Towards Practical Program Analysis: Introspection and Adaptation

Friday, February 24, 2017 - 10:30am to 11:45am
300 Main B101

Department of Computer Science and Engineering
University of South Carolina

Shiyi Wei

Software is ubiquitous. As its importance grows, the mistakes made by programmers have an increasingly negative effect, leading to critical failures and security exploits. As software complexity and diversity grows, such negative effects become even more likely. Automated program analysis has the potential to help. A program analysis tool approximates possible executions of a program, and thereby can discover otherwise hard-to-find errors. However, significant challenges must still be overcome to make program analysis tools practical for real-world software.

I have gained substantial experience in building novel program analysis tools whose aim is to produce more secure and reliable software. Recently, I have focused on the challenge of building analysis tools that perform well (i.e., can analyze realistic code in a reasonable amount of time) and are precise (i.e., do not produce too many "false alarms"). To this end, I have developed an approach that systematically uncovers sources of imprecision and performance bottlenecks in program analysis. The goal is to significantly reduce the time-consuming manual effort otherwise required during analysis design process. In addition, I have designed an adaptive analysis, in which appropriate techniques are selected based on the coding styles of the target programs. Selection is based on heuristics derived from a machine learning algorithm. The idea is that precise techniques can be deployed only as where and when they are needed, leading to a better balance overall.

Shiyi Wei is a post-doctoral associate at University of Maryland, College Park. He obtained his Ph.D. in Computer Science from Virginia Tech in 2015, and B.E. in Software Engineering from Shanghai Jiao Tong University in 2009. His research interests span the areas of Programming Languages, Software Engineering and Security. The goal of his research is to make program analysis practical for improving the security and reliability of real-world software. He has published articles at top venues in his areas of interest, such as PLDI, FSE, ECOOP, and ISSTA. He has interned at IBM T. J. Watson Research Center.