Jeu de mots paronomasia:a StackOverflow‑driven bug discovery approach

作     者：Yi Yang Ying Li Kai Chen Jinghua Liu Yi Yang;Ying Li;Kai Chen;Jinghua Liu

作者机构：SKLOISInstitute of Information EngineeringChinese Academy of SciencesBeijingChina School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina 

出 版 物：《网络空间安全科学与技术(英文)》 (Cybersecurity)

年 卷 期：2023年第6卷第3期

页      面：57-73页

核心收录：

学科分类：1205[管理学-图书情报与档案管理] 08[工学] 0835[工学-软件工程] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：We would like to thank the anonymous reviewers for their detailed comments and useful feedback. 

主　　题：Bug detection Natural language processing Open forum 

摘      要：Locating bug code snippets(short for BugCode)has been a complex problem throughout the history of software security,mainly because the constraints that define BugCode are obscure and hard to summarize.Previously,security analysts attempted to define such constraints manually(e.g.,limiting buffer size to detect overflow),but were limited to the types of BugCode.Recent researchers address this problem by extracting constraints from program documentation,which shows the potential for API misuse.But for bugs beyond the scope of API misuse,such an approach becomes less effective since the corresponding constraints are not defined in documents,not to mention the programs without documentation In this paper,inspired by the fact that expert programmers often correct the BugCode on open forums such as StackOverflow,we design an approach to automatically extract knowledge from StackOverflow and leverage it to detect BugCode.As we all know,the contexts in StackOverflow come from ordinary developers.Their writing tends to be loosely organized and in various styles,which are more challenging to analyze than program documentation.To address the challenges,we design a custom tokenization approach to segment sentences and employ sentiment analysis to find the Controversial Sentences(CSs)that typically contain the constraints we need for code analysis.Then we use constituency parsing to extract knowledge from CSs,which helps locate Bug-Code.We evaluated our system on 41,144 comments from the questions tagged with Java and Android.The results show that our approach achieves 95.5%precision in discovering CSs.We have discovered 276 pieces of BugCode proved to be true through manual validation including an assigned CVE.89.3%of the discovered bugs remained in the current version of answers,which are unknown to users.