Write a Blog >>
ICSE 2020
Wed 24 June - Thu 16 July 2020
Fri 10 Jul 2020 08:05 - 08:17 at Goguryeo - I23-Code Artifact Analysis Chair(s): Benoit Baudry

With an increasing number of value-flow properties to check, existing static program analysis still tends to have scalability issues when high precision is required. We observe that the key design flaw behind the scalability problem is that the core static analysis engine is unaware of the properties being checked and, thus, inevitably loses the opportunities to exploit the mutual synergies among different properties. Our approach is inter-property-aware and able to capture possible overlaps and inconsistencies among the properties to check. Thus, before analyzing a program, we can make an optimization plan which decides how to reuse the specific analysis results of a property to speed up checking other properties. Such a synergistic interaction among the properties significantly improves the analysis performance.

We have evaluated our approach by checking twenty value-flow properties in standard benchmark programs and ten real-world software systems. The results demonstrate that our approach is more than 8$\times$ faster than existing ones but consumes only 1/7 memory. Such a substantial improvement in analysis efficiency is not achieved by sacrificing effectiveness: at the time of writing, 39 bugs found by our approach have been fixed by developers and four of them have been assigned CVE IDs due to their security impact.

Fri 10 Jul

Displayed time zone: (UTC) Coordinated Universal Time change

08:05 - 09:05
I23-Code Artifact AnalysisJournal First / Technical Papers at Goguryeo
Chair(s): Benoit Baudry KTH Royal Institute of Technology
08:05
12m
Talk
Conquering the Extensional Scalability Problem for Value-Flow Analysis FrameworksTechnical
Technical Papers
Qingkai Shi The Hong Kong University of Science and Technology, Rongxin Wu Department of Cyber Space Security, Xiamen University, Gang Fan Hong Kong University of Science and Technology, Charles Zhang The Hong Kong University of Science and Technology
08:17
12m
Talk
Pipelining Bottom-up Data Flow AnalysisTechnical
Technical Papers
Qingkai Shi The Hong Kong University of Science and Technology, Charles Zhang The Hong Kong University of Science and Technology
08:29
8m
Talk
An Empirical Validation of Oracle ImprovementJ1
Journal First
Gunel Jahangirova Università della Svizzera italiana, David Clark University College London, Mark Harman , Paolo Tonella Università della Svizzera italiana
08:37
8m
Talk
Is Static Analysis Able to Identify Unnecessary Source Code?J1
Journal First
Roman Haas CQSE GmbH, Rainer Niedermayr CQSE GmbH, Tobias Roehm CQSE GmbH, Sven Apel Saarland University
Pre-print
08:45
8m
Talk
Memory and Resource Leak Defects and Their Repairs in Java ProjectsJ1
Journal First
Mohammadreza Ghanavati Heidelberg University, Diego Costa Concordia University, Canada, Janos Seboek Heidelberg University, David Lo Singapore Management University, Artur Andrzejak Heidelberg University
08:53
8m
Talk
Towards Understanding and Detecting Fake Reviews in App StoresJ1
Journal First
Daniel Martens University of Hamburg, Walid Maalej University of Hamburg