A5019029870- Software Testing and Debugging Techniques
- Software Engineering Research
- Advanced Malware Detection Techniques
- Software Reliability and Analysis Research
- Digital and Cyber Forensics
- Software System Performance and Reliability
- Radiation Effects in Electronics
- Topic Modeling
- Adversarial Robustness in Machine Learning
The University of Texas at Dallas
2019-2024
Many critical software systems developed in C utilize compile-time configurability. The many possible configurations of this make bug detection through static analysis difficult. While variability-aware analyses have been developed, there remains a gap between those and state-of-the-art tools. In order to collect data on how such tools may perform develop real-world benchmarks, we present way leverage configuration sampling, off-the-shelf "variability-oblivious" detectors, automatic feature...
Static analysis is an important tool for detecting bugs in real-world software. The advent of numerous algorithms with their own tradeoffs has led to the proliferation configurable static tools, but complex, undertested configuration spaces are obstacles widespread adoption. To improve reliability these my research focuses on developing new approaches automatically test and debug them. First, I describe empirical study that helps understand performance behavior taint tools Android. findings...
The most popular static taint analysis tools for Android allow users to change the underlying algorithms through configuration options. However, large spaces make it difficult developers and alike understand full capabilities of these tools, studies to-date have only focused on individual configurations. In this work, we present first study that evaluates configurations in focusing two FlowDroid DroidSafe. First, perform a manual code investigation better how are implemented both tools. We...
Testing and debugging the implementation of static analysis is a challenging task, often involving significant manual effort from domain experts in tedious unprincipled process. In this work, we propose an approach that greatly improves automation process for analyzers with configuration options. At core our novel adaptation theoretical partial order relations exist between these options to reason about correctness actual results running analyzer different configurations. This allows...
Many program verification tools can be customized via run-time configuration options that trade off performance, precision, and soundness. However, in practice, users often run under their default configurations, because understanding these tradeoffs requires significant expertise. In this paper, we ask how well a single, work general, propose SATune, novel tool for automatically configuring given target programs. To answer our question, gathered dataset runs four well-known against range of...
Modern System-on-Chip (SoC) designs are integrated with intellectual property (IPs) cores to achieve complex functionalities. While this integration significantly improves the computing power of SoCs, it also leads an increase in verification complexity pertaining security SoC design. Existing techniques do not offer localization capability pinpoint root causes vulnerabilities register transfer level (RTL) code. This significant delay, incurred due debugging. Fault techniques, such as...
Natural language processing (NLP) has gained widespread adoption in the development of real-world applications. However, black-box nature neural networks NLP applications poses a challenge when evaluating their performance, let alone ensuring it. Recent research proposed testing techniques to enhance trustworthiness NLP-based most existing works use single, aggregated metric ( i.e ., accuracy) which is difficult for users assess model performance on fine-grained aspects such as linguistic...
Variability in C software is a useful tool, but critical bugs that only exist certain configurations are easily missed by conventional debugging techniques. Even with small number of features, the configuration space configurable too large to analyze exhaustively. Variability-aware static analysis for bug detection being developed, remains at early stage be fully usable real-world programs. In this work, we present methodology finding variability combining variability-oblivious detectors,...
Static analyses are powerful tools that can serve as a complement to dynamic approaches such testing. In order ensure generality, many static analysis configurable. However, these configurations make testing and debugging more difficult. To address this issue, we introduce new tool, ECSTATIC, which leverages partial relations between configuration options automatically test debug analyzers, even without ground truths. ECSTATIC's results reproducible by virtue of running within Docker...