Tue 11 Oct 2022 14:50 - 15:00 at Ballroom C East - Technical Session 5 - Code Analysis Chair(s): Vahid Alizadeh
Wed 12 Oct 2022 09:30 - 10:00 at Ballroom A - Tool Poster Session 2
Wed 12 Oct 2022 09:30 - 10:00 at Ballroom A - Tool Poster Session 2
Dynamic taint analysis (DTA) is a popular approach to help protect JavaScript applications against injection vulnerabilities. In 2016, the ECMAScript 7 JavaScript language standard introduced many language features that most existing DTA tools for JavaScript do not support, e.g., the async/await keywords for asynchronous programming. We present Augur, a high-performance dynamic taint analysis for ES7 JavaScript that leverages VM-\textit{supported} instrumentation. Integrating directly with a public, stable instrumentation API gives Augur the ability to run with high performance inside the VM and remain resilient to language revisions. We extend the abstract-machine approach to DTA with semantics to handle asynchronous function calls. In addition to providing the classic DTA use case of injection vulnerability detection, Augur is highly configurable to support any type of taint analysis, making it useful outside of the security domain. We evaluated Augur on a set of 20 benchmarks, and observed a median runtime overhead of only 1.77×. We note a median performance improvement of 298% compared to the previous state-of-the-art Ichnaea.
Tool demo: https://www.youtube.com/watch?v=GczQ-2A58LE
Link to open source code repository: https://github.com/nuprl/augur
Tue 11 OctDisplayed time zone: Eastern Time (US & Canada) change
Tue 11 Oct
Displayed time zone: Eastern Time (US & Canada) change
14:00 - 15:30 | Technical Session 5 - Code AnalysisTool Demonstrations / Research Papers / Journal-first Papers at Ballroom C East Chair(s): Vahid Alizadeh DePaul University | ||
14:00 20mResearch paper | Detecting Blocking Errors in Go Programs using Localized Abstract InterpretationACM SIGSOFT Distinguished Paper Award Research Papers Oskar Haarklou Veileborg Aarhus University, Georgian-Vlad Saioc Aarhus University, Anders Møller Aarhus University Link to publication | ||
14:20 10mDemonstration | InvCon: A Dynamic Invariant Detector for Ethereum Smart Contracts Tool Demonstrations Pre-print | ||
14:30 20mPaper | An empirical comparison of four Java-based regression test selection techniques Journal-first Papers Min Kyung Shin Colorado State University, Sudipto Ghosh Colorado State University, USA, Leo R. Vijayasarathy Colorado State University Link to publication DOI | ||
14:50 10mDemonstration | Augur: Dynamic Taint Analysis for Asynchronous JavaScript Tool Demonstrations Mark W. Aldrich Tufts University, Alexi Turcotte Northeastern University, Matthew Blanco Northeastern University, Frank Tip Northeastern University | ||
15:00 10mDemonstration | FlexType: A Plug-and-Play Framework for Type Inference Models Tool Demonstrations Sivani Voruganti UC Davis, Kevin Jesse University of California at Davis, USA, Prem Devanbu Department of Computer Science, University of California, Davis Pre-print | ||
15:10 20mResearch paper | SelfAPR: Self-supervised Program Repair with Test Execution DiagnosticsVirtual Research Papers He Ye KTH Royal Institute of Technology, Matias Martinez Université Polytechnique Hauts-de-France, Xiapu Luo Hong Kong Polytechnic University, Tao Zhang Macau University of Science and Technology (MUST), Martin Monperrus KTH Royal Institute of Technology | ||
Wed 12 OctDisplayed time zone: Eastern Time (US & Canada) change
Wed 12 Oct
Displayed time zone: Eastern Time (US & Canada) change
09:30 - 10:00 | |||
09:30 30mDemonstration | ElecDaug: Electromagnetic Data Augmentation for Model Repair based on Metamorphic Relation Tool Demonstrations Jiawei He , Zhida Bao Harbin Engineering University, Quanjun Zhang Nanjing University, Weisong Sun State Key Laboratory for Novel Software Technology, Nanjing University, Jiawei Liu Nanjing University, Chunrong Fang Nanjing University, Yun Lin National University of Singapore | ||
09:30 30mDemonstration | CBMC-SSM: Bounded Model Checking of C Programs with Symbolic Shadow Memory Tool Demonstrations Bernd Fischer Stellenbosch University, South Africa, Salvatore La Torre Università degli Studi di Salerno, Gennaro Parlato University of Molise, Peter Schrammel University of Sussex and Diffblue Ltd | ||
09:30 30mDemonstration | ADEPT: A Testing Platform for Simulated Autonomous DrivingVirtual Tool Demonstrations Sen Wang Nanjing University, Zhuheng Sheng Nanjing University, Jingwei Xu , Taolue Chen University of Surrey, UK, Junjun Zhu Nanjing University, Shuhui Zhang Nanjing University, Yuan Yao Nanjing University, Xiaoxing Ma Nanjing University | ||
09:30 30mDemonstration | Augur: Dynamic Taint Analysis for Asynchronous JavaScript Tool Demonstrations Mark W. Aldrich Tufts University, Alexi Turcotte Northeastern University, Matthew Blanco Northeastern University, Frank Tip Northeastern University | ||
09:30 30mDemonstration | FlexType: A Plug-and-Play Framework for Type Inference Models Tool Demonstrations Sivani Voruganti UC Davis, Kevin Jesse University of California at Davis, USA, Prem Devanbu Department of Computer Science, University of California, Davis Pre-print | ||
09:30 30mDemonstration | InvCon: A Dynamic Invariant Detector for Ethereum Smart Contracts Tool Demonstrations Pre-print | ||
09:30 30mDemonstration | AntiCopyPaster: Extracting Code Duplicates As Soon As They Are Introduced in the IDE Tool Demonstrations Eman Abdullah AlOmar Stevens Institute of Technology, Anton Ivanov HSE University, Zarina Kurbatova JetBrains Research, Yaroslav Golubev JetBrains Research, Mohamed Wiem Mkaouer Rochester Institute of Technology, Ali Ouni ETS Montreal, University of Quebec, Timofey Bryksin JetBrains Research, Le Nguyen Rochester Institute of Technology, Amit Kini Rochester Institute of Technology, Aditya Thakur Rochester Institute of Technology DOI Pre-print | ||
09:30 30mDemonstration | ecoCode: a SonarQube Plugin to Remove Energy Smells from Android Projects Tool Demonstrations DOI File Attached | ||
09:30 30mDemonstration | Answering Software Deployment Questions via Neural Machine Reading at ScaleVirtual Tool Demonstrations Guan Jie Qiu School of Software, Shanghai Jiao Tong University, Diwei Chen School of Software, Shanghai Jiao Tong University, Shuai Zhang School of Software, Shanghai Jiao Tong University, Yitian Chai School of Software, Shanghai Jiao Tong University, Xiaodong Gu Shanghai Jiao Tong University, China, Beijun Shen School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University | ||
09:30 30mDemonstration | LiveRef: a Tool for Live Refactoring Java Code Tool Demonstrations Sara Fernandes FEUP, Universidade do Porto, Ademar Aguiar FEUP, Universidade do Porto, André Restivo LIACC, Universidade do Porto, Porto, Portugal | ||
09:30 30mDemonstration | A transformer-based IDE plugin for vulnerability detectionVirtual Tool Demonstrations Cláudia Mamede FEUP, U.Porto, Eduard Pinconschi FEUP, U.Porto, Rui Abreu Faculty of Engineering, University of Porto, Portugal | ||