Characterizing and Detecting Program Representation Faults of Static Analysis Frameworks

Static analysis frameworks (SAFs) such as Soot and WALA have provided the fundamental support in today's software analysis. They usually adopt various analysis techniques to transform programs into different representations that imply specific properties, e.g., a call graph can demonstrate the calling relationships between methods in a program, and users rely on these program representations for further analysis, like vulnerability detection and privacy leakage recognition. Hence, providing proper program representation is essential for SAFs. We conducted a systematic empirical study on program representation faults of static analysis frameworks. In our study, we first collected 141 issues from four popular SAFs and summarized their symptoms, root causes, and fix strategies, and revealed eight findings and some implications to avoid and detect program representation faults. Additionally, we implemented an automated testing framework named SAScope based on the metamorphic and differential testing motivated by findings and implications. Overall, SAScope can detect 19 program representation faults where 5 have been fixed, demonstrating its effectiveness. CCS Concepts • Software and its engineering → Software reliability.