This seminar is free of charge
Machine Learning for Finding Programming Defects and Anomalies
Static analysis tools are useful for finding serious programming defects and security vulnerabilities in source and binary code. Most static analysis checkers work by searching the code for known patterns or conditions that will cause the program to fail, or that indicate violations of programming standards.
The set of defects that such tools can find is thus limited to problems anticipated by the tool designer. Some tools can automatically determine new properties to check simply by deducing what is common practice, assuming that common practice is likely correct, and then looking for parts of the code that deviate from that practice in significant ways, on the assumption that such deviant code is incorrect.
This approach has previously been applied only to the scope of the body of code under analysis, but the ever-increasing volume of open source, combined with advances in machine learning, means that it is now possible to deduce common practice from very large software collections. This technique is particularly useful for finding anomalies in API usage, especially for popular operating system interfaces or open source libraries.
Paul will describe how the technique works and will show you how it was able to find several previously unknown bugs in high-profile software systems. It will demonstrate how software developers can use these machine learning techniques to find defects that are otherwise very difficult to anticipate.
At this event, Paul will also show an extended demo of the CodeSonar analysis tool.
As a bonus, you will also get an overview how to use binary analysis to examine third-party code without access to its source code. Over the last few years, third-party code has moved from a minor factor in software development to a dominant force in the industry. As a result of this outsourcing, the behaviors of significant parts of applications are actually hidden from most of today’s popular code analysis tools.
Presenter: Paul Anderson
VP of Engineering at GrammaTech
Paul has worked for GrammaTech for 24 years. He started as a software engineer working on language-sensitive editor technology, before leading the conception and development of both CodeSurfer and CodeSonar. During that time, Paul conducted research into a variety of software engineering tools and techniques, including program understanding and software visualization.
Where & when
Kista, Sweden: Thursday 7 March
Address: Kista Science Tower, Färögatan 33, Kista
Ballerup, Denmark: Friday 8 March
Address: Wihlborgs Konference Center, Lautrupvang 8, 2750 Ballerup