Guangwei Li, Ting Yuan, Jie Lu, Lian Li, Xiaobin Zhang, Xu Song, Kejun Zhang
{"title":"Exposing Vulnerable Paths: Enhance Static Analysis with Lightweight Symbolic Execution","authors":"Guangwei Li, Ting Yuan, Jie Lu, Lian Li, Xiaobin Zhang, Xu Song, Kejun Zhang","doi":"10.1109/APSEC53868.2021.00051","DOIUrl":null,"url":null,"abstract":"Static analysis tools, although widely adopted in industry, suffer from a high false positive rate. This paper aims to refine the results of static analysis tools, by automatically searching for a vulnerable path from given defect report. To realize this goal, we develop SATRACER, a novel tool which integrates symbolic execution techniques with static analysis. SATRACER selectively skips those program parts which can be consistently updated by static analysis, thus drastically improving performance. We have applied SATRACER to a set of 21 real-world applications. Evaluation results show that SATRACER can successfully remove 71.4% false alarms reported by a commercial static analysis tool in 10 hours, and confirmed 29 real use-after-free bugs and 895 real null-pointer-dereference bugs.","PeriodicalId":143800,"journal":{"name":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","volume":"67 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 28th Asia-Pacific Software Engineering Conference (APSEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APSEC53868.2021.00051","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Static analysis tools, although widely adopted in industry, suffer from a high false positive rate. This paper aims to refine the results of static analysis tools, by automatically searching for a vulnerable path from given defect report. To realize this goal, we develop SATRACER, a novel tool which integrates symbolic execution techniques with static analysis. SATRACER selectively skips those program parts which can be consistently updated by static analysis, thus drastically improving performance. We have applied SATRACER to a set of 21 real-world applications. Evaluation results show that SATRACER can successfully remove 71.4% false alarms reported by a commercial static analysis tool in 10 hours, and confirmed 29 real use-after-free bugs and 895 real null-pointer-dereference bugs.