Have you ever wondered what system resources the library you are about to include into your software project uses?
When you are developing software and care for the security of your system, you are in a dilemma: Either you use off-the-shelf software components and don’t know what might happen or either inspect the off-the-shelf components (which might take the same time as a rewrite) and probably miss your deadlines. This is not a very enjoyable situation to be in.
We would like to change that and developed a high-level capability inference for Java libraries. It can tell you which system resources it uses, so you can sleep safely again because the math library you use will not leak your sensitive data.
Continue reading “Getting to Know You… Towards a Capability Model for Java” »
Why is there code in software products that actually never will be executed?
The reasons for this can be technical. Your compiler may introduce dead code to the compiled product as part of its compilation scheme. But also this dead code can show you where you as a programmer actually did something wrong.
We developed a method using the OPAL framework based on abstract interpretation that successfully detects dead software paths, filters out all the technical issues that you couldn’t take care of and shows you just the issues that you might want to fix depending on their severity.
Continue reading “Hidden Truths in Dead Software Path” »
In the first part of this multi-part tutorial I present how OPAL – The OPen, extensible Analysis Library for Java bytecode – can be build (or integrated) to be used in your own static analysis project.
Continue reading “OPAL Tutorial – Getting ready” »