Learning analysis strategies for octagon and context sensitivity from labeled data generated by static analyses

Kihong Heo; Hakjoo Oh; Hongseok Yang

doi:10.1007/s10703-017-0306-7

Learning analysis strategies for octagon and context sensitivity from labeled data generated by static analyses

Kihong Heo, Hakjoo Oh, Hongseok Yang

Research output: Contribution to journal › Article › peer-review

2 Citations (Scopus)

Abstract

We present a method for automatically learning an effective strategy for clustering variables for the Octagon analysis from a given codebase. This learned strategy works as a preprocessor of Octagon. Given a program to be analyzed, the strategy is first applied to the program and clusters variables in it. We then run a partial variant of the Octagon analysis that tracks relationships among variables within the same cluster, but not across different clusters. The notable aspect of our learning method is that although the method is based on supervised learning, it does not require manually-labeled data. The method does not ask human to indicate which pairs of program variables in the given codebase should be tracked. Instead it uses the impact pre-analysis for Octagon from our previous work and automatically labels variable pairs in the codebase as positive or negative. We implemented our method on top of a static buffer-overflow detector for C programs and tested it against open source benchmarks. Our experiments show that the partial Octagon analysis with the learned strategy scales up to 100KLOC and is 33× faster than the one with the impact pre-analysis (which itself is significantly faster than the original Octagon analysis), while increasing false alarms by only 2%. The general idea behind our methodis applicable to other types of static analyses as well. We demonstrate that our method is also effective to learn a strategy for context-sensitivity of interval analysis.

Original language	English
Pages (from-to)	189-220
Number of pages	32
Journal	Formal Methods in System Design
Volume	53
Issue number	2
DOIs	https://doi.org/10.1007/s10703-017-0306-7
Publication status	Published - 2018 Oct 1

Bibliographical note

Funding Information:
Acknowledgements This work was supported by Samsung Research Funding & Incubation Center of Samsung Electronics under Project Numbers SRFC-IT1701-09. This work was supported by Institute for Information & Communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No. 2015-0-00565, Development of Vulnerability Discovery Technologies for IoT Software Security, No. 2017-0-00184, Self-Learning Cyber Immune Technology Development).

Publisher Copyright:
© 2017, Springer Science+Business Media, LLC, part of Springer Nature.

Keywords

Context-sensitivity
Machine learning
Relational analysis
Static analysis

ASJC Scopus subject areas

Software
Theoretical Computer Science
Hardware and Architecture

Access to Document

10.1007/s10703-017-0306-7

Cite this

@article{29da0ca8c4da4132ab4e731599770648,

title = "Learning analysis strategies for octagon and context sensitivity from labeled data generated by static analyses",

abstract = "We present a method for automatically learning an effective strategy for clustering variables for the Octagon analysis from a given codebase. This learned strategy works as a preprocessor of Octagon. Given a program to be analyzed, the strategy is first applied to the program and clusters variables in it. We then run a partial variant of the Octagon analysis that tracks relationships among variables within the same cluster, but not across different clusters. The notable aspect of our learning method is that although the method is based on supervised learning, it does not require manually-labeled data. The method does not ask human to indicate which pairs of program variables in the given codebase should be tracked. Instead it uses the impact pre-analysis for Octagon from our previous work and automatically labels variable pairs in the codebase as positive or negative. We implemented our method on top of a static buffer-overflow detector for C programs and tested it against open source benchmarks. Our experiments show that the partial Octagon analysis with the learned strategy scales up to 100KLOC and is 33× faster than the one with the impact pre-analysis (which itself is significantly faster than the original Octagon analysis), while increasing false alarms by only 2%. The general idea behind our methodis applicable to other types of static analyses as well. We demonstrate that our method is also effective to learn a strategy for context-sensitivity of interval analysis.",

keywords = "Context-sensitivity, Machine learning, Relational analysis, Static analysis",

author = "Kihong Heo and Hakjoo Oh and Hongseok Yang",

note = "Funding Information: Acknowledgements This work was supported by Samsung Research Funding & Incubation Center of Samsung Electronics under Project Numbers SRFC-IT1701-09. This work was supported by Institute for Information & Communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No. 2015-0-00565, Development of Vulnerability Discovery Technologies for IoT Software Security, No. 2017-0-00184, Self-Learning Cyber Immune Technology Development). Publisher Copyright: {\textcopyright} 2017, Springer Science+Business Media, LLC, part of Springer Nature.",

year = "2018",

month = oct,

day = "1",

doi = "10.1007/s10703-017-0306-7",

language = "English",

volume = "53",

pages = "189--220",

journal = "Formal Methods in System Design",

issn = "0925-9856",

publisher = "Springer Netherlands",

number = "2",

}

TY - JOUR

T1 - Learning analysis strategies for octagon and context sensitivity from labeled data generated by static analyses

AU - Heo, Kihong

AU - Oh, Hakjoo

AU - Yang, Hongseok

N1 - Funding Information: Acknowledgements This work was supported by Samsung Research Funding & Incubation Center of Samsung Electronics under Project Numbers SRFC-IT1701-09. This work was supported by Institute for Information & Communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No. 2015-0-00565, Development of Vulnerability Discovery Technologies for IoT Software Security, No. 2017-0-00184, Self-Learning Cyber Immune Technology Development). Publisher Copyright: © 2017, Springer Science+Business Media, LLC, part of Springer Nature.

PY - 2018/10/1

Y1 - 2018/10/1

N2 - We present a method for automatically learning an effective strategy for clustering variables for the Octagon analysis from a given codebase. This learned strategy works as a preprocessor of Octagon. Given a program to be analyzed, the strategy is first applied to the program and clusters variables in it. We then run a partial variant of the Octagon analysis that tracks relationships among variables within the same cluster, but not across different clusters. The notable aspect of our learning method is that although the method is based on supervised learning, it does not require manually-labeled data. The method does not ask human to indicate which pairs of program variables in the given codebase should be tracked. Instead it uses the impact pre-analysis for Octagon from our previous work and automatically labels variable pairs in the codebase as positive or negative. We implemented our method on top of a static buffer-overflow detector for C programs and tested it against open source benchmarks. Our experiments show that the partial Octagon analysis with the learned strategy scales up to 100KLOC and is 33× faster than the one with the impact pre-analysis (which itself is significantly faster than the original Octagon analysis), while increasing false alarms by only 2%. The general idea behind our methodis applicable to other types of static analyses as well. We demonstrate that our method is also effective to learn a strategy for context-sensitivity of interval analysis.

AB - We present a method for automatically learning an effective strategy for clustering variables for the Octagon analysis from a given codebase. This learned strategy works as a preprocessor of Octagon. Given a program to be analyzed, the strategy is first applied to the program and clusters variables in it. We then run a partial variant of the Octagon analysis that tracks relationships among variables within the same cluster, but not across different clusters. The notable aspect of our learning method is that although the method is based on supervised learning, it does not require manually-labeled data. The method does not ask human to indicate which pairs of program variables in the given codebase should be tracked. Instead it uses the impact pre-analysis for Octagon from our previous work and automatically labels variable pairs in the codebase as positive or negative. We implemented our method on top of a static buffer-overflow detector for C programs and tested it against open source benchmarks. Our experiments show that the partial Octagon analysis with the learned strategy scales up to 100KLOC and is 33× faster than the one with the impact pre-analysis (which itself is significantly faster than the original Octagon analysis), while increasing false alarms by only 2%. The general idea behind our methodis applicable to other types of static analyses as well. We demonstrate that our method is also effective to learn a strategy for context-sensitivity of interval analysis.

KW - Context-sensitivity

KW - Machine learning

KW - Relational analysis

KW - Static analysis

UR - http://www.scopus.com/inward/record.url?scp=85034626614&partnerID=8YFLogxK

U2 - 10.1007/s10703-017-0306-7

DO - 10.1007/s10703-017-0306-7

M3 - Article

AN - SCOPUS:85034626614

SN - 0925-9856

VL - 53

SP - 189

EP - 220

JO - Formal Methods in System Design

JF - Formal Methods in System Design

IS - 2

ER -

Learning analysis strategies for octagon and context sensitivity from labeled data generated by static analyses

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this