International Workshop on the State Of the Art in Program Analysis (SOAP 2015)

Co-located with PLDI 2015 in Portland, Oregon. The workshop will take place on June 14th, the day right before the main conference.

Schedule

The schedule can be seen at the PLDI website.

Call for Papers

Static and dynamic analysis techniques and tools for Java and related programming languages have received widespread attention for a long time. The application domains of these analyses range from core libraries to modern technologies such as web services and Android applications. Over time, analysis frameworks, for example, Soot, WALA, Chord, and Doop, have been developed to better support techniques for optimizing programs, ensuring code quality, and assessing security and compliance.

Sponsored by ACM SIGPLAN, the Soot community brought together its members and other researchers by organizing the International Workshop on the State Of the Art in Java Program Analysis (SOAP), since 2012 in conjunction with PLDI. The presentations and discussions have helped share new developments and shape new innovations in program analysis. SOAP 2015 will enhance that positive experience with a broadened scope to also emphasize other analysis tools than Soot and other programming languages than Java.

For SOAP 2015, we invite contributions and inspirations from developers and researchers working with program analysis frameworks. We are particularly interested in exciting framework ideas, innovative designs, and analysis techniques, including preliminary results of work in progress. The workshop agenda will continue its tradition of lively discussion sessions on extensions of existing frameworks, synergies between frameworks, and development of new analysis algorithms and tools.

Format

The workshop will take one day and will feature invited talks by leading members of the program analysis community, presentations of all accepted refereed papers, and time for discussion.

Important Dates

Paper submissions:	~~March 20, 2015~~ extended: March 31, 2015
Notification of authors:	April 22, 2015
Submission of camera-ready copies:	May 1, 2015
Workshop date:	June 14, 2015

Submissions

Submissions should be four to six-page papers in ACM SIGPLAN proceedings style. Some possible types of submissions for this workshop include, but are not limited to:

A report on a novel implementation of a program analysis, with a focus on practical details or optimization techniques for obtaining precision and performance.
A description of a new analysis component, for example, front-ends or abstract domains.
A report describing an innovative tool built on top of Soot or another program analysis framework.
A compelling use case for a feature not yet supported by existing analysis tools, with good examples and an informal design of the proposed feature.
An idea paper proposing the integration of existing program analyses to answer interesting novel questions about programs, for example in IDEs.
An experience report on the use of a program analysis framework.

Submissions must be handed in as PDF using EasyChair:
https://www.easychair.org/conferences/?conf=soap2015

Publication

Accepted papers will appear in the ACM Digital Library. At least one author of each accepted paper must register as a regular participant and present their paper in person.

Invited Speakers

We are proud to announce four invited speakers for SOAP 2015:

Koushik Sen, UC Berkeley

Jalangi: A Dynamic Analyses Framework for JavaScript

Abstract: JavaScript is widely used for client-side web application and increasingly for mobile applications. Unlike for C, C++ and Java, there are few tools for analysis and testing of JavaScript applications. I will present a simple yet powerful framework, called Jalangi, for writing portable heavy-weight dynamic analyses. Our implementation is applicable to real-world JavaScript programs running on multiple platforms. We have implemented concolic testing, an analysis to detect likely type inconsistencies, a memory profiler, an analysis to detect JIT-unfriendly code, and a dynamic linter in Jalangi. I will describe our experience on implementing and applying these analyses to real-world JavaScript programs and benchmarks.

Bio: Koushik Sen is an associate professor in the Department of Electrical Engineering and Computer Sciences at the University of California, Berkeley. His research interest lies in Software Engineering, Programming Languages, and Formal methods. He is interested in developing software tools and methodologies that improve programmer productivity and software quality. He is best known for his work on "DART: Directed Automated Random Testing" and concolic testing. He has received a NSF CAREER Award in 2008, a Haifa Verification Conference (HVC) Award in 2009, a IFIP TC2 Manfred Paul Award for Excellence in Software: Theory and Practice in 2010, a Sloan Foundation Fellowship in 2011, and a Professor R. Narasimhan Lecture Award in 2014. He has won several ACM SIGSOFT Distinguished Paper Awards. He received the C.L. and Jane W-S. Liu Award in 2004, the C. W. Gear Outstanding Graduate Award in 2005, and the David J. Kuck Outstanding Ph.D. Thesis Award in 2007, and a Distinguished Alumni Educator Award in 2014 from the UIUC Department of Computer Science. He holds a B.Tech from Indian Institute of Technology, Kanpur, and M.S. and Ph.D. in CS from University of Illinois at Urbana-Champaign.

Atanas Rountev, Ohio State University

Static Analysis for Android: GUIs, Callbacks, and Beyond

Abstract: The widespread use of Android software presents exciting new challenges for program analysis researchers. Traditional static control-flow and data-flow analyses cannot be directly used for Android applications because the programs are framework-based and event-driven. This talk describes recent advances in solving important static analysis problems for Android and outlines several open questions for program analysis researchers in this area.

An Android application is driven by a graphical user interface (GUI), with GUI objects responding to user actions. These objects and the event handlers associated with them ultimately determine the possible flow of control and data. We developed the first static analysis to model GUI-related Android objects, their flow through the application, and their interactions with each other. Building on this work, we also developed a control-flow analysis of GUI-driven callbacks from the Android framework to the application code. The talk will describe these two analyses and their role as building blocks of a foundation for control-flow and data-flow analyses for Android. The rest of the talk will focus on open questions that present new opportunities for program analysis research in this increasingly important area.

[slides]

Bio: Atanas (Nasko) Rountev is an Associate Professor in the Department of Computer Science and Engineering at Ohio State University. His research interests are in software analysis, understanding, testing, and optimization. His recent work has been focused on analysis and testing of Android applications. He has served on the program committees of over 25 conferences and workshops, and currently is a member of the editorial board of ACM TOSEM. He is a recipient of an NSF CAREER Award, a Lumley Research Award from Ohio State University, research awards from IBM and Google, and an ACM SIGSOFT distinguished paper award.

Frank Tip, Samsung Research America

Evaluating Call Graph Construction for JVM-hosted Language Implementations

(joint work with Xiaoni Lai, Zhaoyi Luo, Karim Ali, Ondrej Lhotak, and Julian Dolby)

Abstract: An increasing number of programming languages compile to the Java Virtual Machine (JVM), and program analysis frameworks such as WALA and SOOT support a broad range of program analysis algorithms by analyzing bytecode. While this approach works well when applied to bytecode produced from Java code, its efficacy when applied to other bytecode has not been studied until now.

We present qualitative and quantitative analysis of the soundness and precision of call graphs constructed from JVM bytecodes produced for Python, Ruby, Clojure, Groovy, Scala, and OCaml applications. We show that, for Python, Ruby, Clojure, and Groovy, the call graphs are unsound due to use of reflection, invokedynamic instructions, and run-time code generation, and imprecise due to how function calls are translated. For Scala and OCaml, all unsoundness comes from rare, complex uses of reflection and proxies, and the translation of first-class features in Scala incurs a significant loss of precision.

Bio: Frank Tip is a Principal Engineer in the Frontier Computer Science Lab at Samsung Research America in San Jose, California and an Adjunct Professor at the David R. Cheriton School of Computer Science at the University of Waterloo. Previously, he was a Professor and Cheriton Research Chair in the David R. Cheriton School of Computer Science at the University of Waterloo (2012-2014), and a Research Staff Member and Manager at the Software Technology Department at the IBM T.J. Watson Research Center (1995-2012). He received his PhD in 1995 from the University of Amsterdam. Frank's research interests include: Program Analysis, Refactoring, Test Generation, Fault Localization, Automated Program Repair, Data-Centric Synchronization, and Analysis of Web Applications.

Ben Hardekopf, UC Santa Barbara

Static Analysis of JavaScript: Insights and Challenges

Abstract: JavaScript is pervasive. While it began as a simple client-side webpage scripting language, JavaScript is now used in a wide variety of settings including large-scale web applications, web browser addons, desktop applications, server-side applications, and mobile phones. This growing prominence means that secure, correct, maintainable, and performant JavaScript code is becoming ever more critical. Static analysis traditionally plays a large role in providing such characteristics, e.g., security auditing, error-checking, debugging, optimization, and program refactoring, among other uses. However, JavaScript's inherently dynamic nature, obscure and surprising corner-cases, and other idiosyncracies make static analysis a significant challenge. Sound, precise, and efficient JavaScript static analysis is an open problem in the research community.

In this talk I will explain what makes JavaScript analysis so difficult and distill some of the collected wisdom and insights that we as a research community have gathered with respect to analyzing JavaScript. Some of these insights run counter to the community's wealth of experience gained from the static analysis of other languages such as Java and C, and I will highlight these differences. I will finish by discussing some of the ongoing challenges for JavaScript static analysis that we have yet to resolve and that provide a rich source of opportunities for further research.