Max-Planck-Institut für Informatik
max planck institut
mpii logo Minerva of the Max Planck Society

MPI-INF or MPI-SWS or Local Campus Event Calendar

<< Previous Entry Next Entry >> New Event Entry Edit this Entry Login to DB (to update, delete)
What and Who
Title:CLOTHO: Saving Programs from Malformed Strings and Incorrect String-Handling
Speaker:Aritra Dhar
coming from:Xerox Research Center India
Speakers Bio:Aritra is a research engineer at Xerox Research Center India and a prospective PhD student. He has a

M.Tech degree from IIIT-Delhi and he is interested in program analysis, crypto currency and wireless sensor networks.

Event Type:SWS Colloquium
Visibility:D4, SWS, RG1
We use this to send out email in the morning.
Level:Expert Audience
Date, Time and Location
Date:Tuesday, 8 December 2015
Duration:60 Minutes
Building:E1 5
Software is susceptible to malformed data originating from untrusted sources. Occasionally the programming logic or constructs used are inappropriate
to handle the varied constraints imposed by legal and well-formed data. Consequently, software may produce unexpected results or even crash.
In this paper, we present \tool, a novel hybrid approach that saves such software from crashing when failures originate from malformed strings or
inappropriate handling of strings. Clotho statically analyzes a program to identify statements that are vulnerable to failures related to associated string data.
Clotho then generates patches that are likely to satisfy constraints on the data, and in case of failures produces program behavior which would be close
to the expected. The precision of the patches is improved with the help of a dynamic analysis. 

We have implemented Clotho for the Java String API, and our evaluation based on several popular open-source libraries shows that Clotho generates
patches that are semantically similar to the patches generated by the programmers in the later versions. Additionally, these patches are activated only
when a failure is detected, and thus Clotho incurs no runtime overhead during normal execution, and negligible overhead in case of failures.
Name(s):Claudia Richter
Phone:0681 9303 9103
EMail:--email address not disclosed on the web
Video Broadcast
Video Broadcast:YesTo Location:Kaiserslautern
To Building:G26To Room:113
Tags, Category, Keywords and additional notes
Attachments, File(s):

Created:Claudia Richter/MPI-SWS, 12/07/2015 10:14 AM Last modified:Uwe Brahm/MPII/DE, 11/24/2016 04:14 PM
  • Claudia Richter, 12/07/2015 10:21 AM -- Created document.