Research overview
We are focused on various aspects of cyber-security, including:
1) Applying comprehensive program analysis to ensure the security and reliability of software systems.
Specifically, since the state-of-the-art static analysis techniques are not sufficient to find various defects in real- world applications. This would leave a bunch of defects undetected, causing serious problems for both users and developers. For example, attackers are reported to use complicated language features (e.g., reflection, obfuscation, and encryption) to hide malicious operations. So we have the ambition to propose new approaches to do code unification to perform much more sound and comprehensive results.
2) Applying automatic program repair to facilitate fixing programing mistakes.
Program repair, also known as automated debugging or automated code repair, is a challenging field in software engineering. While it holds promise in helping developers fix bugs and vulnerabilities in their code more efficiently, it also faces several problems and limitations. Here are some common problems in program repair:
Correctness Guarantee: Automated repair tools often struggle to ensure that the generated patches are correct. The repaired code may introduce new bugs or exhibit unexpected behavior, leading to incorrect program behavior.
Overfitting: Repair tools can produce patches that are overfit to the specific input or bug instance they are designed to fix. Such patches may work well in the given context but fail on slightly different inputs or in other scenarios.
Limited Scope: Program repair tools are usually designed to fix specific types of bugs or vulnerabilities, which limits their applicability. They may not be effective for more complex or novel issues.
Scalability: Scaling program repair to large codebases can be challenging. Automated tools may become computationally expensive or require a significant amount of time to analyze and generate patches for extensive codebases.
False Positives and Negatives: Automated repair tools can produce patches that do not actually fix the issue (false positives) or fail to provide a patch when a solution exists (false negatives).
Code Readability and Maintainability: Generated patches may lack readability and maintainability, making it difficult for developers to understand or maintain the code in the future.
Despite these challenges, research in program repair continues to advance, and new techniques and tools need to be developed to address some of these issues.
