[DiSL-user] Taint Analysis with DiSL
Alessio Gambi
gambi at st.cs.uni-saarland.de
Tue Apr 18 18:00:59 CEST 2017
Dear Lubomir,
your answer it’s right on the point !
I’ll try to move the transformer logic that I have into a Transformer class and feed it to DiSL.
Luckily, the implementation I am working on uses ASM as well, though a different version.
Thanks for the help !
Best
— Alessio
Alessio Gambi, Ph.D.
gambi at st.cs.uni-saarland.de
> On 18 Apr 2017, at 16:11, Lubomír Bulej <lubomir.bulej at d3s.mff.cuni.cz> wrote:
>
> Dear Alessio,
>
> DiSL itself was not meant to modify classes in this way, but it would
> certainly work if you give it classes that are already modified in this way.
>
>
> If you want to do everything at load time, you can also give DiSL a
> transformer class, and DiSL will use it to pre-transform class before starting
> to instrument it.
>
> You should implement the ch.usi.dag.disl.Transformer interface, and set the
> DiSL-Transformers attribute in the manifest of the jar file with
> instrumentation classes (the jar file with snippets which the DiSL server
> uses) to the fully qualified class name of your transformer class.
>
> We generally use exactly the pattern you describe, because you don't want to
> do a lot of work in the snippets (they are inlined as bytecode) and it can
> blow up the size of the methods significantly. So we usually call an analysis
> method from the snippets and include the event data as parameters, possibly
> with a bit of state stored in thread-local and synthetic local variables (the
> synthetic locals allow embedding small amounts of state information in stack
> frames).
>
> Let me know if it helps...
>
>
> Best regards,
> Lubomir
>
>
> On 18/04/17 15:14, Alessio Gambi wrote:
>> Hi DiSL-ers
>>
>> I was wondering if I can dynamically add private fields and getters/setters to classes using DiSL.
>>
>> The reason for that is I want to implement a (special) taint analysis that stores taint information directly inside
>> the objects and partially analyze them locally. In other terms, I do not like to implement the following pattern:
>>
>> observe event -> publish the event to an event handler -> do the complete analysis inside the event handler
>>
>> I already have the code which adds the fields to the classes… would DiSL work it I pass to it code which is
>> already instrumented?
>>
>> Any thoughts?
>>
>> Best
>>
>> — Alessio
>>
>>
>>
>> Alessio Gambi, Ph.D.
>> gambi at st.cs.uni-saarland.de
>>
>
> _______________________________________________
> Disl-user mailing list
> Disl-user at d3s.mff.cuni.cz
> https://d3s.mff.cuni.cz/mailman/listinfo/disl-user
More information about the Disl-user
mailing list