In this article, we summarize our experience in combining program analysis with machine learning (ML) to develop a technique that can improve the development of specific program analyses. Our experience is negative. We describe the areas that need to be addressed if ML techniques are to be useful in the program analysis context. Most of the issues that we report are different from the ones that discuss the state of the art in the use of ML techniques to detect security vulnerabilities

中文翻译：

---

为什么静态应用程序安全测试很难学？

在本文中，我们总结了将程序分析与机器学习 (ML) 相结合的经验，以开发一种可以改进特定程序分析开发的技术。我们的经验是负面的。如果机器学习技术要在程序分析环境中发挥作用，我们将描述需要解决的领域。我们报告的大多数问题与讨论使用机器学习技术检测安全漏洞的最新技术的问题不同