English

SPARK: Static Program Analysis Reasoning and Retrieving Knowledge

Programming Languages 2017-11-06 v1 Artificial Intelligence Cryptography and Security
Authors: Wasuwee Sodsong , Bernhard Scholz , Sanjay Chawla
View on arXiv PDF

Abstract

Program analysis is a technique to reason about programs without executing them, and it has various applications in compilers, integrated development environments, and security. In this work, we present a machine learning pipeline that induces a security analyzer for programs by example. The security analyzer determines whether a program is either secure or insecure based on symbolic rules that were deduced by our machine learning pipeline. The machine pipeline is two-staged consisting of a Recurrent Neural Networks (RNN) and an Extractor that converts an RNN to symbolic rules. To evaluate the quality of the learned symbolic rules, we propose a sampling-based similarity measurement between two infinite regular languages. We conduct a case study using real-world data. In this work, we discuss the limitations of existing techniques and possible improvements in the future. The results show that with sufficient training data and a fair distribution of program paths it is feasible to deducing symbolic security rules for the OpenJDK library with millions lines of code.

Keywords

symbolic execution program analysis pipeline optimization

Cite

@article{arxiv.1711.01024,
  title  = {SPARK: Static Program Analysis Reasoning and Retrieving Knowledge},
  author = {Wasuwee Sodsong and Bernhard Scholz and Sanjay Chawla},
  journal= {arXiv preprint arXiv:1711.01024},
  year   = {2017}
}

Related papers

View all related →
Software Engineering · Computer Science
Scaling Symbolic Execution to Large Software Systems
Gabor Horvath, Reka Kovacs, Zoltan Porkolab
2024-08-06
Software Engineering · Computer Science
Parallel Program Analysis on Path Ranges
Jan Haltermanna, Marie-Christine Jakobs, Cedric Richter, Heike Wehrheim
2024-06-28
Programming Languages · Computer Science
Probabilistic Analysis Based On Symbolic Game Semantics and Model Counting
Aleksandar S. Dimovski
2017-09-08
Artificial Intelligence · Computer Science
A Smart and Defensive Human-Machine Approach to Code Analysis
Fitzroy D. Nembhard, Marco M. Carvalho
2021-08-27
Programming Languages · Computer Science
Synthesizing Program-Specific Static Analyses
Colin S. Gordon
2018-10-17
Software Engineering · Computer Science
Exploring Code Analysis: Zero-Shot Insights on Syntax and Semantics with LLMs
Wei Ma, Zhihao Lin, Shangqing Liu, Qiang Hu +7
2026-05-22
Programming Languages · Computer Science
A Static Analyzer for Large Safety-Critical Software
Bruno Blanchet, Patrick Cousot, Radhia Cousot, Jerôme Feret +4
2016-08-14
Software Engineering · Computer Science
Static Analyzers and Potential Future Research Directions for Scala: An Overview
Eljose E Sajan, Yunpeng Zhang, Liang-Chieh Cheng
2019-05-14
Software Engineering · Computer Science
Implementing and Executing Static Analysis Using LLVM and CodeChecker
Gabor Horvath, Reka Kovacs, Richard Szalay, Zoltan Porkolab
2024-08-13
Programming Languages · Computer Science
Customizing Static Analysis using Codesearch
Avi Hayoun, Veselin Raychev, Jack Hair
2024-04-22
Logic in Computer Science · Computer Science
Verifying Safety-Critical Timing and Memory-Usage Properties of Embedded Software by Abstract Interpretation
Reinhold Heckmann, Christian Ferdinand
2011-11-09
Programming Languages · Computer Science
Stateless Code Model Checking of Information Flow Security
Elaheh Ghassabani, Mohammad Abdollahi Azgomi
2016-03-14
Programming Languages · Computer Science
Unveiling the Power of Intermediate Representations for Static Analysis: A Survey
Bowen Zhang, Wei Chen, Hung-Chun Chiu, Charles Zhang
2024-05-22
Software Engineering · Computer Science
Large Language Models Versus Static Code Analysis Tools: A Systematic Benchmark for Vulnerability Detection
Damian Gnieciak, Tomasz Szandala
2025-08-07
Neural and Evolutionary Computing · Computer Science
DeepLogic: Towards End-to-End Differentiable Logical Reasoning
Nuri Cingillioglu, Alessandra Russo
2019-03-11
Programming Languages · Computer Science
Slot Games for Detecting Timing Leaks of Programs
Aleksandar S. Dimovski
2013-07-18
Software Engineering · Computer Science
Possible Value Analysis based on Symbolic Lattice
Qi Zhan
2024-05-03
Software Engineering · Computer Science
Demystifying Errors in LLM Reasoning Traces: An Empirical Study of Code Execution Simulation
Mohammad Abdollahi, Khandaker Rifah Tasnia, Soumit Kanti Saha, Jinqiu Yang +2
2025-12-02
Programming Languages · Computer Science
Thread-Modular Static Analysis for Relaxed Memory Models
Markus Kusano, Chao Wang
2017-09-29
Cryptography and Security · Computer Science
Enhancing Enterprise Network Security: Comparing Machine-Level and Process-Level Analysis for Dynamic Malware Detection
Baskoro Adi Pratomo, Toby Jackson, Pete Burnap, Andrew Hood +1
2023-10-30
Programming Languages · Computer Science
Program Analysis of Probabilistic Programs
Maria I. Gorinova
2022-04-15
Cryptography and Security · Computer Science
Reasoning Under Threat: Symbolic and Neural Techniques for Cybersecurity Verification
Sarah Veronica
2025-05-14
Cryptography and Security · Computer Science
Towards an Automated Pipeline for Detecting and Classifying Malware through Machine Learning
Nicola Loi, Claudio Borile, Daniele Ucci
2021-06-11
Software Engineering · Computer Science
Inferring Input Grammars from Dynamic Control Flow
Rahul Gopinath, Björn Mathis, Andreas Zeller
2019-12-13
Cryptography and Security · Computer Science
Many Tools, Few Exploitable Vulnerabilities: A Survey of 246 Static Code Analyzers for Security
Kevin Hermann, Sven Peldszus, Thorsten Berger
2026-02-23