SAND: A Static Analysis Approach for Detecting SQL Antipatterns (ISSTA 2021 - Technical Papers)

Who

Yingjun Lyu, Sasha Volokh, William G.J. Halfond, Omer Tripp

Track

ISSTA 2021 Technical Papers

Time Zone

The program is currently displayed in (GMT+02:00) Brussels, Copenhagen, Madrid, Paris.

Use conference time zone: (GMT+02:00) Brussels, Copenhagen, Madrid, ParisSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Thu 15 Jul 2021 01:40 - 02:00 at ISSTA 1 - Session 7 (time band 2) Data Processing Application Analysis Chair(s): Darko Marinov
Fri 16 Jul 2021 19:20 - 19:40 at ISSTA 2 - Session 20 (time band 1) Analysis Chair(s): Shiyi Wei

Abstract

Local databases underpin important features in many mobile applications, such as responsiveness in the face of poor connectivity. However, failure to use such databases correctly can lead to high resource consumption or even security vulnerabilities. We present SAND, an extensible static analysis approach that checks for misuse of local databases, also known as SQL antipatterns, in mobile apps. SAND features novel abstractions for common forms of application/database interactions, which enables concise and precise specification of the antipatterns that SAND checks for. To validate the efficacy of SAND, we have experimented with a diverse suite of 1,000 Android apps. We show that the abstractions that power SAND allow concise specification of all the known antipatterns from the literature (12-74 LOC), and that the antipatterns are modeled accurately (99.4-100% precision). As for performance, SAND requires on average 41 seconds to complete a scan on a mobile app.

DOI

https://doi.org/10.1145/3460319.3464818

Yingjun Lyu

Amazon

United States

Sasha Volokh

University of Southern California

United States

William G.J. Halfond

University of Southern California

United States

Omer Tripp

Amazon

United States

Time Zone

The program is currently displayed in (GMT+02:00) Brussels, Copenhagen, Madrid, Paris.

Use conference time zone: (GMT+02:00) Brussels, Copenhagen, Madrid, ParisSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Thu 15 Jul
Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

01:40 - 02:20	Session 7 (time band 2) Data Processing Application AnalysisTechnical Papers at ISSTA 1 Chair(s): Darko Marinov University of Illinois at Urbana-Champaign

01:40 20m Talk		SAND: A Static Analysis Approach for Detecting SQL AntipatternsACM SIGSOFT Distinguished Paper Technical Papers Yingjun Lyu Amazon, Sasha Volokh University of Southern California, William G.J. Halfond University of Southern California, Omer Tripp Amazon DOI
02:00 20m Talk		Semantic Table Structure Identification in Spreadsheets Technical Papers Yakun Zhang Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Xiao Lv Microsoft Research, Haoyu Dong Microsoft Research, Wensheng Dou Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Shi Han Microsoft Research, Dongmei Zhang Microsoft Research, Jun Wei Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Dan Ye Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences DOI Media Attached

Fri 16 Jul
Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

18:20 - 20:00	Session 20 (time band 1) AnalysisTechnical Papers at ISSTA 2 Chair(s): Shiyi Wei University of Texas at Dallas

18:20 20m Talk		A Lightweight Framework for Function Name Reassignment Based on Large-Scale Stripped BinariesACM SIGSOFT Distinguished Paper Technical Papers Han Gao University of Science and Technology of China, Shaoyin Cheng University of Science and Technology of China, Yinxing Xue University of Science and Technology of China, Weiming Zhang University of Science and Technology of China DOI
18:40 20m Talk		Boosting Symbolic Execution via Constraint Solving Time Prediction (Experience Paper) Technical Papers Sicheng Luo Fudan University, Hui Xu Fudan University, Yanxiang Bi Fudan University, Xin Wang Fudan University, Yangfan Zhou Fudan University DOI File Attached
19:00 20m Talk		Finding Data Compatibility Bugs with JSON Subschema CheckingDistinguished Artifact Technical Papers Andrew Habib SnT, University of Luxembourg, Avraham Shinnar IBM Research, Martin Hirzel IBM Research, Michael Pradel University of Stuttgart Link to publication DOI Pre-print File Attached
19:20 20m Talk		SAND: A Static Analysis Approach for Detecting SQL AntipatternsACM SIGSOFT Distinguished Paper Technical Papers Yingjun Lyu Amazon, Sasha Volokh University of Southern California, William G.J. Halfond University of Southern California, Omer Tripp Amazon DOI
19:40 20m Talk		Automated Patch Backporting in Linux (Experience Paper)Distinguished Artifact Technical Papers Ridwan Salihin Shariffdeen National University of Singapore, Xiang Gao National University of Singapore, Gregory J. Duck National University of Singapore, Shin Hwei Tan Southern University of Science and Technology, Julia Lawall Inria, Abhik Roychoudhury National University of Singapore DOI Pre-print Media Attached