Blogs (61) >>
Wed 18 Jul 2018 14:00 - 14:30 at Bangkok - Session #2 Chair(s): Artem Pelenitsyn

Several papers in the literature claim detection of bugs such as buffer overflow through machine learning techniques. Models get trained to report bugs at the function or file level, and reviewers of the results have to eyeball the code to determine whether there is a bug in that function or file, or not. Contrast this to static code analysers which report bugs at the statement level, showing the path to the bug being reported, allowing reviewers of the reports to easily determine if the statement has a bug or not.

Based on our experience with implementing scalable and precise bug finders in the Parfait tool, we experiment with machine learning to understand how close the techniques can get to a precise static code analyser. In this paper we summarise our finding in using ML techniques to find buffer overflow bugs in programs written in the C language. We treat bug detection as a classification problem. We use feature extraction and train a model to determine whether a buffer overflow has occurred or not at the function level. Training is done over labelled data used for regression testing of the Parfait tool. We evaluate the performance of the different classifiers using the 10-fold cross-validation, and the leave-one-out strategy. To understand the generalisability of the the trained model, we use it on a collection of unlabelled real-world programs and manually check the reported warnings.

Our experiments show that, even though the models give good results over training data, they do not perform that well when faced with larger, unlabelled data. We conclude with some of the open questions that need addressing before machine learning techniques can be used for detecting buffer overflow errors.

Wed 18 Jul
Times are displayed in time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

14:00 - 15:30: Session #2ML4PL at Bangkok
Chair(s): Artem PelenitsynCzech Technical University in Prague
14:00 - 14:30
Cristina CifuentesOracle Labs, Yang ZhaoOracle Labs, Xingzhong DuOracle Labs, Paddy Krishnan
14:30 - 15:00
Nicolás CardozoUniversidad de los Andes, Ivana DusparicTrinity College Dublin, Ireland
15:00 - 15:30
Timofey Bryksin, Victor PetukhovITMO University, Kirill SmirenkoSaint Petersburg State University, Nikita PovarovJetBrains