Characterizing and Detecting Program Representation Faults of Static Analysis Frameworks
Static analysis frameworks (SAFs) such as Soot and WALA have been a fundamental support in today’s software analysis. They usually adopt various analysis techniques to transform programs into different representations which imply specific properties, e.g., call graph can demonstrate the calling relationships between methods in a program, and users rely on these program representations for further analysis like vulnerability detection and privacy leakage recognition. Hence, providing proper program representation is essential for SAFs. We conducted a systematic empirical study on program representation faults of static analysis frameworks. In our study, we first collect 141 issues from four popular SAFs and summarize their root causes, symptoms, and fix strategies, and reveal nine findings and some implications to avoid and detect program representation faults. Additionally, we implemented an automated testing framework named SAScope based on the metamorphic and differential testing motivated by findings and implications. Overall, SAScope can detect 19 program representation faults where 6 of them have been confirmed or fixed, demonstrating its effectiveness.
Wed 18 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
15:30 - 17:10 | Static Analysis and VerificationTechnical Papers at EI 3 Sahulka Chair(s): Jian Zhang Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences | ||
15:30 20mTalk | Learning to Check LTL Satisfiability and to Generate Traces via Differentiable Trace Checking Technical Papers Weilin Luo Sun Yat-sen University, Pingjia Liang Sun Yat-sen University, Junming Qiu Sun Yat-sen University, Polong Chen Sun Yat-sen University, Hai Wan Sun Yat-sen University, Jianfeng Du Guangdong University of Foreign Studies, Weiyuan Fang Sun Yat-sen University DOI | ||
15:50 20mTalk | Interprocedural Path Complexity Analysis Technical Papers Mira Kaniyur Harvey Mudd College, Ana Cavalcante-Studart Harvey Mudd College, Yihan Yang Harvey Mudd College, Sangeon Park Harvey Mudd College, David Chen Harvey Mudd College, Duy Lam Harvey Mudd College, Lucas Bang Harvey Mudd College DOI | ||
16:10 20mTalk | VRDSynth: Synthesizing Programs for Multilingual Visually Rich Document Information Extraction Technical Papers Thanh-Dat Nguyen University of Melbourne, Tung Do-Viet Cinnamon AI, Hung Nguyen-Duy Independent Researcher, Tuan-Hai Luu Cinnamon AI, Hung Le Deakin University, Xuan-Bach D. Le University of Melbourne, Patanamon Thongtanunam University of Melbourne DOI Pre-print | ||
16:30 20mTalk | Characterizing and Detecting Program Representation Faults of Static Analysis Frameworks Technical Papers Huaien Zhang Hong Kong Polytechnic University; Southern University of Science and Technology, Yu Pei Hong Kong Polytechnic University, Shuyun Liang Southern University of Science and Technology, Zezhong Xing Southern University of Science and Technology, Shin Hwei Tan Concordia University DOI | ||
16:50 20mTalk | API Misuse Detection via Probabilistic Graphical Model Technical Papers Yunlong Ma Beihang University, Wentong Tian Beihang University, Xiang Gao Beihang University, Hailong Sun Beihang University, Li Li Beihang University DOI | ||