Code Property Graph Meets Typestate: A Scalable Framework to Behavioral Bug Detection
Behavioral bugs caused by incorrect state changes are particularly challenging to identify because they depend on specific code execution paths. While code property graph (CPG) combine multiple code views through abstract syntax trees (AST), their built-in redundancy from syntax details and fixed connection rules make them hard to scale—a major problem when analyzing large software systems. We introduce Cogent, a new framework that improves CPG by combining graph-based code analysis with state behavior checking. Our main innovation lies in simplifying the CPG at the statement level by consolidating control and data flows into meaningful code blocks and optimizing the edges. This approach reduces the graph size by more than 10 times compared to AST-based methods while maintaining accuracy. This lightweight design allows easy integration of state tracking, where we match object lifecycle rules to simplified CPG connections using replaceable patterns. The combination of streamlined graphs and state-aware analysis helps Cogent effectively find difficult-to-identify behavioral bugs, successfully detecting 25 issues (including 17 confirmed cases and 2 official CVE) in real-world projects. Importantly, Cogent analyzes raw source code without requiring compilation and supports projects exceeding 1 million lines of code.
Wed 10 SepDisplayed time zone: Auckland, Wellington change
15:30 - 17:00 | Session 5 - DebuggingResearch Papers Track / Industry Track at Case Room 3 260-055 Chair(s): Chanchal K. Roy University of Saskatchewan | ||
15:30 15m | The Impact of Fine-tuning Large Language Models on Automated Program Repair Research Papers Track Roman Machacek University of Bern, Anastasiia Grishina Simula Research Laboratory, Max Hort Simula Research Laboratory, Leon Moonen Simula Research Laboratory Pre-print Media Attached | ||
15:45 15m | Bridging Solidity Evolution Gaps: An LLM-Enhanced Approach for Smart Contract Compilation Error Resolution Research Papers Track Likai Ye Zhejiang University, Mengliang Li Zhejiang University, Dehai Zhao CSIRO's Data61, Jiamou Sun CSIRO's Data61, Xiaoxue Ren Zhejiang University Pre-print | ||
16:00 15m | Code Property Graph Meets Typestate: A Scalable Framework to Behavioral Bug Detection Research Papers Track Xingjing Deng Beihang University, Zhengyao Liu Beihang University, Zhong Xitong Beihang University, shuo hong Beihang University, Yixin Yang , Xiang Gao Beihang University, Yan Xuhui Huawei, Hailong Sun Beihang University | ||
16:15 15m | Syntest-ACR: Automated Crash Reproduction for JavaScript Research Papers Track Philip Oliver Victoria University of Wellington, Jens Dietrich Victoria University of Wellington, Craig Anslow Victoria University of Wellington, Michael Homer Victoria University of Wellington File Attached | ||
16:30 15m | TSGuard: Detecting Logic Bugs in Time Series Management Systems via Time Series Algebra Research Papers Track Lingwei Kuang Nanjing University of Aeronautics and Astronautics, Liang Liu Nanjing University of Aeronautics and Astronautics, Wenjing Wang Nanjing University of Aeronautics and Astronautics, Ning Cao Nanjing University of Aeronautics and Astronautics, Shijie Li Nanjing University of Aeronautics and Astronautics, Fan Liu Nanjing University of Aeronautics and Astronautics, Haolong Chen Nanjing University of Aeronautics and Astronautics | ||
16:45 15m | HybridRCA: Lightweight Critical-Path-Aware Hybrid Tracing for Root-Cause Analysis in Production Microservices Industry Track Maryam Ekhlasi Ciena, Arnaud Fiorini Polytechnique Montreal, Naser Ezzati Jivan , Michel Dagenais Polytechnique Montreal, Maxime Lamothe Polytechnique Montreal |