Publications
Detailed Information
ZooBerry: A Software Framework for Global Sparse Analyzers and Their Verified Validators : ZooBerry: 프로그램 정적 분석기 및 검산기 자동 생성 시스템
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.advisor | 이광근 | - |
| dc.contributor.author | 조성근 | - |
| dc.date.accessioned | 2018-05-28T16:25:21Z | - |
| dc.date.available | 2018-05-28T16:25:21Z | - |
| dc.date.issued | 2018-02 | - |
| dc.identifier.other | 000000150679 | - |
| dc.identifier.uri | https://hdl.handle.net/10371/140708 | - |
| dc.description | 학위논문 (박사)-- 서울대학교 대학원 : 공과대학 전기·컴퓨터공학부, 2018. 2. 이광근. | - |
| dc.description.abstract | In this dissertation, we report a software framework, called ZooBerry, that fills the gap between static analysis designs (abstract semantics and their soundness proofs) and their faithful yet scalable implementations (industrial-strength global analyzers whose results can be automatically checked correct). The input to ZooBerry is an abstract semantics (an analysis specification) and its soundness proof, both in Coq. For scalable implementation, ZooBerry automatically integrates into the abstract semantics the general sparse analysis technology that streamlines both the spatial and temporal footprints of the generated analyzers. For faithful implementation, ZooBerry also generates a verified validator (and its safety proof in Coq) that will check the correctness of each analysis result of the generated sparse analyzer.
ZooBerry's performance is tested in realistic settings. We have implemented two analyzers for C programs, together with their validators, that detect buffer overrun and format string bugs. Both analyzers' cost performance is like they take 10-20 minutes to globally analyze 100KLoC of C benchmarks. From the format string bug analyzer we were able to find two security vulnerabilities that are confirmed (CVE-2015-8106 and CVE-2015-8107) by the security community. The generated validators took additional 5-9% of the analysis time to check the correctness of analysis results. | - |
| dc.description.tableofcontents | 1 Introduction 1
1.1 Problem 1 1.2 Solution 3 1.3 Contribution 5 1.4 Outline 7 2 Preliminary 8 2.1 Program 8 2.2 Collecting Semantics 9 2.3 Abstract Semantics 9 2.4 Sparse Analysis 12 3 Translation Validation of Static Analyses 13 3.1 Framework for Translation Validation 13 3.2 Trade-off Between Development and Runtime Scalability 16 4 Densification of Sparse Analysis Results 19 4.1 A Naive Densification Algorithm 20 4.2 An Efficient Densification Algorithm 21 4.2.1 Data Dependency at Dominant Frontier 21 4.2.2 Algorithm 22 5 SparrowBerry 24 5.1 Introduction 24 5.2 Formal Specifications of Unsound Analyzers 26 5.2.1 Our Model of Unsound Analyzers 26 5.2.2 Case Study: Sparrow 27 5.3 Translation Validation for Sparrow 29 5.4 Identifying Bugs from Validation Failures 34 5.4.1 Finding Reasons of Validation Failures 36 5.4.2 Subtle Bug Found 37 5.5 Experiment 38 5.6 Discussion 42 6 ZooBerry 43 6.1 Introduction 43 6.2 Overview of the ZooBerry Framework 46 6.2.1 Target Language 46 6.2.2 Input: Analysis Specification 47 6.2.3 Output: Sparse Analyzer and Verified Validator 48 6.2.4 Components of ZooBerry 49 6.3 Generation of Sparse Analyzer 50 6.4 Correctness of Validator 53 6.5 Formal Correctness Proof of Validator 54 6.5.1 Proofs of Abstract Semantic Function 55 6.5.2 Trusted Computing Base 56 6.6 Evaluation 57 7 Related Works 62 8 Conclusions and Future Works 67 8.1 Conclusions 67 8.2 Future Works 68 | - |
| dc.format | application/pdf | - |
| dc.format.extent | 3455441 bytes | - |
| dc.format.medium | application/pdf | - |
| dc.language.iso | en | - |
| dc.publisher | 서울대학교 대학원 | - |
| dc.subject | programming language | - |
| dc.subject | static analysis | - |
| dc.subject | formal program verification | - |
| dc.subject | sparse analysis | - |
| dc.subject.ddc | 621.3 | - |
| dc.title | ZooBerry: A Software Framework for Global Sparse Analyzers and Their Verified Validators | - |
| dc.title.alternative | ZooBerry: 프로그램 정적 분석기 및 검산기 자동 생성 시스템 | - |
| dc.type | Thesis | - |
| dc.description.degree | Doctor | - |
| dc.contributor.affiliation | 공과대학 전기·컴퓨터공학부 | - |
| dc.date.awarded | 2018-02 | - |
- Appears in Collections:
- Files in This Item:
Item View & Download Count
Items in S-Space are protected by copyright, with all rights reserved, unless otherwise indicated.