Pretty-big-step-semantics-based Certified Abstract Interpretation

We present a technique for deriving semantic program analyses from a natural semantics specification of the programming language. The technique is based on a particular kind of semantics called pretty-big-step semantics. We present a pretty-big-step semantics of a language with simple objects called O'While and specify a series of instrumentations of the semantics that explicitates the flows of values in a program. This leads to a semantics-based dependency analysis, at the core, e.g., of tainting analysis in software security. The formalization has been realized with the Coq proof assistant.

[1]  David Brumley,et al.  All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.

[2]  Thomas P. Jensen,et al.  A Calculational Approach to Control-Flow Analysis by Abstract Interpretation , 2008, SAS.

[3]  David A. Schmidt Natural-Semantics-Based Abstract Interpretation (Preliminary Version) , 1995, SAS.

[4]  Olivier Danvy,et al.  Abstracting abstract machines , 2011, Commun. ACM.

[5]  Christopher Krügel,et al.  Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.

[6]  Marco Pistoia,et al.  Saving the world wide web from vulnerable JavaScript , 2011, ISSTA '11.

[7]  Valérie Gouranton,et al.  Dynamic Slicing: a generic analysis based on a natural semantics format , 1999, J. Log. Comput..

[8]  David A. Schmidt,et al.  Automata-Based Confidentiality Monitoring , 2006, ASIAN.

[9]  Patrick Cousot,et al.  The calculational design of a generic abstract interpreter , 1999 .

[10]  Andrei Sabelfeld,et al.  Information-Flow Security for a Core of JavaScript , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[11]  David Pichardie Building Certified Static Analysers by Modular Construction of Well-founded Lattices , 2008, Electron. Notes Theor. Comput. Sci..

[12]  Arthur Charguéraud,et al.  Pretty-Big-Step Semantics , 2013, ESOP.

[13]  Matthew Might,et al.  Abstracting abstract machines , 2010, ICFP '10.

[14]  Thomas P. Jensen,et al.  Control-flow analysis of function calls and returns by abstract interpretation , 2009, Inf. Comput..