Lightweight Parsing and Slicing for Bug Identification in C

Luca Mecenero, Ranindya Paramitha, Ivan Pashchenko, Fabio Massacci

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Program slicing has been used to semi- or fully-automatically help developers find errors and vulnerabilities in their programs. For example, Dashevskyi et al. (IEEE TSE 2018) introduced a lightweight slicer for Java that can be used for vulnerability analysis. However, a similar lightweight slicer for C/C++ is still missing. In this work we propose a comparison method for parsers, evaluate it on two commonly-used parsers, and develop a lightweight slicer for C/C++ using the "better"parser from our comparison. From our evaluation, the Joern parsing method (island grammar) could parse non-standard C/C++ code but its resulting structure may contain semantic errors that can affect subsequent analysis. ANTLR4 is faster in returning a result, and when manually cleared of non-standard C/C++ codes, it is more accurate than Joern. We then built our C/C++ thin slicer extension using ANTLR4, and we observed that it is promising from both precision and performance perspectives. As a future work, we plan to improve the logic behind processing pointers. In particular, we consider doing deeper pointer analysis.

Original languageEnglish
Title of host publicationARES '22
Subtitle of host publicationProceedings of the 17th International Conference on Availability, Reliability and Security
PublisherAssociation for Computing Machinery
Pages1-10
Number of pages10
ISBN (Electronic)9781450396707
DOIs
Publication statusPublished - Aug 2022
Event17th International Conference on Availability, Reliability and Security, ARES 2022 - Vienna, Austria
Duration: 23 Aug 202226 Aug 2022

Publication series

NameACM International Conference Proceeding Series

Conference

Conference17th International Conference on Availability, Reliability and Security, ARES 2022
Country/TerritoryAustria
CityVienna
Period23/08/2226/08/22

Bibliographical note

Funding Information:
The first two authors contributed equally to this article. This research was done while Ivan Pashchenko was with the University of Trento. This work has been partly supported by the European Union H2020 Program under the Grant 952647 (AssureMOSS - www.assuremoss.eu.).

Publisher Copyright:
© 2022 ACM.

Funding

The first two authors contributed equally to this article. This research was done while Ivan Pashchenko was with the University of Trento. This work has been partly supported by the European Union H2020 Program under the Grant 952647 (AssureMOSS - www.assuremoss.eu.).

FundersFunder number
European Commission
Università degli Studi di Trento
Horizon 2020 Framework Programme952647

    Keywords

    • bug and vulnerability analysis
    • C/C++
    • comparison method
    • lightweight slicing
    • parser

    Fingerprint

    Dive into the research topics of 'Lightweight Parsing and Slicing for Bug Identification in C'. Together they form a unique fingerprint.

    Cite this