Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Introduction to set constraint-based program analysis
Science of Computer Programming
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Principles of Program Analysis
Principles of Program Analysis
Learning DFA from Simple Examples
Machine Learning
XDuce: A Typed XML Processing Language (Preliminary Report)
Selected papers from the Third International Workshop WebDB 2000 on The World Wide Web and Databases
Soot - a Java bytecode optimization framework
CASCON '99 Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research
Extending Java for high-level Web service construction
ACM Transactions on Programming Languages and Systems (TOPLAS)
Introduction to Automata Theory, Languages, and Computation (3rd Edition)
Introduction to Automata Theory, Languages, and Computation (3rd Edition)
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Extending Java for high-level Web service construction
ACM Transactions on Programming Languages and Systems (TOPLAS)
Static Analysis of XML Transformations in Java
IEEE Transactions on Software Engineering
Static Checking of Dynamically Generated Queries in Database Applications
Proceedings of the 26th International Conference on Software Engineering
JDBC Checker: A Static Analysis Tool for SQL/JDBC Applications
Proceedings of the 26th International Conference on Software Engineering
Grammar-based analysis of string expressions
TLDI '05 Proceedings of the 2005 ACM SIGPLAN international workshop on Types in languages design and implementation
Static approximation of dynamically generated Web pages
WWW '05 Proceedings of the 14th international conference on World Wide Web
Testing database transactions with AGENDA
Proceedings of the 27th international conference on Software engineering
Checking type safety of foreign function calls
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Combining static analysis and runtime monitoring to counter SQL-injection attacks
WODA '05 Proceedings of the third international workshop on Dynamic analysis
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Using parse tree validation to prevent SQL injection attacks
SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
String analysis for x86 binaries
PASTE '05 Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Preventing SQL injection attacks using AMNESIA
Proceedings of the 28th international conference on Software engineering
Understanding software application interfaces via string analysis
Proceedings of the 28th international conference on Software engineering
ACM Transactions on Programming Languages and Systems (TOPLAS)
XML graphs in program analysis
Proceedings of the 2007 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Dynamic test input generation for database applications
Proceedings of the 2007 international symposium on Software testing and analysis
Static checking of dynamically generated queries in database applications
ACM Transactions on Software Engineering and Methodology (TOSEM)
Improving test case generation for web applications using automated interface discovery
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Preventing injection attacks with syntax embeddings
GPCE '07 Proceedings of the 6th international conference on Generative programming and component engineering
Simple and safe SQL queries with c++ templates
GPCE '07 Proceedings of the 6th international conference on Generative programming and component engineering
Computer Networks: The International Journal of Computer and Telecommunications Networking
Eliminating impedance mismatch in C++
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
Database-aware test coverage monitoring
ISEC '08 Proceedings of the 1st India software engineering conference
Static detection of cross-site scripting vulnerabilities
Proceedings of the 30th international conference on Software engineering
Impact analysis of database schema changes
Proceedings of the 30th international conference on Software engineering
Test generation for graphical user interfaces based on symbolic execution
Proceedings of the 3rd international workshop on Automation of software test
Checking type safety of foreign function calls
ACM Transactions on Programming Languages and Systems (TOPLAS)
SAFELI: SQL injection scanner using symbolic execution
TAV-WEB '08 Proceedings of the 2008 workshop on Testing, analysis, and verification of web services and applications
Deep typechecking and refactoring
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
Automated identification of parameter mismatches in web applications
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Context-Sensitive Relevancy Analysis for Efficient Symbolic Execution
APLAS '08 Proceedings of the 6th Asian Symposium on Programming Languages and Systems
Security benchmarking using partial verification
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Automated Software Engineering
Path Feasibility Analysis for String-Manipulating Programs
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Symbolic String Verification: Combining String Analysis and Size Analysis
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
A decision procedure for subset constraints over regular languages
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Modular string-sensitive permission analysis with demand-driven precision
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Locating need-to-translate constant strings for software internationalization
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
TranStrL: An automatic need-to-translate string locator for software internationalization
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Efficient symbolic execution of strings for validating web applications
Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009)
HAMPI: a solver for string constraints
Proceedings of the eighteenth international symposium on Software testing and analysis
SAS '09 Proceedings of the 16th International Symposium on Static Analysis
Abstract parsing for two-staged languages with concatenation
GPCE '09 Proceedings of the eighth international conference on Generative programming and component engineering
Profile-guided static typing for dynamic scripting languages
Proceedings of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications
Improving the Security of Downloadable Java Applications With Static Analysis
Electronic Notes in Theoretical Computer Science (ENTCS)
Higher-order multi-parameter tree transducers and recursion schemes for program verification
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Preventing injection attacks with syntax embeddings
Science of Computer Programming
Simple and safe SQL queries with C++ templates
Science of Computer Programming
MOBIUS: mobility, ubiquity, security objectives and progress report
TGC'06 Proceedings of the 2nd international conference on Trustworthy global computing
Static and dynamic analysis for web security in industry applications
International Journal of Electronic Security and Digital Forensics
Static analysis for detecting taint-style vulnerabilities in web applications
Journal of Computer Security
Solving string constraints lazily
Proceedings of the IEEE/ACM international conference on Automated software engineering
Locating need-to-translate constant strings in web applications
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Static analysis of multi-staged programs via unstaging translation
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Symbolic automata constraint solving
LPAR'10 Proceedings of the 17th international conference on Logic for programming, artificial intelligence, and reasoning
Flexible in-lined reference monitor certification: challenges and future directions
Proceedings of the 5th ACM workshop on Programming languages meets program verification
Verifying pointer and string analyses with region type systems
LPAR'10 Proceedings of the 16th international conference on Logic for programming, artificial intelligence, and reasoning
An evaluation of automata algorithms for string analysis
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
String analysis as an abstract interpretation
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
An interactive tool for analyzing embedded SQL queries
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
Verification of tree-processing programs via higher-order model checking
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
XML graphs in program analysis
Science of Computer Programming
Relational string verification using multi-track automata
CIAA'10 Proceedings of the 15th international conference on Implementation and application of automata
Static extraction of program configuration options
Proceedings of the 33rd International Conference on Software Engineering
Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders
Proceedings of the 33rd International Conference on Software Engineering
Patching vulnerabilities with sanitization synthesis
Proceedings of the 33rd International Conference on Software Engineering
HTML Validation of context-free languages
FOSSACS'11/ETAPS'11 Proceedings of the 14th international conference on Foundations of software science and computational structures: part of the joint European conferences on theory and practice of software
Tainted flow analysis on e-SSA-form programs
CC'11/ETAPS'11 Proceedings of the 20th international conference on Compiler construction: part of the joint European conferences on theory and practice of software
Path- and index-sensitive string analysis based on monadic second-order logic
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Contracts for cooperation between web service programmers and html designers
Journal of Web Engineering
Fast and precise sanitizer analysis with BEK
SEC'11 Proceedings of the 20th USENIX conference on Security
The eval that men do: A large-scale study of the use of eval in javascript applications
Proceedings of the 25th European conference on Object-oriented programming
String abstractions for string verification
Proceedings of the 18th international SPIN conference on Model checking software
Checking enforcement of integrity constraints in database applications based on code patterns
Journal of Systems and Software
Model based hybrid approach to prevent SQL injection attacks in PHP
InfoSecHiComNet'11 Proceedings of the First international conference on Security aspects in information technology
Formal modeling
Static analysis of string values
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Static analysis for java servlets and JSP
SAS'06 Proceedings of the 13th international conference on Static Analysis
Validity checking for finite automata over linear arithmetic constraints
FSTTCS'06 Proceedings of the 26th international conference on Foundations of Software Technology and Theoretical Computer Science
AutoLog: facing log redundancy and insufficiency
Proceedings of the Second Asia-Pacific Workshop on Systems
The design space of type checkers for XML transformation languages
ICDT'05 Proceedings of the 10th international conference on Database Theory
XML validation for context-free grammars
APLAS'06 Proceedings of the 4th Asian conference on Programming Languages and Systems
A practical string analyzer by the widening approach
APLAS'06 Proceedings of the 4th Asian conference on Programming Languages and Systems
STRANGER: an automata-based string analysis tool for PHP
TACAS'10 Proceedings of the 16th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Polymorphic type inference for the JNI
ESOP'06 Proceedings of the 15th European conference on Programming Languages and Systems
A case for alloy annotations for efficient incremental analysis via domain specific solvers
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Precomputing possible configuration error diagnoses
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Symbolic automata: the toolkit
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
RefaFlex: safer refactorings for reflective Java programs
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Remedying the eval that men do
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Verifying client-side input validation functions using string analysis
Proceedings of the 34th International Conference on Software Engineering
Modeling and analyzing the interaction of C and C++ strings
FoVeOOS'11 Proceedings of the 2011 international conference on Formal Verification of Object-Oriented Software
Type-Based enforcement of secure programming guidelines -- code injection prevention at SAP
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
HAMPI: A solver for word equations over strings, regular expressions, and context-free grammars
ACM Transactions on Software Engineering and Methodology (TOSEM)
Symbolic execution of programs with strings
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
Automating presentation changes in dynamic web applications via collaborative hybrid analysis
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Annotations for alloy: automated incremental analysis using domain specific solvers
ICFEM'12 Proceedings of the 14th international conference on Formal Engineering Methods: formal methods and software engineering
Verifying pointer and string analyses with region type systems
Computer Languages, Systems and Structures
JST: an automatic test generation tool for industrial Java applications with strings
Proceedings of the 2013 International Conference on Software Engineering
Z3-str: a z3-based string solver for web application analysis
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Path- and index-sensitive string analysis based on monadic second-order logic
ACM Transactions on Software Engineering and Methodology (TOSEM) - Testing, debugging, and error handling, formal methods, lifecycle concerns, evolution and maintenance
Automatic mediation of privacy-sensitive resource access in smartphone applications
SEC'13 Proceedings of the 22nd USENIX conference on Security
SEC'13 Proceedings of the 22nd USENIX conference on Security
Fissile type analysis: modular checking of almost everywhere invariants
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Science of Computer Programming
Proceedings of the 9th Central & Eastern European Software Engineering Conference in Russia
Efficient static checker for tainted variable attacks
Science of Computer Programming
Automata-based symbolic string analysis for vulnerability detection
Formal Methods in System Design
Hi-index | 0.00 |
We perform static analysis of Java programs to answer a simple question: which values may occur as results of string expressions? The answers are summarized for each expression by a regular language that is guaranteed to contain all possible values. We present several applications of this analysis, including statically checking the syntax of dynamically generated expressions, such as SQL queries. Our analysis constructs flow graphs from class files and generates a context-free grammar with a nonterminal for each string expression. The language of this grammar is then widened into a regular language through a variant of an algorithm previously used for speech recognition. The collection of resulting regular languages is compactly represented as a special kind of multi-level automaton from which individual answers may be extracted. If a program error is detected, examples of invalid strings are automatically produced. We present extensive benchmarks demonstrating that the analysis is efficient and produces results of useful precision.