Naturalistic Static Program Analysis

Static program analysis development is a non-trivial and time-consuming task. We have developed a framework through which developers can define static program analyses in natural language. We show the application of this framework to identify cryptography misuses in Java programs, and we discuss how it facilitates static program analysis development for developers. 

This work is accepted to the 30th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), to be held from March 21-24 in Macau, China. SANER is the premier event on the theory and practice of recovering information from existing software and systems.