Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- proceedingJuly 2022
ISSTA 2022: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis
It is a great pleasure to welcome you to ISSTA 2022, the 31st edition of the International Symposium on Software Testing and Analysis. The conference has quickly risen to become the premier scientific event in the expanding area of software testing and ...
Elipmoc: advanced decompilation of Ethereum smart contracts
Proceedings of the ACM on Programming Languages (PACMPL), Volume 6, Issue OOPSLA1Article No.: 77, Pages 1–27https://doi.org/10.1145/3527321Smart contracts on the Ethereum blockchain greatly benefit from cutting-edge analysis techniques and pose significant challenges. A primary challenge is the extremely low-level representation of deployed contracts. We present Elipmoc, a decompiler for ...
- research-articleOctober 2021
Symbolic value-flow static analysis: deep, precise, complete modeling of Ethereum smart contracts
Proceedings of the ACM on Programming Languages (PACMPL), Volume 5, Issue OOPSLAArticle No.: 163, Pages 1–30https://doi.org/10.1145/3485540We present a static analysis approach that combines concrete values and symbolic expressions. This symbolic value-flow (“symvalic”) analysis models program behavior with high precision, e.g., full path sensitivity. To achieve deep modeling of program ...
Making pointer analysis more precise by unleashing the power of selective context sensitivity
Proceedings of the ACM on Programming Languages (PACMPL), Volume 5, Issue OOPSLAArticle No.: 147, Pages 1–27https://doi.org/10.1145/3485524Traditional context-sensitive pointer analysis is hard to scale for large and complex Java programs. To address this issue, a series of selective context-sensitivity approaches have been proposed and exhibit promising results. In this work, we move one ...
Precise static modeling of Ethereum “memory”
Proceedings of the ACM on Programming Languages (PACMPL), Volume 4, Issue OOPSLAArticle No.: 190, Pages 1–26https://doi.org/10.1145/3428258Static analysis of smart contracts as-deployed on the Ethereum blockchain has received much recent attention. However, high-precision analyses currently face significant challenges when dealing with the Ethereum VM (EVM) execution model. A major such ...
-
- research-articleSeptember 2020
MadMax: analyzing the out-of-gas world of smart contracts
Ethereum is a distributed blockchain platform, serving as an ecosystem for smart contracts: full-fledged intercommunicating programs that capture the transaction logic of an account. A gas limit caps the execution of an Ethereum smart contract: ...
- research-articleAugust 2020
Symbolic Reasoning for Automatic Signal Placement
ACM SIGOPS Operating Systems Review (SIGOPS), Volume 54, Issue 1Pages 64–76https://doi.org/10.1145/3421473.3421482Explicit signaling between threads is a perennial cause of bugs in concurrent programs. While there are several runtime techniques to automatically notify threads upon the availability of some shared resource, such techniques are not widely-adopted due ...
Identifying Java calls in native code via binary scanning
ISSTA 2020: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and AnalysisPages 388–400https://doi.org/10.1145/3395363.3397368Current Java static analyzers, operating either on the source or bytecode level, exhibit unsoundness for programs that contain native code. We show that the Java Native Interface (JNI) specification, which is used by Java programs to interoperate with ...
- research-articleJune 2020
Explaining bug provenance with trace witnesses
SOAP 2020: Proceedings of the 9th ACM SIGPLAN International Workshop on the State Of the Art in Program AnalysisPages 14–19https://doi.org/10.1145/3394451.3397206Bug finders are mainstream tools used during software development that significantly improve the productivity of software engineers and lower maintenance costs. These tools search for software anomalies by scrutinising the program's code using static ...
Static analysis of Java enterprise applications: frameworks and caches, the elephants in the room
- Anastasios Antoniadis,
- Nikos Filippakis,
- Paddy Krishnan,
- Raghavendra Ramesh,
- Nicholas Allen,
- Yannis Smaragdakis
PLDI 2020: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and ImplementationPages 794–807https://doi.org/10.1145/3385412.3386026Enterprise applications are a major success domain of Java, and Java is the default setting for much modern static analysis research. It would stand to reason that high-quality static analysis of Java enterprise applications would be commonplace, but ...
Ethainter: a smart contract security analyzer for composite vulnerabilities
PLDI 2020: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and ImplementationPages 454–469https://doi.org/10.1145/3385412.3385990Smart contracts on permissionless blockchains are exposed to inherent security risks due to interactions with untrusted entities. Static analyzers are essential for identifying security risks and avoiding millions of dollars worth of damage.
We ...
- research-articleMay 2020
A Principled Approach to Selective Context Sensitivity for Pointer Analysis
ACM Transactions on Programming Languages and Systems (TOPLAS), Volume 42, Issue 2Article No.: 10, Pages 1–40https://doi.org/10.1145/3381915Context sensitivity is an essential technique for ensuring high precision in static analyses. It has been observed that applying context sensitivity partially, only on a select subset of the methods, can improve the balance between analysis precision and ...
- research-articleOctober 2019
Next-paradigm programming languages: what will they look like and what changes will they bring?
Onward! 2019: Proceedings of the 2019 ACM SIGPLAN International Symposium on New Ideas, New Paradigms, and Reflections on Programming and SoftwarePages 187–197https://doi.org/10.1145/3359591.3359739The dream of programming language design is to bring about orders-of-magnitude productivity improvements in software development tasks. Designers can endlessly debate on how this dream can be realized and on how close we are to its realization. Instead, ...
Gigahorse: thorough, declarative decompilation of smart contracts
ICSE '19: Proceedings of the 41st International Conference on Software EngineeringPages 1176–1186https://doi.org/10.1109/ICSE.2019.00120The rise of smart contracts---autonomous applications running on blockchains---has led to a growing number of threats, necessitating sophisticated program analysis. However, smart contracts, which transact valuable tokens and cryptocurrencies, are ...
Scalability-first pointer analysis with self-tuning context-sensitivity
ESEC/FSE 2018: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software EngineeringPages 129–140https://doi.org/10.1145/3236024.3236041Context-sensitivity is important in pointer analysis to ensure high precision, but existing techniques suffer from unpredictable scalability. Many variants of context-sensitivity exist, and it is difficult to choose one that leads to reasonable analysis ...
- research-articleOctober 2018
Precision-guided context sensitivity for pointer analysis
Proceedings of the ACM on Programming Languages (PACMPL), Volume 2, Issue OOPSLAArticle No.: 141, Pages 1–29https://doi.org/10.1145/3276511Context sensitivity is an essential technique for ensuring high precision in Java pointer analyses. It has been observed that applying context sensitivity partially, only on a select subset of the methods, can improve the balance between analysis ...
- research-articleOctober 2018
MadMax: surviving out-of-gas conditions in Ethereum smart contracts
Proceedings of the ACM on Programming Languages (PACMPL), Volume 2, Issue OOPSLAArticle No.: 116, Pages 1–27https://doi.org/10.1145/3276486Ethereum is a distributed blockchain platform, serving as an ecosystem for smart contracts: full-fledged inter-communicating programs that capture the transaction logic of an account. Unlike programs in mainstream languages, a gas limit restricts the ...
Static analysis of Java dynamic proxies
ISSTA 2018: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and AnalysisPages 209–220https://doi.org/10.1145/3213846.3213864The dynamic proxy API is one of Java’s most widely-used dynamic features, permitting principled run-time code generation and link- ing. Dynamic proxies can implement any set of interfaces and for- ward method calls to a special object that handles them ...
Shooting from the heap: ultra-scalable static analysis with heap snapshots
ISSTA 2018: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and AnalysisPages 198–208https://doi.org/10.1145/3213846.3213860Traditional whole-program static analysis (e.g., a points-to analysis that models the heap) encounters scalability problems for realistic applications. We propose a ``featherweight'' analysis that combines a dynamic snapshot of the heap with otherwise ...