StaticFixer: From Static Analysis to Static Repair

Abstract

Static analysis tools are traditionally used to detect and flag programs that violate properties. We show that static analysis tools can also be used to perturb programs that satisfy a property to construct variants that violate the property. Using this insight we can construct paired data sets of unsafe-safe program pairs, and learn strategies to automatically repair property violations. We present a system called , which automatically repairs information flow vulnerabilities using this approach. Since information flow properties are non-local (both to check and repair), also introduces a novel domain specific language (DSL) and strategy learning algorithms for synthesizing non-local repairs. We use to synthesize strategies for repairing two types of information flow vulnerabilities, unvalidated dynamic calls and cross-site scripting, and show that successfully repairs several hundred vulnerabilities from open source JavaScript repositories, outperforming neural baselines built using CodeT5 and Codex. Our datasets can be downloaded from http://aka.ms/StaticFixer.