[DiSL-user] Taint Analysis with DiSL

Alessio Gambi gambi at st.cs.uni-saarland.de
Tue Apr 18 18:00:59 CEST 2017


Dear Lubomir,

your answer it’s right on the point !

I’ll try to move the transformer logic that I have into a Transformer class and feed it to DiSL.
Luckily, the implementation I am working on uses ASM as well, though a different version.

Thanks for the help !

Best

— Alessio


Alessio Gambi, Ph.D.
gambi at st.cs.uni-saarland.de



> On 18 Apr 2017, at 16:11, Lubomír Bulej <lubomir.bulej at d3s.mff.cuni.cz> wrote:
> 
> Dear Alessio,
> 
> DiSL itself was not meant to modify classes in this way, but it would
> certainly work if you give it classes that are already modified in this way.
> 
> 
> If you want to do everything at load time, you can also give DiSL a
> transformer class, and DiSL will use it to pre-transform class before starting
> to instrument it.
> 
> You should implement the ch.usi.dag.disl.Transformer interface, and set the
> DiSL-Transformers attribute in the manifest of the jar file with
> instrumentation classes (the jar file with snippets which the DiSL server
> uses) to the fully qualified class name of your transformer class.
> 
> We generally use exactly the pattern you describe, because you don't want to
> do a lot of work in the snippets (they are inlined as bytecode) and it can
> blow up the size of the methods significantly. So we usually call an analysis
> method from the snippets and include the event data as parameters, possibly
> with a bit of state stored in thread-local and synthetic local variables (the
> synthetic locals allow embedding small amounts of state information in stack
> frames).
> 
> Let me know if it helps...
> 
> 
> Best regards,
> Lubomir
> 
> 
> On 18/04/17 15:14, Alessio Gambi wrote:
>> Hi DiSL-ers
>> 
>> I was wondering if I can dynamically add private fields and getters/setters to classes using DiSL.
>> 
>> The reason for that is I want to implement a (special) taint analysis that stores taint information directly inside
>> the objects and partially analyze them locally. In other terms, I do not like to implement the following pattern:
>> 
>> observe event -> publish the event to an event handler -> do the complete analysis inside the event handler
>> 
>> I already have the code which adds the fields to the classes… would DiSL work it I pass to it code which is
>> already instrumented?
>> 
>> Any thoughts?
>> 
>> Best
>> 
>> — Alessio
>> 
>> 
>> 
>> Alessio Gambi, Ph.D.
>> gambi at st.cs.uni-saarland.de
>> 
> 
> _______________________________________________
> Disl-user mailing list
> Disl-user at d3s.mff.cuni.cz
> https://d3s.mff.cuni.cz/mailman/listinfo/disl-user





More information about the Disl-user mailing list