6th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis (SOAP @ PLDI '17)

Description

Static and dynamic analysis techniques and tools for Java and other programming languages have received widespread attention for a long time. The application domains of these analyses range from core libraries to modern technologies such as web services and Android applications. Over time, analysis frameworks, such as Soot, WALA, Chord, DOOP, and Soufflé, have been developed to better support techniques for optimizing programs, ensuring code quality, and assessing security and compliance.

Analyzing DaCapo and SPEC JVM with averroes using JDK 1.6

This tutorial steps through the process to download and run averroes to analyze the programs from the DaCapo-2006-10MR2 and the SPEC JVM98 benchmarks. I will refer to all these programs by the word benchmarks throughout the rest of this tutorial.

Designing Code Analysis Frameworks (DECAF @ ISSTA'16)

Call for Participation

Designing a code-analysis framework is not an easy task. Design decisions that framework builders took more than a decade ago are still affecting the way many researchers implement their static analyses today. However, modern software systems are often heterogeneous and gigantic in size, employing many programming languages and APIs. Further, modern program analyses tend to be user-driven and interactive, as opposed to traditional program analyses that were more targeted towards whole-program optimizations. As analysis framework authors, we have recently been discussing the various strengths and weaknesses of our systems regarding the needs of modern analyses and analyzed software systems. One idea expressed was perhaps to start over with a new analysis framework that could incorporate into its design all the lessons we have learnt from current frameworks.

Static Analysis Seminar (SAS)

Course Description

One can ask many interesting questions about a given program such as:

• Does this program terminate?
• Can the pointer p be null?
• Will the value of the variable v be read in the future?
• Do the variables x and y point to the same location in the heap?
• Was the loop counter initialized before it is used?
• Could the secret data pointed to by s leak to some unauthorized party?
• Can method foo call method bar? And which method bar could be called?

Workshop on WALA (WoW)

I’m very pleased to announce that I will be co-organizing the Workshop on WALA (WoW), which will be co-located with PLDI’15. Please stay tuned for what we have for you in store!

Hallo Darmstadt :-)

I have just started a new exciting chapter in my life. New job, new country, a whole new continent! I have just started my position as a postdoctoral researcher at the Technische Universität Darmstadt.

I am working within the Secure Software Engineering (SSE) group which is led by Eric Bodden. My main focus will be exploring static analysis techniques that can automatically detect misuses of cryptographic APIs in Java applications.

Finished my PhD!

After 4.5 long years, I’m finally done with my Ph.D. studies! It has been a long journey but well worth it. I couldn’t have made it that far without the continuous support of my amazing supervisor Ondřej Lhoták and the support of my family, especially my wife, Sarah Nadi. If you’re interested, you can find my dissertation published here.

ECOOP'14 Distinguished Artifact Award

scalacg just won the Distinguished Artifact Award at ECOOP’14 in Uppsala, Sweden.

SCALACG - a collection of low-cost call graph analyses for Scala

As Scala gains popularity, there is growing interest in programming tools for it. Such tools often require call graphs. Applying existing call graph construction algorithms to the JVM bytecodes generated by the Scala compiler produces imprecise results due to type information being lost during compilation. Therefore, we propose adapting existing call graph construction algorithms, Name-Based Resolution (RA) and Rapid Type Analysis (RTA), for Scala.

Paper accepted at ECOOP '14!

Just got a paper accepted at ECOOP ‘14! The paper has the title “Constructing Call Graphs of Scala Programs”. You can find more information about it here.

AVERROES - Whole-Program Analysis Without the Whole Program

Averroes is a tool that generates a placeholder library overapproximating the possible behaviour of the original library. The placeholder library can be constructed quickly without analyzing the whole program (using the separate compilation assumption), and is typically in the order of 80 kB of classes (comparatively, the Java standard library is 25 MB). Any existing whole-program call graph construction framework can use the placeholder library as a replacement for the actual libraries to efficiently construct a sound and precise application call graph.

Paper accepted at ECOOP '13!

Just got a paper accepted at ECOOP ‘13! The paper has the title “Averroes: Whole-Program Analysis Without the Whole Program”. You can find more information about it here.

CGC - a datalog prototype for the Separate Compilation Assumption

cgc is a prototype tool that generates a sound call graph for the application part of a program without analyzing the code of the library. It uses a context-insensitive pointer analysis to create the call graph on-the-fly. Although the prototype is implemented in Datalog for ease of modification and experimentation, it could be transcribed into Java to be embedded into an analysis framework such as Soot or Wala.

Paper accepted at ECOOP '12!

Just got my first PhD paper accepted at ECOOP ‘12! Exciting stuff. The paper has the title “Application-only Call Graph Construction”. You can find more information about it here.