Project Group Visualising Data Flows in Static Code Analyses

VisuFlow is an Eclipse plugin that helps visualizing data-flow analyses run on top of Soot.

The source code can be found here: https://github.com/VisuFlow

The project group will consist of 8 students. For this restricted admission, we kindly ask all interested students to solve the small challenge described below.

Please hand in your solutions (source code) by Monday, March 14^th, 23:59 to lisa.nguyen@iem.fraunhofer.de

We are aware that not all students are familiar with Soot, or program analysis. Everyone is encouraged to submit an answer to the challenge, even incomplete.

Participants will be selected based on code quality and demonstrated problem-solving skills.

We remain available should any question arise concerning the challenge.

Challenge:

For VisuFlow, you will be working with the Soot framework to analyze Java programs.

Here is a stub for a simple taint analysis in Soot. Your task will be to implement the rules for the analysis.

A taint analysis tracks so-called tainted data from a given source (here, it is getSecret()) to see if it can reach a given sink here, leak()) through chains of assignments. We provide a template and some test cases with which you can test your implementation.

Base your analysis on the following rules:

1. If the left side of an assignment is a local and the right side is a method call to method which signature contains the String getSecret, the left side is tainted.

2. If the right side of an assignment is a constant, and the left side is a local which was tainted, the taint can be removed.

3. If the right side of an assignment is a local and the left side is a local, the left side is tainted if and only if the right side was tainted before.

4. If the right side of an assignment is a local and the left side is a field, the base object of the field is tainted if the right side is tainted.

If a tainted value potentially leaves the scope of the method due to being passed as a parameter to another method call or is returned by the method,

this is considered a leak and must be reported. Reports are done by calling Reporter.report(). The analysis should also report the source from which the respective data item was obtained, i.e., the appropriate call to getSecret().

Documentation:

https://github.com/Sable/soot/wiki/Tutorials

http://www.brics.dk/SootGuide/sootsurvivorsguide.pdf

For bug finding, compiler optimization or vulnerability discovery, one needs to infer properties about source code. A popular method to do is static analysis: inspecting the code without executing it. Analysts use automated tools as black boxes to point them to hotspots. These tools usally output results that are difficult to understand and it remains the analysts' task to correctly interpret them. This can especially be hard when they do not know how those tools computed their results.

Most tools' internal reasoning is based on graph reachability over methods or statements of the analyzed program. In data-flow analysis, facts flow along a graph representing the program's control flow, propagating properties the analysis wants to verify.

Building and understanding such analyses is challenging and could be made easier by visualizing the data-flows which are generated by the analysis. In the first phase of this project group, you will familiarise yourselves with state-of-the-art static analysis frameworks, research how to efficiently represent and visualize data-flow graphs, and implement a concrete prototype for the Eclipse IDE.

In the second phase, you will investigate the various uses of such a representation for data-flow analysis creation and debug.

This project will be conducted in english.

• Good understanding of the Java language
• Knowledge of good software design and efficient programming
• Prior knowledge of static analysis is helpful, but not absolutely necessary
• Experience with the Eclipse IDE
• Knowledge of Eclipse plugin development is a plus

To attend the course, you have to register in the PAUL system as a participant.

VisuFlow presentation slides from February 8

Lisa Nguyen (lisa.nguyen@iem.fraunhofer.de)

Stefan Krüger (stefan.krueger@upb.de)