Write a Blog >>
ICSE 2023
Sun 14 - Sat 20 May 2023 Melbourne, Australia
Fri 19 May 2023 16:15 - 16:30 at Meeting Room 104 - Program analysis Chair(s): Marsha Chechik

Code fragments from developer forums often migrate to applications due to the code reuse practice. Owing to the incomplete nature of such programs, analyzing them to early determine the presence of potential vulnerabilities is challenging. In this work, we introduce NeuralPDA, a neural network-based program dependence analysis tool for both complete and partial programs. Our tool efficiently incorporates intra-statement and inter-statement contextual features into statement representations, thereby modeling program dependence analysis as a statement-pair dependence decoding task. In the empirical evaluation, we report that NeuralPDA predicts the CFG and PDG edges in complete Java and C/C++ code with combined F-scores of 94.29% and 92.46%, respectively. The F-score values for partial Java and C/C++ code range from 94.29%–97.17% and 92.46%–96.01%, respectively. We also test the usefulness of the PDGs predicted by NeuralPDA (i.e., PDG*) on the downstream task of method-level vulnerability detection. We discover that the performance of the vulnerability detection tool utilizing PDG* is only 1.1% less than that utilizing the PDGs generated by a program analysis tool. We also report the detection of 14 real-world vulnerable code snippets from StackOverflow by a machine learning-based vulnerability detection tool that employs the PDGs predicted by NeuralPDA for these code snippets.

Fri 19 May

Displayed time zone: Hobart change

15:45 - 17:15
15:45
15m
Talk
Stubbifier: debloating dynamic server-side JavaScript applications
Journal-First Papers
Alexi Turcotte Northeastern University, Ellen Arteca Northeastern University, Ashish Mishra Purdue University, Saba Alimadadi Simon Fraser University, Frank Tip Northeastern University
16:00
15m
Talk
DStream: A Streaming-Based Highly Parallel IFDS Framework
Technical Track
Xizao Wang Nanjing University, Zhiqiang Zuo Nanjing University, Lei Bu Nanjing University, Jianhua Zhao Nanjing University, China
16:15
15m
Talk
(Partial) Program Dependence Learning
Technical Track
Aashish Yadavally The University of Texas at Dallas, Wenbo Wang New Jersey Institute of Technology, Shaohua Wang New Jersey Institute of Technology, Tien N. Nguyen University of Texas at Dallas
Pre-print
16:30
15m
Talk
MirrorTaint: Practical Non-intrusive Dynamic Taint Tracking for JVM-based Microservice Systems
Technical Track
Yicheng Ouyang University of Illinois at Urbana-Champaign, Kailai Shao Ant Group, Kunqiu Chen Southern University of Science and Technology, Ruobing Shen Peking University, Chao Chen Ant Group, Mingze Xu Ant Group, Yuqun Zhang Southern University of Science and Technology, Lingming Zhang University of Illinois at Urbana-Champaign
Pre-print
16:45
15m
Talk
Incremental Call Graph Construction in Industrial Practice
SEIP - Software Engineering in Practice
Zelin Zhao Ant Group, Xizao Wang Nanjing University, Zhaogui Xu Ant Group, Zhenhao Tang Ant Group, Yongchao Li Ant Group, Peng Di Ant Group
17:00
15m
Talk
Generic Partition Refinement and Weighted Tree Automata
Showcase
Hans-Peter Deifel Friedrich-Alexander University Erlangen-Nürnberg, Germany, Stefan Milius , Lutz Schröder University of Erlangen-Nuremberg, Thorsten Wißmann Friedrich-Alexander University Erlangen-Nürnberg
Link to publication DOI Pre-print