Sehun Jeong

Learning a Strategy for Choosing Widening Thresholds from a Large Codebase

In numerical static analysis, the technique of widening thresholds is essential for improving the analysis precision, but blind uses of the technique often significantly slow down the analysis. Ideally, an analysis should apply the technique only when it benefits, by carefully choosing thresholds that contribute to the final precision. However, finding the proper widening thresholds is nontrivial and existing syntactic heuristics often produce suboptimal results. In this paper, we present a method that automatically learns a good strategy for choosing widening thresholds from a given codebase. A notable feature of our method is that a good strategy can be learned with analyzing each program in the codebase only once, which allows to use a large codebase as training data. We evaluated our technique with a static analyzer for full C and 100 open-source benchmarks. The experimental results show that the learned widening strategy is highly cost-effective; it achieves 84 % of the full precision while increasing the baseline analysis cost only by \(1.4{\times }\). Our learning algorithm is able to achieve this performance 26 times faster than the previous Bayesian optimization approach.

End-to-End Prediction of Buffer Overruns from Raw Source Code via Neural Memory Networks

Detecting buffer overruns from a source code is one of the most common and yet challenging tasks in program analysis. Current approaches based on rigid rules and handcrafted features are limited in terms of flexible applicability and robustness due to diverse bug patterns and characteristics existing in sophisticated real-world software programs. In this paper, we propose a novel, data-driven approach that is completely end-to-end without requiring any hand-crafted features, thus free from any program language-specific structural limitations. In particular, our approach leverages a recently proposed neural network model called memory networks that have shown the state-of-the-art performances mainly in question-answering tasks. Our experimental results using source code samples demonstrate that our proposed model is capable of accurately detecting different types of buffer overruns. We also present in-depth analyses on how a memory network can learn to understand the semantics in programming languages solely from raw source codes, such as tracing variables of interest, identifying numerical values, and performing their quantitative comparisons.

Data-driven context-sensitivity for points-to analysis

We present a new data-driven approach to achieve highly cost-effective context-sensitive points-to analysis for Java. While context-sensitivity has greater impact on the analysis precision and performance than any other precision-improving techniques, it is difficult to accurately identify the methods that would benefit the most from context-sensitivity and decide how much context-sensitivity should be used for them. Manually designing such rules is a nontrivial and laborious task that often delivers suboptimal results in practice. To overcome these challenges, we propose an automated and data-driven approach that learns to effectively apply context-sensitivity from codebases. In our approach, points-to analysis is equipped with a parameterized and heuristic rules, in disjunctive form of properties on program elements, that decide when and how much to apply context-sensitivity. We present a greedy algorithm that efficiently learns the parameter of the heuristic rules. We implemented our approach in the Doop framework and evaluated using three types of context-sensitive analyses: conventional object-sensitivity, selective hybrid object-sensitivity, and type-sensitivity. In all cases, experimental results show that our approach significantly outperforms existing techniques.

Generating various contexts from permissions for testing Android applications

Context-awareness of mobile applications yields several issues for testing, since the mobile applications should be testable in any environment and with any contextual input. In previous studies of testing for Android applications as eventdriven systems, many researchers have focused on using the generated test cases considering only GUI events. However, it is difficult to detect failures in the changes in the context in which applications run. It is important to consider various contexts since the mobile applications adapt and use novel features and sensors of mobile devices. In this paper, we provide the method of systematically generating various executing contexts from permissions. By referring the lists of permissions, the resources that the applications use for running Android applications can be inferred easily. The various contexts of an application can be generated by permuting resource conditions, and the permutations of the contexts are prioritized. We have evaluated the usefulness and effectiveness of our method by showing that our method contributes to detect faults. Keywords—Android application testing, permissions, various contexts, context-aware application, mobile application testing

VIS Analyzer: A Visual Assistant for VIS Verification and Analysis

Formal verification plays an important role in demonstrating the quality of safety-critical systems such as nuclear power plants. We have used the VIS verification system to determine behavioral equivalence between two successive revisions in developing the KNICS RPS (Reactor Protection System) in Korea. The VIS accepts a high-level programming language Verilog as input, and its verification results contain valuable information about one reason of the failure. However the VIS offers no graphical interface, and partially displays relevant information necessary to understand the full verification scenario accurately. Many nuclear engineers and verification experts found the information insufficient, and it makes hard to the wide use of the VIS verification system in industry. This paper proposes the VIS Analyzer, a visual assistant for VIS verification and analysis, which can help nuclear engineers take full benefits of VIS without being overwhelmed by incomplete and low-level details. The VIS Analyzer automates the VIS verification processes such as equivalence checking and model checking, and displays the verification results in visual formats. We used a recent case study introduced in to demonstrate its effectiveness and usefulness.

Testing of Safety-Critical Software Embedded in an Artificial Heart

Software is being used more frequently to control medical devices such as artificial heart or robotic surgery system. While much of software safety issues in such systems are similar to other safety-critical systems (e.g., nuclear power plants), domain-specific properties may warrant development of customized techniques to demonstrate fitness of the system on patients. In this paper, we report results of a preliminary analysis done on software controlling a Hybrid Ventricular Assist Device (H-VAD) developed by Korea Artificial Organ Centre (KAOC). It is a state-of-the-art artificial heart which completed animal testing phase. We performed software testing in in-vitro experiments and animal experiments. An abnormal behaviour, never detected during extensive in-vitro analysis and animal testing, was found.

Precise and scalable points-to analysis via data-driven context tunneling

We present context tunneling, a new approach for making k-limited context-sensitive points-to analysis precise and scalable. As context-sensitivity holds the key to the development of precise and scalable points-to analysis, a variety of techniques for context-sensitivity have been proposed. However, existing approaches such as k-call-site-sensitivity or k-object-sensitivity have a significant weakness that they unconditionally update the context of a method at every call-site, allowing important context elements to be overwritten by more recent, but not necessarily more important, context elements. In this paper, we show that this is a key limiting factor of existing context-sensitive analyses, and demonstrate that remarkable increase in both precision and scalability can be gained by maintaining important context elements only. Our approach, called context tunneling, updates contexts selectively and decides when to propagate the same context without modification. We attain context tunneling via a data-driven approach. The effectiveness of context tunneling is very sensitive to the choice of important context elements. Even worse, precision is not monotonically increasing with respect to the ordering of the choices. As a result, manually coming up with a good heuristic rule for context tunneling is extremely challenging and likely fails to maximize its potential. We address this challenge by developing a specialized data-driven algorithm, which is able to automatically search for high-quality heuristics over the non-monotonic space of context tunneling. We implemented our approach in the Doop framework and applied it to four major flavors of context-sensitivity: call-site-sensitivity, object-sensitivity, type-sensitivity, and hybrid context-sensitivity. In all cases, 1-context-sensitive analysis with context tunneling far outperformed deeper context-sensitivity with k=2 in both precision and scalability.

A scalable learning algorithm for data-driven program analysis

Abstract Context: Recently data-driven program analysis has emerged as a promising approach for building cost-effective static analyzers. The ideal static analyzer should apply accurate but costly techniques only when they benefit. However, designing such a strategy for real-world programs is highly nontrivial and requires labor-intensive work. The goal of data-driven program analysis is to automate this process by learning the strategy from data through a learning algorithm. Objective: Current learning algorithms for data-driven program analysis are not scalable enough to be used with large codebases. The objective of this paper is to overcome this shortcoming and present a new algorithm that is able to efficiently learn a strategy from large codebases. Method: The key idea is to use an oracle and transform the existing blackbox learning problem into a whitebox one that is much easier to solve. The oracle quantifies the relative importance of each part of the program with respect to the analysis precision. The oracle can be obtained by running the most and least precise analyses only once over the codebase. Results: Our learning algorithm is much faster than the existing algorithms while producing high quality strategies. The evaluation is done with 140 open-source C programs, comprising of 2.1 MLoC in total. Learning at this large scale was previously impractical. Conclusion: Our work advances the state-of-the-art of data-driven program analysis by addressing the scalability issue of the existing learning algorithm. Our technique will make the data-driven approach more practical in the real-world.

Testing Android Applications Considering Various Contexts Inferred from Permissions

The context-awareness of mobile applications yields several issues for testing, since mobile applications should be able to be tested in any environment and under any contextual input. In previous studies of testing for Android applications as an event-driven system, many researchers have focused on using generated test cases considering only Graphical User Interface (GUI) events. However, it is difficult to find failures that could be detected when considering the changes in the context in which applications run. It is even more important to consider various contexts since the mobile applications adapt and use the new features and sensors of mobile devices. In this paper, we provide a method of systematically generating various executing contexts from permissions. By referring to the lists of permissions, the resources used by the applications for running Android applications can be easily inferred. To evaluate the efficiency of our testing method, we applied the method on two open source projects and showed that it contributes to improve the statement code coverage.

Architectural Refactoring of Real-Time Software Design for Predictable Controls of Artificial Heart

Time-Triggered Architecture (TTA), one of real-time software design paradigms which executes tasks in timely manner, has long been advocated as being better suited in fore-sighting system behavior than event-triggered architecture (ETA). To gain this valuable feature of TTA, however, precise task designing process is mandatory. Alternatively, ETA tries to execute tasks whenever paired events are occurred. It provides intuitive and flexible basement to add/remove tasks and, moreover, better response time performance. However ETA is difficult to analyze because system behavior might be different depending on the order of interrupts detected by the system. Many previous researches recommended TTA when developing safety-critical real-time systems, but cost problem of task designing process and insufficient consensus for applying rigorous software engineering practice are still challenging in practice. This paper describes software refactoring process which applying TTA approach into ETA based embedded software in artificial heart system. We implemented dedicated interrupt monitoring program to capture existing tasks` real-time characteristics. Based on the captured information, proper task designing process is done. Real-time analysis using RMA (Rate-Monotonic Analysis) verified that new design guarantees timeliness of the system. Empirical experiments revealed that revised design is as efficient, when measured in terms of system`s external output, as the old design and enhances predictability of the system behavior as well.