The Julia Static Analyzer for Java

@inproceedings{Spoto2016TheJS,
  title={The Julia Static Analyzer for Java},
  author={Fausto Spoto},
  booktitle={SAS},
  year={2016}
}
  • F. Spoto
  • Published in SAS 8 September 2016
  • Computer Science
The Julia static analyzer applies abstract interpretation to the analysis and verification of Java bytecode. It is the result of 13 years of engineering effort based on theoretical research on denotational and constraint-based static analysis through abstract interpretation. Julia is a library for static analysis, over which many checkers have been built, that verify the absence of a large set of typical errors of software: among them are null-pointer accesses, non-termination, wrong… 
From CIL to Java bytecode: Semantics-based translation for static analysis leveraging
CIL to Java-Bytecode Translation for Static Analysis Leveraging
TLDR
The main result of this work is to leverage existing, mature, and sound analyzers for Java bytecode by applying them to the (translated) CIL bytecode.
Tailoring Taint Analysis to GDPR
TLDR
This paper focuses on static program analysis, which is the analysis of software at compile time without executing it to track how sensitive data is automatically managed by a software, and if such software could leak some of this data.
BackFlow: Backward Context-Sensitive Flow Reconstruction of Taint Analysis Results
TLDR
This paper formalizes \(\mathsf {BackFlow}\), a context-sensitive taint flow reconstructor that, starting from the results of a taint-analysis engine, reconstructs how tainted data flows inside the program and builds paths connecting sources to sinks.
Static Type Analysis by Abstract Interpretation of Python Programs
TLDR
A static analysis by abstract interpretation able to infer the possible types of variables, taking into account the full control-flow, implemented into the MOPSA analysis framework and leverages external type annotations from the Typeshed project to support the vast standard library.
Static Type Analysis by Abstract Interpretation of Python Programs (Artifact)
TLDR
A static analysis by abstract interpretation able to infer the possible types of variables, taking into account the full control-flow, implemented into the MOPSA analysis framework and leverages external type annotations from the Typeshed project to support the vast standard library.
RacerD: compositional static race detection
TLDR
RacerD is the first inter-procedural, compositional data race detector which has been shown to have non-trivial precision and impact, and this allows it to perform continuous reasoning about a large, rapidly changing codebase as part of deployment within a continuous integration ecosystem.
SARL: Framework Modeling for Static Analysis
TLDR
SARL, a domain-specific language that allows to specify the behaviors of frameworks, is introduced and the experimental results show that the number of false alarms produced by an industrial static analyzer can be greatly decreased using SARL.
Security Analysis of the OWASP Benchmark with Julia
TLDR
This work presents how the Julia static analyzer, a sound tool based on abstract interpretation, performs on the OWASP Benchmark for Security Automation, in terms of soundness and precision, and discusses the details of its security analysis over a taint analysis of data, implemented through binary decision diagrams.
Static Privacy Analysis by Flow Reconstruction of Tainted Data
TLDR
BackFlow is introduced, a backward flow reconstructor that, starting from the results of a generic taint analysis engine, reconstructs the flow of tainted data and can be effectively applied to privacy analysis, such as the detection of sensitive data leaks or compliance with a data regulation.
...
...

References

SHOWING 1-10 OF 25 REFERENCES
Definite Expression Aliasing Analysis for Java Bytecode
TLDR
A novel static analysis for Java bytecode is defined, called definite expression aliasing, which determines which expressions must be aliased to local variables and stack elements of the Java Virtual Machine.
Boolean Formulas for the Static Identification of Injection Attacks in Java
TLDR
A flow- and context-sensitive static analysis that automatically identifies if and where injections of tainted data can occur in a program is described and implemented within the Julia analyzer for Java and Android.
Magic-Sets Transformation for the Analysis of Java Bytecode
TLDR
This work defines an equivalent denotational semantics, whose denotations for the magic blocks are hence the internal behaviours of P, and implements this transformation and instantiate it with abstract domains modelling sharing of two variables and non-cyclicity of variables.
Precise null-pointer analysis
  • F. Spoto
  • Computer Science
    Software & Systems Modeling
  • 2009
In Java, C or C++, attempts to dereference the null value result in an exception or a segmentation fault. Hence, it is important to identify those program points where this undesired behaviour might
Semantics for Locking Specifications
TLDR
This article formalizes two possible semantics of @GuardedBy, using a reference operational semantics for a core calculus of a concurrent Java-like language, and identifies when such annotations are actual guarantees against data races.
Global Flow Analysis as a Practical Compilation Tool
COSTA: Design and Implementation of a Cost and Termination Analyzer for Java Bytecode
TLDR
The architecture of costa, an abstract interpretation based on cos t and t ermination a nalyzer for Java bytecode, provides for the first time evidence that resource usage analysis can be applied to a realistic object-oriented, bytecode programming language.
Locking Discipline Inference and Checking
TLDR
These are the first tools that can soundly infer and check a locking discipline for Java, and how to express the formal semantics in two different styles of analysis: abstract interpretation and type theory.
Inference of field initialization
TLDR
A static analysis is presented that infers a safe over-approximation of the program variables, fields, and array elements that, at run time, might hold raw objects and is flow-sensitive and interprocedural.
Detecting Non-cyclicity by Abstract Compilation into Boolean Functions
TLDR
This work defines a correct abstract denotational semantics over NC, which leads to an efficient implementation in terms of binary decision diagrams and to the elegant and efficient use of abstract compilation.
...
...