Dynamic code, i.e., code that is created or modified at runtime, is ubiquitous in today’s world. The behavior of dynamic code can depend on the logic of the dynamic code generator in subtle and non-obvious ways, e.g., JIT compiler bugs can lead to exploitable vulnerabilities in the resulting JIT-compiled code. Existing approaches to program analysis do not provide adequate support for reasoning about such behavioral relationships. This paper takes a first step in addressing this problem by describing a program representation and a new notion of dependency that allows us to reason about dependency and information flow relationships between the dynamic code generator and the generated dynamic code. Experimental results show that analyses based on these concepts are able to capture properties of dynamic code that cannot be identified using traditional program analyses.
Tue 22 SepDisplayed time zone: (UTC) Coordinated Universal Time change
17:10 - 18:10 | Software Analysis (2) Research Papers / Industry Showcase at Kangaroo Chair(s): Saba Alimadadi Simon Fraser University | ||
17:10 20mTalk | Representing and Reasoning about Dynamic Code Research Papers Jesse Bartels University of Arizona, Jon Stephens University of Texas at Austin, Saumya Debray University of Arizona | ||
17:30 20mTalk | ER Catcher: A Static Analysis Framework for Accurate and Scalable Event-Race Detection in Android Research Papers Navid Salehnamadi University of California, Irvine, Abdulaziz Alshayban University of California, Irvine, Iftekhar Ahmed University of California at Irvine, USA, Sam Malek University of California at Irvine, USA | ||
17:50 20mTalk | Automatic Generation of IFTTT Mashup Infrastructures Industry Showcase Lei Liu Fujitsu Laboratories of America, Inc., Mehdi Bahrami Fujitsu Laboratories of America, Inc., Wei-Peng Chen Fujitsu Laboratories of America, Inc. | ||