Dynamic code, i.e., code that is created or modified at runtime, is ubiquitous in today’s world. The behavior of dynamic code can depend on the logic of the dynamic code generator in subtle and non-obvious ways, e.g., JIT compiler bugs can lead to exploitable vulnerabilities in the resulting JIT-compiled code. Existing approaches to program analysis do not provide adequate support for reasoning about such behavioral relationships. This paper takes a first step in addressing this problem by describing a program representation and a new notion of dependency that allows us to reason about dependency and information flow relationships between the dynamic code generator and the generated dynamic code. Experimental results show that analyses based on these concepts are able to capture properties of dynamic code that cannot be identified using traditional program analyses.
Tue 22 Sep Times are displayed in time zone: (UTC) Coordinated Universal Time
17:10 - 18:10: Software Analysis (2) Research Papers / Industry Showcase at Kangaroo Chair(s): Saba AlimadadiSimon Fraser University | |||
17:10 - 17:30 Talk | Representing and Reasoning about Dynamic Code Research Papers Jesse BartelsUniversity of Arizona, Jon StephensUniversity of Texas at Austin, Saumya DebrayUniversity of Arizona | ||
17:30 - 17:50 Talk | ER Catcher: A Static Analysis Framework for Accurate and Scalable Event-Race Detection in Android Research Papers Navid SalehnamadiUniversity of California, Irvine, Abdulaziz AlshaybanUniversity of California, Irvine, Iftekhar AhmedUniversity of California at Irvine, USA, Sam MalekUniversity of California at Irvine, USA | ||
17:50 - 18:10 Talk | Automatic Generation of IFTTT Mashup Infrastructures Industry Showcase Lei LiuFujitsu Laboratories of America, Inc., Mehdi BahramiFujitsu Laboratories of America, Inc., Wei-Peng ChenFujitsu Laboratories of America, Inc. |