TCSE logo 
 Sigsoft logo
Sustainability badge

Many applications are being written in more than one language to take advantage of the features that different languages provide such as native code support, improved performance, and language-specific libraries. However, there are few static analysis tools currently available to analyze the source code of such multilingual applications. Existing work on cross-language (Java and C/C++) analysis fails to detect cross-language buffer overflow vulnerabilities. In this work, we are addressing how to do cross-language analysis between Java and C/C++. Specifically, we propose an approach to do data flow analysis between Java and C/C++ to detect buffer overflow. We have developed PilaiPidi, a tool that can automatically analyze the data flow in projects written in Java and C/C++. Using our approach, we were able to detect real-world buffer overflow vulnerabilities, which are of cross-language nature, in six different well-known Android applications, and out of these, developers have confirmed 11 vulnerabilities in three applications. This tool is also integrated as a plugin for JetBrains, specifically for IntelliJ IDEA and AndroidStudio, due to its practical usefulness of source code analysis for improving Android application security.

Sat 3 May

Displayed time zone: Eastern Time (US & Canada) change

14:00 - 15:30
Session 3: Refactoring & AI, & Session 4: Plugins and applicationsIDE at 205
Chair(s): Danny Dig University of Colorado Boulder, JetBrains Research, Darya Rovdo JetBrains

14:00–14:45 — Session 3. Refactoring and AI.

14:45–15:30 — Session 4. Plugins and applications.

14:00
15m
Talk
LLM-Driven Code Refactoring: Opportunities and Limitations
IDE
Jonathan Cordeiro , Shayan Noei Queen's University, Ying Zou Queen's University, Kingston, Ontario
Pre-print
14:15
15m
Talk
Trust Calibration in IDEs: Paving the Way for Widespread Adoption of AI Refactoring
IDE
Markus Borg CodeScene
Pre-print
14:30
15m
Talk
IDE Native, Foundation Model Based Agents for Software Refactoring
IDE
Abhiram Bellur University of Colorado Boulder, Fraol Batole Tulane University
Pre-print
14:45
15m
Talk
Using CognitIDE to Capture Developers’ Cognitive Load via Physiological Activity During Everyday Software Development Tasks
IDE
Fabian Stolp Hasso Plattner Institute, University of Potsdam, Charlotte Brandebusemeyer Hasso Plattner Institute, University of Potsdam, Franziska Hradilak Hasso Plattner Institute, University of Potsdam, Lara Kursawe Hasso Plattner Institute, University of Potsdam, Magnus Menger Hasso Plattner Institute, University of Potsdam, Franz Sauerwald Hasso Plattner Institute, University of Potsdam, Bert Arnrich Hasso Plattner Institute, University of Potsdam
Pre-print
15:00
15m
Talk
A Prototype VS Code Extension to Improve Web Accessible Development
IDE
Elisa Calì Politecnico di Torino, Tommaso Fulcini Politecnico di Torino, Riccardo Coppola Politecnico di Torino, Lorenzo Laudadio Politecnico di Torino, Marco Torchiano Politecnico di Torino
Pre-print
15:15
15m
Talk
A Plugin for Cross-Language Static Analysis for Vulnerability Detection in Android Applications
IDE
Kishanthan Thangarajah Centre for Software Excellence, Huawei Canada, Noble Saji Mathews University of Waterloo, Canada, Mei Nagappan University of Waterloo
Pre-print
:
:
:
: