The Dynamics of Software Composition Analysis (ASE 2019 - Late Breaking Results) - ASE 2019

Sun 10 - Fri 15 November 2019 San Diego, California, United States

Who

Darius Foo, Jason Yeo, Hao Xiao, Asankhaya Sharma

Track

ASE 2019 Late Breaking Results

Time Zone

The program is currently displayed in (GMT-08:00) Tijuana, Baja California.

Use conference time zone: (GMT-08:00) Tijuana, Baja CaliforniaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

When

Wed 13 Nov 2019 15:20 - 16:00 at Kensington Ballroom - Poster Session: Late Breaking Results

Abstract

Developers today use significant amounts of open source code, surfacing the need for ways to automatically audit and upgrade library dependencies and leading to the emergence of Software Composition Analysis (SCA). SCA products are concerned with three tasks: discovering dependencies, checking the reachability of vulnerable code for false positive elimination, and automated remediation. The latter two tasks rely on call graphs of library and application code to check whether vulnerable methods found in the open source components are called by applications. However, statically-constructed call graphs introduce both false positives and false negatives on real-world projects. In this paper, we develop a novel, modular means of combining statically- and dynamically-constructed call graphs via instrumentation to improve the performance of false positive elimination. Our experiments indicate significant performance improvements, but that instrumentation-based call graphs are less readily applicable in practice.

Link to Preprint

https://arxiv.org/abs/1909.00973

Darius Foo

Jason Yeo

Hao Xiao

Asankhaya Sharma

Time Zone

The program is currently displayed in (GMT-08:00) Tijuana, Baja California.

Use conference time zone: (GMT-08:00) Tijuana, Baja CaliforniaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Session Program

Wed 13 Nov
Displayed time zone: Tijuana, Baja California change

	15:20 - 16:00	Poster Session: Late Breaking ResultsLate Breaking Results at Kensington Ballroom

	15:20 40m Poster		Recommendation of Exception Handling Code in Mobile App Development Late Breaking Results Tam Nguyen , Phong Minh Vu , Tung Thanh Nguyen Pre-print
	15:20 40m Poster		LVMapper: A Large-variance Clone Detector Using Sequencing Alignment Approach Late Breaking Results Ming Wu , Pengcheng Wang University of Science and Technology of China, Kangqi Yin , Haoyu Cheng , Yun Xu University of Science and Technology of China, Chanchal K. Roy University of Saskatchewan Pre-print
	15:20 40m Poster		K-CONFIG: Using Failing Test Cases to Generate Test Cases in GCC Compilers Late Breaking Results Md Rafiqul Islam Rabin University of Houston, Mohammad Amin Alipour Pre-print Media Attached
	15:20 40m Poster		An Empirical Study on the Characteristics of Question-Answering Process on Developer Forums Late Breaking Results Yi Li Nanyang Technological University, Shaohua Wang New Jersey Institute of Technology, USA, Tien N. Nguyen University of Texas at Dallas, Son Nguyen The University of Texas at Dallas, Xinyue Ye , Yan Wang Pre-print
	15:20 40m Poster		Testing Neural Programs Late Breaking Results Md Rafiqul Islam Rabin University of Houston, Ke Wang Visa Research, Mohammad Amin Alipour Pre-print Media Attached
	15:20 40m Poster		Self Learning from Large Scale Code Corpus to Infer Structure of Method Invocations Late Breaking Results Hung Phan Pre-print
	15:20 40m Poster		Data Sanity Check for Deep Learning Systems via Learnt Assertions Late Breaking Results Haochuan Lu Fudan University, Huanlin Xu , Nana Liu , Yangfan Zhou Fudan University, Xin Wang Pre-print
	15:20 40m Poster		Software Engineering for Fairness: A Case Study with Hyperparameter Optimization Late Breaking Results Joymallya Chakraborty North Carolina State University, Tianpei Xia , Fahmid M. Fahid , Tim Menzies North Carolina State University Pre-print
	15:20 40m Poster		API Misuse Correction: A Statistical Approach Late Breaking Results Tam Nguyen , Phong Minh Vu , Tung Thanh Nguyen Pre-print
	15:20 40m Poster		Should We Add Repair Time to an Unfixed Bug? An Exploratory Study of Automated Program Repair on 2980 Small-Scale Programs Late Breaking Results Chuanqi Xu , Yisen Xu , Yingqi Zhang , Jifeng Xuan Wuhan University Pre-print
	15:20 40m Poster		Learning test traces Late Breaking Results Eyal Hadad , Roni Stern Pre-print
	15:20 40m Poster		The Dynamics of Software Composition Analysis Late Breaking Results Darius Foo , Jason Yeo , Hao Xiao , Asankhaya Sharma Pre-print
	15:20 40m Poster		A Process Mining based Approach to Improving Defect Detection of SysML Models. Late Breaking Results Mounifah Alenazi , Nan Niu University of Cincinnati, Juha Savolainen Danfoss Pre-print
	15:20 40m Poster		Open-Source Projects and their Collaborative Development Workflows Late Breaking Results panuchart bunyakiati kasetsart university, Usa Sammapun kasetsart university Pre-print
	15:20 40m Poster		Detecting Deep Neural Network Defects with Data Flow Analysis Late Breaking Results Jiazhen Gu , Huanlin Xu , Yangfan Zhou Fudan University, Xin Wang , Hui Xu , Michael Lyu The Chinese University of Hong Kong Pre-print
	15:20 40m Poster		On building an automated responding system for app reviews: What are the characteristics of reviews and their responses? Late Breaking Results Phong Minh Vu , Tam Nguyen , Tung Thanh Nguyen Pre-print