Machine-Learning-Guided Selectively Unsound Static Analysis

Kihong Heo, Hakjoo Oh, Kwangkeun Yi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

39 Citations (Scopus)

Abstract

We present a machine-learning-based technique for selectively applying unsoundness in static analysis. Existing bug-finding static analyzers are unsound in order to be precise and scalable in practice. However, they are uniformly unsound and hence at the risk of missing a large amount of real bugs. By being sound, we can improve the detectability of the analyzer but it often suffers from a large number of false alarms. Our approach aims to strike a balance between these two approaches by selectively allowing unsoundness only when it is likely to reduce false alarms, while retaining true alarms. We use an anomaly-detection technique to learn such harmless unsoundness. We implemented our technique in two static analyzers for full C. One is for a taint analysis for detecting format-string vulnerabilities, and the other is for an interval analysis for buffer-overflow detection. The experimental results show that our approach significantly improves the recall of the original unsound analysis without sacrificing the precision.

Original languageEnglish
Title of host publicationProceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages519-529
Number of pages11
ISBN (Electronic)9781538638682
DOIs
Publication statusPublished - 2017 Jul 19
Externally publishedYes
Event39th IEEE/ACM International Conference on Software Engineering, ICSE 2017 - Buenos Aires, Argentina
Duration: 2017 May 202017 May 28

Publication series

NameProceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017

Conference

Conference39th IEEE/ACM International Conference on Software Engineering, ICSE 2017
Country/TerritoryArgentina
CityBuenos Aires
Period17/5/2017/5/28

Keywords

  • Bug-finding
  • Machine Learning
  • Static Analysis

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Software

Fingerprint

Dive into the research topics of 'Machine-Learning-Guided Selectively Unsound Static Analysis'. Together they form a unique fingerprint.

Cite this