Program Slicing Papers

Author: Junming Liu

Date: July 22, 2024

Slicing Technique

On the Effects of Program Slicing for Vulnerability Detection during Code Inspection: Extended Abstract. ICSE-Companion [paper] 1) slicing helps in finding some lines related to the vulnerability, 2) once ‘some’ correct lines have been identified, slicing makes no significant difference in the number of correctly identified fragments.

A Learning-Based Approach to Static Program Slicing. OOPSLA 2024 [paper] use a pre-trained language model to understand the variable-statement relationship, and predict the forward/backword propability of each statement, then construct the slicing.

Revealing the Unseen: AI Chain on LLMs for Predicting Implicit Data Flows to Generate Data Flow Graphs in Dynamically-Typed Code. TOSEM 2024 [paper] [code] use LLM directly slice python program to aid implicit data flow prediction.

LPR: Large Language Models-Aided Program Reduction. ISSTA 2024 [paper] evaluation: reduction size, time consumed, ablation.

🌟 Learning Program Semantics for Vulnerability Detection via Vulnerability-Specific Inter-procedural Slicing. ESEC/FSE 2023 [paper] inter-procedural, slicing strategy (criterion, direction, graph) decided by vulnerability types.
🌟 VulChecker: Graph-based Vulnerability Localization in Source Code. USENIX Security 2023 [paper] backward slicing on PDG until pre-defined depth, criterion decided by vulnerability types.

🌟 MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures. USENIX Security 2020 [paper] function-level backward+customized forward slicing on PDG based on changed statements, forward slicing graph decided by the changed statement.
Detecting API Post-Handling Bugs Using Code and Description in Patches. USENIX Security 2023 [paper] function-level backward slicing on PDG based on post-operation statement.

SFuzz: Slice-based Fuzzing for Real-Time Operating Systems. CCS 2022 [paper] binary, forward slicing from source points on call graph (based on data flow) to sink points.
BEACON: Directed Grey-Box Fuzzing with Provable Path Pruning. Oakland 2022 [paper] “perform a reachability analysis on the inter-procedural control flow graph and slice away paths that apparently cannot reach any target.”

GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics. Oakland 2023 [paper] [website] [code] function-level bidirectional slicing on PDG based on deleted/added statements. slicing to reduce the size of patch context to assist the GNN-model in learning and identifying security patch characteristics.
CoLeFunDa: Explainable Silent Vulnerability Fix Identification. ICSE 2023 [paper] data augmentation for silent fix detection (security patch identification), CWE classification and exploitability rating classification. function-level bidirectional slicing on CFG & DFG based on changed statements.

DLInfer: Deep Learning with Static Slicing for Python Type Inference. ICSE 2023 [paper] [code] python, slicing on DFG (def-use) based on given variable.

CoLeFunDa: Explainable Silent Vulnerability Fix Identification. ICSE 2023 [paper] data augmentation for silent fix detection (security patch identification), CWE classification and exploitability rating classification. function-level bidirectional slicing on CFG & DFG based on changed statements.

Responsibility in Context: On Applicability of Slicing in Semantic Regression Analysis. ICSE 2023 [paper]

VulChecker: Graph-based Vulnerability Localization in Source Code. USENIX Security 2023 [paper] backward slicing on PDG until pre-defined depth, criterion decided by vulnerability types.
- Integer Overflow: “call to a function that passes integer arguments”
- Stack & Heap Overflow: “store instructions to local or dynamically allocated memory”
- UAF: “memory accesses to dynamically allocated memory”
- DF: “calls to the memory manager’s free function”