Computer Science Colloquium
“Good Code, Bad Code, and Vulnerable Code”
Dr. Munawar Hafiz
Coding is like gardening; it requires good plan, good supplies, but most importantly continuous nurture and maintenance. In this talk, I will concentrate on refactoring’s and program transformations that help nurture good code by removing code smells and vulnerabilities. I will describe OpenRefactory/C, an infrastructure for building program transformations for C programs. C, in spite of its popularity, has IDEs with a limited portfolio of program transformations, with limited scalability and limited applicability to real-world programs. Open-Refactory/C aims to have full support for the C preprocessor, support for static analyses, and an API and environment that make it easy for new developers to contribute new refactorings. Refactorings that we have implemented on OpenRefactory/C are bug-free, unlike the refactorings featured in commercial IDEs such as Eclipse CDT, Microsoft Visual Studio, etc. I will also describe three complex, security-oriented program transformations that fix C integers. These transformations fixed all variants of integer vulnerabilities featured in benchmark programs of NIST's SA-MATE reference dataset and 5 open source software, making the changes automatically on over 15 million lines of code. Being integrated with source code and development process, refactorings and program transformations not only helps maintain good code, but also teach developers about how to write and appreciate good code.
Dr. Munawar Hafiz is an assistant professor at the Department of Computer Science and Software Engineering, Auburn University. His research focuses on applying program analysis and program transformation technologies and exploring empirical data to promote tools and methodologies that effectively improve programming experience. Dr. Hafiz leads the Software Analysis, Transformation, and Security (SATS) research group. The group currently consists of one postdoctoral research associate, five graduate, and two undergraduate students. His work is supported by a grant from NSF. Dr. Hafiz received his Ph.D. and MS in computer science from University of Illinois at Urbana-Champaign (UIUC) and his B.Sc. Engg. degree in computer science and engineering from Bangladesh University of Engineering and Technology (BUET). He was a postdoc at UIUC for one year before joining Auburn University in fall 2011.
For more information: http://www. munawarhafiz.com
Date: Monday, April 8th, 2013
Time: 2:00pm to 3:00pm
Location: ECS South 2.102 TI Auditorium
Refreshments will be served at 1:45pm