Blogs (61) >>
Wed 18 Jul 2018 14:00 - 14:30 at Bangkok - Session #2 Chair(s): Artem Pelenitsyn

Several papers in the literature claim detection of bugs such as buffer overflow through machine learning techniques. Models get trained to report bugs at the function or file level, and reviewers of the results have to eyeball the code to determine whether there is a bug in that function or file, or not. Contrast this to static code analysers which report bugs at the statement level, showing the path to the bug being reported, allowing reviewers of the reports to easily determine if the statement has a bug or not.

Based on our experience with implementing scalable and precise bug finders in the Parfait tool, we experiment with machine learning to understand how close the techniques can get to a precise static code analyser. In this paper we summarise our finding in using ML techniques to find buffer overflow bugs in programs written in the C language. We treat bug detection as a classification problem. We use feature extraction and train a model to determine whether a buffer overflow has occurred or not at the function level. Training is done over labelled data used for regression testing of the Parfait tool. We evaluate the performance of the different classifiers using the 10-fold cross-validation, and the leave-one-out strategy. To understand the generalisability of the the trained model, we use it on a collection of unlabelled real-world programs and manually check the reported warnings.

Our experiments show that, even though the models give good results over training data, they do not perform that well when faced with larger, unlabelled data. We conclude with some of the open questions that need addressing before machine learning techniques can be used for detecting buffer overflow errors.

Wed 18 Jul

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

14:00 - 15:30
Session #2ML4PL at Bangkok
Chair(s): Artem Pelenitsyn Czech Technical University in Prague
14:00
30m
Talk
Buffer Overflow Detection for C Programs is Hard to Learn
ML4PL
Cristina Cifuentes Oracle Labs, Yang Zhao Oracle Labs, Xingzhong Du Oracle Labs, Paddy Krishnan
14:30
30m
Talk
Generating Software Adaptations using Machine Learning
ML4PL
Nicolás Cardozo Universidad de los Andes, Ivana Dusparic Trinity College Dublin, Ireland
15:00
30m
Talk
Detecting anomalies in Kotlin code
ML4PL
Timofey Bryksin , Victor Petukhov ITMO University, Kirill Smirenko Saint Petersburg State University, Nikita Povarov JetBrains