Value flow are widely used in static analysis to detect bugs. Existing techniques usually employ a pointer analysis and generate source sink summaries defined by problem domain, then a solver is invoked to determine whether the path is feasible. However, most of the tools does not provide an easy way for users to find user defined bugs within the same architecture of finding pre-defined bugs. This paper presents VFQL, an expressive query language on value flow graph and the framework to execute the query to find user defined defects. Moreover, VFQL provides a nice GUI to demonstrate the value flow graph and a modeling language to define system libraries or user libraries without code, which further enhances its usability. The experimental results on open benchmarks show that VFQL achieve a competitive performance against other state of art tools. The result of case study conducted on open source program shows that the flexible query and modeling language provide a great support in finding user specified defects.
Wed 17 JulDisplayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change
16:00 - 17:30 | |||
16:00 10mTalk | Go-Clone: Graph-Embedding Based Clone Detector for Golang Tool Demonstration Cong Wang Tsinghua University, Jian Gao School of Software, Tsinghua University, Yu Jiang , Zhenchang Xing Australia National University, Huafeng Zhang , Weiliang Ying , Ming Gu Tsinghua University, Jiaguang Sun | ||
16:10 10mTalk | VFQL: Combinational Static Analysis as Query Language Tool Demonstration | ||
16:20 10mTalk | VBSAC: A Value-Based Static Analyzer for C Tool Demonstration Li Chi Tsinghua University, Min Zhou Tsinghua University, Zuxing Gu School of Software, Tsinghua University, Guang Chen , Yuexing Wang , Jiecheng Wu Tsinghua University, Ming Gu Tsinghua University | ||
16:30 10mTalk | SAFEVM: A Safety Verifier for Ethereum Smart Contracts Tool Demonstration | ||
16:40 10mTalk | CoCoTest: Collaborative Crowdsourced Testing for Android Applications Tool Demonstration | ||
16:50 10mTalk | Androlic: An Extensible Flow, Context, Object, Field, and Path-Sensitive Static Analysis Framework for Android Tool Demonstration Linjie Pan Institute of Software, Chinese Academy of Sciences, Baoquan Cui , Jiwei Yan Institute of Software, Chinese Academy of Sciences, Xutong Ma , Jun Yan Institute of Software, Chinese Academy of Sciences, Jian Zhang Beihang University | ||
17:00 10mTalk | JQF: Coverage-guided Property-based Testing in Java Tool Demonstration Rohan Padhye University of California, Berkeley, Caroline Lemieux University of California, Berkeley, Koushik Sen University of California, Berkeley | ||
17:10 10mTalk | Ukwikora: Continuous inspection for Keyword-Driven Testing Tool Demonstration Renaud Rwemalika , Marinos Kintis , Mike Papadakis University of Luxembourg, Yves Le Traon University of Luxembourg, Pierre Lorrach | ||
17:20 10mTalk | CTRAS: A Tool for Aggregating and Summarizing Crowdsourced Test Reports Tool Demonstration Yuying Li State Key Laboratory for Novel Software Technology, Nanjing University, Rui Hao Nanjing University, China, Yang Feng University of California, Irvine, James Jones University of California, Irvine, Xiaofang Zhang , Zhenyu Chen Nanjing University | ||