Physical Sciences and Mathematics Commons^™

Enhancing Source Code Representations For Deep Learning With Static Analysis, Xueting Guan, Christoph Treude

Research Collection School Of Computing and Information Systems

Deep learning techniques applied to program analysis tasks such as code classification, summarization, and bug detection have seen widespread interest. Traditional approaches, however, treat programming source code as natural language text, which may neglect significant structural or semantic details. Additionally, most current methods of representing source code focus solely on the code, without considering beneficial additional context. This paper explores the integration of static analysis and additional context such as bug reports and design patterns into source code representations for deep learning models. We use the Abstract Syntax Tree-based Neural Network (ASTNN) method and augment it with additional context information …

Endwatch: A Practical Method For Detecting Non-Termination In Real-World Software, Yao Zhang, Xiaofei Xie, Yi Li, Sen Chen, Cen Zhang, Xiaohong Li

Research Collection School Of Computing and Information Systems

Detecting non-termination is crucial for ensuring program correctness and security, such as preventing denial-of-service attacks. While termination analysis has been studied for many years, existing methods have limited scalability and are only effective on small programs. To address this issue, we propose a practical termination checking technique, called EndWatch, for detecting non-termination through testing. Specifically, we introduce two methods to generate non-termination oracles based on checking state revisits, i.e., if the program returns to a previously visited state at the same program location, it does not terminate. The non-termination oracles can be incorporated into testing tools (e.g., AFL used in …

A Proposed Artificial Intelligence Model For Android-Malware Detection, Fatma Taher, Omar Al Fandi, Mousa Al Kfairy, Hussam Al Hamadi, Saed Alrabaee

All Works

There are a variety of reasons why smartphones have grown so pervasive in our daily lives. While their benefits are undeniable, Android users must be vigilant against malicious apps. The goal of this study was to develop a broad framework for detecting Android malware using multiple deep learning classifiers; this framework was given the name DroidMDetection. To provide precise, dynamic, Android malware detection and clustering of different families of malware, the framework makes use of unique methodologies built based on deep learning and natural language processing (NLP) techniques. When compared to other similar works, DroidMDetection (1) uses API calls and …

How To Find Actionable Static Analysis Warnings: A Case Study With Findbugs, Rahul Yedida, Hong Jin Kang, Huy Tu, Xueqi Yang, David Lo, Tim Menzies

Research Collection School Of Computing and Information Systems

Automatically generated static code warnings suffer from a large number of false alarms. Hence, developers only take action on a small percent of those warnings. To better predict which static code warnings should ot be ignored, we suggest that analysts need to look deeper into their algorithms to find choices that better improve the particulars of their specific problem. Specifically, we show here that effective predictors of such warnings can be created by methods that ocally adjust the decision boundary (between actionable warnings and others). These methods yield a new high water-mark for recognizing actionable static code warnings. For eight …

Autopruner: Transformer-Based Call Graph Pruning, Cong Thanh Le, Hong Jin Kang, Truong Giang Nguyen, Stefanus Agus Haryono, David Lo, Xuan-Bach D. Le, Huynh Quyet Thang

Research Collection School Of Computing and Information Systems

Constructing a static call graph requires trade-offs between soundness and precision. Program analysis techniques for constructing call graphs are unfortunately usually imprecise. To address this problem, researchers have recently proposed call graph pruning empowered by machine learning to post-process call graphs constructed by static analysis. A machine learning model is built to capture information from the call graph by extracting structural features for use in a random forest classifier. It then removes edges that are predicted to be false positives. Despite the improvements shown by machine learning models, they are still limited as they do not consider the source code …

How Many Mutex Bugs Can A Simple Analysis Find In Go Programs?, Fumi Takeuchi, Hidehiko Masuhara, Raffi T. Khatchadourian, Youyou Cong, Keisuke Ishibashi

Publications and Research

In open-source software, it is known that there are many concurrency bugs. A previous study in Go revealed that a considerable number of such bugs are simple (for example, 9% of the bugs are the ones that forget to unlock a mutex,) through a manual program investigation. This paper tries to detect such bugs by applying a simple analysis to see how far such a tool can match the manual analysis. We built a simple intraprocedural control flow analysis in Go, and evaluated its performance concerning the open source programs with concurrency bugs reported in the previous study. Consequently, as …

Detecting False Alarms From Automatic Static Analysis Tools: How Far Are We?, Hong Jin Kang, Khai Loong Aw, David Lo

Research Collection School Of Computing and Information Systems

Automatic static analysis tools (ASATs), such as Findbugs, have a high false alarm rate. The large number of false alarms produced poses a barrier to adoption. Researchers have proposed the use of machine learning to prune false alarms and present only actionable warnings to developers. The state-of-the-art study has identified a set of “Golden Features” based on metrics computed over the characteristics and history of the file, code, and warning. Recent studies show that machine learning using these features is extremely effective and that they achieve almost perfect performance. We perform a detailed analysis to better understand the strong performance …

An Empirical Study On The Use And Misuse Of Java 8 Streams, Raffi T. Khatchadourian, Yiming Tang, Mehdi Bagherzadeh, Baishakhi Ray

Publications and Research

Streaming APIs allow for big data processing of native data structures by providing MapReduce-like operations over these structures. However, unlike traditional big data systems, these data structures typically reside in shared memory accessed by multiple cores. Although popular, this emerging hybrid paradigm opens the door to possibly detrimental behavior, such as thread contention and bugs related to non-execution and non-determinism. This study explores the use and misuse of a popular streaming API, namely, Java 8 Streams. The focus is on how developers decide whether or not to run these operations sequentially or in parallel and bugs both specific and tangential …

Safe Automated Refactoring For Intelligent Parallelization Of Java 8 Streams, Raffi T. Khatchadourian, Yiming Tang, Mehdi Bagherzadeh, Syed Ahmed

Publications and Research

Streaming APIs are becoming more pervasive in mainstream Object-Oriented programming languages and platforms. For example, the Stream API introduced in Java 8 allows for functional-like, MapReduce-style operations in processing both finite, e.g., collections, and infinite data structures. However, using this API efficiently involves subtle considerations such as determining when it is best for stream operations to run in parallel, when running operations in parallel can be less efficient, and when it is safe to run in parallel due to possible lambda expression side-effects. Also, streams may not run all operations in parallel depending on particular collectors used in reductions. In …

Safe Automated Refactoring For Intelligent Parallelization Of Java 8 Streams, Raffi T. Khatchadourian, Yiming Tang, Mehdi Bagherzadeh, Syed Ahmed

Publications and Research

Streaming APIs are becoming more pervasive in mainstream Object-Oriented programming languages. For example, the Stream API introduced in Java 8 allows for functional-like, MapReduce-style operations in processing both finite and infinite data structures. However, using this API efficiently involves subtle considerations like determining when it is best for stream operations to run in parallel, when running operations in parallel can be less efficient, and when it is safe to run in parallel due to possible lambda expression side-effects. In this paper, we present an automated refactoring approach that assists developers in writing efficient stream code in a semantics-preserving fashion. The …

Gaindroid: General Automated Incompatibility Notifier For Android Applications, Bruno Vieira Resende E Silva

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

With the ever-increasing popularity of mobile devices over the last decade, mobile apps and the frameworks upon which they are built frequently change. This rapid evolution leads to a confusing jumble of devices and applications utilizing differing features even within the same framework. For Android apps and devices, representing over 80% of the market share, mismatches between the version of the Android operating system installed on a device and the version of the app installed, can lead to several run-time crashes, providing a poor user experience.

This thesis presents GAINDroid, an analysis approach, backed with a classloader based program analyzer, …

An Integrated Approach For Effective Injection Vulnerability Analysis Of Web Applications Through Security Slicing And Hybrid Constraint Solving, Julian Thome, Lwin Khin Shar, Domenico Bianculli, Lionel Briand

Research Collection School Of Computing and Information Systems

Malicious users can attack Web applications by exploiting injection vulnerabilities in the source code. This work addresses the challenge of detecting injection vulnerabilities in the server-side code of Java Web applications in a scalable and effective way. We propose an integrated approach that seamlessly combines security slicing with hybrid constraint solving; the latter orchestrates automata-based solving with meta-heuristic search. We use static analysis to extract minimal program slices relevant to security from Web programs and to generate attack conditions. We then apply hybrid constraint solving to determine the satisfiability of attack conditions and thus detect vulnerabilities. The experimental results, using …

Joanaudit: A Tool For Auditing Common Injection Vulnerabilities, Julian Thome, Lwin Khin Shar, Domenico Bianculli, Lionel Briand

Research Collection School Of Computing and Information Systems

JoanAudit is a static analysis tool to assist security auditors in auditing Web applications and Web services for common injection vulnerabilities during software development. It automatically identifies parts of the program code that are relevant for security and generates an HTML report to guide security auditors audit the source code in a scalable way. JoanAudit is configured with various security-sensitive input sources and sinks relevant to injection vulnerabilities and standard sanitization procedures that prevent these vulnerabilities. It can also automatically fix some cases of vulnerabilities in source code — cases where inputs are directly used in sinks without any form …

Automated Refactoring Of Legacy Java Software To Default Methods, Raffi T. Khatchadourian, Hidehiko Masuhara

Publications and Research

Java 8 default methods, which allow interfaces to contain (instance) method implementations, are useful for the skeletal implementation software design pattern. However, it is not easy to transform existing software to exploit default methods as it requires analyzing complex type hierarchies, resolving multiple implementation inheritance issues, reconciling differences between class and interface methods, and analyzing tie-breakers (dispatch precedence) with overriding class methods to preserve type-correctness and confirm semantics preservation. In this paper, we present an efficient, fully-automated, type constraint-based refactoring approach that assists developers in taking advantage of enhanced interfaces for their legacy Java software. The approach features an extensive …

Security Slicing For Auditing Common Injection Vulnerabilities, Julian Thome, Lwin Khin Shar, Domenico Bianculli, Lionel Briand

Research Collection School Of Computing and Information Systems

Cross-site scripting and injection vulnerabilities are among the most common and serious security issues for Web applications. Although existing static analysis approaches can detect potential vulnerabilities in source code, they generate many false warnings and source-sink traces with irrelevant information, making their adoption impractical for security auditing. One suitable approach to support security auditing is to compute a program slice for each sink, which contains all the information required for security auditing. However, such slices are likely to contain a large amount of information that is irrelevant to security, thus raising scalability issues for security audits. In this paper, we …

Poster: Android Whole-System Control Flow Analysis For Accurate Application Behavior Modeling, Huu Hoang Nguyen

Research Collection School Of Computing and Information Systems

Android, the modern operating system for smartphones, together with its millions of apps, has become an important part of human life. There are many challenges to analyzing them. It is important to model the mobile systems in order to analyze the behaviors of apps accurately. These apps are built on top of interactions with Android systems. We aim to automatically build abstract models of the mobile systems and thus automate the analysis of mobile applications and detect potential issues (e.g., leaking private data, causing unexpected crashes, etc.). The expected results will be the accuracy models of actual various versions of …

Security Slicing For Auditing Xml, Xpath, And Sql Injection Vulnerabilities, Julian Thome, Lwin Khin Shar, Lionel Briand

Research Collection School Of Computing and Information Systems

XML, XPath, and SQL injection vulnerabilities are among the most common and serious security issues for Web applications and Web services. Thus, it is important for security auditors to ensure that the implemented code is, to the extent possible, free from these vulnerabilities before deployment. Although existing taint analysis approaches could automatically detect potential vulnerabilities in source code, they tend to generate many false warnings. Furthermore, the produced traces, i.e. dataflow paths from input sources to security-sensitive operations, tend to be incomplete or to contain a great deal of irrelevant information. Therefore, it is difficult to identify real vulnerabilities and …

Mining Patterns Of Unsatisfiable Constraints To Detect Infeasible Paths, Sun Ding, Hee Beng Kuan Tan, Lwin Khin Shar

Research Collection School Of Computing and Information Systems

Detection of infeasible paths is required in many areas including test coverage analysis, test case generation, security vulnerability analysis, etc. Existing approaches typically use static analysis coupled with symbolic evaluation, heuristics, or path-pattern analysis. This paper is related to these approaches but with a different objective. It is to analyze code of real systems to build patterns of unsatisfiable constraints in infeasible paths. The resulting patterns can be used to detect infeasible paths without the use of constraint solver and evaluation of function calls involved, thus improving scalability. The patterns can be built gradually. Evaluation of the proposed approach shows …

Semi-Automated Verification Of Defense Against Sql Injection In Web Applications, Kaiping Liu, Hee Beng Kuan Tan, Lwin Khin Shar

Research Collection School Of Computing and Information Systems

Recent reports reveal that majority of the attacks to Web applications are input manipulation attacks. Among these attacks, SQL injection attack malicious input is submitted to manipulate the database in a way that was unintended by the applications' developers is one such attack. This paper proposes an approach for assisting to code verification process on the defense against SQL injection. The approach extracts all such defenses implemented in code. With the use of the proposed approach, developers, testers or auditors can then check the defenses extracted from code to verify their adequacy. We have evaluated the feasibility, effectiveness, and usefulness …

A Colored Petri Net-Based Approach For Automated Deadlock Detection In Parallel Programs, N. Mansouri, Amrit L. Goel

Electrical Engineering and Computer Science - Technical Reports

A static analysis approach is proposed for automated detection of deadlocks in a common class of parallel programs, referred to as Single Code Multiple Data (SCMD) programs. It is based on colored Petri net (CP-net) modeling and reachability analysis, where colors correspond to parallel processes. An SCMD program is first translated into a CP-net and a reachability tree is then derived and analyzed for deadlock information. CP-subnets representing basic programming language constructs are described. These subnets are employed as building blocks by an algorithm that translates synchronization-related statements of a process in an SCMD program and connects the resulting subnets. …

An Approach For Minimizing Spurious Errors In Testing Ada Tasking Programs, N. Mansouri, Amrit L. Goel

Electrical Engineering and Computer Science - Technical Reports

We propose an approach for detecting deadlocks and race conditions in Ada tasking software. It is based on an extension to Petri net-based techniques, where a concurrent program is modeled as a Petri net and a reachability graph is then derived and analyzed for desired information. In this approach, Predicate-Action subnets representing Ada programming constructs are described, where predicates and actions are attached to transitions. Predicates are those found in decision statements. Actions involve updating the status of the variables that affect the tasking behavior of the program and updating the Read and Write sets of shared variables. The shared …

A Petri Net-Based Tool For Detecting Deadlocks And Race Conditions In Concurrent Programs, Amrit L. Goel, N. Mansouri

Electrical Engineering and Computer Science - Technical Reports

A static analysis tool for detecting deadlocks and potential race conditions on shared variables in concurrent programs is presented. It is based on Petri Net modeling and reachability analysis, where a concurrent program is modeled as an augmented Petri net and a reachability graph is then derived and analyzed for desired information. Place-Transition subnets representing programming language constructs are described. Transitions in these subnets are augmented with sets of shared variables that occur in sections of the program, called concurrency zones, related to the transitions. The tool consists of four modules. The modeling module employs the augmented subnets as building …