Write a Blog >>
Fri 13 Nov 2020 01:03 - 01:04 at Virtual room 2 - Static Analysis

Merging execution paths is a powerful technique for reducing path explosion in symbolic execution. One approach, introduced and dubbed “veritesting” by Avgerinos et al., works by translating abounded control flow region into a single constraint. This approach is a convenient way to achieve path merging as a modification to a pre-existing single-path symbolic execution engine. Previous work evaluated this approach for symbolic execution of binary code, but different design considerations apply when building tools for other languages. In this paper, we extend the previous approach for symbolic execution of Java.

Because Java code typically contains many small dynamically dispatched methods, it is important to include them in multi-path regions; we introduce dynamic inlining of method-regions to do so modularly. Java’s typed memory structure is very different from the binary representation, but we show how the idea of static single assignment (SSA) form can be applied to object references to statically account for aliasing. We have implemented our algorithms in Java Ranger, an extension to the widely used Symbolic Pathfinder tool. In a set of nine benchmarks, Java Ranger reduces the running time and number of execution paths by a total of 38% and 71% respectively as compared to SPF. Our results are a significant improvement over the performance of JBMC, a recently released verification tool for Java bytecode. We also participated in a static verification competition at a top theory conference where other participants included state-of-the-art Java verifiers. JR won first place in the competition’s Java verification track.

Fri 13 Nov

Displayed time zone: (UTC) Coordinated Universal Time change

01:00 - 01:30
01:00
2m
Talk
ARDiff: Scaling Program Equivalence Checking via Iterative Abstraction and Refinement of Common Code
Research Papers
Sahar Badihi University of British Columbia, Canada, Faridah Akinotcho University of British Columbia, Canada, Yi Li Nanyang Technological University, Julia Rubin University of British Columbia, Canada
DOI Pre-print
01:03
1m
Talk
Java Ranger: Statically Summarizing Regions for Efficient Symbolic Execution of Java
Research Papers
Vaibhav Sharma University of Minnesota, USA, Soha Hussein University of Minnesota, USA / Ain Shams University, Egypt, Michael Whalen University of Minnesota, USA, Stephen McCamant University of Minnesota, USA, Willem Visser Stellenbosch University, South Africa
DOI
01:05
1m
Talk
PCA: Memory Leak Detection using Partial Call-Path Analysis
Tool Demos
Wen Li , Haipeng Cai Washington State University, USA, Yulei Sui University of Technology Sydney, David Manz Pacific Northwest National Laboratory, USA
DOI
01:07
1m
Talk
SWAN: A Static Analysis Framework for Swift
Tool Demos
Daniil Tiganov University of Alberta, Canada, Jeff Cho University of Alberta, Karim Ali University of Alberta, Julian Dolby IBM Research, USA
DOI
01:09
1m
Talk
UBITect: A Precise and Scalable Method to Detect Use-before-Initialization Bugs in Linux Kernel
Research Papers
Yizhuo Zhai University of California at Riverside, USA, Yu Hao University of California at Riverside, USA, Hang Zhang University of California at Riverside, USA, Daimeng Wang University of California at Riverside, USA, Chengyu Song University of California at Riverside, USA, Zhiyun Qian University of California at Riverside, USA, Mohsen Lesani University of California at Riverside, USA, Srikanth V. Krishnamurthy University of California at Riverside, USA, Paul Yu U.S. Army Research Laboratory, USA
DOI
01:11
19m
Talk
Conversations on Static Analysis
Paper Presentations
Daniil Tiganov University of Alberta, Canada, Haipeng Cai Washington State University, USA, Sahar Badihi University of British Columbia, Canada, Yizhuo Zhai University of California at Riverside, USA, M: Paul Gazzillo University of Central Florida