Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Debugging heterogeneous distributed systems using event-based models of behavior
PADD '88 Proceedings of the 1988 ACM SIGPLAN and SIGOPS workshop on Parallel and distributed debugging
A dataflow approach to event-based debugging
Software—Practice & Experience
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Query-based debugging of object-oriented programs
Proceedings of the 12th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Eraser: a dynamic data race detector for multithreaded programs
ACM Transactions on Computer Systems (TOCS)
Software fault injection: inoculating programs against errors
Software fault injection: inoculating programs against errors
Parameterized pattern matching by Boyer-Moore-type algorithms
Proceedings of the sixth annual ACM-SIAM symposium on Discrete algorithms
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
Quickly detecting relevant program invariants
Proceedings of the 22nd international conference on Software engineering
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Bitter Java
Runtime aspect weaving through metaprogramming
AOSD '02 Proceedings of the 1st international conference on Aspect-oriented software development
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Automatic extraction of object-oriented component interfaces
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
Navigating and querying code without getting lost
Proceedings of the 2nd international conference on Aspect-oriented software development
A Language Framework for Expressing Checkable Properties of Dynamic Software
Proceedings of the 7th International SPIN Workshop on SPIN Model Checking and Software Verification
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
DJ: Dynamic Adaptive Programming in Java
REFLECTION '01 Proceedings of the Third International Conference on Metalevel Architectures and Separation of Crosscutting Concerns
Testing for Software Vulnerability Using Environment Perturbation
DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
A practical flow-sensitive and context-sensitive C and C++ memory leak detector
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Object-Oriented and Classical Software Engineering
Object-Oriented and Classical Software Engineering
Cloning-based context-sensitive pointer alias analysis using binary decision diagrams
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Parametric regular path queries
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
SABER: smart analysis based error reduction
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
OOPSLA '04 Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Finding and preventing run-time error handling mistakes
OOPSLA '04 Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Implementing protocols via declarative event patterns
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Synthesis of interface specifications for Java classes
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Scalable error detection using boolean satisfiability
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Automated soundness proofs for dataflow analyses and transformations via local rules
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
DynaMine: finding common error patterns by mining software revision histories
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Adding trace matching with free variables to AspectJ
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Relational queries over program traces
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
ASTLOG: a language for examining abstract syntax trees
DSL'97 Proceedings of the Conference on Domain-Specific Languages on Conference on Domain-Specific Languages (DSL), 1997
Swt: the standard widget toolkit, volume 1
Swt: the standard widget toolkit, volume 1
Mining temporal specifications for error detection
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Adding trace matching with free variables to AspectJ
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Relational queries over program traces
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JunGL: a scripting language for refactoring
Proceedings of the 28th international conference on Software engineering
Preventing SQL injection attacks using AMNESIA
Proceedings of the 28th international conference on Software engineering
Condate: a proto-language at the confluence between checking and compiling
Proceedings of the 8th ACM SIGPLAN international conference on Principles and practice of declarative programming
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications
Using positive tainting and syntax-aware evaluation to counter SQL injection attacks
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
A static aspect language for checking design rules
Proceedings of the 6th international conference on Aspect-oriented software development
Requirement enforcement by transformation automata
Proceedings of the 6th workshop on Foundations of aspect-oriented languages
Behavioral similarity matching using concrete source code templates in logic queries
Proceedings of the 2007 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Source Code Analysis: A Road Map
FOSE '07 2007 Future of Software Engineering
Using web application construction frameworks to protect against code injection attacks
Proceedings of the 2007 workshop on Programming languages and analysis for security
AjaxScope: a platform for remotely monitoring the client-side behavior of web 2.0 applications
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
A software metric for coherence of class roles in Java programs
Proceedings of the 5th international symposium on Principles and practice of programming in Java
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Mop: an efficient and generic runtime verification framework
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Making trace monitors feasible
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
A comparison of compilation techniques for trace monitors with free variables
Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion
Declarative and visual debugging in Eclipse
Proceedings of the 2007 OOPSLA workshop on eclipse technology eXchange
Securing web applications with static and dynamic information flow tracking
PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Unparsed patterns: easy user-extensibility of program manipulation tools
PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Hang analysis: fighting responsiveness bugs
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Fusing a Transformation Language with an Open Compiler
Electronic Notes in Theoretical Computer Science (ENTCS)
Efficient program execution indexing
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Efficient runtime invariant checking: a framework and case study
WODA '08 Proceedings of the 2008 international workshop on dynamic analysis: held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2008)
Runtime Verification of C Programs
TestCom '08 / FATES '08 Proceedings of the 20th IFIP TC 6/WG 6.1 international conference on Testing of Software and Communicating Systems: 8th International Workshop
Practical Object-Oriented Back-in-Time Debugging
ECOOP '08 Proceedings of the 22nd European conference on Object-Oriented Programming
Caching and incrementalisation in the java query language
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
Typestate-like analysis of multiple interacting objects
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
Finding programming errors earlier by evaluating runtime monitors ahead-of-time
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Efficient and extensible security enforcement using dynamic data flow analysis
Proceedings of the 15th ACM conference on Computer and communications security
Transforming Timeline Specifications into Automata for Runtime Monitoring
Applications of Graph Transformations with Industrial Relevance
On automated prepared statement generation to remove SQL injection vulnerabilities
Information and Software Technology
Implicit Flows: Can't Live with `Em, Can't Live without `Em
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Automatic generation of XSS and SQL injection attacks with goal-directed model checking
SS'08 Proceedings of the 17th conference on Security symposium
Dependent advice: a general approach to optimizing history-based aspects
Proceedings of the 8th ACM international conference on Aspect-oriented software development
Addressing common crosscutting problems with Arcum
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Client-based cohesion metrics for Java programs
Science of Computer Programming
Tralfamadore: unifying source code and execution experience
Proceedings of the 4th ACM European conference on Computer systems
SQLProb: a proxy-based architecture towards preventing SQL injection attacks
Proceedings of the 2009 ACM symposium on Applied Computing
Parametric Trace Slicing and Monitoring
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Merlin: specification inference for explicit information flow problems
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
A decision procedure for subset constraints over regular languages
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Empirical Software Engineering
Reusable, generic program analyses and transformations
GPCE '09 Proceedings of the eighth international conference on Generative programming and component engineering
Transactional pointcuts: designation reification and advice of interrelated join points
GPCE '09 Proceedings of the eighth international conference on Generative programming and component engineering
A language and framework for invariant-driven transformations
GPCE '09 Proceedings of the eighth international conference on Generative programming and component engineering
Handling mixed-criticality in SoC-based real-time embedded systems
EMSOFT '09 Proceedings of the seventh ACM international conference on Embedded software
Improving application security with data flow assertions
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
An Abstract Specification Language for Static Program Analysis
Electronic Notes in Theoretical Computer Science (ENTCS)
A concurrent dynamic analysis framework for multicore hardware
Proceedings of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications
Efficient Monitoring of Parametric Context-Free Patterns
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
Intrusion detection using signatures extracted from execution profiles
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Efficient monitoring of parametric context-free patterns
Automated Software Engineering
Serializing C intermediate representations for efficient and portable parsing
Software—Practice & Experience
On the semantics of matching trace monitoring patterns
RV'07 Proceedings of the 7th international conference on Runtime verification
Collaborative runtime verification with tracematches
RV'07 Proceedings of the 7th international conference on Runtime verification
Temporal assertions with parametrised propositions
RV'07 Proceedings of the 7th international conference on Runtime verification
Runtime checking for program verification
RV'07 Proceedings of the 7th international conference on Runtime verification
Automatic coding rule conformance checking using logic programming
PADL'08 Proceedings of the 10th international conference on Practical aspects of declarative languages
Applying the composition filter model for runtime verification of multiple-language software
ISSRE'09 Proceedings of the 20th IEEE international conference on software reliability engineering
Supporting dynamic aspect-oriented features
ACM Transactions on Software Engineering and Methodology (TOSEM)
An empirical investigation into open source web applications' implementation vulnerabilities
Empirical Software Engineering
AjaxScope: A Platform for Remotely Monitoring the Client-Side Behavior of Web 2.0 Applications
ACM Transactions on the Web (TWEB)
Matching dependence-related queries in the system dependence graph
Proceedings of the IEEE/ACM international conference on Automated software engineering
Symbolic security analysis of ruby-on-rails web applications
Proceedings of the 17th ACM conference on Computer and communications security
Avoiding bugs pro-actively by change-oriented programming
Proceedings of the 1st Workshop on Testing Object-Oriented Systems
Clara: partially evaluating runtime monitors at compile time tutorial supplement
RV'10 Proceedings of the First international conference on Runtime verification
Runtime verification with the RV system
RV'10 Proceedings of the First international conference on Runtime verification
LeakProber: a framework for profiling sensitive data leakage paths
Proceedings of the first ACM conference on Data and application security and privacy
Tracking data structures for postmortem analysis (NIER track)
Proceedings of the 33rd International Conference on Software Engineering
Garbage collection for monitoring parametric properties
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Runtime Verification for LTL and TLTL
ACM Transactions on Software Engineering and Methodology (TOSEM)
Detecting algorithms using dynamic analysis
Proceedings of the Ninth International Workshop on Dynamic Analysis
Practical elimination of external interaction vulnerabilities in web applications
Journal of Web Engineering
Preventing web application injections with complementary character coding
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
CryptDB: protecting confidentiality with encrypted query processing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Fay: extensible distributed tracing from kernels to clusters
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Data-driven synthesis for object-oriented frameworks
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
ASIDE: IDE support for web application security
Proceedings of the 27th Annual Computer Security Applications Conference
The SOUL tool suite for querying programs in symbiosis with Eclipse
Proceedings of the 9th International Conference on Principles and Practice of Programming in Java
Using datalog with binary decision diagrams for program analysis
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
abc: the aspectbench compiler for aspectJ
GPCE'05 Proceedings of the 4th international conference on Generative Programming and Component Engineering
A self-replication algorithm to flexibly match execution traces
Proceedings of the eleventh workshop on Foundations of Aspect-Oriented Languages
CodeQuest: scalable source code queries with datalog
ECOOP'06 Proceedings of the 20th European conference on Object-Oriented Programming
Efficient object querying for java
ECOOP'06 Proceedings of the 20th European conference on Object-Oriented Programming
FATES'06/RV'06 Proceedings of the First combined international conference on Formal Approaches to Software Testing and Runtime Verification
Automatic incrementalization of prolog based static analyses
PADL'07 Proceedings of the 9th international conference on Practical Aspects of Declarative Languages
Partial evaluation of pointcuts
PADL'07 Proceedings of the 9th international conference on Practical Aspects of Declarative Languages
Monitoring method call sequences using annotations
FACS'10 Proceedings of the 7th international conference on Formal Aspects of Component Software
A framework for the checking and refactoring of crosscutting concepts
ACM Transactions on Software Engineering and Methodology (TOSEM)
Partially Evaluating Finite-State Runtime Monitors Ahead of Time
ACM Transactions on Programming Languages and Systems (TOPLAS)
Security-policy monitoring and enforcement with JavaMOP
Proceedings of the 7th Workshop on Programming Languages and Analysis for Security
Proceedings of the 34th International Conference on Software Engineering
CBCD: cloned buggy code detector
Proceedings of the 34th International Conference on Software Engineering
Proceedings of the 34th International Conference on Software Engineering
JavaMOP: efficient parametric runtime monitoring framework
Proceedings of the 34th International Conference on Software Engineering
Supporting automated vulnerability analysis using formalized vulnerability signatures
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Information and Software Technology
Specification and monitoring of data-centric temporal properties for service-based systems
Journal of Systems and Software
Fay: Extensible Distributed Tracing from Kernels to Clusters
ACM Transactions on Computer Systems (TOCS)
Reusing debugging knowledge via trace-based bug search
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
A staged static program analysis to improve the performance of runtime monitoring
ECOOP'07 Proceedings of the 21st European conference on Object-Oriented Programming
A case for "Piggyback" Runtime Monitoring
ISoLA'12 Proceedings of the 5th international conference on Leveraging Applications of Formal Methods, Verification and Validation: technologies for mastering change - Volume Part I
VAM-aaS: online cloud services security vulnerability analysis and mitigation-as-a-service
WISE'12 Proceedings of the 13th international conference on Web Information Systems Engineering
Towards fully automatic placement of security sanitizers and declassifiers
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Static vulnerability detection in Java service-oriented components
Journal in Computer Virology
Generating sound and effective memory debuggers
Proceedings of the 2013 international symposium on memory management
Proceedings of the 28th Annual ACM Symposium on Applied Computing
EnforceMOP: a runtime property enforcement system for multithreaded programs
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Expositor: scriptable time-travel debugging with first-class traces
Proceedings of the 2013 International Conference on Software Engineering
Boa: a language and infrastructure for analyzing ultra-large-scale software repositories
Proceedings of the 2013 International Conference on Software Engineering
LASE: locating and applying systematic edits by learning from examples
Proceedings of the 2013 International Conference on Software Engineering
Proceedings of the 7th Workshop on Dynamic Languages and Applications
Proceedings of the 12th international conference on Generative programming: concepts & experiences
Generating profile-based signatures for online intrusion and failure detection
Information and Software Technology
| Hi-index | 0.00 |
A number of effective error detection tools have been built in recent years to check if a program conforms to certain design rules. An important class of design rules deals with sequences of events asso-ciated with a set of related objects. This paper presents a language called PQL (Program Query Language) that allows programmers to express such questions easily in an application-specific context. A query looks like a code excerpt corresponding to the shortest amount of code that would violate a design rule. Details of the tar-get application's precise implementation are abstracted away. The programmer may also specify actions to perform when a match is found, such as recording relevant information or even correcting an erroneous execution on the fly.We have developed both static and dynamic techniques to find solutions to PQL queries. Our static analyzer finds all potential matches conservatively using a context-sensitive, flow-insensitive, inclusion-based pointer alias analysis. Static results are also use-ful in reducing the number of instrumentation points for dynamic analysis. Our dynamic analyzer instruments the source program to catch all violations precisely as the program runs and to optionally perform user-specified actions.We have implemented the techniques described in this paper and found 206 errors in 6 large real-world open-source Java applica-tions containing a total of nearly 60,000 classes. These errors are important security flaws, resource leaks, and violations of consis-tency invariants. The combination of static and dynamic analysis proves effective at addressing a wide range of debugging and pro-gram comprehension queries. We have found that dynamic analysis is especially suitable for preventing errors such as security vulner-abilities at runtime.