Difference between revisions of "Writing Toolbox Analyzers"
BenHolland (Talk | contribs) |
BenHolland (Talk | contribs) (→Analyzing Class Loaders Usage) |
||
| Line 3: | Line 3: | ||
Let's update our [https://github.com/EnSoftCorp/Starter-Toolbox Starter Toolbox] to define a few new <code>Analyzer</code> objects. Specifically let's write analyzers that detect uses of Java class loaders, reflection, native code, and native processes. We want to be able to detect the usage of these language features because these exotic features tend to break naive program analysis implementations. Depending on our implementation, without the ability to detect these features we may not be able to tell if our analysis is sound or complete. | Let's update our [https://github.com/EnSoftCorp/Starter-Toolbox Starter Toolbox] to define a few new <code>Analyzer</code> objects. Specifically let's write analyzers that detect uses of Java class loaders, reflection, native code, and native processes. We want to be able to detect the usage of these language features because these exotic features tend to break naive program analysis implementations. Depending on our implementation, without the ability to detect these features we may not be able to tell if our analysis is sound or complete. | ||
| − | == Analyzing Class | + | == Analyzing Class Loader Usage == |
TODO | TODO | ||
Revision as of 17:53, 4 February 2015
The Toolbox Commons project defines an Analyzer interface that encapsulates the logic for traversing a program graph to extract an "envelope" (a subgraph that is either empty if a property is satisfied or non-empty containing the necessary information to locate the violation of the property). Analyzers encapsulate their descriptions, assumptions, analysis context, and analysis logic. Of course you can define your own "Analyzer" simply by writing a program with your analysis logic, but we find this abstraction helps keep code organized when contributing to a toolbox project.
Let's update our Starter Toolbox to define a few new Analyzer objects. Specifically let's write analyzers that detect uses of Java class loaders, reflection, native code, and native processes. We want to be able to detect the usage of these language features because these exotic features tend to break naive program analysis implementations. Depending on our implementation, without the ability to detect these features we may not be able to tell if our analysis is sound or complete.
Contents
Analyzing Class Loader Usage
TODO
Analyzing Reflection Usage
TODO
Analyzing Native Code Usage
TODO
Analyzing Native Process Usage
TODO
Running Analyzers
TODO
