Description du projet
Technique d’analyse en tant que service pour les programmeurs professionnels
Les programmeurs des sociétés de logiciels doivent répondre à des questions clés sur la compréhension des programmes, telles que l’utilisation du code et les vulnérabilités en matière de sécurité, afin d’agir en conséquence. Le projet PARSe, financé par l’UE, explorera le potentiel de déploiement à grande échelle (et de commercialisation éventuelle) d’une analyse en tant que service pour la compréhension et la réorganisation des programmes. S’appuyant sur les algorithmes d’analyse de programmes élaborés dans le cadre du projet de recherche exploratoire SPADE du Conseil européen de la recherche, sur lequel s’appuient les travaux proposés, le service répondra avec une grande précision aux questions d’analyse. Le projet exploitera les techniques d’analyse statique de l’ensemble du programme, telles que l’analyse des pointeurs, des flux de valeurs et des taches.
Objectif
The PARSE project will explore the potential for wide deployment (and possible commercialization) of whole-program static program analysis techniques as a web-based service for program comprehension and reorganization. This analysis-as-a-service (AaaS) approach will have direct value for a large number of professional programmers. The programmer will use the service to answer key program comprehension questions (including: “how does my code use this open-source library?”; “Am I affected by the security vulnerabilities discovered in this library code?”; “What objects should I lock before making this library call?”) and to act upon them (e.g. reorganize code and prepare packaged versions of binary code for deployment so that only the minimal needed code is included).
Such needs have been identified in direct contact with major software companies (namely, Facebook and Oracle, which are both partners in current projects with the PI’s group). The proposed work lifts such specific coding needs to a general-availability web-based software analysis service. Analysis questions will be answered in high precision, with the aid of the program analysis algorithms developed in the ERC frontier research project (SPADE —307334) that the proposed work draws upon. Past tools in the commercial or research space have focused on high-precision, yet local, analysis. The proposed work will leverage whole-program static analysis techniques (such as pointer, value-flow, and taint analyses) that the PI’s group has extensively developed in the last decade.
Champ scientifique
Programme(s)
Thème(s)
Régime de financement
ERC-POC - Proof of Concept GrantInstitution d’accueil
10561 Athina
Grèce