Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- research-articleOctober 2017
Using Precise Taint Tracking for Auto-sanitization
PLAS '17: Proceedings of the 2017 Workshop on Programming Languages and Analysis for SecurityPages 15–24https://doi.org/10.1145/3139337.3139341Taint analysis has been used in numerous scripting languages such as Perl and Ruby to defend against various form of code injection attacks, such as cross-site scripting (XSS) and SQL-injection. However, most taint analysis systems simply fail when ...
- research-articleJune 2017
BigFoot: static check placement for dynamic race detection
PLDI 2017: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and ImplementationPages 141–156https://doi.org/10.1145/3062341.3062350Precise dynamic data race detectors provide strong correctness guarantees but have high overheads because they generally keep analysis state in a separate shadow location for each heap memory location, and they check (and potentially update) the ...
Also Published in:
ACM SIGPLAN Notices: Volume 52 Issue 6 - research-articleJune 2016
Precise, dynamic information flow for database-backed applications
PLDI '16: Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and ImplementationPages 631–647https://doi.org/10.1145/2908080.2908098We present an approach for dynamic information flow control across the application and database. Our approach reduces the amount of policy code required, yields formal guarantees across the application and database, works with existing relational ...
Also Published in:
ACM SIGPLAN Notices: Volume 51 Issue 6 - research-articleJune 2013
Faceted execution of policy-agnostic programs
PLAS '13: Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for securityPages 15–26https://doi.org/10.1145/2465106.2465121It is important for applications to protect sensitive data. Even for simple confidentiality and integrity policies, it is often difficult for programmers to reason about how the policies should interact and how to enforce policies across the program. A ...
- proceedingJune 2013
PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation
It is our great pleasure to welcome you to PLDI 2013, the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation. PLDI is the premier research conference on programming languages and their implementation. This year's program ...
- research-articleJune 2010
Permissive dynamic information flow analysis
PLAS '10: Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for SecurityArticle No.: 3, Pages 1–12https://doi.org/10.1145/1814217.1814220A key challenge in dynamic information flow analysis is handling implicit flows, where code conditional on a private variable updates a public variable x. The naive approach of upgrading x to private results in x being partially leaked, where its value ...
- research-articleJune 2010
Adversarial memory for detecting destructive races
PLDI '10: Proceedings of the 31st ACM SIGPLAN Conference on Programming Language Design and ImplementationPages 244–254https://doi.org/10.1145/1806596.1806625Multithreaded programs are notoriously prone to race conditions, a problem exacerbated by the widespread adoption of multi-core processors with complex memory models and cache coherence protocols. Much prior work has focused on static and dynamic ...
Also Published in:
ACM SIGPLAN Notices: Volume 45 Issue 6 - research-articleJune 2009
Efficient purely-dynamic information flow analysis
PLAS '09: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for SecurityPages 113–124https://doi.org/10.1145/1554339.1554353We present a novel approach for efficiently tracking information flow in a dynamically-typed language such as JavaScript. Our approach is purely dynamic, and it detects problems with implicit paths via a dynamic check that avoids the need for an ...
- research-articleJune 2009
FastTrack: efficient and precise dynamic race detection
PLDI '09: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and ImplementationPages 121–133https://doi.org/10.1145/1542476.1542490\begin{abstract}
Multithreaded programs are notoriously prone to race conditions. Prior work on dynamic race detectors includes fast but imprecise race detectors that report false alarms, as well as slow but precise race detectors that never report ...
Also Published in:
ACM SIGPLAN Notices: Volume 44 Issue 6 - research-articleJune 2008
Velodrome: a sound and complete dynamic atomicity checker for multithreaded programs
PLDI '08: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and ImplementationPages 293–303https://doi.org/10.1145/1375581.1375618Atomicity is a fundamental correctness property in multithreaded programs, both because atomic code blocks are amenable to sequential reasoning (which significantly simplifies correctness arguments), and because atomicity violations often reveal defects ...
Also Published in:
ACM SIGPLAN Notices: Volume 43 Issue 6 - ArticleMay 2003
A type and effect system for atomicity
PLDI '03: Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementationPages 338–349https://doi.org/10.1145/781131.781169Ensuring the correctness of multithreaded programs is difficult, due to the potential for unexpected and nondeterministic interactions between threads. Previous work addressed this problem by devising tools for detecting race conditions, a situation ...
Also Published in:
ACM SIGPLAN Notices: Volume 38 Issue 5 - ArticleMay 2002
Extended static checking for Java
PLDI '02: Proceedings of the ACM SIGPLAN 2002 conference on Programming language design and implementationPages 234–245https://doi.org/10.1145/512529.512558Software development and maintenance are costly endeavors. The cost can be reduced if more software defects are detected earlier in the development cycle. This paper introduces the Extended Static Checker for Java (ESC/Java), an experimental compile-...
Also Published in:
ACM SIGPLAN Notices: Volume 37 Issue 5 - ArticleMay 2000
Type-based race detection for Java
PLDI '00: Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementationPages 219–232https://doi.org/10.1145/349299.349328This paper presents a static race detection analysis for multithreaded Java programs. Our analysis is based on a formal type system that is capable of capturing many common synchronization patterns. These patterns include classes with internal ...
Also Published in:
ACM SIGPLAN Notices: Volume 35 Issue 5 - ArticleMay 1997
Componential set-based analysis
PLDI '97: Proceedings of the ACM SIGPLAN 1997 conference on Programming language design and implementationPages 235–248https://doi.org/10.1145/258915.258937Set based analysis is a constraint-based whole program analysis that is applicable to functional and object-oriented programming language. Unfortunately, the analysis is useless for large programs, since it generates descriptions of data flow ...
Also Published in:
ACM SIGPLAN Notices: Volume 32 Issue 5 - ArticleMay 1996
Catching bugs in the web of program invariants
PLDI '96: Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementationPages 23–32https://doi.org/10.1145/231379.231387MrSpidey is a user-friendly, interactive static debugger for Scheme. A static debugger supplements the standard debugger by analyzing the program and pinpointing those program operations that may cause run-time errors such as dereferencing the null ...
Also Published in:
ACM SIGPLAN Notices: Volume 31 Issue 5 - ArticleJune 1993
The essence of compiling with continuations
PLDI '93: Proceedings of the ACM SIGPLAN 1993 conference on Programming language design and implementationPages 237–247https://doi.org/10.1145/155090.155113In order to simplify the compilation process, many compilers for higher-order languages use the continuation-passing style (CPS) transformation in a first phase to generate an intermediate representation of the source program. The salient aspect of this ...
Also Published in:
ACM SIGPLAN Notices: Volume 28 Issue 6