Pre-conference talk by Imam Nur Bani YUSUF and TU Haoxin

Talk #1:  Automating Arduino Programming: From Hardware Setups to Sample Source Code Generation
by Imam Nur Bani YUSUF, PhD Candidate
for IEEE/ACM International Conference on Software Engineering (ICSE 2023) and 20th International Conference on Mining Software Repositories (MSR 2023)

An embedded system is a system consisting of software code, controller hardware, and Input/Output hardware that performs a specific task. There are several challenges when developing an embedded system. First, the code often involves hardware configurations that require domain-specific knowledge. Second, the hardware may have code usage patterns that should be followed. To overcome such challenges, we propose a framework called ArduinoProg towards automatic generation of Arduino applications. ArduinoProg takes natural language queries as input, then outputs hardware configurations and code usage patterns of the hardware for the query. Motivated by our findings on the characteristics of real-world queries posted in the official Arduino forum, we formulate ArduinoProg as three components, i.e., Library Retriever, Hardware Classifier, and API Generator. First, Library Retriever preprocesses the input query and retrieves a set of relevant library names using either lexical matching or vector-based similarity. Second, given Library Retriever's output, Hardware Classifier infers the hardware configuration by classifying the method definitions from the implementation files of a library into certain communication protocol classes. Third, API Generator leverages a sequence-to-sequence model to generate the code usage patterns also based on the Library Retriever's output. Having instantiated each component of ArduinoProg with various machine learning models, we have evaluated ArduinoProg on real-world queries. The performance of Library Retriever ranges from 44.0%-97.1% in terms of Precision@K; the Hardware Classifier classifier can achieve 0.79-0.92 in terms of the area under the Receiver Operating Characteristics curve (AUC); API Generator can yield 0.45-0.73 in terms of Normalized Discounted Cumulative Gain (NDCG)@K.

Talk #2: Boosting Symbolic Execution for Heap-based Vulnerability Detection and Exploit Generation 
byTU Haoxin, PhD Candidate
for IEEE/ACM International Conference on Software Engineering (ICSE 2023)

Heap-based vulnerabilities such as buffer overflow and use after free are severe flaws in various software systems. Detecting heap-based vulnerabilities and demonstrating their severity via generating exploits for them are of critical importance. Existing symbolic execution-based approaches have shown their potential in the above tasks. However, they still have some fundamental limitations in path exploration, memory modeling, and environment modeling, which significantly impede existing symbolic execution engines from efficiently and effectively detecting and exploiting heap-based vulnerabilities. The objective of this thesis is to design and implement a boosted symbolic execution engine named HeapX to facilitate the automatic detection and exploitation of heap-based vulnerabilities. Specifically, a new path exploration strategy, a new memory model, and a new environment modeling solution are expected to be designed in HeapX, so that the new boosted symbolic execution engine can detect heap-based vulnerabilities and generate working exploits for them more efficiently and effectively.

Imam Nur Bani Yusuf is a PhD Candidate in Computer Science at the SMU School of Computing and Information Systems, supervised by Associate Professor Lingxiao Jiang. His research focuses on automated code generation systems.

Haoxin Tu is a Dual-degree Ph.D. candidate at SMU (Singapore Management University) and DUT (Dalian University of Technology). At SMU, he is supervised by Prof. Lingxiao Jiang and Prof. Xuhua Ding. His research focuses on developing practical techniques and tools that can help improve the reliability and security of software systems (mainly system software such as compilers and Linux kernel). More information is available at https://haoxintu.github.io/.