You are here

Good Code, Bad Code, and Vulnerable Code

Monday, March 17, 2014 -
8:45am to 10:00am
KEC 1007

Speaker Information

Munawar Ha z
Assistant Professor
Department of Computer Science and Software Engineering
Auburn University


<p>Coding is like gardening; it requires good plan, good supplies, but most importantly continuous nurture and maintenance.</p><p>In this talk, I will concentrate on <span data-scayt_word="refactorings" data-scaytid="1">refactorings</span> and program <span data-scayt_word="transfor" data-scaytid="2">transfor</span><span data-scayt_word="mations" data-scaytid="3">mations</span> that help nurture good code by removing code smells and vulnerabilities. I will describe <span data-scayt_word="OpenRefactory" data-scaytid="5">OpenRefactory</span>/C, an infrastructure for building program transformations for C programs. C, in spite of its popularity, has <span data-scayt_word="IDEs" data-scaytid="6">IDEs</span> with a limited portfolio of program transformations, with <span data-scayt_word="lim" data-scaytid="7">lim</span><span data-scayt_word="ited" data-scaytid="8">ited</span> scalability and limited applicability to real-world programs. <span data-scayt_word="OpenRefactory" data-scaytid="161">Open<span data-scayt_word="Refactory" data-scaytid="9">Refactory</span></span>/C aims to have full support for the C preprocessor, support for static <span data-scayt_word="analyses" data-scaytid="10">analyses</span>, and an API and environment that make it easy for new developers to contribute new <span data-scayt_word="refactorings" data-scaytid="11">refactorings</span>. <span data-scayt_word="Refactorings" data-scaytid="17">Refactorings</span> that we have implemented on <span data-scayt_word="OpenRefactory" data-scaytid="13">OpenRefactory</span>/C are bug-free, unlike the <span data-scayt_word="refactorings" data-scaytid="203">refactorings</span> featured in commercial <span data-scayt_word="IDEs" data-scaytid="14">IDEs</span> such as Eclipse CDT, Visual Studio, etc.</p><p>I will also describe three complex, security-oriented program transformations that fix issues in C integers. These transformations <span data-scayt_word="fi" data-scaytid="250">fi</span> <span data-scayt_word="xed" data-scaytid="227">xed</span> all variants of integer vulnerabilities featured in benchmark programs of <span data-scayt_word="NIST's" data-scaytid="21">NIST's</span> <span data-scayt_word="SAMATE" data-scaytid="22">SAMATE</span> reference dataset and 5 open source software, making the changes automatically on over 15 million lines of code. Being <span data-scayt_word="inte" data-scaytid="24">inte</span>grated with source code and development process, <span data-scayt_word="refactorings" data-scaytid="23">refactorings</span> and program transformations not only help maintain good code, but also teach developers about how to write and appreciate good code.</p>

Speaker Bio

Munawar Ha z is an assistant professor at the Department of Computer Science and Software Engineering, Auburn University. His research focuses on applying program analysis and program transformation technologies and exploring empirical data to promote tools and methodologies that e ectively improve programming experience. Dr. Ha z leads the Software Analysis, Transformation, and Security (SATS) research group. His work is supported by a grant from NSF and a Google Faculty Research Award. Dr. Ha z received his Ph.D. and MS in computer science from University of Illinois at Urbana-Champaign (UIUC) and his B.Sc. Engg. degree in computer science and engineering from Bangladesh University of Engineering and Technology (BUET). For more information: http://www.munawarhafiz.com