Due to the scale and complexity of modern software, critical errors, such as security vulnerabilities, are hard to discover. In the past few decades, researchers and practitioners have invented many static-analysis algorithms for bug detection and program verification. To take advantage of the theoretical advances, static-analysis algorithms are often implemented as configuration options in static-analysis tools. For example, taint-analysis tools for Android apps incorporate different algorithms, underlying frameworks, and programming styles to support language features that complicate the detection of critical security vulnerabilities. These configuration options allow developers and users to tune the tool behavior to achieve the right balance between precision, soundness, and performance. However, the unique challenges of the large and complex configuration space in configurable static-analysis tools have prevented them from being broadly adopted in practice. Improving configurable static-analysis tools will lead to higher software quality, a potentially large societal impact.
This project proposes to improve the maintainability, correctness, usability, and performance of the configurable static-analysis tools through configuration analysis, testing, evaluation, refinement and adaptation. The project will initially focus on the configurable taint-analysis tools for Android apps to address the following specific research goals. First, unspecified relationships between configuration options, which makes it difficult to tune the tools’ configurations, will be identified and analyzed. The result will be presented to users via a unified configuration-aware user interface. Second, configurable static-analysis tools will be better tested and evaluated via test-case generation and benchmark collection. Third, a human-in-the-loop iterative-refinement process will be designed to explore the configuration space and classify the results to significantly reduce the manual efforts needed in this process. Fourth, learning-based adaptive analysis will be developed to selectively apply analysis algorithms at fine granularity to produce practical results. The practical impact of the research will be evaluated in terms of the tools’ capabilities of detecting real-world vulnerabilities. Once the key research problems are addressed in Android taint-analysis tools, the project will generalize the research to configurable static-analysis tools for different programming languages. The project will significantly improve the state-of-the-art of configurable static-analysis tools and result in their broader adoption in practice.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.