ECOOP and ISSTA
Mon 16 - Sat 21 July 2018 Amsterdam, Netherlands

In the past, there have been many program analysis-oriented workshops and tutorials such as SOAP and DECAF at ISSTA. Such events have encouraged people to share how they use various analysis frameworks such as DOOP, Flix, Soot, Soufflé, and WALA. In 2017, Julian Dolby and Karim Ali held the first WALA hackathon at PLDI. The WALA hackathon was a great opportunity to work on WALA-specific projects (e.g., implementing Swift frontend for WALA). Moreover, the hackathon attracted a few participants from companies that are not usually present in academic conferences (e.g., Apple). Panathon continues this successful trend of holding program analysis hackathons, and expand it to include more analysis frameworks than WALA.

Panathon would be structured by people choosing some set of ideas that we are trying to develop, and all of us working intensively on them during the hackathon. It would be a good opportunity for program analysis hackers to share knowledge and also for people interested in program analysis to get started with plenty of help. The goal would be for participants to further their own work, or join one of the suggested research ideas that appeals to them. The assumption is that participants would largely be students, for whom this would be an opportunity to either further their current projects, join in other existing work, or find new research directions.

We hope that Panathon will be a good opportunity for the program analysis community to come together to work on cool projects and share knowledge and ideas.

Activities

Panathon will be held on Thursday July 19th. At Panathon, people can come and work on proposed sample projects or any of their current projects involving the participating program analysis frameworks. There will be knowledgeable users and maintainers of those frameworks, and so interactive support and question/answering will be more available than normal. It will also be a good place to share thoughts and tips on how to use any of the frameworks. We also have several topics that would make a good focus for projects specific to Panathon. People could work in groups of whatever size to make progress on advancing any of the participating frameworks.

Doop

Doop is a declarative static analysis framework, where all analysis logic is specified as Datalog rules. Declarative analysis has the advantage of often being able to drastically modify the analysis semantics with relatively minor changes to the specification. Doop models many semantic corners of the Java Language and VM specifications and offers a wealth of pointer analysis algorithms and several client analyses.

Concrete project idea: use Doop to create summaries of behavior on a per-method basis. The summaries do not need to be complete, i.e., they may only capture some of the method’s behaviors instead of all of them. For instance, the summary may be client-specific, summarizing taint or escape information for a method, or the summary could be capturing only high-confidence program paths (e.g., local flows, or flows through the stack). We will assist people who want to develop on these ideas and point out similar logic in the current Doop code base.

Soot

Soot performs its static analysis on an intermediate representation (IR) called Jimple. What sets Jimple apart from some other IRs is that it represents the Java bytecode in a fully executable form. This means that one can manipulate programs in the Jimple IR and generate executable Java code from this modified representation.

Concrete project idea: The goal of this project is to develop a dynamic interpreter to concretely execute program directly in the Jimple IR, without the need to generate bytecode. This can be useful in contexts in which certain information (e.g. the result of String operations) are hard to determine statically. Also, such a concrete dynamic interpreter could then later-on be extended to support concolic or symbolic execution.

Graal.js

Jalangi is a JavaScript source-code instrumentation framework that has been widely used by researchers and practitioners to implement variety of dynamic analyses. Graal.js brings JavaScript to GraalVM, a new just-in-time compiler for the JVM focused on peak performance and multi-language support. GraalVM’s JavaScript support is based on Truffle, a framework for implementing high-level languages with ease using an AST interpreter. By adding Jalangi-style instrumentation support to Graal.js and the Truffle Instrumentation framework, it can provide analysis developers with a familiar API, the same productivity benefits of writing code in JavaScript, but with the additional advantage of deploying instrumentation at the Truffle AST level. The integration at the language runtime level provides optimization opportunities, makes analyses more flexible and robust and, opposed to the latest version of Jalangi, directly supports ECMAScript 6.

Concrete project idea: create a new, or port an existing, Jalangi analysis to Graal.js and make it take advantage of instrumentation on the Truffle AST. Optimize analysis performance by implementing (1) selective instrumentation, (2) adaptive instrumentation (and de-instrumentation) during runtime, (3) seamless integration with Java code and Java libraries.

WALA

Apple is a dominant player in the mobile space, and Swift is its new language for writing mobile apps. While Apple provides tooling based on LLVM, current research analysis frameworks have little support for Swift. Given the amount of published work on Android, based on available infrastructure, we believe support for Swift would enable a wide range of new work. Apple’s security model is significantly different from that of Android, for example, and similarly Swift is rather different from popular languages on Android; it would be interesting to understand how these aspects affect program analysis. At the WALA hackathon in PLDI ‘17, we started working on Swift support, and we expect to have some basic level of functionality for people to explore at Panathon.

Concrete project idea: evaluate Swift call graph construction for some open source Swift code, and create any needed special-purpose context sensitivity policies to avoid precision loss in the face of advanced Swift features.

TAJS

TAJS is a static analyzer for JavaScript. It is a whole-program context-sensitive dataflow analysis that infers type information, performs constant propagation and points-to analysis, and builds call graphs on-the-fly.

Concrete project idea: TAJS currently contains models for large parts of the browser API, but has only rudimentary support for Node.js, including the ‘require’ module loading mechanism. The goal of this project is to extend the modeling of the most central standard modules in Node.js, to enable analysis of small Node.js applications.

Supported By

Oracle Labs

Panathon has some limited funding to support travel, accommodation, or registration for students who are undertaking studies in programming languages or software engineering and want to participate in the workshop. Funding will be available to students who have not received additional travel support.

To apply, please email Karim Ali your name and affiliation, supervisor name, topic of study for your Master’s or PhD, type of funding requested (travel, accommodation, registration) and cost. Application deadline is July 1st.