Good Code, Bad Code, and Vulnerable Code
Monday, March 17, 2014 - 8:45am - 10:00am
KEC 1007
Munawar Haz
Assistant Professor
Department of Computer Science and Software Engineering
Auburn University
Abstract:
Coding is like gardening; it requires good plan, good supplies, but most
importantly continuous nurture and maintenance.
In this talk, I will concentrate on refactorings and program transformations
that help nurture good code by removing code smells and vulnerabilities. I will
describe OpenRefactory/C, an infrastructure for building program
transformations for C programs. C, in spite of its popularity, has IDEs with a
limited portfolio of program transformations, with limited scalability and
limited applicability to real-world programs. OpenRefactory/C aims to have full
support for the C preprocessor, support for static analyses, and an API and
environment that make it easy for new developers to contribute new
refactorings. Refactorings that we have implemented on OpenRefactory/C are
bug-free, unlike the refactorings featured in commercial IDEs such as Eclipse
CDT, Visual Studio, etc.
I will also describe three complex, security-oriented program transformations
that fix issues in C integers. These transformations fixed all variants of
integer vulnerabilities featured in benchmark programs of NIST's SAMATE
reference dataset and 5 open source software, making the changes automatically
on over 15 million lines of code. Being integrated with source code and
development process, refactorings and program transformations not only help
maintain good code, but also teach developers about how to write and appreciate
good code.
Biography:
Munawar Haz is an assistant professor at the Department of Computer Science and Software Engineering, Auburn University. His research focuses on applying program analysis and program transformation technologies and exploring empirical data to promote tools and methodologies that e
_______________________________________________
Colloquium mailing list
[email protected]
https://secure.engr.oregonstate.edu/mailman/listinfo/colloquium
