Jasmine: A Static Analysis Framework for Spring Core TechnologiesVirtual
The Spring framework is widely used in developing enterprise web applications. Spring core technologies, such as Dependency Injection and Aspect-Oriented Programming, make development faster and easier. However, the implementation of Spring core technologies uses a lot of dynamic features. Those features impose significant challenges when using static analysis to reason about the behavior of Spring-based applications. In this paper, we propose Jasmine, a static analysis framework with respect to Spring core technologies extends from Soot to enhance the call graph’s completeness while not greatly affecting its performance. We evaluate Jasmine’s completeness, precision, and performance using Spring micro-benchmarks and a suite of 18 real-world Spring programs. Our experiments show that Jasmine effectively enhances the state-of-the-art tools based on Soot and Doop to better support Spring core technologies. We also add Jasmine support to FlowDroid and discovered twelve sensitive information leakage paths in our benchmarks. Jasmine is expected to provide significant benefits for many program analyses scenes of Spring applications where more completeness of call graphs are required.
Wed 12 OctDisplayed time zone: Eastern Time (US & Canada) change
10:00 - 12:00 | Technical Session 11 - Analysis and TypesResearch Papers / NIER Track / Late Breaking Results at Gold A Chair(s): Thiago Ferreira University of Michigan - Flint | ||
10:00 20mResearch paper | SA4U: Practical Static Analysis for Unit Type Error Detection Research Papers Max Taylor The Ohio State University, Johnathon Aurand The Ohio State University, Feng Qin Ohio State University, USA, Xiaorui Wang The Ohio State University, Brandon Henry Tangram Flex, Xiangyu Zhang Purdue University | ||
10:20 10mVision and Emerging Results | Principled Composition of Function Variants for Dynamic Software Diversity and Program Protection NIER Track Giacomo Priamo Sapienza University of Rome, Daniele Cono D'Elia Sapienza University of Rome, Leonardo Querzoni Sapienza University Rome | ||
10:30 20mResearch paper | AST-Probe: Recovering abstract syntax trees from hidden representations of pre-trained language models Research Papers José Antonio Hernández López Department of Computer Science and Systems, University of Murcia, Martin Weyssow DIRO, Université de Montréal, Jesús Sánchez Cuadrado , Houari Sahraoui Université de Montréal Link to publication Pre-print | ||
10:50 10mPaper | Towards Gradual Multiparty Session TypingVirtual Late Breaking Results Sung-Shik Jongmans Open University of the Netherlands; CWI | ||
11:00 20mResearch paper | Static Type Recommendation for PythonVirtual Research Papers Ke Sun Peking University, Yifan Zhao Peking University, Dan Hao Peking University, Lu Zhang Peking University | ||
11:20 20mResearch paper | Prompt-tuned Code Language Model as a Neural Knowledge Base for Type Inference in Statically-Typed Partial CodeVirtual Research Papers Qing Huang School of Computer Information Engineering, Jiangxi Normal University, Zhiqiang Yuan School of Computer Information Engineering, Jiangxi Normal University, Zhenchang Xing Australian National University, Xiwei (Sherry) Xu CSIRO Data61, Liming Zhu CSIRO’s Data61; UNSW, Qinghua Lu CSIRO’s Data61 | ||
11:40 20mResearch paper | Jasmine: A Static Analysis Framework for Spring Core TechnologiesVirtual Research Papers Miao Chen Beijing University of Posts and Telecommunications, Tengfei Tu Beijing University of Posts and Telecommunications, Hua Zhang Beijing University of Posts and Telecommunications, Qiaoyan Wen Beijing University of Posts and Telecommunications, Weihang Wang University of Southern California | ||