Jeu de mots paronomasia:a StackOverflow‑driven bug discovery approach  

作　　者：Yi Yang Ying Li Kai Chen Jinghua Liu 

机构地区：[1]SKLOIS,Institute of Information Engineering,Chinese Academy of Sciences,Beijing,China [2]School of Cyber Security,University of Chinese Academy of Sciences,Beijing,China

出　　处：《Cybersecurity》2023年第3期57-73,共17页网络空间安全科学与技术（英文）

摘　　要：Locating bug code snippets(short for BugCode)has been a complex problem throughout the history of software security,mainly because the constraints that define BugCode are obscure and hard to summarize.Previously,security analysts attempted to define such constraints manually(e.g.,limiting buffer size to detect overflow),but were limited to the types of BugCode.Recent researchers address this problem by extracting constraints from program documentation,which shows the potential for API misuse.But for bugs beyond the scope of API misuse,such an approach becomes less effective since the corresponding constraints are not defined in documents,not to mention the programs without documentation In this paper,inspired by the fact that expert programmers often correct the BugCode on open forums such as StackOverflow,we design an approach to automatically extract knowledge from StackOverflow and leverage it to detect BugCode.As we all know,the contexts in StackOverflow come from ordinary developers.Their writing tends to be loosely organized and in various styles,which are more challenging to analyze than program documentation.To address the challenges,we design a custom tokenization approach to segment sentences and employ sentiment analysis to find the Controversial Sentences(CSs)that typically contain the constraints we need for code analysis.Then we use constituency parsing to extract knowledge from CSs,which helps locate Bug-Code.We evaluated our system on 41,144 comments from the questions tagged with Java and Android.The results show that our approach achieves 95.5%precision in discovering CSs.We have discovered 276 pieces of BugCode proved to be true through manual validation including an assigned CVE.89.3%of the discovered bugs remained in the current version of answers,which are unknown to users.

关 键 词：Bug detection Natural language processing Open forum 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]