GPCE 2020
Sun 15 - Fri 20 November 2020 Online Conference
co-located with SPLASH 2020
Sun 15 Nov 2020 17:00 - 17:20 at SPLASH-III - Chair(s): Marjan Mernik
Mon 16 Nov 2020 05:00 - 05:20 at SPLASH-III - Chair(s): Friedrich Steimann

Programmers declare variables to serve specific implementation purposes that we refer to as \emph{variable usage semantics (VUS)}. Understanding VUS is required for various software engineering tasks, including program comprehension, code audits, and vulnerability detection. To help programmers understand VUS, we present a new program analysis that infers a variable’s usage semantics from its textual and context information (e.g., symbolic name, type, scope, information flow). To support this analysis, we introduce VarSem, a domain-specific language, in which a variable’s semantic category is expressed as a set of declarative rules. VarSem’s execution determines which program variables belong to a given semantic category. VarSem translates high-level declarative rules into low-level program analysis techniques, including natural language processing and data flow, and provides a highly extensible architecture for specifying new rules and analysis techniques. We evaluate VarSem with eight real-world systems to identify their personally identifiable information variables. The evaluation results show that VarSem infers variable semantics with satisfying accuracy/precision and passable recall, thus potentially benefiting both software and security engineers.

Sun 15 Nov
Times are displayed in time zone: Central Time (US & Canada) change

Mon 16 Nov
Times are displayed in time zone: Central Time (US & Canada) change