Prof. Dr. Eric Bodden » 2012

The dreaded #ifdef

Eric | October 25, 2012

Today we conducted a little case study on OpenSSL to see how frequently people use #ifdef directives. This word cloud shows the relative distribution. There are currently 391 different flags being used in altogether 1874 #ifdef directives (not counting #ifndef etc.). The most prominent one is __cplusplus, occurring 214 times. I wonder how many people actually understand all their different side effects and combinations and how many combinations are actually being used in actual compiled products…

Frequency of occurrence of different #ifdef directives in OpenSSL as of Oct. 25th, 2012

P.S. Thanks to Kevin Falzon for helping out with this graphic!

Comments: Comments Off on The dreaded #ifdef
Categories: Research

Challenges in defining a programming language for provably correct dynamic analyses

Eric | October 12, 2012

Our work Challenges in defining a programming language for provably correct dynamic analyses, to be presented at ISOLA next week, describes the challenges involved in designing a new programming language that we plan to develop. This new language is at the core of my new project RUNSECURE. The language is meant to target security experts, who can use it to implement enforcement monitors that when applied to a potentially insecure program will automatically secure the program against certain classes of attacks. Read the rest of this entry »

Comments: Comments Off on Challenges in defining a programming language for provably correct dynamic analyses
Categories: Research

C# Implementation of Arithmetic Coder

Eric | October 11, 2012

Quite a while ago, when I was still a student, Malte Clasen, Joachim Kneis and I developed an Arithmetic Coder, written in C++. Brent Scriver has now developed a C# Version on top of it, with some improvements.

Comments: Comments Off on C# Implementation of Arithmetic Coder
Categories: Research

Bret Victor on Programming Languages and Environments

Eric | October 6, 2012

Bret Victor has a great essay on Programming Languages and Environments. For anyone interested in software engineering I think it should be a very useful read. And I would love to see some of those concepts pop up in real-world programming environments! (Although some of them would be hard to efficiently implement, it seems.)

Comments: Comments Off on Bret Victor on Programming Languages and Environments
Categories: Research

Now at TSE: Automated API Property Inference Techniques

Eric | October 5, 2012

After roughly two years of lots of work I am happy to announce that TSE has just put online our new survey on Automated API Property Inference Techniques. This is joint work with Martin Robillard, David Kawrykow, Mira Mezini, and Tristan Ratchford. Thanks a lot to everyone who helped us with this work, in particular to Bart Dagenais, Michael Pradel and Thomas Zimmermann. We hope you find this text a valuable compendium.

From the abstract:

Frameworks and libraries offer reusable and customizable functionality through Application Programming Interfaces (APIs). Correctly using large and sophisticated APIs can represent a challenge due to hidden assumptions and requirements. Numerous approaches have been developed to infer properties of APIs, intended to guide their use by developers. With each approach come new definitions of API properties, new techniques for inferring these properties, and new ways to assess their correctness and usefulness. This paper provides a comprehensive survey of over a decade of research on automated property inference for APIs. Our survey provides a synthesis of this complex technical field along different dimensions of analysis: properties inferred, mining techniques, and empirical results. In particular, we derive a classification and organization of over 60 techniques into five different categories based on the type of API property inferred: unordered usage patterns, sequential usage patterns, behavioral specifications, migration mappings, and general information.

Download your copy here.

Comments: Comments Off on Now at TSE: Automated API Property Inference Techniques
Categories: Research

Analyzing and transforming Java and Android programs with Soot

Eric | October 3, 2012

Join us for a day-long hands-on lab

Date: Oct. 23rd 2012, Place: Mornewegstr. 30 / S4|14, Room 3.1.01

If you can, bring your own laptop!

This lab is open to members of CASED and TU Darmstadt. If you wish to attend, sign up here. By signing up you commit to attending! Attendance is free of charge.

Soot is one of the most widely-used frameworks for analyzing and transforming Java programs. Recently it has been extended to further support the analysis and transformation of Dalvik/Android bytecode. This day-long interactive hands-on lab has the goal of teaching attendees the basic principles behind Soot and its design, the major components and how they are used, but also how to extend Soot to implement analyses and transformations that are tailored to the user’s needs. The day will be split in three parts. In Part 1, the instructor will give a presentation on the history and API of Soot. Attendees will be able to follow parts of the presentation through examples on their own laptop. In Part 2, attendees will attempt to implement some example program analyses from scratch, both on the intra-procedural and inter-procedural level. During Part 3 (optional) we will split into smaller groups in which attendees can ask questions about projects they would like to implement on their own. They can then start this implementation under the instructor’s guidance. If you wish to discuss a particular topic, it may be useful to email the instructor in advance.

Comments: Comments Off on Analyzing and transforming Java and Android programs with Soot
Categories: Research