Conferences and supporting programme
Machine Learning for Finding Programming Defects and Anomalies
Static analysis tools are useful for finding serious programming defects and security vulnerabilities in source and binary code. Most static analysis checkers work by searching the code for known patterns or conditions that will cause the program to fail, or that indicate violations of programming standards. The set of defects that such tools can find is thus limited to problems anticipated by the tool designer. Some tools can automatically determine new properties to check simply by deducing what is common practice, assuming that common practice is likely correct, and then looking for parts of the code that deviate from that practice in significant ways, on the assumption that such deviant code is incorrect. This approach has previously been applied only to the scope of the body of code under analysis, but the ever-increasing volume of open source, combined with advances in machine learning, means that it is now possible to deduce common practice from very large software collections. This technique is particularly useful for finding anomalies in API usage, especially for popular operating system interfaces or open source libraries. This talk will describe how the technique works and will show how it was able to find several previously unknown bugs in high-profile software systems. It will demonstrate how software developers can use these machine learning techniques to find defects that are otherwise very difficult to anticipate.
--- Date: 27.02.2019 Time: 4:00 PM - 4:30 PM Location: Conference Counter NCC Ost