Доклад "What's Still Missing in Static Analysis? A Decade-Long Journey." c Симпозиума по статическому анализу (SAS 2024), который описывает последние достижения в использовании машинного обучения в выявлении уязвимостей с помощью стат. анализа: "The field of static analysis has made enormous progress over the past few decades. Static analysis tools are now routinely used to improve software quality in industry. Static analysis frameworks like CodeQL have helped discover hundreds of security vulnerabilities and seek to democratize the technology by enabling developers to write custom queries. Despite these advances, static analysis faces challenges that greatly limit its effectiveness and accessibility in practice. In this talk, I will show how ideas from machine learning can help alleviate them, most notably in inferring specifications. I will cover a wide range of approaches that trace the arc of the field of machine learning itself, starting from probabilistic graphical models like Markov Logic Networks and Bayesian Networks, to deep learning models like Graph Neural Networks and Transformers, and ultimately modern approaches involving Large Language Models and compound AI systems including neurosymbolic and agent frameworks." Слайды: https://docs.google.com/presentation/d/1ZbgfX2qJNdeScuSY75M27OHuzQ0Atkaz3-mSH7-nn_4/mobilepresent#slide=id.g19367960644_1_206 Видео: https://www.youtube.com/watch?v=yOzqdhYouUU&t=2425s