{"id":"https://openalex.org/W4384154448","doi":"https://doi.org/10.1145/3597926.3598050","title":"Beware of the Unexpected: Bimodal Taint Analysis","display_name":"Beware of the Unexpected: Bimodal Taint Analysis","publication_year":2023,"publication_date":"2023-07-12","ids":{"openalex":"https://openalex.org/W4384154448","doi":"https://doi.org/10.1145/3597926.3598050"},"language":"en","primary_location":{"id":"doi:10.1145/3597926.3598050","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3597926.3598050","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"},"type":"conference-paper","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5012621080","display_name":"Yiu Wai Chow","orcid":"https://orcid.org/0000-0003-4503-5699"},"institutions":[{"id":"https://openalex.org/I100066346","display_name":"University of Stuttgart","ror":"https://ror.org/04vnq7t77","country_code":"DE","type":"education","lineage":["https://openalex.org/I100066346"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Yiu Wai Chow","raw_affiliation_strings":["University of Stuttgart, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Stuttgart, Germany","institution_ids":["https://openalex.org/I100066346"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108554298","display_name":"Max Sch\u00e4fer","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Max Sch\u00e4fer","raw_affiliation_strings":["GitHub, UK"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"GitHub, UK","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5013438083","display_name":"Michael Pradel","orcid":"https://orcid.org/0000-0003-1623-498X"},"institutions":[{"id":"https://openalex.org/I100066346","display_name":"University of Stuttgart","ror":"https://ror.org/04vnq7t77","country_code":"DE","type":"education","lineage":["https://openalex.org/I100066346"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Michael Pradel","raw_affiliation_strings":["University of Stuttgart, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Stuttgart, Germany","institution_ids":["https://openalex.org/I100066346"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":13,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"211","last_page":"222"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.914496660232544},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8228198289871216},{"id":"https://openalex.org/keywords/function","display_name":"Function (biology)","score":0.5749399662017822},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.5182559490203857},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.5066564679145813},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.48211097717285156},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.4724093973636627},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.4293232858181},{"id":"https://openalex.org/keywords/subroutine","display_name":"Subroutine","score":0.42267706990242004},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3756481111049652},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.33706074953079224},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.25703027844429016},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.2514909505844116},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.24817103147506714}],"concepts":[{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.914496660232544},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8228198289871216},{"id":"https://openalex.org/C14036430","wikidata":"https://www.wikidata.org/wiki/Q3736076","display_name":"Function (biology)","level":2,"score":0.5749399662017822},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.5182559490203857},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.5066564679145813},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.48211097717285156},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.4724093973636627},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.4293232858181},{"id":"https://openalex.org/C96147967","wikidata":"https://www.wikidata.org/wiki/Q190686","display_name":"Subroutine","level":2,"score":0.42267706990242004},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3756481111049652},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.33706074953079224},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.25703027844429016},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2514909505844116},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.24817103147506714},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C78458016","wikidata":"https://www.wikidata.org/wiki/Q840400","display_name":"Evolutionary biology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3597926.3598050","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3597926.3598050","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.49000000953674316}],"awards":[],"funders":[{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W777621473","https://openalex.org/W2078197322","https://openalex.org/W2113709047","https://openalex.org/W2250539671","https://openalex.org/W2493916176","https://openalex.org/W2543953340","https://openalex.org/W2552878490","https://openalex.org/W2619331983","https://openalex.org/W2747329762","https://openalex.org/W2761799536","https://openalex.org/W2806718802","https://openalex.org/W2887364112","https://openalex.org/W2899384793","https://openalex.org/W2907705732","https://openalex.org/W2953940813","https://openalex.org/W2954950681","https://openalex.org/W2955355561","https://openalex.org/W2963935794","https://openalex.org/W2998011150","https://openalex.org/W3025298766","https://openalex.org/W3043761819","https://openalex.org/W3100869085","https://openalex.org/W3160155705","https://openalex.org/W3163046698","https://openalex.org/W3177116043","https://openalex.org/W3194346579","https://openalex.org/W3195156628","https://openalex.org/W4206312123","https://openalex.org/W4238623774","https://openalex.org/W4281611258","https://openalex.org/W4284665627","https://openalex.org/W4284674325","https://openalex.org/W4293138061","https://openalex.org/W4382239980","https://openalex.org/W4384302790"],"related_works":["https://openalex.org/W2179304688","https://openalex.org/W2008592783","https://openalex.org/W2159690530","https://openalex.org/W2004278744","https://openalex.org/W2107510936","https://openalex.org/W3089408602","https://openalex.org/W2914996832","https://openalex.org/W2027779752","https://openalex.org/W2005010039","https://openalex.org/W2951091523"],"abstract_inverted_index":{"Static":[0],"analysis":[1,115,210],"is":[2,37,75,99,139,162],"a":[3,61,72,90,112,152,176,242],"powerful":[4],"tool":[5],"for":[6],"detecting":[7],"security":[8],"vulnerabilities":[9,21],"and":[10,39,54,77,166,179,197,212],"other":[11],"programming":[12],"problems.":[13],"Global":[14],"taint":[15,114,153],"tracking,":[16],"in":[17,71,151],"particular,":[18],"can":[19],"spot":[20],"arising":[22],"from":[23,146],"complicated":[24],"data":[25,123,196],"flow":[26,161],"across":[27,241],"multiple":[28],"functions.":[29],"However,":[30],"precisely":[31],"identifying":[32],"which":[33,120,128,131,186],"flows":[34,132],"are":[35,133],"problematic":[36],"challenging,":[38],"sometimes":[40],"depends":[41],"on":[42,205,220,237],"factors":[43],"beyond":[44],"the":[45,160,172,191,198,208],"reach":[46],"of":[47,64,104,200,207,233,239,244],"pure":[48],"program":[49],"analysis,":[50,119],"such":[51,155],"as":[52,102,156],"conventions":[53],"informal":[55],"knowledge.":[56],"For":[57],"example,":[58],"learning":[59,143],"that":[60,89,116,227],"parameter":[62,91],"name":[63],"an":[65,95,105,230],"API":[66,96,157],"function":[67,97],"locale":[68],"ends":[69],"up":[70],"file":[73],"path":[74],"surprising":[76],"potentially":[78,134],"problematic.":[79,135],"In":[80],"contrast,":[81],"it":[82,181,214],"would":[83],"be":[84],"completely":[85],"unsurprising":[86],"to":[87,94,140,167,193,215],"find":[88,226],"command":[92],"passed":[93],"execaCommand":[98],"eventually":[100],"interpreted":[101],"part":[103],"operating-system":[106],"command.":[107],"This":[108],"paper":[109],"presents":[110],"Fluffy,":[111],"bimodal":[113],"combines":[117],"static":[118],"reasons":[121],"about":[122,171],"flow,":[124,154],"with":[125,182],"machine":[126,142],"learning,":[127],"probabilistically":[129],"determines":[130],"The":[136],"key":[137],"idea":[138],"let":[141],"models":[144],"predict":[145],"natural":[147],"language":[148],"information":[149],"involved":[150],"names,":[158],"whether":[159],"expected":[163],"or":[164,235],"unexpected,":[165],"inform":[168],"developers":[169],"only":[170],"latter.":[173],"We":[174,202],"present":[175],"general":[177],"framework":[178,211],"instantiate":[180],"four":[183,238],"learned":[184],"models,":[185],"offer":[187],"different":[188],"trade-offs":[189],"between":[190],"need":[192],"annotate":[194],"training":[195],"accuracy":[199],"predictions.":[201],"implement":[203],"Fluffy":[204,228],"top":[206],"CodeQL":[209],"apply":[213],"250K":[216],"JavaScript":[217],"projects.":[218],"Evaluating":[219],"five":[221],"common":[222],"vulnerability":[223],"types,":[224],"we":[225],"achieves":[229],"F1":[231],"score":[232],"0.85":[234],"more":[236],"them":[240],"variety":[243],"datasets.":[245]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":3}],"updated_date":"2026-07-14T23:27:15.235271","created_date":"2025-10-10T00:00:00"}
