The 38thIEEE/ACM International Conference on Automated Software Engineering (ASE 2023), a premier conference in the field of Software Engineering, was held in Luxembourgin September. The paper titled "EndWatch: A Practical Method for Detecting Non-Termination in Real-World Software," authored by Professor Li Xiaohong's team from the College of Intelligence and Computing at Tianjin University, received the ASE 2023 Distinguished Paper Award (ACM SIGSOFT Distinguished Paper Award). This work was a collaborative effort between Tianjin University, Singapore Management University, and Nanyang Technological University. The first author of the paper is Ph.D. student Zhang Yao, supervised by Associate Professor Xie Xiaofei from Singapore Management University, Associate Professor Li Yi from Nanyang Technological University, Associate Professor Chen Sen from Tianjin University, Dr. Zhang Cen from Nanyang Technological University, and the project leader, Professor Li Xiaohong from Tianjin University.
The ASE conference, jointly organized by IEEE and ACM, is one of the internationally renowned conferences in the field of software engineering. It is classified as a Category A conference recommended by the China Computer Federation (CCF A), focusing on software engineering, system software, and programming languages. The main objective of the ASE conference is to promote research and development in the field of automated software engineering, including but not limited to technologies and methods in automated testing, validation, analysis, construction, and deployment. The conference addresses how to enhance the efficiency, quality, and reliability of software engineering processes. The history of the IEEE ASE conference dates back to 1986, and it has since become one of the most influential international conferences in this field. In this edition of ASE, a total of 661 papers were submitted, with 134 ultimately accepted. Among them, 31 papers received conditional acceptance, resulting in an acceptance rate of approximately 20.2%.
Paper Abstract:
Detecting non-termination is crucial for ensuring the correctness and security of programs, such as preventing denial-of-service attacks. While termination analysis has been studied for many years, the scalability of existing methods is limited and effective only on small-scale programs. To address this issue, this method introduces a practical termination checking technique called EndWatch, which detects non-termination vulnerabilities caused by infinite loops in large-scale programs through testing. To achieve this, the paper proposes two non-termination prediction generation methods based on State Revisit. Specifically, for linear loops, EndWatch uses symbolic execution to determine state revisits and extracts sufficient conditions for state revisits as testing predictions. For non-linear loops, EndWatch detects concrete state revisits to identify non-terminating loops. To accomplish this, the method inserts recorders and detectors in the program, allowing real-time detection of loop state revisits during program execution. After that, the two testing predictions are integrated into real programs using program instrumentation techniques. Fuzz testing tools are finally employed to generate test cases for the instrumented programs, leading to the discovery of non-terminating loop vulnerabilities.
By Zhang Yao, from College of Intelligence and Computing.