CAREER: Improving the Practicality of Configurable Static Analysis Tools through Analysis, Testing, Refinement and Adaptation

职业：通过分析、测试、细化和适应提高可配置静态分析工具的实用性

• 批准号: 2047682
• 负责人: Shiyi Wei
• 金额: $ 45.88万
• 依托单位: University of Texas at Dallas
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-06-15 至 2026-05-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2047682&HistoricalAwards=false
• 关键词: CAREER; Improving; Practicality; Configurable; Static

Due to the scale and complexity of modern software, critical errors, such as security vulnerabilities, are hard to discover. In the past few decades, researchers and practitioners have invented many static-analysis algorithms for bug detection and program verification. To take advantage of the theoretical advances, static-analysis algorithms are often implemented as configuration options in static-analysis tools. For example, taint-analysis tools for Android apps incorporate different algorithms, underlying frameworks, and programming styles to support language features that complicate the detection of critical security vulnerabilities. These configuration options allow developers and users to tune the tool behavior to achieve the right balance between precision, soundness, and performance. However, the unique challenges of the large and complex configuration space in configurable static-analysis tools have prevented them from being broadly adopted in practice. Improving configurable static-analysis tools will lead to higher software quality, a potentially large societal impact.This project proposes to improve the maintainability, correctness, usability, and performance of the configurable static-analysis tools through configuration analysis, testing, evaluation, refinement and adaptation. The project will initially focus on the configurable taint-analysis tools for Android apps to address the following specific research goals. First, unspecified relationships between configuration options, which makes it difficult to tune the tools’ configurations, will be identified and analyzed. The result will be presented to users via a unified configuration-aware user interface. Second, configurable static-analysis tools will be better tested and evaluated via test-case generation and benchmark collection. Third, a human-in-the-loop iterative-refinement process will be designed to explore the configuration space and classify the results to significantly reduce the manual efforts needed in this process. Fourth, learning-based adaptive analysis will be developed to selectively apply analysis algorithms at fine granularity to produce practical results. The practical impact of the research will be evaluated in terms of the tools’ capabilities of detecting real-world vulnerabilities. Once the key research problems are addressed in Android taint-analysis tools, the project will generalize the research to configurable static-analysis tools for different programming languages. The project will significantly improve the state-of-the-art of configurable static-analysis tools and result in their broader adoption in practice.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

由于现代软件的规模和复杂性，诸如安全漏洞之类的关键错误很难被发现。在过去的几十年里，研究人员和实践者已经发明了许多静态分析算法来进行错误检测和程序验证。为了利用理论上的进步，静态分析算法通常被实现为静态分析工具中的配置选项。例如，Android应用程序的污染分析工具包含不同的算法、底层框架和编程风格，以支持使关键安全漏洞检测复杂化的语言功能。这些配置选项允许开发人员和用户调整工具行为，以实现精确性、可靠性和性能之间的适当平衡。然而，在可配置的静态分析工具中，大而复杂的配置空间的独特挑战阻碍了它们在实践中被广泛采用。改进可配置的静态分析工具将导致更高的软件质量，一个潜在的巨大的社会影响，本项目提出通过配置分析，测试，评估，改进和适应，以提高可配置的静态分析工具的可维护性，正确性，可用性和性能。该项目最初将专注于Android应用程序的可配置污染分析工具，以解决以下特定的研究目标。首先，将识别和分析配置选项之间的未指定关系，这使得难以调优工具的配置。结果将通过统一的配置感知用户界面呈现给用户。第二，可配置的静态分析工具将通过测试用例生成和基准收集得到更好的测试和评估。第三，将设计一个人在回路迭代细化过程来探索配置空间并对结果进行分类，以显著减少此过程中所需的手动工作。第四，将开发基于学习的自适应分析，以便有选择地应用细粒度的分析算法，以产生实际结果。研究的实际影响将根据工具检测现实世界漏洞的能力进行评估。一旦Android污染分析工具中的关键研究问题得到解决，该项目将把研究推广到不同编程语言的可配置静态分析工具。该项目将显著提高可配置静态分析工具的最新水平，并导致其在实践中更广泛的采用。该奖项反映了NSF的法定使命，并被认为值得通过使用基金会的知识价值和更广泛的影响审查标准进行评估。

项目成果

ECSTATIC: Automatic Configuration-Aware Testing and Debugging of Static Analysis Tools

• DOI: 10.1145/3597926.3604918
• 发表时间: 2023-07
• 期刊: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis
• 作者: Austin Mordahl;Dakota Soles;Miao Miao-Miao;Zenong Zhang;Shiyi Wei

Fuzzing Configurations of Program Options

• DOI: 10.1145/3580597
• 发表时间: 2023-02
• 期刊: ACM Transactions on Software Engineering and Methodology
• 影响因子: 4.4
• 作者: Zenong Zhang;George Klees;E. Wang;M. Hicks;Shiyi Wei

The impact of tool configuration spaces on the evaluation of configurable taint analysis for Android

• DOI: 10.1145/3460319.3464823
• 发表时间: 2021-07
• 期刊: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis
• 作者: Austin Mordahl;Shiyi Wei

ECSTATIC: An Extensible Framework for Testing and Debugging Configurable Static Analysis

• DOI: 10.1109/icse48619.2023.00056
• 发表时间: 2023-05
• 期刊: 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)
• 作者: Austin Mordahl;Zenong Zhang;Dakota Soles;Shiyi Wei