Machine-Learning-Guided Selectively Unsound Static Analysis

Kihong Heo, Hakjoo Oh, Kwangkeun Yi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Citations (Scopus)

Abstract

We present a machine-learning-based technique for selectively applying unsoundness in static analysis. Existing bug-finding static analyzers are unsound in order to be precise and scalable in practice. However, they are uniformly unsound and hence at the risk of missing a large amount of real bugs. By being sound, we can improve the detectability of the analyzer but it often suffers from a large number of false alarms. Our approach aims to strike a balance between these two approaches by selectively allowing unsoundness only when it is likely to reduce false alarms, while retaining true alarms. We use an anomaly-detection technique to learn such harmless unsoundness. We implemented our technique in two static analyzers for full C. One is for a taint analysis for detecting format-string vulnerabilities, and the other is for an interval analysis for buffer-overflow detection. The experimental results show that our approach significantly improves the recall of the original unsound analysis without sacrificing the precision.

Original languageEnglish
Title of host publicationProceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages519-529
Number of pages11
ISBN (Electronic)9781538638682
DOIs
Publication statusPublished - 2017 Jul 19
Externally publishedYes
Event39th IEEE/ACM International Conference on Software Engineering, ICSE 2017 - Buenos Aires, Argentina
Duration: 2017 May 202017 May 28

Publication series

NameProceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017

Conference

Conference39th IEEE/ACM International Conference on Software Engineering, ICSE 2017
CountryArgentina
CityBuenos Aires
Period17/5/2017/5/28

Fingerprint

Static analysis
Learning systems
Acoustic waves

Keywords

  • Bug-finding
  • Machine Learning
  • Static Analysis

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Software

Cite this

Heo, K., Oh, H., & Yi, K. (2017). Machine-Learning-Guided Selectively Unsound Static Analysis. In Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017 (pp. 519-529). [7985690] (Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICSE.2017.54

Machine-Learning-Guided Selectively Unsound Static Analysis. / Heo, Kihong; Oh, Hakjoo; Yi, Kwangkeun.

Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 519-529 7985690 (Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Heo, K, Oh, H & Yi, K 2017, Machine-Learning-Guided Selectively Unsound Static Analysis. in Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017., 7985690, Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017, Institute of Electrical and Electronics Engineers Inc., pp. 519-529, 39th IEEE/ACM International Conference on Software Engineering, ICSE 2017, Buenos Aires, Argentina, 17/5/20. https://doi.org/10.1109/ICSE.2017.54
Heo K, Oh H, Yi K. Machine-Learning-Guided Selectively Unsound Static Analysis. In Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 519-529. 7985690. (Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017). https://doi.org/10.1109/ICSE.2017.54
Heo, Kihong ; Oh, Hakjoo ; Yi, Kwangkeun. / Machine-Learning-Guided Selectively Unsound Static Analysis. Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 519-529 (Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017).
@inproceedings{47cc0835867141dbbab09f82d7411469,
title = "Machine-Learning-Guided Selectively Unsound Static Analysis",
abstract = "We present a machine-learning-based technique for selectively applying unsoundness in static analysis. Existing bug-finding static analyzers are unsound in order to be precise and scalable in practice. However, they are uniformly unsound and hence at the risk of missing a large amount of real bugs. By being sound, we can improve the detectability of the analyzer but it often suffers from a large number of false alarms. Our approach aims to strike a balance between these two approaches by selectively allowing unsoundness only when it is likely to reduce false alarms, while retaining true alarms. We use an anomaly-detection technique to learn such harmless unsoundness. We implemented our technique in two static analyzers for full C. One is for a taint analysis for detecting format-string vulnerabilities, and the other is for an interval analysis for buffer-overflow detection. The experimental results show that our approach significantly improves the recall of the original unsound analysis without sacrificing the precision.",
keywords = "Bug-finding, Machine Learning, Static Analysis",
author = "Kihong Heo and Hakjoo Oh and Kwangkeun Yi",
year = "2017",
month = "7",
day = "19",
doi = "10.1109/ICSE.2017.54",
language = "English",
series = "Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "519--529",
booktitle = "Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017",

}

TY - GEN

T1 - Machine-Learning-Guided Selectively Unsound Static Analysis

AU - Heo, Kihong

AU - Oh, Hakjoo

AU - Yi, Kwangkeun

PY - 2017/7/19

Y1 - 2017/7/19

N2 - We present a machine-learning-based technique for selectively applying unsoundness in static analysis. Existing bug-finding static analyzers are unsound in order to be precise and scalable in practice. However, they are uniformly unsound and hence at the risk of missing a large amount of real bugs. By being sound, we can improve the detectability of the analyzer but it often suffers from a large number of false alarms. Our approach aims to strike a balance between these two approaches by selectively allowing unsoundness only when it is likely to reduce false alarms, while retaining true alarms. We use an anomaly-detection technique to learn such harmless unsoundness. We implemented our technique in two static analyzers for full C. One is for a taint analysis for detecting format-string vulnerabilities, and the other is for an interval analysis for buffer-overflow detection. The experimental results show that our approach significantly improves the recall of the original unsound analysis without sacrificing the precision.

AB - We present a machine-learning-based technique for selectively applying unsoundness in static analysis. Existing bug-finding static analyzers are unsound in order to be precise and scalable in practice. However, they are uniformly unsound and hence at the risk of missing a large amount of real bugs. By being sound, we can improve the detectability of the analyzer but it often suffers from a large number of false alarms. Our approach aims to strike a balance between these two approaches by selectively allowing unsoundness only when it is likely to reduce false alarms, while retaining true alarms. We use an anomaly-detection technique to learn such harmless unsoundness. We implemented our technique in two static analyzers for full C. One is for a taint analysis for detecting format-string vulnerabilities, and the other is for an interval analysis for buffer-overflow detection. The experimental results show that our approach significantly improves the recall of the original unsound analysis without sacrificing the precision.

KW - Bug-finding

KW - Machine Learning

KW - Static Analysis

UR - http://www.scopus.com/inward/record.url?scp=85027716023&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85027716023&partnerID=8YFLogxK

U2 - 10.1109/ICSE.2017.54

DO - 10.1109/ICSE.2017.54

M3 - Conference contribution

AN - SCOPUS:85027716023

T3 - Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017

SP - 519

EP - 529

BT - Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017

PB - Institute of Electrical and Electronics Engineers Inc.

ER -