using C

Principles of Programming Using C

ryland
Introduction to Educational Robotics

Introduction to Educational Robotics

giulia
Comprehensive Overview of CSE 123 Course by Nathan Brunelle, Spring 2024

Comprehensive Overview of CSE 123 Course by Nathan Brunelle, Spring 2024

estrella
Development of Open Source Extension for Microcontrolled Systems with Scratch Approach in Educational Robotics

Development of Open Source Extension for Microcontrolled Systems with Scratch Approach in Educational Robotics

wiktoria

More Related Content

Introduction to Constraint Satisfaction Problems
Introduction to Constraint Satisfaction Problems
VHDL Programming for Sequential Circuits
VHDL Programming for Sequential Circuits
Introduction to Bash Shell Programming
Introduction to Bash Shell Programming
Introduction to Selection Statements in Programming
Introduction to Selection Statements in Programming
Exploring Dart: A Comprehensive Overview of Flutter Programming
Exploring Dart: A Comprehensive Overview of Flutter Programming
Update on Credit Finance Sub-Group Activities
Update on Credit Finance Sub-Group Activities
Computability: Exploring Theoretical Limits of Computation
Computability: Exploring Theoretical Limits of Computation
Roles and Responsibilities in Political Party Campaigning and Advertising
Roles and Responsibilities in Political Party Campaigning and Advertising
Understanding Language Syntax Through Syntax Trees
Understanding Language Syntax Through Syntax Trees
Understanding Math Operators and Expressions in Python and Java
Understanding Math Operators and Expressions in Python and Java
Understanding Amendment in Section 43B for MSME Presented by CA Naman Maloo
Understanding Amendment in Section 43B for MSME Presented by CA Naman Maloo
Understanding HTML/CSS: Basics and Origins
Understanding HTML/CSS: Basics and Origins
Understanding Algorithmic Thinking: Key Concepts and Importance
Understanding Algorithmic Thinking: Key Concepts and Importance
Paper Review: 'Sparks of Artificial General Intelligence
Paper Review: 'Sparks of Artificial General Intelligence
Explore Edexcel Computer Science GCSE Course Information
Explore Edexcel Computer Science GCSE Course Information
Cross-platform C++ Development with CMake and vcpkg
Cross-platform C++ Development with CMake and vcpkg
Understanding MIPS Part II: Memory Organization and Instructions
Understanding MIPS Part II: Memory Organization and Instructions
Understanding File I/O and Inter-Process Communication Through Pipes
Understanding File I/O and Inter-Process Communication Through Pipes
Understanding Hash Maps: A Common Data Structure
Understanding Hash Maps: A Common Data Structure
Process integration and optimization
Process integration and optimization
Understanding Relay, Optoisolator, and Stepper Motor Interfacing with 8051 Microcontroller
Understanding Relay, Optoisolator, and Stepper Motor Interfacing with 8051 Microcontroller
Crash Course in Supercomputing: Understanding Parallelism and MPI Concepts
Crash Course in Supercomputing: Understanding Parallelism and MPI Concepts
Understanding Longest Common Subsequences in Bioinformatics
Understanding Longest Common Subsequences in Bioinformatics
Understanding BCD and ASCII Arithmetic in 8086 Assembly Language
Understanding BCD and ASCII Arithmetic in 8086 Assembly Language