Wenting Zhao,Ibrahim Abdelaziz,Julian Dolby,Kavitha Srinivas,Mossad Helali,Essam Mansour

DOI: https://doi.org/10.48550/arXiv.2301.05108

2023-01-05

Abstract:Dynamically typed languages such as Python have become very popular. Among other strengths, Python's dynamic nature and its straightforward linking to native code have made it the de-facto language for many research areas such as Artificial Intelligence. This flexibility, however, makes static analysis very hard. While creating a sound, or a soundy, analysis for Python remains an open problem, we present in this work Serenity, a framework for static analysis of Python that turns out to be sufficient for some tasks. The Serenity framework exploits two basic mechanisms: (a) reliance on dynamic dispatch at the core of language translation, and (b) extreme abstraction of libraries, to generate an abstraction of the code. We demonstrate the efficiency and usefulness of Serenity's analysis in two applications: code completion and automated machine learning. In these two applications, we demonstrate that such analysis has a strong signal, and can be leveraged to establish state-of-the-art performance, comparable to neural models and dynamic analysis respectively.

Programming Languages,Artificial Intelligence

Jun Zhu,Jing Xie,Heather Richter Lipford,Bill Chu

DOI: https://doi.org/10.1016/j.jare.2013.11.006

IF: 12.822

2014-01-01

Journal of Advanced Research

Abstract:Many security incidents are caused by software developers’ failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases.

Jiawei Wang,Li,Kui Liu,Xiaoning Du

DOI: https://doi.org/10.1016/j.infsof.2024.107592

IF: 3.9

2025-01-01

Information and Software Technology

Abstract:Python has become one of the most popular programming languages nowadays but has not received enough attention from the software engineering community. Many errors, either fixed or not yet, have been scattered in the lifetime of Python projects, including popular Python libraries that have already been reused. NameError is among one of those errors that are widespread in the Python community, as confirmed in our empirical study. Yet, our community has not put effort into helping developers mitigate its introductions. To fill this gap, we propose in this work a static analysis-based approach called DENE (short for D etecting and E xplaining N ame E rrors) to automatically detect and explain name errors in Python projects. To this end, DENE builds control-flow graphs for Python projects and leverages a scope-aware reaching definition analysis to locate identifiers that may cause name errors at runtime and report their locations. Experimental results on carefully crafted ground truth demonstrate that DENE is effective in detecting name errors in real-world Python projects. The results also confirm that unknown name errors are still widely presented in popular Python projects and libraries, and the outputs of DENE can indeed help developers understand why the name errors are flagged as such.

Zhaogui Xu,Ju Qian,Lin Chen,Zhifei Chen,Baowen Xu

DOI: https://doi.org/10.1109/qsic.2013.50

2013-01-01

Abstract:Program slicing is an important program analysis technique and now has been used in many fields of software engineering. However, most existing program slicing methods focus on static programming languages such as C/C++ and Java, and methods on dynamic languages like Python are rarely seen. Python, a typical dynamic object-oriented language, has been more and more widely used now. In Python, everything is a first-class object, including functions, classes, methods, and modules. Existing slicing methods cannot handle the issue of these first-class objects. Therefore, this paper proposes a static slicing method for Python first-class objects. By adding all the definitions of first-class objects into the dependence model and uniformly constructing the program dependence graphs for all the functions, classes, methods, and modules, this method can effectively solve the slicing problems caused by arbitrary definitions and uses of first-class objects in Python.

Zhifei Chen,Lin Chen,Yuming Zhou,Zhaogui Xu,William C. Chu,Baowen Xu

DOI: https://doi.org/10.1109/COMPSAC.2014.30

2014-01-01

Abstract:Python is widely used for web programming and GUI development. Due to the dynamic features of Python, Python programs may contain various unlimited errors. Dynamic slicing extracts those statements from a program which affect the variables in a slicing criterion with a particular input. Dynamic slicing of Python programs is essential for program debugging and fault location. In this paper, we propose an approach of dynamic slicing for Python programs which combines static analysis and dynamic tracing of the Python byte code. It precisely handles the dynamic features of Python, such as dynamic typing of variables, heavy usage of first-class objects, and dynamic modifications of classes and instances. Finally, we evaluate our approach on several Python programs. Experimental results show that the whole dynamic slicing for each subject program spends at most about 13 seconds on the average and costs at most 7.58 mb memory space overhead. Furthermore, the average slice ratio of Python source code ranges from 9.26% to 59.42%. According to it, our dynamic slicing approach can be effectively and efficiently performed. To the best of our knowledge, it is the first one of dynamic slicing for Python programs.

Tian Tan,Yue Li

DOI: https://doi.org/10.48550/arXiv.2208.00337

2022-07-31

Abstract:Static analysis is a mature field with applications to bug detection, security analysis, and code optimization, etc. To facilitate these applications, static analysis frameworks play an essential role by providing a series of fundamental services such as program abstraction, control flow graph construction, and points-to/alias information computation, etc. However, despite impressive progress of static analysis, and this field has seen several popular frameworks in the last decades, it is still not clear how a static analysis framework should be designed in a way that analysis developers could benefit more: for example, what a good IR (for analysis) ought to look like? What functionalities should the module of fundamental analyses provide to ease client analyses? How to develop and integrate new analysis conveniently? How to manage multiple analyses? To answer these questions, in this work, we discuss the design trade-offs for the crucial components of a static analysis framework, and argue for the most appropriate design by following the HBDC (Harnessing the Best Designs of Classics) principle: for each crucial component, we compare the design choices made for it (possibly) by different classic frameworks such as Soot, WALA, SpotBugs and Doop, and choose arguably the best one, but if none is good enough, we then propose a better design. These selected or newly proposed designs finally constitute Tai-e, a new static analysis framework for Java. Specifically, Tai-e is novel in the designs of several aspects like IR, pointer analysis and development of new analyses, etc., leading to an easy-to-learn, easy-to-use and efficient system. To our knowledge, this is the first work that systematically explores the designs and implementations of various static analysis frameworks, and we believe it provides useful materials and viewpoints for building better static analysis infrastructures.

Programming Languages,Software Engineering

Tian Tan,Yue Li

DOI: https://doi.org/10.1145/3597926.3598120

2022-01-01

Abstract:Static analysis is a mature field with applications to bug detection, security analysis, program understanding, optimization, and more. To facilitate these applications, static analysis frameworks play an essential role by providing a series of fundamental services such as intermediate representation (IR) generation, control flow graph construction, points-to/alias information computation, and so on. However, although static analysis has made great strides and several well-known frameworks have emerged in this field over the past decades, these frameworks are not that easy to learn and use for developers who rely on them to create and implement analyses. In that sense, it is far from trivial to build a developer-friendly static analysis framework, because compared to the knowledge required for static analysis itself, we have significantly less knowledge designing and implementing static analysis frameworks. In this work, we take a step forward by discussing the design trade-offs for the crucial components of a static analysis framework for Java, and select the designs by following the HGDC (Harnessing the Good Designs of Classics) principle: for each crucial component of a static analysis framework, we compare the design choices made for it (possibly) by different classic frameworks such as Soot, Wala, Doop, SpotBugs and Checker, and choose arguably a more appropriate one; but if none is good enough, we then propose a better design. These selected or newly proposed designs finally constitute Tai-e, a new static analysis framework for Java, which has been implemented from scratch. Tai-e is novel in the designs of several aspects like IR, pointer analysis and development of new analyses, etc., leading to a developer-friendly (easy-to-learn and easy-to-use) analysis framework. To the best of our knowledge, this is the first work that systematically explores the designs and implementations of various static analysis frameworks for Java. We expect it to provide useful materials and viewpoints for building better static analysis infrastructures, and we hope that it could draw more attentions of the community to this challenging but tangible topic.

Jukka Ruohonen,Kalle Hjerppe,Kalle Rindell

DOI: https://doi.org/10.1109/PST52912.2021.9647791

2021-12-26

Abstract:Different security issues are a common problem for open source packages archived to and delivered through software ecosystems. These often manifest themselves as software weaknesses that may lead to concrete software vulnerabilities. This paper examines various security issues in Python packages with static analysis. The dataset is based on a snapshot of all packages stored to the Python Package Index (PyPI). In total, over 197 thousand packages and over 749 thousand security issues are covered. Even under the constraints imposed by static analysis, (a) the results indicate prevalence of security issues; at least one issue is present for about 46% of the Python packages. In terms of the issue types, (b) exception handling and different code injections have been the most common issues. The subprocess module stands out in this regard. Reflecting the generally small size of the packages, (c) software size metrics do not predict well the amount of issues revealed through static analysis. With these results and the accompanying discussion, the paper contributes to the field of large-scale empirical studies for better understanding security problems in software ecosystems.

Software Engineering,Cryptography and Security

Tiancong Dong,Lin Chen,Zhaogui Xu,Bin Yu

DOI: https://doi.org/10.1109/WISA.2014.20

2014-01-01

Abstract:Python is a kind of dynamic-typed language which provides flexibility but leaves the programmer without the benefits of static typing. This paper describes Type, a tool that works for static type annotation and inference for python. It could simulate the built-in modules, transform the Python source code to IR(Intermediate representation) which we design and annotate, infer and reduce the IR into the type system. Type could provide the explicit type information, detect the type errors at compile time and improve the efficiency of development and the accuracy of point-to analysis. By the evaluation of applying Type to a suite of benchmarks, we find that Type can annotate and infer the types with a good precision and coverage in accept time.

Wuxia Jin,Shuo Xu,Dawei Chen,Jiajun He,Dinghong Zhong,Ming Fan,Hongxu Chen,Huijia Zhang,Ting Liu

DOI: https://doi.org/10.1145/3597503.3640325

2024-01-01

Abstract:Dependency extraction based on static analysis lays the ground-work for a wide range of applications. However, dynamic language features in Python make code behaviors obscure and nondeter-ministic; consequently, it poses huge challenges for static analyses to resolve symbol-level dependencies. Although prosperous techniques and tools are adequately available, they still lack sufficient capabilities to handle object changes, first-class citizens, varying call sites, and library dependencies. To address the fundamental difficulty for dynamic languages, this work proposes an effective and practical method namely PyAnalyzer for dependency extraction. PyAnalyzer uniformly models functions, classes, and modules into first-class heap objects, propagating the dynamic changes of these objects and class inheritance. This manner better simulates dynamic features like duck typing, object changes, and first-class citizens, resulting in high recall results without compromising pre-cision. Moreover, PyAnalyzer leverages optional type annotations as a shortcut to express varying call sites and resolve library depen-dencies on demand. We collected two micro-benchmarks (278 small programs), two macro-benchmarks (59 real-world applications), and 191 real-world projects (10MSLOC) for comprehensive comparisons with 7 advanced techniques (i.e., Understand, Sourcetrail, Depends, ENRE19, PySonar2, PyCG, and Type4Py). The results demonstrated that PyAnalyzer achieves a high recall and hence improves the F 1 by 24.7% on average, at least 1.4x faster without an obvious compromise of memory efficiency. Our work will benefit diverse client applications.

Tim Sonnekalb,Christopher-Tobias Knaust,Bernd Gruner,Clemens-Alexander Brust,Lynn von Kurnatowski,Andreas Schreiber,Thomas S. Heinze,Patrick Mäder

2023-04-04

Abstract:Static analysis tools come in many forms andconfigurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements of a software project, thus reducing the number of false positives.The wide range of configuration options poses a hurdle in their use for software developers, as the tools cannot be deployed out-of-the-box. However, static analysis tools only develop their full benefit if they are integrated into the software development workflow and used on regular. Vulnerability management should be integrated via version history to identify hotspots, for example. We present an analysis platform that integrates several static analysis tools that enable Git-based repositories to continuously monitor warnings across their version history. The framework is easily extensible with other tools and programming languages. We provide a visualization component in the form of a dashboard to display security trends and hotspots. Our tool can also be used to create a database of security alerts at a scale well-suited for machine learning applications such as bug or vulnerability detection.

Software Engineering

Eljose E Sajan,Yunpeng Zhang,Liang-Chieh Cheng

DOI: https://doi.org/10.48550/arXiv.1905.04752

2019-05-13

Abstract:Static analyzers are tool sets which are proving to be indispensable to modern programmers. These enable the programmers to detect possible errors and security defects present in the current code base within the implementation phase of the development cycle, rather than relying on a standalone testing phase. Static analyzers typically highlight possible defects within the 'static' source code and thus does not require the source code to be compiled or executed. The Scala programming language has been gaining wider adoption across various industries in recent years. With such a wide adoption of tools of this nature, this paper presents an overview on the static analysis tools available, both commercial and open-source, for the Scala programming language. This paper discusses in detail about the types of defects that each of these tools can detect, limitations of these tools and also provide potential research direction that can improve the current state of static analyzers for the Scala programming language.

Software Engineering

Luigi Quaranta,Fabio Calefato,Filippo Lanubile

DOI: https://doi.org/10.1145/3522664.3528612

2022-05-24

Abstract:Jupyter Notebook is the tool of choice of many data scientists in the early stages of ML workflows. The notebook format, however, has been criticized for inducing bad programming practices; indeed, researchers have already shown that open-source repositories are inundated by poor-quality notebooks. Low-quality output from the prototypical stages of ML workflows constitutes a clear bottleneck towards the productization of ML models. To foster the creation of better notebooks, we developed Pynblint, a static analyzer for Jupyter notebooks written in Python. The tool checks the compliance of notebooks (and surrounding repositories) with a set of empirically validated best practices and provides targeted recommendations when violations are detected.

Software Engineering,Machine Learning

Xinrong Lin,Baojian Hua,Yang Wang,Zhizhong Pan

DOI: https://doi.org/10.1109/saner56733.2023.00046

2023-01-01

Abstract:Python, as one of the most popular and important programming languages in the era of data science, has recently introduced a syntax for static type annotations with PEP 484, to improve code maintainability, quality, and readability. However, it is still unknown whether and how static type annotations are used in practical Python projects.This paper presents, to the best of our knowledge, the first and most comprehensive empirical study on the defects, evolution and rectification of static type annotations in Python projects. We first designed and implemented a software prototype dubbed PYSCAN, then used it to scan notable Python projects with diverse domains and sizes and type annotation manners, which add up to 19,478,428 lines of Python code. The empirical results provide interesting findings and insights, such as: 1) we proposed a taxonomy of Python type annotation-related defects, by classifying defects into four categories; 2) we investigated the evolution of type annotation-related defects; and 3) we proposed automatic defect rectification strategies, generating rectification suggestions for 82 out of 110 (74.55%) defects successfully. We suggest that: 1) Python language designers should clarify the type annotation specification; 2) checking tool builders should improve their tools to suppress false positives; and 3) Python developers should integrate such checking tools into their development workflow to catch type annotation-related defects at an early development stage.We have reported our findings and suggestions to Python language designers, checking tool builders, and Python developers. They have acknowledged us and taken actions based on our suggestions. We believe these guidelines would improve static type annotation practices and benefit the Python ecosystem in general.

Florian Sihler,Lukas Pietzschmann,Raphael Straub,Matthias Tichy,Andor Diera,Abdelhalim Dahou

2024-01-29

Abstract:CONTEXT The R programming language has a huge and active community, especially in the area of statistical computing. Its interpreted nature allows for several interesting constructs, like the manipulation of functions at run-time, that hinder the static analysis of R programs. At the same time, there is a lack of existing research regarding how these features, or even the R language as a whole are used in practice. OBJECTIVE In this paper, we conduct a large-scale, static analysis of more than 50 million lines of real-world R programs and packages to identify their characteristics and the features that are actually used. Moreover, we compare the similarities and differences between the scripts of R users and the implementations of package authors. We provide insights for static analysis tools like the lintr package as well as potential interpreter optimizations and uncover areas for future research. METHOD We analyze 4230 R scripts submitted alongside publications and the sources of 19450 CRAN packages for over 350000 R files, collecting and summarizing quantitative information for features of interest. RESULTS We find a high frequency of name-based indexing operations, assignments, and loops, but a low frequency for most of R's reflective functions. Furthermore, we find neither testing functions nor many calls to R's foreign function interface (FFI) in the publication submissions. CONCLUSION R scripts and package sources differ, for example, in their size, the way they include other packages, and their usage of R's reflective capabilities. We provide features that are used frequently and should be prioritized by static analysis tools, like operator assignments, function calls, and certain reflective functions like load.

Programming Languages,Software Engineering

Gregorio Robles,Raula Gaikovina Kula,Chaiyong Ragkhitwetsagul,Tattiya Sakulniwat,Kenichi Matsumoto,Jesus M. Gonzalez-Barahona

DOI: https://doi.org/10.48550/arXiv.2203.15990

2022-03-30

Abstract:Python is known to be a versatile language, well suited both for beginners and advanced users. Some elements of the language are easier to understand than others: some are found in any kind of code, while some others are used only by experienced programmers. The use of these elements lead to different ways to code, depending on the experience with the language and the knowledge of its elements, the general programming competence and programming skills, etc. In this paper, we present pycefr, a tool that detects the use of the different elements of the Python language, effectively measuring the level of Python proficiency required to comprehend and deal with a fragment of Python code. Following the well-known Common European Framework of Reference for Languages (CEFR), widely used for natural languages, pycefr categorizes Python code in six levels, depending on the proficiency required to create and understand it. We also discuss different use cases for pycefr: identifying code snippets that can be understood by developers with a certain proficiency, labeling code examples in online resources such as Stackoverflow and GitHub to suit them to a certain level of competency, helping in the onboarding process of new developers in Open Source Software projects, etc. A video shows availability and usage of the tool: <a class="link-external link-https" href="https://tinyurl.com/ypdt3fwe" rel="external noopener nofollow">this https URL</a>.

Software Engineering

Amir Nassereldine,Patrick Chen,Jinjun Xiong

DOI: https://doi.org/10.48550/arXiv.2211.06333

2022-11-01

Software Engineering

Abstract:Spreadsheets are widely used in various fields to do large numerical analysis. While several companies have relied on spreadsheets for decades, data scientists are going in the direction of using scientific programming languages such as python to do their data analysis due to the support, community, and vast amount of libraries. While using python to analyze a company's spreadsheets, some information such as the formulas and dependencies of a cell are lost. We propose a tool that creates an abstract intermediate representation (AIR) of a spreadsheet. This representation facilitates the transfer from spreadsheets into scientific programming languages while preserving inter-dependency information about data. In addition to that, we build a python library on top of our tool to perform some data analysis in python.

Bowen Zhang,Wei Chen,Hung-Chun Chiu,Charles Zhang

2024-05-21

Abstract:Static analysis techniques enhance the security, performance, and reliability of programs by analyzing and portraiting program behaviors without the need for actual execution. In essence, static analysis takes the Intermediate Representation (IR) of a target program as input to retrieve essential program information and understand the program. However, there is a lack of systematic analysis on the benefit of IR for static analysis, besides serving as an information provider. In general, a modern static analysis framework should possess the ability to conduct diverse analyses on different languages, producing reliable results with minimal time consumption, and offering extensive customization options. In this survey, we systematically characterize these goals and review the potential solutions from the perspective of IR. It can serve as a manual for learners and practitioners in the static analysis field to better understand IR design. Meanwhile, numerous research opportunities are revealed for researchers.

Programming Languages,Software Engineering

Qiuhan Deng,Dahai Jin

DOI: https://doi.org/10.1109/bmei.2015.7401594

2015-01-01

Abstract:With the rapid development of the software industry, the continuous increasing of software size and complexity, how to guarantee and improve the reliability and the safety of the software has become the focus in the research of computer science. Software testing has become an indispensable part in software's life circle and people are paying more attention to the software. The static analysis is a code analysis technology, which is opposite to the dynamic analysis. The former can detect the latent defects and the security vulnerabilities inside of software and is developing rapidly during the last years. This thesis is based on the C language as the research object, and focuses on generating intermediate files with compiler front-end. This thesis first introduces the principle of C preprocessor and the way of getting the redundant type of the intermediate files based on the file structure after the preprocessing. With the rational analysis, the redundant code in the intermediate files will be removed, and the simplification of the intermediate files are designed and realized, in order to increase the static analysis efficiency. Finally, we based on the software, defect detecting DTS (Defect Testing System) 1. We implement the file simplification module. DTS is used to validate some open source projects in order to prove the feasibility and effectiveness of our method.

Zhifei Chen,Lin Chen,Baowen Xu

DOI: https://doi.org/10.1109/WISA.2014.26

2014-01-01

Abstract:Python is widely used to create and manage complex, database-driven websites. However, due to dynamic features such as dynamic typing of variables, Python programs pose a serious security risk to web applications. Most security vulnerabilities result from the fact that unsafe data input reaches security-sensitive operations. To address this problem, information flow analysis for Python programs is proposed to enforce this property. Information flow can capture the fact that a particular value affects another value in the program. In this paper, we present a novel approach for analyzing information flow in Python byte code which is a low-level language and is more widely broadcast. Our approach performs a hybrid of static and dynamic control/data flow analysis. Static analysis is used to study implicit flow, while dynamic analysis efficiently tracks execution information and determines definition-use pair. To the best of our knowledge, it is the first one for Python byte code.