Abstract
Program slicing has been used to semi- or fully-automatically help developers find errors and vulnerabilities in their programs. For example, Dashevskyi et al. (IEEE TSE 2018) introduced a lightweight slicer for Java that can be used for vulnerability analysis. However, a similar lightweight slicer for C/C++ is still missing. In this work we propose a comparison method for parsers, evaluate it on two commonly-used parsers, and develop a lightweight slicer for C/C++ using the "better"parser from our comparison. From our evaluation, the Joern parsing method (island grammar) could parse non-standard C/C++ code but its resulting structure may contain semantic errors that can affect subsequent analysis. ANTLR4 is faster in returning a result, and when manually cleared of non-standard C/C++ codes, it is more accurate than Joern. We then built our C/C++ thin slicer extension using ANTLR4, and we observed that it is promising from both precision and performance perspectives. As a future work, we plan to improve the logic behind processing pointers. In particular, we consider doing deeper pointer analysis.
Original language | English |
---|---|
Title of host publication | ARES '22 |
Subtitle of host publication | Proceedings of the 17th International Conference on Availability, Reliability and Security |
Publisher | Association for Computing Machinery |
Pages | 1-10 |
Number of pages | 10 |
ISBN (Electronic) | 9781450396707 |
DOIs | |
Publication status | Published - Aug 2022 |
Event | 17th International Conference on Availability, Reliability and Security, ARES 2022 - Vienna, Austria Duration: 23 Aug 2022 → 26 Aug 2022 |
Publication series
Name | ACM International Conference Proceeding Series |
---|
Conference
Conference | 17th International Conference on Availability, Reliability and Security, ARES 2022 |
---|---|
Country/Territory | Austria |
City | Vienna |
Period | 23/08/22 → 26/08/22 |
Bibliographical note
Funding Information:The first two authors contributed equally to this article. This research was done while Ivan Pashchenko was with the University of Trento. This work has been partly supported by the European Union H2020 Program under the Grant 952647 (AssureMOSS - www.assuremoss.eu.).
Publisher Copyright:
© 2022 ACM.
Funding
The first two authors contributed equally to this article. This research was done while Ivan Pashchenko was with the University of Trento. This work has been partly supported by the European Union H2020 Program under the Grant 952647 (AssureMOSS - www.assuremoss.eu.).
Funders | Funder number |
---|---|
European Commission | |
Università degli Studi di Trento | |
Horizon 2020 Framework Programme | 952647 |
Keywords
- bug and vulnerability analysis
- C/C++
- comparison method
- lightweight slicing
- parser