Write a Blog >>
ESEC/FSE 2022
Mon 14 - Fri 18 November 2022 Singapore
Wed 16 Nov 2022 11:15 - 11:30 at SRC LT 50 - Program Analysis II Chair(s): Marsha Chechik

Python is a widely used programming language that powers important application domains such as machine learning, data analysis, and web applications. For many programs in these domains it is consequential to analyze aspects like security and performance, and with Python’s dynamic nature, it is crucial to be able to dynamically analyze Python programs. However, existing tools and frameworks
do not provide the means to implement dynamic analyses easily and practitioners resort to implementing an ad-hoc dynamic analysis for their own use case. This work presents DynaPyt, the first general-purpose framework for heavy-weight dynamic analysis of Python programs. Compared to existing tools for other programming languages, our framework provides a wider range of analysis hooks arranged in a hierarchical structure, which allows developers to concisely implement analyses. DynaPyt features selective instrumentation and execution modification as well. We evaluate our framework on test suites of 9 popular open-source Python projects, 1,268,545 lines of code in total, and show that it, by and large, preserves the semantics of the original execution. The running time of DynaPyt is between 1.2x and 16x times the original execution time, which is in line with similar frameworks designed for other languages, and 5.6%–88.6% faster than analyses using a built-in tracing API offered by Python. We also implement multiple analyses, show the simplicity of implementing them and some potential use cases of DynaPyt. Among the analyses implemented are: an analysis to detect a memory blow up in Pytorch programs, a taint analysis to detect SQL injections, and an analysis to warn about a runtime performance anti-pattern.

Wed 16 Nov

Displayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change

11:00 - 12:30
Program Analysis IIResearch Papers / Demonstrations / Ideas, Visions and Reflections at SRC LT 50
Chair(s): Marsha Chechik University of Toronto
11:00
15m
Talk
NeuDep: Neural Binary Memory Dependence Analysis
Research Papers
Kexin Pei Columbia University, Dongdong She Columbia University, Michael Wang Massachusetts Institute of Technology, Scott Geng Columbia University, Zhou Xuan Purdue University, Yaniv David Columbia University, Junfeng Yang Columbia University, Suman Jana Columbia University, Baishakhi Ray Columbia University
DOI
11:15
15m
Talk
DynaPyt: A Dynamic Analysis Framework for Python
Research Papers
Aryaz Eghbali University of Stuttgart, Michael Pradel University of Stuttgart
DOI Pre-print
11:30
15m
Talk
Language-Agnostic Dynamic Analysis of Multilingual Code: Promises, Pitfalls, and Prospects
Ideas, Visions and Reflections
Haoran Yang Washington State University, Wen Li Washington State University, Haipeng Cai Washington State University
DOI
11:45
15m
Talk
Cross-Language Android Permission Specification
Research Papers
Chaoran Li Swinburne University of Technology, Xiao Chen Monash University, Ruoxi Sun The University of Adelaide, Minhui (Jason) Xue University of Adelaide, Sheng Wen Swinburne University of Technology, Muhammad Ejaz Ahmed Data61, CSIRO, Seyit Camtepe CSIRO Data61, Yang Xiang Digital Research & Innovation Capability Platform, Swinburne University of Technology
DOI
12:00
15m
Talk
Peahen: Fast and Precise Static Deadlock Detection via Context Reduction
Research Papers
Yuandao Cai Hong Kong University of Science and Technology, Chengfeng Ye Hong Kong University of Science and Technology, Qingkai Shi Purdue University, Charles Zhang Hong Kong University of Science and Technology
DOI
12:15
7m
Talk
FIM: Fault Injection and Mutation for Simulink
Demonstrations
Ezio Bartocci TU Wien, Leonardo Mariani University of Milano-Bicocca, Dejan Nickovic Austrian Institute of Technology, Drishti Yadav Technische Universität Wien
12:23
7m
Talk
JSIMutate: Understanding Performance Results through Mutations
Demonstrations
Thomas Laurent Lero & University College Dublin, Paolo Arcaini National Institute of Informatics , Catia Trubiani Gran Sasso Science Institute, Anthony Ventresque University College Dublin & Lero, Ireland
DOI Media Attached