SANER 2025
Tue 4 - Fri 7 March 2025 Montréal, Québec, Canada

This program is tentative and subject to change.

Wed 5 Mar 2025 14:15 - 14:30 at L-1720 - API and Dependency Analysis (Room: L-1720)

In recent years, the proliferation of software vul- nerabilities has significantly increased the complexities and costs associated with manual remediation efforts. Although AI-based methods for automated vulnerability repair are gaining traction, many existing approaches have two limitations: 1) treat code as a sequence of tokens, neglecting critical structural information like control flow and data flow, and 2) do not fully utilize the repair patterns of vulnerabilities. To address these limitations, we introduce FAVOR, an innovative tool that utilizes both the vulnerable function’s code and its control flow graph (CFG) as inputs. FAVOR incorporates a dependency embedding module to capture structural and dependency information and leverages CodeT5, a state-of-the-art model pre-trained for code generation tasks. To further enhance the repair process, we introduce a pattern store that uses KNN search to retrieve similar past repair patterns, which helps guide the model toward generating more contextually accurate patches. In our experiments, FAVOR, trained on a dataset of 6548 faulty C/C++ functions, repaired 45 more vulnerabilities compared to VULREPAIR, demonstrating improved accuracy and efficiency in automated vulnerability repair.

This program is tentative and subject to change.

Wed 5 Mar

Displayed time zone: Eastern Time (US & Canada) change

14:00 - 15:30
API and Dependency Analysis (Room: L-1720)Research Papers at L-1720
14:00
15m
Talk
Analysing Software Supply Chains of Infrastructure as Code: Extraction of Ansible Plugin Dependencies
Research Papers
Ruben Opdebeeck Vrije Universiteit Brussel, Bram Adams Queen's University, Coen De Roover Vrije Universiteit Brussel
Pre-print
14:15
15m
Talk
Enhancing Automated Vulnerability Repair through Dependency Embedding and Pattern Store
Research Papers
Qingao Dong Beihang university, Yuanzhang Lin Beihang University, Xiang Gao Beihang University, Hailong Sun Beihang University
14:30
15m
Talk
Improving API Knowledge Comprehensibility: A Context-Dependent Entity Detection and Context Completion Approach using LLM
Research Papers
Zhang Zhang National University of Defense Technology, Xinjun Mao National University of Defense Technology, Shangwen Wang National University of Defense Technology, Kang Yang National University of Defense Technology, Tanghaoran Zhang National University of Defense Technology, Fei Gao National University of Defense Technology, Xunhui Zhang National University of Defense Technology, China
14:45
15m
Talk
Pay Your Attention on Lib! Android Third-Party Library Detection via Feature Language Model
Research Papers
Dahan Pan Shanghai Jiao Tong University, Yi Xu Shanghai Jiao Tong University, Runhan Feng Shanghai Jiao Tong University, Donghui Yu Shanghai Jiao Tong University, Jiawen Chen Shanghai Jiao Tong University, Ya Fang Shanghai Jiao Tong University, Yuanyuan Zhang Shanghai Jiao Tong University
15:00
15m
Talk
THINK: Tackling API Hallucinations in LLMs via Injecting Knowledge
Research Papers
Jiaxin Liu National University of Defense Technology, Yating Zhang National University of Defense Technology, Deze Wang National University of Defense Technology, Yiwei Li National University of Defense Technology, Wei Dong National University of Defense Technology