Machine-Learning-Guided Selectively Unsound Static Analysis

We present a machine-learning-based technique for selectively applying unsoundness in static analysis. Existing bug-finding static analyzers are unsound in order to be precise and scalable in practice. However, they are uniformly unsound and hence at the risk of missing a large amount of real bugs....

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Proceedings / International Conference on Software Engineering s. 519 - 529
Hlavní autori: Kihong Heo, Oh, Hakjoo, Kwangkeun Yi
Médium: Konferenčný príspevok..
Jazyk:English
Vydavateľské údaje: IEEE 01.05.2017
Predmet:
Benchmark testing
Bug-finding
Computer bugs
Libraries
Machine Learning
Scalability
Software engineering
Static Analysis
Support vector machines
ISSN:1558-1225
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Abstract We present a machine-learning-based technique for selectively applying unsoundness in static analysis. Existing bug-finding static analyzers are unsound in order to be precise and scalable in practice. However, they are uniformly unsound and hence at the risk of missing a large amount of real bugs. By being sound, we can improve the detectability of the analyzer but it often suffers from a large number of false alarms. Our approach aims to strike a balance between these two approaches by selectively allowing unsoundness only when it is likely to reduce false alarms, while retaining true alarms. We use an anomaly-detection technique to learn such harmless unsoundness. We implemented our technique in two static analyzers for full C. One is for a taint analysis for detecting format-string vulnerabilities, and the other is for an interval analysis for buffer-overflow detection. The experimental results show that our approach significantly improves the recall of the original unsound analysis without sacrificing the precision.
AbstractList We present a machine-learning-based technique for selectively applying unsoundness in static analysis. Existing bug-finding static analyzers are unsound in order to be precise and scalable in practice. However, they are uniformly unsound and hence at the risk of missing a large amount of real bugs. By being sound, we can improve the detectability of the analyzer but it often suffers from a large number of false alarms. Our approach aims to strike a balance between these two approaches by selectively allowing unsoundness only when it is likely to reduce false alarms, while retaining true alarms. We use an anomaly-detection technique to learn such harmless unsoundness. We implemented our technique in two static analyzers for full C. One is for a taint analysis for detecting format-string vulnerabilities, and the other is for an interval analysis for buffer-overflow detection. The experimental results show that our approach significantly improves the recall of the original unsound analysis without sacrificing the precision.
Author Kwangkeun Yi
Oh, Hakjoo
Kihong Heo
Author_xml – sequence: 1
  surname: Kihong Heo
  fullname: Kihong Heo
  organization: Seoul Nat. Univ., Seoul, South Korea
– sequence: 2
  givenname: Hakjoo
  surname: Oh
  fullname: Oh, Hakjoo
  organization: Korea Univ., Seoul, South Korea
– sequence: 3
  surname: Kwangkeun Yi
  fullname: Kwangkeun Yi
  organization: Seoul Nat. Univ., Seoul, South Korea
BookMark eNotjE9LwzAchqMouE5v3rz0C6QmaZImeBplm4OKh7nzyJ9fNFIzaTqh396CwgsPPDy8BbpKpwQI3VNSUUr0467drytGaFMJfoEKKmol5yl6iRZUCIUpY-IGFTl_EkIk13qBnl6M-4gJcAdmSDG94-05evDlHnpwY_yBfioPKZ_OaXajGaMrV8n0U475Fl0H02e4--cSHTbrt_YZd6_bXbvqsGGcjlhJDd4zXrugg61BWGW9YTaExnEmpWvMHCouheeeNKCos4EFypxW3jaiXqKHv98IAMfvIX6ZYTo2WgmpSf0LhFNItQ
CODEN IEEPAD
ContentType Conference Proceeding
DBID 6IE
6IH
CBEJK
RIE
RIO
DOI 10.1109/ICSE.2017.54
DatabaseName IEEE Electronic Library (IEL) Conference Proceedings
IEEE Proceedings Order Plan (POP) 1998-present by volume
IEEE Xplore All Conference Proceedings
IEEE Electronic Library (IEL)
IEEE Proceedings Order Plans (POP) 1998-present
DatabaseTitleList
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISBN 1538638681
9781538638682
EISSN 1558-1225
EndPage 529
ExternalDocumentID 7985690
Genre orig-research
GroupedDBID -~X
.4S
.DC
123
23M
29O
5VS
6IE
6IF
6IH
6IK
6IL
6IM
6IN
8US
AAJGR
AAWTH
ABLEC
ADZIZ
AFFNX
ALMA_UNASSIGNED_HOLDINGS
APO
ARCSS
AVWKF
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
CBEJK
CHZPO
EDO
FEDTE
I-F
I07
IEGSK
IJVOP
IPLJI
M43
OCL
RIE
RIL
RIO
RNS
XOL
ID FETCH-LOGICAL-a241t-869edd243cf9fb3e5b8bda2bff7c4266c7aa248465d4d07e81cbf2f12c98db753
IEDL.DBID RIE
ISICitedReferencesCount 40
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000427091300046&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
IngestDate Wed Aug 27 02:19:09 EDT 2025
IsPeerReviewed false
IsScholarly true
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-a241t-869edd243cf9fb3e5b8bda2bff7c4266c7aa248465d4d07e81cbf2f12c98db753
PageCount 11
ParticipantIDs ieee_primary_7985690
PublicationCentury 2000
PublicationDate 2017-May
PublicationDateYYYYMMDD 2017-05-01
PublicationDate_xml – month: 05
  year: 2017
  text: 2017-May
PublicationDecade 2010
PublicationTitle Proceedings / International Conference on Software Engineering
PublicationTitleAbbrev ICSE
PublicationYear 2017
Publisher IEEE
Publisher_xml – name: IEEE
SSID ssj0006499
Score 2.2474434
Snippet We present a machine-learning-based technique for selectively applying unsoundness in static analysis. Existing bug-finding static analyzers are unsound in...
SourceID ieee
SourceType Publisher
StartPage 519
SubjectTerms Benchmark testing
Bug-finding
Computer bugs
Libraries
Machine Learning
Scalability
Software engineering
Static Analysis
Support vector machines
Title Machine-Learning-Guided Selectively Unsound Static Analysis
URI https://ieeexplore.ieee.org/document/7985690
WOSCitedRecordID wos000427091300046&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1NawIxEB1UeujJtlr6TQ49NtrNZjcJPYq2PVQEK3iTTTJbhLIWdQv9903iul566S2EQGDyMW-SN_MA7lXqYK_NOHUhsqaccUMdSkCKJpJ5FGcOUfAgNiHGYzmfq0kDHupcGEQM5DPs-Wb4y7crU_qnsr5QMnHRXBOaQqS7XK361k0ddK-J7ar_OpgOPXFL9EKh_4NwSvAbo_b_ZjyB7iEBj0xq13IKDSzOoL1XYCDVgezA01vgQiKtyqR-0OdyadGSaZC3cTfZ5w-ZFRuvnUQ8rlwasi9D0oXZaPg-eKGVHALNnJvdUpkqtJbx2OQq1zEmWmqbMZ3nwng_a0TmBjo8kVhuHwXKyOic5REzSlrtwpJzaBWrAi-AaC2520IMo9jyNFMyNjaOE5UKhikm4hI63haLr13Fi0Vlhqu_u6_h2Ft6RwO8gdZ2XeItHJnv7XKzvgvL9AtzF5Vf
linkProvider IEEE
linkToHtml http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LawIxEB6sLbQn22rpu3vosVF3N7tJ6FG0SlUEFbzJJpktQlmLj0L_fZO4rpdeegshEJg85pvkm_kAnkVsYK9OKDEhsiQ0oIoYlIAElc9TP0wMoqBObIINh3w2E6MSvBS5MIjoyGdYt033l6-XamufyhpM8MhEc0dwHFEaNHfZWsW9GxvwXlDbRaPXGrctdYvVXan_g3SK8xydyv_mPIfaIQXPGxXO5QJKmF1CZa_B4OVHsgqvA8eGRJIXSv0gb9uFRu2NncCNucs-f7xptrbqSZ5Flgvl7QuR1GDaaU9aXZILIpDEONoN4bFArQMaqlSkMsRIcqmTQKYpU9bTKpaYgQZRRJrqJkPuK5kGqR8owbU0gckVlLNlhtfgScmp2UQB-qGmcSJ4qHQYRiJmAcYYsRuoWlvMv3Y1L-a5GW7_7n6C0-5k0J_3e8P3OzizVt-RAu-hvFlt8QFO1PdmsV49uiX7BWasmKY
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=proceeding&rft.title=Proceedings+%2F+International+Conference+on+Software+Engineering&rft.atitle=Machine-Learning-Guided+Selectively+Unsound+Static+Analysis&rft.au=Kihong+Heo&rft.au=Oh%2C+Hakjoo&rft.au=Kwangkeun+Yi&rft.date=2017-05-01&rft.pub=IEEE&rft.eissn=1558-1225&rft.spage=519&rft.epage=529&rft_id=info:doi/10.1109%2FICSE.2017.54&rft.externalDocID=7985690