Automatically detecting software vulnerabilities is an important problem that
has attracted much attention from the academic research community. However,
existing vulnerability detectors still cannot achieve the vulnerability
detection capability and the locating precision that would warrant their
adoption for real-world use. In this paper, we present a vulnerability detector
that can simultaneously achieve a high detection capability and a high locating
precision, dubbed Vulnerability Deep learning-based Locator (VulDeeLocator). In
the course of designing VulDeeLocator, we encounter difficulties including how
to accommodate semantic relations between the definitions of types as well as
macros and their uses across files, how to accommodate accurate control flows
and variable define-use relations, and how to achieve high locating precision.
We solve these difficulties by using two innovative ideas: (i) leveraging
intermediate code to accommodate extra semantic information, and (ii) using the
notion of granularity refinement to pin down locations of vulnerabilities. When
applied to 200 files randomly selected from three real-world software products,
VulDeeLocator detects 18 confirmed vulnerabilities (i.e., true-positives).
Among them, 16 vulnerabilities correspond to known vulnerabilities; the other
two are not reported in the National Vulnerability Database (NVD) but have been
“silently” patched by the vendor of Libav when releasing newer versions.

