From 17 to 21 July, the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) took place on the campus of the University of Washington in Seattle. SOLA was also represented and was able to score with two papers:
A bimodal taint analysis called "Fluffy"
The paper "Beware of the Unexpected: Bimodal Taint Analysis" was awarded as an ACM SIGSOFT Distinguished Paper. It presents a bimodal taint analysis called "Fluffy", implements it to 250,000 JavaScript projects and evaluates five common vulnerability types. Fluffy combines static analysis, which reasons about data flow, with machine learning (ML), which probabilistically determines which flows are potentially problematic.
The paper was written by Yi Wai Chow (during his master's thesis at the University of Stuttgart), Max Schaefer (GitHub) and Prof. Michael Pradel (University of Stuttgart).
Surprising result for WebAssembly call graphs
Recognised as an ACM SIGSOFT Distinguished Artifact was "That’s a Tough Call: Studying the Challenges of Call Graph Construction for WebAssembly". In their work, the researchers seek to better understand those challenges that arise in the static construction of call graphs for WebAssembly. Call graphs are at the core of many interprocedural static analysis and optimization techniques. In detail, twelve challenges are identified and examined on 8,000 real code examples. Surprising result: Four existing methods for static analysis are unreliable, without this having been documented so far.
Daniel Lehmann (University of Stuttgart), Michelle Thalakottur (Northeastern University), Prof. Frank Tip (Northeastern University) and Prof. Michael Pradel (University of Stuttgart) contributed to the paper.
