Detecting Security Vulnerabilities in Human-Machine Pair Programming with Pointer Analysis

Pointer analysis is the underlying technique of many static analysis tools for vulnerability discovery. Most existing pointer analysis approaches require whole-program availability, i.e., a program to be analyzed should be complete, which may hinder a timely analysis during the coding phase. By contrast, the attempt of this work is to perform analyses in Human-Machine Pair Programming, where the programs being analyzed are still under construction. Analyzing such incomplete programs enables programmers to discover security flaws as early as in the coding phase. In the paper we describe in detail how our approach maintains flow sensitivity and propagates points-to and taint information in an incremental fashion. We demonstrate the feasibility of our approach by conducting an experiment on a security benchmark. The experiment results show that our approach can capture all the potential vulnerabilities in the test cases in real time, though a number of false alarms are reported.