Campus Event Calendar
Event Entry
What and Who
CLOTHO: Saving Programs from Malformed Strings and Incorrect String-Handling
Aritra Dhar
Xerox Research Center India
SWS Colloquium
Aritra is a research engineer at Xerox Research Center India and a prospective PhD student. He has a
M.Tech degree from IIIT-Delhi and he is interested in program analysis, crypto currency and wireless sensor networks.
AG 4, SWS, RG1
Expert Audience
English
Note: We use this to send email in the morning.
Date, Time and Location
Tuesday, 8 December 2015
10:30
60 Minutes
E1 5
029
Saarbrücken
Abstract
Software is susceptible to malformed data originating from untrusted sources. Occasionally the programming logic or constructs used are inappropriate
to handle the varied constraints imposed by legal and well-formed data. Consequently, software may produce unexpected results or even crash.
In this paper, we present \tool, a novel hybrid approach that saves such software from crashing when failures originate from malformed strings or
inappropriate handling of strings. Clotho statically analyzes a program to identify statements that are vulnerable to failures related to associated string data.
Clotho then generates patches that are likely to satisfy constraints on the data, and in case of failures produces program behavior which would be close
to the expected. The precision of the patches is improved with the help of a dynamic analysis.
We have implemented Clotho for the Java String API, and our evaluation based on several popular open-source libraries shows that Clotho generates
patches that are semantically similar to the patches generated by the programmers in the later versions. Additionally, these patches are activated only
when a failure is detected, and thus Clotho incurs no runtime overhead during normal execution, and negligible overhead in case of failures.
to handle the varied constraints imposed by legal and well-formed data. Consequently, software may produce unexpected results or even crash.
In this paper, we present \tool, a novel hybrid approach that saves such software from crashing when failures originate from malformed strings or
inappropriate handling of strings. Clotho statically analyzes a program to identify statements that are vulnerable to failures related to associated string data.
Clotho then generates patches that are likely to satisfy constraints on the data, and in case of failures produces program behavior which would be close
to the expected. The precision of the patches is improved with the help of a dynamic analysis.
We have implemented Clotho for the Java String API, and our evaluation based on several popular open-source libraries shows that Clotho generates
patches that are semantically similar to the patches generated by the programmers in the later versions. Additionally, these patches are activated only
when a failure is detected, and thus Clotho incurs no runtime overhead during normal execution, and negligible overhead in case of failures.
Contact
Claudia Richter
0681 9303 9103
--email hidden
Video Broadcast
Yes
Kaiserslautern
G26
113
passcode not visible
logged in users only
Claudia Richter, 12/07/2015 10:21 -- Created document.