[racket] Static Analysis Source Code

From: Mansour Alqattan (mansour.alqattan at gmail.com)
Date: Thu May 29 17:52:39 EDT 2014

Previous message: [racket] Live coding with Racket?
Next message: [racket] How to extend the syntax-checker?
Messages sorted by: [date] [thread] [subject] [author]

Dear


Basically I am working on untyped language which considered as an
intermediate language and it is (Wide Spectrum Language)


Can we use *static program analysis* tool (include transformation
techniques such as slicing) of  untyped programming intermediate language to
identify the vulnerabilities on source code for example buffer overflow or
any other ?? and How??.


Can we *combine* static analysis tool with untyped programming intermediate
language to help identifying the vulnerabilities? and to be in a one
platform. for example combining Racket parsers with untyped programming
intermediate language?


for example buffer overflow in untyped programming intermediate language
the string is allocated on the heap and can be any length.


This is simple example of the untyped programming intermediate language code
format



VAR < x := 0, y := 0 >:

  DO DO IF x = 0 THEN PRINT("Hello World")

        ELSIF x > (2 + x) - 1

               THEN PRINT("Goodby cruel world")

         ELSE EXIT(2) FI;

               x := x + 1

   OD OD

ENDVAR


Is it possible to have binary code or .exe file then - > translate to - >
ASM (assembly code) then - > untyped programming intermediate language (to
simplify the code) then - > IR (Intermediate Representation) - > Result
(Report the vulnerabilities) ??


Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.racket-lang.org/users/archive/attachments/20140529/9fc1ef05/attachment.html>

Posted on the users mailing list.

Previous message: [racket] Live coding with Racket?
Next message: [racket] How to extend the syntax-checker?
Messages sorted by: [date] [thread] [subject] [author]