TY - GEN
T1 - Machine-Learning-Guided Selectively Unsound Static Analysis
AU - Heo, Kihong
AU - Oh, Hakjoo
AU - Yi, Kwangkeun
PY - 2017/7/19
Y1 - 2017/7/19
N2 - We present a machine-learning-based technique for selectively applying unsoundness in static analysis. Existing bug-finding static analyzers are unsound in order to be precise and scalable in practice. However, they are uniformly unsound and hence at the risk of missing a large amount of real bugs. By being sound, we can improve the detectability of the analyzer but it often suffers from a large number of false alarms. Our approach aims to strike a balance between these two approaches by selectively allowing unsoundness only when it is likely to reduce false alarms, while retaining true alarms. We use an anomaly-detection technique to learn such harmless unsoundness. We implemented our technique in two static analyzers for full C. One is for a taint analysis for detecting format-string vulnerabilities, and the other is for an interval analysis for buffer-overflow detection. The experimental results show that our approach significantly improves the recall of the original unsound analysis without sacrificing the precision.
AB - We present a machine-learning-based technique for selectively applying unsoundness in static analysis. Existing bug-finding static analyzers are unsound in order to be precise and scalable in practice. However, they are uniformly unsound and hence at the risk of missing a large amount of real bugs. By being sound, we can improve the detectability of the analyzer but it often suffers from a large number of false alarms. Our approach aims to strike a balance between these two approaches by selectively allowing unsoundness only when it is likely to reduce false alarms, while retaining true alarms. We use an anomaly-detection technique to learn such harmless unsoundness. We implemented our technique in two static analyzers for full C. One is for a taint analysis for detecting format-string vulnerabilities, and the other is for an interval analysis for buffer-overflow detection. The experimental results show that our approach significantly improves the recall of the original unsound analysis without sacrificing the precision.
KW - Bug-finding
KW - Machine Learning
KW - Static Analysis
UR - http://www.scopus.com/inward/record.url?scp=85027716023&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85027716023&partnerID=8YFLogxK
U2 - 10.1109/ICSE.2017.54
DO - 10.1109/ICSE.2017.54
M3 - Conference contribution
AN - SCOPUS:85027716023
T3 - Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017
SP - 519
EP - 529
BT - Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 39th IEEE/ACM International Conference on Software Engineering, ICSE 2017
Y2 - 20 May 2017 through 28 May 2017
ER -