Program slicing has been used to semi- or fully-automatically help developers find errors and vulnerabilities in their programs. For example, Dashevskyi et al. (IEEE TSE 2018) introduced a lightweight slicer for Java that can be used for vulnerability analysis. However, a similar lightweight slicer for C/C++ is still missing. In this work we propose a comparison method for parsers, evaluate it on two commonly-used parsers, and develop a lightweight slicer for C/C++ using the “better” parser from our comparison. From our evaluation, the Joern parsing method (island grammar) could parse non-standard C/C++ code but its resulting structure may contain semantic errors that can affect subsequent analysis. ANTLR4 is faster in returning a result, and when manually cleared of non-standard C/C++ codes, it is more accurate than Joern. We then built our C/C++ thin slicer extension using ANTLR4, and we observed that it is promising from both precision and performance perspectives. As a future work, we plan to improve the logic behind processing pointers. In particular, we consider doing deeper pointer analysis.

Lightweight Parsing and Slicing for Bug Identification in C / Mecenero, Luca; Paramitha, Ranindya; Pashchenko, Ivan; Massacci, Fabio. - ELETTRONICO. - (2022), pp. 1-10. (Intervento presentato al convegno ARES tenutosi a Vienna, Austria nel 23- 26 August 2022) [10.1145/3538969.3543828].

Lightweight Parsing and Slicing for Bug Identification in C

Paramitha, Ranindya;Pashchenko, Ivan;Massacci, Fabio
2022-01-01

Abstract

Program slicing has been used to semi- or fully-automatically help developers find errors and vulnerabilities in their programs. For example, Dashevskyi et al. (IEEE TSE 2018) introduced a lightweight slicer for Java that can be used for vulnerability analysis. However, a similar lightweight slicer for C/C++ is still missing. In this work we propose a comparison method for parsers, evaluate it on two commonly-used parsers, and develop a lightweight slicer for C/C++ using the “better” parser from our comparison. From our evaluation, the Joern parsing method (island grammar) could parse non-standard C/C++ code but its resulting structure may contain semantic errors that can affect subsequent analysis. ANTLR4 is faster in returning a result, and when manually cleared of non-standard C/C++ codes, it is more accurate than Joern. We then built our C/C++ thin slicer extension using ANTLR4, and we observed that it is promising from both precision and performance perspectives. As a future work, we plan to improve the logic behind processing pointers. In particular, we consider doing deeper pointer analysis.
2022
ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security (IWCSEC 2022)
New York, NY, USA
Association for Computing Machinery
9781450396707
Mecenero, Luca; Paramitha, Ranindya; Pashchenko, Ivan; Massacci, Fabio
Lightweight Parsing and Slicing for Bug Identification in C / Mecenero, Luca; Paramitha, Ranindya; Pashchenko, Ivan; Massacci, Fabio. - ELETTRONICO. - (2022), pp. 1-10. (Intervento presentato al convegno ARES tenutosi a Vienna, Austria nel 23- 26 August 2022) [10.1145/3538969.3543828].
File in questo prodotto:
File Dimensione Formato  
3538969.3543815.pdf

accesso aperto

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 689.83 kB
Formato Adobe PDF
689.83 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/369758
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact