English

StaticFixer: From Static Analysis to Static Repair

Software Engineering 2023-07-25 v1

Abstract

Static analysis tools are traditionally used to detect and flag programs that violate properties. We show that static analysis tools can also be used to perturb programs that satisfy a property to construct variants that violate the property. Using this insight we can construct paired data sets of unsafe-safe program pairs, and learn strategies to automatically repair property violations. We present a system called \sysname, which automatically repairs information flow vulnerabilities using this approach. Since information flow properties are non-local (both to check and repair), \sysname also introduces a novel domain specific language (DSL) and strategy learning algorithms for synthesizing non-local repairs. We use \sysname to synthesize strategies for repairing two types of information flow vulnerabilities, unvalidated dynamic calls and cross-site scripting, and show that \sysname successfully repairs several hundred vulnerabilities from open source {\sc JavaScript} repositories, outperforming neural baselines built using {\sc CodeT5} and {\sc Codex}. Our datasets can be downloaded from \url{http://aka.ms/StaticFixer}.

Keywords

Cite

@article{arxiv.2307.12465,
  title  = {StaticFixer: From Static Analysis to Static Repair},
  author = {Naman Jain and Shubham Gandhi and Atharv Sonwane and Aditya Kanade and Nagarajan Natarajan and Suresh Parthasarathy and Sriram Rajamani and Rahul Sharma},
  journal= {arXiv preprint arXiv:2307.12465},
  year   = {2023}
}
R2 v1 2026-06-28T11:38:12.881Z