Konstantinos Filopoulos, "Coarse-grained dynamic analysis for Python", Diploma Work, School of Electrical and Computer Engineering, Technical University of Crete, Chania, Greece, 2022
https://doi.org/10.26233/heallink.tuc.94244
Dynamic program analysis is a widespread technique for monitoring, understanding, and inferring the safe use and performance characteristics of a library, potentially interfering with the program’s behavior during its execution, providing continuous information. Existing dynamic analysis tools often impose significant runtime overhead on a program. For programs in Python, existing tools do not provide dynamic analysis and the programmers use ad-hoc applications for their own use. This thesis proposes, the first allow/deny coarse-grained dynamic analysis tool, PySecu fully developed in Python with the ability to selectively transform attributes of the analyzed library. Given the widespread use of third-party libraries, this coarse-grained dynamic analysis technique attempts to trade off detail and accuracy by reducing the runtime overheadof the analysis. It is done at the frame level of the library attributes, while still supportingthe original program’s semantics, retaining their original functionality and without requiring modification of the program’s execution environment or the production features of the dynamic language. It leverages the features of modern dynamic languages such as JavaScript, Lua and Python to dynamically modify each library by injecting user code into its source code before it is loaded. Applying the PySecu analysis tool to 25 libraries shows that it imposes 3x average runtime overhead on executing the libraries without analysis. It is in the same order of magnitude as corresponding tools in other languages (JavaScript), as well as the built-in API analysis tool provided by Python, sys.settrace. It shows very encouraging results in runtime overhead, in relation to the analyses of the DynaPyt framework for Python.