Software is often viewed as a means to program devices. However, software is also a medium of communication between developers. This communication occurs through meaningful identifiers and comments in source code. State-of-the-art Software Analysis tools ignore this communication and use an intermediate representation of software that is devoid of any Natural Language tokens. In this talk, I will present a novel software representation called Name-Flow Graphs (NFGs) that improves traditional forms of Software Analysis by augmenting software representations with identifiers. I will demonstrate how NFGs can be used to identify more precise and consequently, more secure types for variables. I will also show how NFGs can be used to auto-decompose software by using it to separate conflated commits into individual concerns.
Santanu Dash is a Lecturer in the Information Security Group at Royal Holloway, University of London. He is interested in applications of Software Analysis to the maintenance and security of large software ecosystems, such as the Android Open Source Project. His work on Bimodal Software Analysis, which combines symbolic and probabilistic techniques in a unified framework, has led to publications in flagship venues (ESEC/FSE’20 and ESEC/FSE’18). He has recently been awarded a 3-year research grant by EPSRC to apply Bimodal Software Analysis to automated software maintenance. Santanu was previously a Lecturer at University of Surrey and a post-doctoral researcher in the Systems Software Engineering Group at University College London and in the Information Security Group at Royal Holloway. He holds a PhD in Type-driven Software Security from University of Hertfordshire.