DETERMINING BASED ON STATIC COMPILER ANALYSIS THAT EXECUTION OF COMPILER CODE WOULD RESULT IN UNACCEPTABLE PROGRAM BEHAVIOR

US 20190310834A1
Filed: 06/24/2019
Published: 10/10/2019
Est. Priority Date: 02/26/2016
Status: Active Grant

First Claim

Patent Images

1. A method for securing computer code, the method comprising:

receiving the computer code, wherein the computer code is written using a dynamic Domain Specific Language (DSL) running in a General Purpose Language (GPL) computing environment;

using a compiler to perform static compiler analysis on the computer code, the static compiler analysis including referencing a security policy defining one or more unacceptable program behaviors;

performing, during compile time at the compiler, runtime security checking functionality leveraging compiler extensions, type information, and environment specific compile context; and

indicating when execution of the computer code would result in performance of the one or more unacceptable program behaviors based on results of the static compiler analysis, wherein the one or more unacceptable program behaviors include modifying preexisting computer code to incorporate the computer code written using the DSL.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer code is received that is written using a dynamic Domain Specific Language (DSL) running in a General Purpose Language (GPL) computing environment. A compiler performs static compiler analysis on the computer code. The static compiler analysis includes referencing a security policy defining one or more unacceptable program behaviors. During compile time at the compiler, runtime security checking functionality is performed leveraging compiler extensions, type information, and environment specific compile context. Results of the static compiler analysis are used to indicate when execution of the computer code would result in performance of the one or more unacceptable program behaviors. The one or more unacceptable program behaviors include modifying preexisting computer code to incorporate the computer code written using the DSL.

4 Citations

20 Claims

1. A method for securing computer code, the method comprising:
- receiving the computer code, wherein the computer code is written using a dynamic Domain Specific Language (DSL) running in a General Purpose Language (GPL) computing environment;
  
  using a compiler to perform static compiler analysis on the computer code, the static compiler analysis including referencing a security policy defining one or more unacceptable program behaviors;
  
  performing, during compile time at the compiler, runtime security checking functionality leveraging compiler extensions, type information, and environment specific compile context; and
  
  indicating when execution of the computer code would result in performance of the one or more unacceptable program behaviors based on results of the static compiler analysis, wherein the one or more unacceptable program behaviors include modifying preexisting computer code to incorporate the computer code written using the DSL.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method as recited by claim 1, wherein the computer code is first computer code and wherein method further comprises:
    - receiving second computer code, wherein the second computer code is written using the dynamic Domain Specific Language (DSL) running in the General Purpose Language (GPL) computing environment;
      
      using the compiler to perform static compiler analysis on the second computer code, the static compiler analysis including referencing the security policy defining one or more unacceptable program behaviors;
      
      performing, during compile time at the compiler, runtime security checking functionality leveraging compiler extensions, type information, and environment specific compile context;
      
      determining, during the compile time at the compiler, that the second computer code would not result in the one or more unacceptable program behaviors during execution of the second computer code; and
      
      modifying the preexisting computer code to incorporate the second computer code written using the DSL.
  - 3. The method as recited by claim 2, wherein the method further comprises:
    - providing the second computer code to a canonicalization module;
      
      creating an updated syntax tree and updated second computer code by completing construction of the syntax tree and compiler transformations applicable to compilation of the second computer code;
      
      forwarding the updated syntax tree and updated second computer code to an instruction selection module;
      
      selecting a type of byte code at the instruction selection module;
      
      converting the byte codes into binary; and
      
      writing the binary to one or more executable files.
  - 4. The method as recited by claim 1, wherein the method further comprises:
    - preventing execution of the computer code.
  - 5. The method as recited by claim 1, wherein the method further comprises:
    - explicitly blacklisting the one or more unacceptable program behaviors.
  - 6. The method as recited by claim 1, wherein the receiving of the computer code further comprises:
    - receiving the computer code from a custom DSL code repository.
  - 7. The method as recited by claim 1, wherein the computer code is a script.
  - 8. The method as recited by claim 1, wherein the method further comprises:
    - receiving the computer code at a browser, wherein the computer code accesses custom script functionality afforded by a server-side composer service.
  - 9. The method as recited by claim 8, wherein the method further comprises:
    - receiving a uniform resource locator (URL) or uniform resource identifier (URI) at the browser; and
      
      accessing a data composer window based on the received URL or URI.
  - 10. The method as recited by claim 9, wherein the method further comprises:
    - generating the computer code using software development tools of the data composer.
  - 11. The method as recited by claim 1, wherein the method further comprises:
    - performing, during the compile time at the compiler, type checking on the computer code involving verifying safety as defined by a security policy.
  - 12. The method as recited by claim 1, wherein the method further comprises:
    - opening a file containing the computer code; and
      
      configuring a computing environment of the compiler based on content of the file.
  - 13. The method as recited by claim 12, wherein the method further comprises:
    - parsing the file;
      
      creating a token tree based on computer code grammar of the file; and
      
      creating a syntax tree based on the token tree, wherein the syntax tree includes expression nodes and wherein each of the expression nodes represents a DSL expression in the computer code and token tree.
  - 14. The method as recited by claim 13, wherein the method further comprises:
    - performing semantic analysis on the syntax tree, wherein the semantic analysis includes performing consistency checks, validity checks, and security checks.
  - 15. The method as recited by claim 1, wherein the computer code is for manipulating data objects of a database.
  - 16. The method as recited by claim 1, wherein the method further comprises:
    - performing a test compilation on third computer code before the third computer code is compiled and deployed by modifying the preexisting computer code with the third computer code.
  - 17. The method as recited by claim 1, wherein the method further comprises:
    - receiving the computer code at a user interface displayed on a browser; and
      
      displaying an error message specification section, code section, and warning section in the user interface.
  - 18. The method as recited by claim 17, wherein the error message specification section includes a field for a user to enter an error message to display and the code section includes a toolbar for entering the computer code.

19. An apparatus comprising:
- a digital processor coupled to a display and to a non-transitory processor-readable storage device, wherein the non-transitory processor-readable storage device includes one or more instructions executable by the digital processor to perform the following acts;
  
  receiving computer code, wherein the computer code is written using a dynamic Domain Specific Language (DSL) running in a General Purpose Language (GPL) computing environment;
  
  using a compiler to perform static compiler analysis on the computer code, the static compiler analysis including referencing a security policy defining one or more unacceptable program behaviors;
  
  performing, during compile time at the compiler, runtime security checking functionality leveraging compiler extensions, type information, and environment specific compile context; and
  
  indicating when execution of the computer code would result in performance of the one or more unacceptable program behaviors based on results of the static compiler analysis, wherein the one or more unacceptable program behaviors include modifying preexisting computer code to incorporate the computer code written using the DSL.

20. A non-transitory processor-readable storage device including instructions executable by a digital processor, the non-transitory processor-readable storage device including one or more instructions for:
- receiving computer code, wherein the computer code is written using a dynamic Domain Specific Language (DSL) running in a General Purpose Language (GPL) computing environment;
  
  using a compiler to perform static compiler analysis on the computer code, the static compiler analysis including referencing a security policy defining one or more unacceptable program behaviors;
  
  performing, during compile time at the compiler, runtime security checking functionality leveraging compiler extensions, type information, and environment specific compile context; and
  
  indicating when execution of the computer code would result in performance of the one or more unacceptable program behaviors based on results of the static compiler analysis, wherein the one or more unacceptable program behaviors include modifying preexisting computer code to incorporate the computer code written using the DSL.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Smiljanic, John, Vinayaka, Shailesh

Granted Patent

US 11,216,256 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/22   Indexing; Data structures t...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/604   Tools and structures for ma...

G06F 2221/033   Test or assess software

G06F 8/41   Compilation

G06F 8/427   Parsing

G06F 8/43   Checking; Contextual analysis

G06F 8/75   Structural analysis for pro...

DETERMINING BASED ON STATIC COMPILER ANALYSIS THAT EXECUTION OF COMPILER CODE WOULD RESULT IN UNACCEPTABLE PROGRAM BEHAVIOR

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

4 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DETERMINING BASED ON STATIC COMPILER ANALYSIS THAT EXECUTION OF COMPILER CODE WOULD RESULT IN UNACCEPTABLE PROGRAM BEHAVIOR

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

4 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links