Dailydave mailing list archives

Re: Today's thought

From: Dave Aitel <dave () immunitysec com>
Date: Thu, 27 May 2004 09:28:48 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Halvar Flake wrote:

| Hey all,
|
|> There are a lot of companies getting funding right now that do
|> source code analysis, varying from fancy regexp matching on gcc's
|> preprocessor output to real AST generation and inspection. No
|> interfunction value tracking (similar to code coverage in that
|> people underestimate its' usefulness in these scenarios) yet, as
|> far as I know, though.
|
|
| IIRC Coverity has interfunction value tracking -- if you hook at
| the AST layer in GCC, it should not be _that_ hard to pull off, and
| I am quite surprised that @stake's product doesn't seem to do it
| (as far as I can infer from the examples they showed). Ahwell,
| there's going to be v2 soon I assume.
|
| It is very true that pure static analysis will not solve the
| problem, but the problem which I see is that many people "soften
| up" the requirements for the static part because it is "easier
| dynamically". Then again, many people would consider me a religious
| zealot for static analysis (complete with detachedness from the
| real world and weird delusions that are normally associated with
| religious zealots :-P)

Well, the more I analyze the problem the more I crawl in your
direction through the gravel. I'm not sure that doing this analysis is
"easier dynamically" on large problems. Even basic protocol reverse
engineering is easier done via decompilation than interative solutions.

Also, I think hooking the AST layer in GCC is harder than generating
your own AST layer. I.E. (optional step 1.) Doing a decompilation, and
then (step 2) compiling it and then (step 3) clicky-clicky tainting
variables or automatically testing and running scripts. If you build
your own tree, you can generate nicer meta-data.

- -dave



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAte0QzOrqAtg8JS8RArC9AJ9vzfIvjMUbQmToC4vsQW1a73ZbxACgyIjA
+2907pgtnESb8wtCe5MdwUE=
=Gb0M
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Today's thought Dave Aitel (May 25)
- Re: Today's thought Halvar Flake (May 25)
- Re: Today's thought Matt Hargett (May 26)
  - Re: Today's thought Halvar Flake (May 26)
    - RE: Today's thought Chris Eagle (May 27)
    - Re: Today's thought Dave Aitel (May 27)
    - Re: Today's thought Dave Aitel (May 27)
    - Re: Today's thought Matt Hargett (May 27)
    - Re: Today's thought Halvar Flake (May 27)
    - Re: Today's thought Matt Hargett (May 29)
    - Re: Today's thought Halvar Flake (May 29)