StaticFixer: From Static Analysis to Static Repair
Abstract
Static analysis tools are traditionally used to detect and flag programs that violate properties. We show that static analysis tools can also be used to perturb programs that satisfy a property to construct variants that violate the property. Using this insight we can construct paired data sets of unsafe-safe program pairs, and learn strategies to automatically repair property violations. We present a system called \sysname, which automatically repairs information flow vulnerabilities using this approach. Since information flow properties are non-local (both to check and repair), \sysname also introduces a novel domain specific language (DSL) and strategy learning algorithms for synthesizing non-local repairs. We use \sysname to synthesize strategies for repairing two types of information flow vulnerabilities, unvalidated dynamic calls and cross-site scripting, and show that \sysname successfully repairs several hundred vulnerabilities from open source {\sc JavaScript} repositories, outperforming neural baselines built using {\sc CodeT5} and {\sc Codex}. Our datasets can be downloaded from \url{http://aka.ms/StaticFixer}.
Cite
@article{arxiv.2307.12465,
title = {StaticFixer: From Static Analysis to Static Repair},
author = {Naman Jain and Shubham Gandhi and Atharv Sonwane and Aditya Kanade and Nagarajan Natarajan and Suresh Parthasarathy and Sriram Rajamani and Rahul Sharma},
journal= {arXiv preprint arXiv:2307.12465},
year = {2023}
}