{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T06:43:28Z","timestamp":1740120208106,"version":"3.37.3"},"reference-count":31,"publisher":"World Scientific Pub Co Pte Ltd","issue":"05","funder":[{"DOI":"10.13039\/501100001695","name":"Japan Science and Technology Corporation","doi-asserted-by":"publisher","award":["JPMJSP2132"],"award-info":[{"award-number":["JPMJSP2132"]}],"id":[{"id":"10.13039\/501100001695","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Int. J. Soft. Eng. Knowl. Eng."],"published-print":{"date-parts":[[2024,5]]},"abstract":"<jats:p> Pointer analysis is the underlying technique of many static analysis tools for vulnerability discovery. It has proved to be effective in identifying a variety of vulnerabilities, such as buffer overflow vulnerabilities and injection vulnerabilities. However, most existing pointer analysis approaches require whole-program availability, i.e. the program to be analyzed should be complete, which may hinder a timely analysis during the coding phase. In this paper, we present two approaches, exhaustive and demand-driven pointer analyses, both of which are applied to a paradigm known as Human\u2013Machine Pair Programming. The ideas enable us to discover security flaws as early as in the coding phase. In this paper, we describe in detail how our approaches maintain flow sensitivity and propagate points-to and taint information in an incremental fashion. We conduct an evaluation of our approaches on SecuriBench Micro and show that the approaches can capture all the potential vulnerabilities in the test cases, though several false alarms are reported. <\/jats:p>","DOI":"10.1142\/s0218194024500013","type":"journal-article","created":{"date-parts":[[2024,1,12]],"date-time":"2024-01-12T14:54:20Z","timestamp":1705071260000},"page":"751-774","source":"Crossref","is-referenced-by-count":0,"title":["Toward Pointer-Analysis-Based Vulnerability Discovery in Human\u2013Machine Pair Programming"],"prefix":"10.1142","volume":"34","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1085-5999","authenticated-orcid":false,"given":"Pingyan","family":"Wang","sequence":"first","affiliation":[{"name":"Graduate School of Advanced Science and Engineering, Hiroshima University, Higashi-Hiroshima 739-8511, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6748-5052","authenticated-orcid":false,"given":"Shaoying","family":"Liu","sequence":"additional","affiliation":[{"name":"Graduate School of Advanced Science and Engineering, Hiroshima University, Higashi-Hiroshima 739-8511, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"219","published-online":{"date-parts":[[2024,2,22]]},"reference":[{"key":"S0218194024500013BIB001","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2004.2"},{"key":"S0218194024500013BIB002","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"S0218194024500013BIB004","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2017.42"},{"key":"S0218194024500013BIB006","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2004.1293079"},{"key":"S0218194024500013BIB007","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2008.06.039"},{"key":"S0218194024500013BIB008","doi-asserted-by":"publisher","DOI":"10.1561\/2500000014"},{"key":"S0218194024500013BIB010","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180178"},{"key":"S0218194024500013BIB011","first-page":"271","volume-title":"Proc. 14th USENIX Security","author":"Livshits V. B.","year":"2005"},{"volume-title":"Secure Programming with Static Analysis","year":"2007","author":"Chess B.","key":"S0218194024500013BIB012"},{"key":"S0218194024500013BIB013","first-page":"119","volume-title":"Proc. DARPA Information Survivability Conference and Exposition","author":"Cowan C.","year":"2000"},{"key":"S0218194024500013BIB014","doi-asserted-by":"publisher","DOI":"10.1145\/1111037.1111070"},{"key":"S0218194024500013BIB015","doi-asserted-by":"publisher","DOI":"10.1007\/s13198-015-0376-0"},{"key":"S0218194024500013BIB016","doi-asserted-by":"publisher","DOI":"10.1145\/1449764.1449790"},{"key":"S0218194024500013BIB017","doi-asserted-by":"publisher","DOI":"10.53106\/160792642022092305021"},{"key":"S0218194024500013BIB018","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45306-7_3"},{"key":"S0218194024500013BIB019","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48166-4_15"},{"key":"S0218194024500013BIB020","first-page":"3","volume-title":"8th Structured Object-Oriented Formal Language and Method","author":"Liu S.","year":"2018"},{"key":"S0218194024500013BIB022","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594299"},{"key":"S0218194024500013BIB023","doi-asserted-by":"publisher","DOI":"10.1145\/3133926"},{"key":"S0218194024500013BIB024","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542486"},{"key":"S0218194024500013BIB025","doi-asserted-by":"publisher","DOI":"10.1145\/277631.277637"},{"key":"S0218194024500013BIB026","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36579-6_12"},{"key":"S0218194024500013BIB027","doi-asserted-by":"publisher","DOI":"10.1145\/237721.237727"},{"key":"S0218194024500013BIB028","doi-asserted-by":"publisher","DOI":"10.1145\/143095.143137"},{"key":"S0218194024500013BIB030","doi-asserted-by":"publisher","DOI":"10.1145\/161494.161501"},{"key":"S0218194024500013BIB031","doi-asserted-by":"publisher","DOI":"10.1145\/378795.378802"},{"key":"S0218194024500013BIB032","doi-asserted-by":"publisher","DOI":"10.1145\/1094811.1094817"},{"key":"S0218194024500013BIB033","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2023.111902"},{"volume-title":"Compilers: Principles, Techniques & Tools","year":"2007","author":"Aho A. V.","key":"S0218194024500013BIB036"},{"key":"S0218194024500013BIB037","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2019.00040"},{"key":"S0218194024500013BIB039","doi-asserted-by":"publisher","DOI":"10.1145\/3077286.3077571"}],"container-title":["International Journal of Software Engineering and Knowledge Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.worldscientific.com\/doi\/pdf\/10.1142\/S0218194024500013","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,5,28]],"date-time":"2024-05-28T05:18:50Z","timestamp":1716873530000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.worldscientific.com\/doi\/10.1142\/S0218194024500013"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,2,22]]},"references-count":31,"journal-issue":{"issue":"05","published-print":{"date-parts":[[2024,5]]}},"alternative-id":["10.1142\/S0218194024500013"],"URL":"https:\/\/doi.org\/10.1142\/s0218194024500013","relation":{},"ISSN":["0218-1940","1793-6403"],"issn-type":[{"type":"print","value":"0218-1940"},{"type":"electronic","value":"1793-6403"}],"subject":[],"published":{"date-parts":[[2024,2,22]]}}}