Lightweight Parsing and Slicing for Bug Identification in C

Proceedings of the 17th International Conference on Availability, Reliability and Security Pub Date : 2022-08-23 DOI:10.1145/3538969.3543828

Luca Mecenero, Ranindya Paramitha, Ivan Pashchenko, F. Massacci

{"title":"Lightweight Parsing and Slicing for Bug Identification in C","authors":"Luca Mecenero, Ranindya Paramitha, Ivan Pashchenko, F. Massacci","doi":"10.1145/3538969.3543828","DOIUrl":null,"url":null,"abstract":"Program slicing has been used to semi- or fully-automatically help developers find errors and vulnerabilities in their programs. For example, Dashevskyi et al. (IEEE TSE 2018) introduced a lightweight slicer for Java that can be used for vulnerability analysis. However, a similar lightweight slicer for C/C++ is still missing. In this work we propose a comparison method for parsers, evaluate it on two commonly-used parsers, and develop a lightweight slicer for C/C++ using the “better” parser from our comparison. From our evaluation, the Joern parsing method (island grammar) could parse non-standard C/C++ code but its resulting structure may contain semantic errors that can affect subsequent analysis. ANTLR4 is faster in returning a result, and when manually cleared of non-standard C/C++ codes, it is more accurate than Joern. We then built our C/C++ thin slicer extension using ANTLR4, and we observed that it is promising from both precision and performance perspectives. As a future work, we plan to improve the logic behind processing pointers. In particular, we consider doing deeper pointer analysis.","PeriodicalId":306813,"journal":{"name":"Proceedings of the 17th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 17th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3538969.3543828","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Program slicing has been used to semi- or fully-automatically help developers find errors and vulnerabilities in their programs. For example, Dashevskyi et al. (IEEE TSE 2018) introduced a lightweight slicer for Java that can be used for vulnerability analysis. However, a similar lightweight slicer for C/C++ is still missing. In this work we propose a comparison method for parsers, evaluate it on two commonly-used parsers, and develop a lightweight slicer for C/C++ using the “better” parser from our comparison. From our evaluation, the Joern parsing method (island grammar) could parse non-standard C/C++ code but its resulting structure may contain semantic errors that can affect subsequent analysis. ANTLR4 is faster in returning a result, and when manually cleared of non-standard C/C++ codes, it is more accurate than Joern. We then built our C/C++ thin slicer extension using ANTLR4, and we observed that it is promising from both precision and performance perspectives. As a future work, we plan to improve the logic behind processing pointers. In particular, we consider doing deeper pointer analysis.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

C语言中用于Bug识别的轻量级解析和切片

程序切片已被用于半自动或全自动地帮助开发人员发现程序中的错误和漏洞。例如，Dashevskyi等人(IEEE TSE 2018)为Java引入了一个轻量级切片器，可用于漏洞分析。然而，C/ c++的类似轻量级切片器仍然缺失。在这项工作中，我们提出了一种解析器的比较方法，在两个常用的解析器上对其进行评估，并使用我们比较的“更好”解析器为C/ c++开发轻量级切片器。从我们的评估来看，Joern解析方法(孤岛语法)可以解析非标准的C/ c++代码，但其结果结构可能包含可能影响后续分析的语义错误。ANTLR4返回结果的速度更快，并且在手动清除非标准C/ c++代码时，它比Joern更准确。然后，我们使用ANTLR4构建了C/ c++薄切片器扩展，我们观察到，从精度和性能的角度来看，它都很有希望。作为未来的工作，我们计划改进处理指针背后的逻辑。特别是，我们考虑进行更深入的指针分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the 17th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量