The Story of WALA

Julian Dolby

IBM Thomas J. Watson Research Center

Doctoral Symposium, ECOOP, Barcelona, June 2017

WALA as Life at IBM

Blend of industry and academia
- Focus on research and publication
- Focus on product deliverables
Balancing act
- Maintain core research focus
- Follow corporate trends
Synergy
- Find research topics in real problems
- Apply research results to real problems

Selected History

2004	ASTk	J2EE optimization
2005	ITM	Tivoli JavaScript to DB queries
2006		Open source release
2008	GBS	ABAP analysis + tooling
2010	AppScan	JSA security analysis
2012	ECOOP	Correlation tracking
2013	ICSE	Approximate call graphs
2013		Android analysis support
2014	AppScan	Approximate call graphs in AppScan
2016	ICSE+API Harmony	Web API bug detection
2017	WCS	Dialog bug finding analysis

Enterprise Traditions

2004	ASTk	J2EE optimization
2005	ITM	Tivoli JavaScript to DB queries

WebSphere J2EE focus for enterprise customers
- Access relational databases from Java Web server
- Program analysis to determine read-only aspects
IBM Tivoli Monitoring migration support
- Monitoring scripts written in JavaScript
- Program analysis of monitoring semantics

Enterprise Traditions

WALA was born analyzing J2EE applications
- Required flexibility to model J2EE semantics
- Needed to handle large applications
JavaScript support created for Tivoli
- Adapt WALA for Tivoli analysis support
- Created general framework, not one-off hack

Open Source Release

2006		Open source release
2013		Android analysis support

WALA used in collaborations prior to release
- e.g. Refinement pointer analysis
- paperwork for each project
WALA open source in 2006
- Encourage collaboration and outside users
- Manage IP using Eclipse license

Open Source Release

IBM has embraced open source
WALA enhanced by contributions
- numerous fixes and code improvements
- Java source language front end
- Android application analysis support
- nodejs analysis support

Open Source Release

Encourage contributions to WALA
- Encourage code improvement contributions
- Encourage research with product infrastructure
Raise awareness of program analysis at Watson
- Recruiting and interns
- Release code for publications

The Service Economy

2008

GBS

ABAP analysis + tooling

ABAP powers a lot of business software
- Scripting language for dominant SAP products
- IBM business upgrading ABAP applications
Exploit front end from JavaScript to do ABAP too
- Create ABAP grammar with ANTLR
- Build simple WALA IR for ABAP constructs

JavaScript Security

2010	AppScan	JSA security analysis
2012	ECOOP	Correlation tracking
2013	ICSE	Approximate call graphs
2014	AppScan	Approximate call graphs in AppScan

WALA JavaScript analysis used for security
- WALA analysis used in AppScan products
- Shipped series of research results in AppScan

JavaScript Security

Problems first observed by customers
- Scalability issues in framework code
- Problem narrowed by product developers
Anderson’s asymptotic complexity worse
- ECOOP solution: apply context sensitivity
- ICSE solution: abstraction to avoid issue

JavaScript Security

Analysis imprecise in common for..in loops

for(prop in source) {
target[prop] = source[prop];
}

Flow-insensitive analysis
```
target[?] = source[?];
```

Correlation tracking

if (p === "x") {
target["x"] = source["x"];
} if (p === "y") {
target["y"] = source["y"];
...

Keeping up with the times

2016	ICSE+API Harmony	Web API bug detection
2017	WCS	Dialog bug finding analysis

ibm.com is all about AI and cognitive computing
- Machine learning and “Watson” as a product
- People still write code, and hence bugs
- WALA technology applicable in new domains

The Story of WALA

WALA as Life at IBM

Selected History

Enterprise Traditions

Enterprise Traditions

Open Source Release

Open Source Release

Open Source Release

The Service Economy

JavaScript Security

JavaScript Security

JavaScript Security

Keeping up with the times

API Harmony bug finding

WALA WCS Demo

WALA WCS Demo

Conclusions