Benjamin Steenhoek scite author profile

Benjamin Steenhoek

4Publications

4Citation Statements Received

81Citation Statements Given

How they've been cited

How they cite others

Affiliations

Iowa State University

Publications

Order By: Most citations

Validating static warnings via testing code fragments

Joshy

Chen

Steenhoek

et al. 2021

View full text Add to dashboard Cite

Static analysis is an important approach for finding bugs and vulnerabilities in software. However, inspecting and confirming static warnings are challenging and time-consuming. In this paper, we present a novel solution that automatically generates test cases based on static warnings to validate true and false positives. We designed a syntactic patching algorithm that can generate syntactically valid, semantic preserving executable code fragments from static warnings. We developed a build and testing system to automatically test code fragments using fuzzers, KLEE and Valgrind. We evaluated our techniques using 12 real-world C projects and 1955 warnings from two commercial static analysis tools. We successfully built 68.5% code fragments and generated 1003 test cases. Through automatic testing, we identified 48 true positives and 27 false positives, and 205 likely false positives. We matched 4 CVE and real-world bugs using Helium, and they are only triggered by our tool but not other baseline tools. We found that testing code fragments is scalable and useful; it can trigger bugs that testing entire programs or testing procedures failed to trigger. CCS CONCEPTS• Software and its engineering → Software testing and debugging; Software verification and validation; Software defect analysis.

show abstract

An Empirical Study of Deep Learning Models for Vulnerability Detection

Steenhoek¹,

Rahman²,

Jiles³

et al. 2022

Preprint

View full text Add to dashboard Cite

DeepDFA: Dataflow Analysis-Guided Efficient Graph Learning for Vulnerability Detection

Steenhoek¹,

Le²,

Gao³

2022

Preprint

View full text Add to dashboard Cite

An Empirical Study of Deep Learning Models for Vulnerability Detection

Steenhoek

Rahman

Jiles

et al. 2023

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.