HKUST CSE Paper Won SIGSOFT Distinguished Paper Award at ISSTA

Prof. Charles ZHANG and his research team, comprising Mr. Yiyuan GUO and Dr. Peisen YAO, have won the Distinguished Paper Award for the ISSTA 2024, the ACM SIGSOFT International Symposium on Software Testing and Analysis in Vienna, Austria. Entitled “Precise Compositional Buffer Overflow Detection via Heap Disjointness”, the group’s paper investigates a novel static analysis technique to detect buffer overflow bugs precisely and efficiently from million-line real codebases.

About ISSTA

ISSTA is the leading research symposium on software testing and analysis, bringing together academics, industrial researchers, and practitioners to exchange new ideas, problems, and experience on how to analyze and test software systems. It began in 1992 and has captured several breakthroughs in the field of software engineering (e.g., Defects4J and Java Pathfinder). ISSTA 2024 features 143 research paper talks (selected from 694 submissions), 11 of which are awarded as distinguished papers.

About the Award-Winning Paper

The paper proposes to enforce a disjointness assumption during its combined heap and value analysis, which greatly improves the analysis precision through strong updates and improves scalability through a modular design. The analysis is capable of sieving through millions of lines of code within four hours while producing significantly fewer false positives than existing works (close to 3X improvement). The work has led to the discovery of 15 buffer overflow bugs (including 3 CVEs).