TAV-CPS/IoT 2018
Mon 16 - Sat 21 July 2018 Amsterdam, Netherlands
co-located with ECOOP and ISSTA 2018

In the past, there have been many program analysis-oriented workshops and tutorials such as SOAP and DECAF at ISSTA. Such events have encouraged people to share how they use various analysis frameworks such as DOOP, Flix, Soot, Soufflé, and WALA. In 2017, Julian Dolby and Karim Ali held the first WALA hackathon at PLDI. The WALA hackathon was a great opportunity to work on WALA-specific projects (e.g., implementing Swift frontend for WALA). Moreover, the hackathon attracted a few participants from companies that are not usually present in academic conferences (e.g., Apple). Panathon continues this successful trend of holding program analysis hackathons, and expand it to include more analysis frameworks than WALA.

Panathon would be structured by people choosing some set of ideas that we are trying to develop, and all of us working intensively on them during the hackathon. It would be a good opportunity for program analysis hackers to share knowledge and also for people interested in program analysis to get started with plenty of help. The goal would be for participants to further their own work, or join one of the suggested research ideas that appeals to them. The assumption is that participants would largely be students, for whom this would be an opportunity to either further their current projects, join in other existing work, or find new research directions.

We hope that Panathon will be a good opportunity for the program analysis community to come together to work on cool projects and share knowledge and ideas.


Panathon will be held on Thursday July 19th. At Panathon, people can come and work on proposed sample projects or any of their current projects involving the participating program analysis frameworks. There will be knowledgeable users and maintainers of those frameworks, and so interactive support and question/answering will be more available than normal. It will also be a good place to share thoughts and tips on how to use any of the frameworks. We also have several topics that would make a good focus for projects specific to Panathon. People could work in groups of whatever size to make progress on advancing any of the participating frameworks.


Doop is a declarative static analysis framework, where all analysis logic is specified as Datalog rules. Declarative analysis has the advantage of often being able to drastically modify the analysis semantics with relatively minor changes to the specification. Doop models many semantic corners of the Java Language and VM specifications and offers a wealth of pointer analysis algorithms and several client analyses.

Concrete project idea: use Doop to create summaries of behavior on a per-method basis. The summaries do not need to be complete, i.e., they may only capture some of the method’s behaviors instead of all of them. For instance, the summary may be client-specific, summarizing taint or escape information for a method, or the summary could be capturing only high-confidence program paths (e.g., local flows, or flows through the stack). We will assist people who want to develop on these ideas and point out similar logic in the current Doop code base.


Soot performs its static analysis on an intermediate representation (IR) called Jimple. What sets Jimple apart from some other IRs is that it represents the Java bytecode in a fully executable form. This means that one can manipulate programs in the Jimple IR and generate executable Java code from this modified representation.

Concrete project idea: The goal of this project is to develop a dynamic interpreter to concretely execute program directly in the Jimple IR, without the need to generate bytecode. This can be useful in contexts in which certain information (e.g. the result of String operations) are hard to determine statically. Also, such a concrete dynamic interpreter could then later-on be extended to support concolic or symbolic execution. More details on how to get started is available here.


Jalangi is a JavaScript source-code instrumentation framework for JavaScript that has been widely used by researchers and practitioners to implement a variety of dynamic analyses. A port of the Jalangi API is now available on GraalVM, as part of the open-source NodeProf.js project. GraalVM’s JavaScript support is based on a framework for implementing high-level languages with ease using an AST interpreter. By adding Jalangi-style instrumentation support to GraalVM, analysis developers are provided with a familiar API, and can write analysis code in JavaScript, with the advantage of using the GraalVM instrumentation framework for seamless support of the latest ECMAScript features. Integration at the language runtime level also provides optimization opportunities, and makes analyses more flexible and robust.

Concrete project idea: create a new, or port an existing, Jalangi analysis to GraalVM and take advantage of its instrumentation framework. Optimize analysis performance by implementing (1) selective instrumentation, (2) adaptive instrumentation (and de-instrumentation) at runtime, (3) seamless integration with Java code and Java libraries. For this hackathon, use the Panathon branch of NodeProf.


Apple is a dominant player in the mobile space, and Swift is its new language for writing mobile apps. While Apple provides tooling based on LLVM, current research analysis frameworks have little support for Swift. Given the amount of published work on Android, based on available infrastructure, we believe support for Swift would enable a wide range of new work. Apple’s security model is significantly different from that of Android, for example, and similarly Swift is rather different from popular languages on Android; it would be interesting to understand how these aspects affect program analysis. At the WALA hackathon in PLDI ‘17, we started working on Swift support, and we expect to have some basic level of functionality for people to explore at Panathon.

Concrete project idea: evaluate Swift call graph construction for some open source Swift code, and create any needed special-purpose context sensitivity policies to avoid precision loss in the face of advanced Swift features. More details on how to get started is available here.


TAJS is a static analyzer for JavaScript. It is a whole-program context-sensitive dataflow analysis that infers type information, performs constant propagation and points-to analysis, and builds call graphs on-the-fly.

Concrete project idea: TAJS currently contains models for large parts of the browser API, but has only rudimentary support for Node.js, including the ‘require’ module loading mechanism. The goal of this project is to extend the modeling of the most central standard modules in Node.js, to enable analysis of small Node.js applications.

Supported By

Oracle Labs

You're viewing the program in a time zone which is different from your device's time zone change time zone

Thu 19 Jul

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

11:00 - 12:30
Session 1Panathon at Hamburg
Opening Remarks

Project Introductions

Work in Groups

14:00 - 15:30
Session 2Panathon at Hamburg
Work in Groups

16:00 - 17:30
Session 3Panathon at Hamburg
Work in Groups

Progress Reports

Closing Remarks

Panathon has some limited funding to support travel, accommodation, or registration for students who are undertaking studies in programming languages or software engineering and want to participate in the workshop. Funding will be available to students who have not received additional travel support.

To apply, please email Karim Ali your name and affiliation, supervisor name, topic of study for your Master’s or PhD, type of funding requested (travel, accommodation, registration) and cost. Application deadline is July 1st.