Location

Coda C0908 Home Park

Title: Advancing Automated Program Analysis through the Lens of Program Semantics

 

Date: Friday, June 5, 2026

Time: 12:00-13:00

Location:

 

Yupeng Yang

Ph.D. Candidate

School of Cybersecurity and Privacy

Georgia Institute of Technology

 

Committee:

Dr. Wenke Lee (Advisor): School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Brendan Saltaformaggio: School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Mustaque Ahamad: School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Sukarno Mertoguno: School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Kexin Pei: Department of Computer Science, The University of Chicago

 

Abstract:

Program analysis is essential for software security because it helps developers discover bugs, vulnerabilities, and reliability issues by analyzing code behavior and execution paths. However, analyzing modern software remains difficult because programs often require highly structured inputs and satisfy complex syntactic, semantic, and path constraints before reaching deep behaviors. Existing techniques such as grey-box fuzzing and symbolic execution can scale broadly, but they frequently waste effort exploring invalid inputs or shallow execution states. In contrast, approaches that incorporate semantic knowledge can guide analysis more effectively, though they have traditionally required extensive manual effort, making them hard to generalize.

 

This dissertation argues that integrating program semantics into automated analysis can make exploration both more effective and more generalizable. The key insight is that semantic knowledge, whether explicitly modeled by humans or inferred automatically using large language models (LLMs), helps analysis systems understand the meaning of inputs, prioritize important constraints, and focus exploration on valuable program behaviors. To demonstrate this idea, the dissertation introduces BuzzBee, a semantics-aware fuzzing framework for database management systems. By modeling common data operations and dependencies, BuzzBee generates semantically meaningful test cases and discovers 40 vulnerabilities across 8 DBMSs and 4 data models.

 

The dissertation further explores LLM-guided program analysis through two systems: HLPFuzz and Klleem. HLPFuzz uses LLMs to infer and solve hard constraints arising in language processors, enabling fuzzers to reach deeper program states and uncover 52 bugs across 9 systems. Klleem applies LLMs to symbolic execution by synthesizing semantic assumptions that reduce low-value exploration while preserving important behaviors, achieving up to 61% higher code coverage and a 2.5× increase in bug detection rate over baselines, across 10 real-world software systems. Together, these systems demonstrate that semantic reasoning, especially when combined with LLMs, can significantly improve the effectiveness and generality of automated program analysis.