Towards More Accurate Static Analysis for Taint-style Bug Detection in Linux Kernel
This program is tentative and subject to change.
Static analysis plays a crucial role in software vulnerability detection, yet faces a persistent precision-scalability trade-off. In large codebases like the Linux kernel, traditional static analysis tools often generate excessive false positives due to simplified vulnerability modeling and over-approximation of path and data constraints. While Large Language Models (LLMs) demonstrate promising code understanding capabilities, their direct application to program analysis remains unreliable due to inherent reasoning limitations.
We introduce BugLens, a post-refinement framework that significantly enhances static analysis precision for bug detection. BugLens guides LLMs through structured reasoning steps to assess security impact and validate constraints from the source code. When evaluated on Linux kernel’s taint-style bugs detected by static analysis tools, BugLens improves precision approximately 7-fold (from 0.10 to 0.72), substantially reducing false positives while uncovering four previously unreported vulnerabilities. Our results demonstrate that a well-structured, fully-automated LLM-based workflow can effectively complement and enhance traditional static analysis techniques.
This program is tentative and subject to change.
Wed 19 NovDisplayed time zone: Seoul change
14:00 - 15:30 | |||
14:00 10mTalk | Incremental Program Analysis in the Wild: An Empirical Study on Real-World Program Changes Research Papers Xizao Wang Nanjing University, Xiangrong Bin Nanjing University, Lanxin Huang Nanjing University, Shangqing Liu Nanjing University, Jianhua Zhao Nanjing University, China, Lei Bu Nanjing University | ||
14:10 10mTalk | Spinner: Detecting Locking Violations in the eBPF Runtime Research Papers Priya Govindasamy University of California, Irvine, Joseph Bursey University of California, Irvine, Hsin-Wei Hung Meta, Ardalan Amiri Sani University of California, Irvine | ||
14:20 10mTalk | Towards More Accurate Static Analysis for Taint-style Bug Detection in Linux Kernel Research Papers Haonan Li University of California at Riverside, USA, Hang Zhang Indiana University, Kexin Pei The University of Chicago, Zhiyun Qian University of California at Riverside, USA Pre-print | ||
14:30 10mTalk | Automated Insertion of Flushes and Fences for Persistency Research Papers Yutong Guo University of California, Irvine, Weiyu Luo University of California, Irvine, Brian Demsky University of California at Irvine | ||
14:40 10mTalk | DIFFFIX: Incrementally Fixing AST Diffs via Context and Type Information Research Papers Guofeng Zeng University of Science and Technology Beijing, Chang-ai Sun University of Science and Technology Beijing, Kai Gao University of Science and Technology Beijing, Huai Liu Swinburne University of Technology | ||
14:50 10mTalk | Breaking the Traffic Barrier: Unveiling Multi-Format of Protocols via Autonomous Program Exploration Research Papers Dingzhao Xue Institute of Information Engineering of CAS, College of Cyberspace Security, Chinese Academy of Sciences, Yibo Qu Institute of Information Engineering of CAS, College of Cyberspace Security, Chinese Academy of Sciences, Bowen Jiang Institute of Information Engineering of CAS, College of Cyberspace Security, Chinese Academy of Sciences, Xin Chen , Shuaizong Si Institute of Information Engineering of CAS, College of Cyberspace Security, Chinese Academy of Sciences, Shichao Lv Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Zhiqiang Shi Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Limin Sun Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences | ||
15:00 10mTalk | Detecting Semantic Clones of Unseen Functionality Research Papers Konstantinos Kitsios University of Zurich, Francesco Sovrano Collegium Helveticum, ETH Zurich, Switzerland; Department of Informatics, University of Zurich, Switzerland, Earl T. Barr University College London, Alberto Bacchelli University of Zurich Pre-print | ||
15:10 10mTalk | Loupe: End-to-End Learning of Loop Unrolling Heuristics for Abstract Interpretation Research Papers Maykel Mattar Université Paris-Saclay, CEA, List / Université Bretagne Sud, IRISA, Michele Alberti CEA, LIST, France, Valentin Perrelle CEA, LIST, France, Salah Sadou IRISA & CNRS, Universite Bretagne Sud,France | ||
15:20 10mTalk | Belief Propagation with Local Structure and Its Applications in Program Analysis Research Papers Yiqian Wu Peking University, China, Yifan Chen Peking University, Yingfei Xiong Peking University, Xin Zhang Peking University | ||