License: Creative Commons Attribution 4.0 International license (CC BY 4.0)
When quoting this document, please refer to the following
DOI: 10.4230/OASIcs.SLATE.2023.11
URN: urn:nbn:de:0030-drops-185252
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2023/18525/
Go to the corresponding OASIcs Volume Portal

Pereira, José ; Vieira, Vitor ; Simões, Alberto

Hierarchical Data-Flow Graphs

pdf-format:
OASIcs-SLATE-2023-11.pdf (0.5 MB)

Abstract

Data-Flows are crucial to detect the dependency of statements and expressions in a programming language program. In the context of Static Application Security Testing (SAST), they are heavily used in different aspects, from detecting tainted data to understanding code dependency.
In Checkmarx, these data flows are currently computed on the fly, but their efficiency is not the desired, especially when dealing with large projects. With this in mind, a new caching mechanism is being developed, based on hierarchical graphs.
In this document, we discuss the basic idea behind this approach, the challenges found and the decisions put in place for the implementation. We will also share the first insights on speed improvements for a proof of concept implementation.

BibTeX - Entry

@InProceedings{pereira_et_al:OASIcs.SLATE.2023.11,
  author =	{Pereira, Jos\'{e} and Vieira, Vitor and Sim\~{o}es, Alberto},
  title =	{{Hierarchical Data-Flow Graphs}},
  booktitle =	{12th Symposium on Languages, Applications and Technologies (SLATE 2023)},
  pages =	{11:1--11:9},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-291-4},
  ISSN =	{2190-6807},
  year =	{2023},
  volume =	{113},
  editor =	{Sim\~{o}es, Alberto and Ber\'{o}n, Mario Marcelo and Portela, Filipe},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/opus/volltexte/2023/18525},
  URN =		{urn:nbn:de:0030-drops-185252},
  doi =		{10.4230/OASIcs.SLATE.2023.11},
  annote =	{Keywords: Data Flow, Static Application Security Testing, Hierarchical Graphs}
}

Keywords: Data Flow, Static Application Security Testing, Hierarchical Graphs
Collection: 12th Symposium on Languages, Applications and Technologies (SLATE 2023)
Issue Date: 2023
Date of publication: 15.08.2023

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI