Write a Blog >>
Tue 11 Oct 2022 14:50 - 15:00 at Ballroom C East - Technical Session 5 - Code Analysis Chair(s): Vahid Alizadeh
Wed 12 Oct 2022 09:30 - 10:00 at Ballroom A - Tool Poster Session 2

Dynamic taint analysis (DTA) is a popular approach to help protect JavaScript applications against injection vulnerabilities. In 2016, the ECMAScript 7 JavaScript language standard introduced many language features that most existing DTA tools for JavaScript do not support, e.g., the async/await keywords for asynchronous programming. We present Augur, a high-performance dynamic taint analysis for ES7 JavaScript that leverages VM-\textit{supported} instrumentation. Integrating directly with a public, stable instrumentation API gives Augur the ability to run with high performance inside the VM and remain resilient to language revisions. We extend the abstract-machine approach to DTA with semantics to handle asynchronous function calls. In addition to providing the classic DTA use case of injection vulnerability detection, Augur is highly configurable to support any type of taint analysis, making it useful outside of the security domain. We evaluated Augur on a set of 20 benchmarks, and observed a median runtime overhead of only 1.77×. We note a median performance improvement of 298% compared to the previous state-of-the-art Ichnaea.

Tool demo: https://www.youtube.com/watch?v=GczQ-2A58LE

Link to open source code repository: https://github.com/nuprl/augur

Tue 11 Oct

Displayed time zone: Eastern Time (US & Canada) change

14:00 - 15:30
Technical Session 5 - Code AnalysisTool Demonstrations / Research Papers / Journal-first Papers at Ballroom C East
Chair(s): Vahid Alizadeh DePaul University
14:00
20m
Research paper
Detecting Blocking Errors in Go Programs using Localized Abstract InterpretationACM SIGSOFT Distinguished Paper Award
Research Papers
Oskar Haarklou Veileborg Aarhus University, Georgian-Vlad Saioc Aarhus University, Anders Møller Aarhus University
Link to publication
14:20
10m
Demonstration
InvCon: A Dynamic Invariant Detector for Ethereum Smart Contracts
Tool Demonstrations
Ye Liu Nanyang Technological University, Yi Li Nanyang Technological University
Pre-print
14:30
20m
Paper
An empirical comparison of four Java-based regression test selection techniques
Journal-first Papers
Min Kyung Shin Colorado State University, Sudipto Ghosh Colorado State University, USA, Leo R. Vijayasarathy Colorado State University
Link to publication DOI
14:50
10m
Demonstration
Augur: Dynamic Taint Analysis for Asynchronous JavaScript
Tool Demonstrations
Mark W. Aldrich Tufts University, Alexi Turcotte Northeastern University, Matthew Blanco Northeastern University, Frank Tip Northeastern University
15:00
10m
Demonstration
FlexType: A Plug-and-Play Framework for Type Inference Models
Tool Demonstrations
Sivani Voruganti UC Davis, Kevin Jesse University of California at Davis, USA, Prem Devanbu Department of Computer Science, University of California, Davis
Pre-print
15:10
20m
Research paper
SelfAPR: Self-supervised Program Repair with Test Execution DiagnosticsVirtual
Research Papers
He Ye KTH Royal Institute of Technology, Matias Martinez Université Polytechnique Hauts-de-France, Xiapu Luo Hong Kong Polytechnic University, Tao Zhang Macau University of Science and Technology (MUST), Martin Monperrus KTH Royal Institute of Technology

Wed 12 Oct

Displayed time zone: Eastern Time (US & Canada) change

09:30 - 10:00
Tool Poster Session 2Tool Demonstrations at Ballroom A
09:30
30m
Demonstration
ElecDaug: Electromagnetic Data Augmentation for Model Repair based on Metamorphic Relation
Tool Demonstrations
Jiawei He , Zhida Bao Harbin Engineering University, Quanjun Zhang Nanjing University, Weisong Sun State Key Laboratory for Novel Software Technology, Nanjing University, Jiawei Liu Nanjing University, Chunrong Fang Nanjing University, Yun Lin National University of Singapore
09:30
30m
Demonstration
CBMC-SSM: Bounded Model Checking of C Programs with Symbolic Shadow Memory
Tool Demonstrations
Bernd Fischer Stellenbosch University, South Africa, Salvatore La Torre Università degli Studi di Salerno, Gennaro Parlato University of Molise, Peter Schrammel University of Sussex and Diffblue Ltd
09:30
30m
Demonstration
ADEPT: A Testing Platform for Simulated Autonomous DrivingVirtual
Tool Demonstrations
Sen Wang Nanjing University, Zhuheng Sheng Nanjing University, Jingwei Xu , Taolue Chen University of Surrey, UK, Junjun Zhu Nanjing University, Shuhui Zhang Nanjing University, Yuan Yao Nanjing University, Xiaoxing Ma Nanjing University
09:30
30m
Demonstration
Augur: Dynamic Taint Analysis for Asynchronous JavaScript
Tool Demonstrations
Mark W. Aldrich Tufts University, Alexi Turcotte Northeastern University, Matthew Blanco Northeastern University, Frank Tip Northeastern University
09:30
30m
Demonstration
FlexType: A Plug-and-Play Framework for Type Inference Models
Tool Demonstrations
Sivani Voruganti UC Davis, Kevin Jesse University of California at Davis, USA, Prem Devanbu Department of Computer Science, University of California, Davis
Pre-print
09:30
30m
Demonstration
InvCon: A Dynamic Invariant Detector for Ethereum Smart Contracts
Tool Demonstrations
Ye Liu Nanyang Technological University, Yi Li Nanyang Technological University
Pre-print
09:30
30m
Demonstration
AntiCopyPaster: Extracting Code Duplicates As Soon As They Are Introduced in the IDE
Tool Demonstrations
Eman Abdullah AlOmar Stevens Institute of Technology, Anton Ivanov HSE University, Zarina Kurbatova JetBrains Research, Yaroslav Golubev JetBrains Research, Mohamed Wiem Mkaouer Rochester Institute of Technology, Ali Ouni ETS Montreal, University of Quebec, Timofey Bryksin JetBrains Research, Le Nguyen Rochester Institute of Technology, Amit Kini Rochester Institute of Technology, Aditya Thakur Rochester Institute of Technology
DOI Pre-print
09:30
30m
Demonstration
ecoCode: a SonarQube Plugin to Remove Energy Smells from Android Projects
Tool Demonstrations
Olivier Le Goaër LIUPPA, Université de Pau et des Pays de l'Adour, Julien Hertout Snapp'
DOI File Attached
09:30
30m
Demonstration
Answering Software Deployment Questions via Neural Machine Reading at ScaleVirtual
Tool Demonstrations
Guan Jie Qiu School of Software, Shanghai Jiao Tong University, Diwei Chen School of Software, Shanghai Jiao Tong University, Shuai Zhang School of Software, Shanghai Jiao Tong University, Yitian Chai School of Software, Shanghai Jiao Tong University, Xiaodong Gu Shanghai Jiao Tong University, China, Beijun Shen School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University
09:30
30m
Demonstration
LiveRef: a Tool for Live Refactoring Java Code
Tool Demonstrations
Sara Fernandes FEUP, Universidade do Porto, Ademar Aguiar FEUP, Universidade do Porto, André Restivo LIACC, Universidade do Porto, Porto, Portugal
09:30
30m
Demonstration
A transformer-based IDE plugin for vulnerability detectionVirtual
Tool Demonstrations
Cláudia Mamede FEUP, U.Porto, Eduard Pinconschi FEUP, U.Porto, Rui Abreu Faculty of Engineering, University of Porto, Portugal