English
Related papers

Related papers: SAIC: Identifying Configuration Files for System C…

200 papers

Many users implicitly assume that software can only be exploited after it is installed. However, recent supply-chain attacks demonstrate that application integrity must be ensured during installation itself. We introduce SIGL, a new tool…

Cryptography and Security · Computer Science 2021-06-24 Xueyuan Han , Xiao Yu , Thomas Pasquier , Ding Li , Junghwan Rhee , James Mickens , Margo Seltzer , Haifeng Chen

Static analyzers help find bugs early by warning about recurring bug categories. While fixing these bugs still remains a mostly manual task in practice, we observe that fixes for a specific bug category often are repetitive. This paper…

Software Engineering · Computer Science 2019-11-22 Johannes Bader , Andrew Scott , Michael Pradel , Satish Chandra

Static analysis tools come in many forms andconfigurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements…

Refactoring is a critical process in software development, aiming at improving the internal structure of code while preserving its external behavior. Refactoring engines are integral components of modern Integrated Development Environments…

Software Engineering · Computer Science 2024-09-24 Haibo Wang , Zhuolin Xu , Huaien Zhang , Nikolaos Tsantalis , Shin Hwei Tan

Agentic code assistants are a new generation of AI systems capable of performing end-to-end software engineering tasks. While these systems promise unprecedented productivity gains, their behavior and effectiveness depend heavily on…

Software Engineering · Computer Science 2026-05-26 Helio Victor F. Santos , Vitor Costa , Joao Eduardo Montandon , Marco Tulio Valente

Developers today use significant amounts of open source code, surfacing the need for ways to automatically audit and upgrade library dependencies, and giving rise to the subfield of Software Composition Analysis (SCA). SCA products are…

Software Engineering · Computer Science 2019-10-01 Darius Foo , Jason Yeo , Hao Xiao , Asankhaya Sharma

Modern version control systems such as Git or SVN include bug tracking mechanisms, through which developers can highlight the presence of bugs through bug reports, i.e., textual descriptions reporting the problem and what are the steps that…

Software Engineering · Computer Science 2019-07-26 Gemma Catolino , Fabio Palomba , Andy Zaidman , Filomena Ferrucci

Many companies and organizations use firewalls to control the access to their network infrastructure. Firewalls are network security components which provide means to filter traffic within corporate networks, as well as to police incoming…

Cryptography and Security · Computer Science 2019-12-17 Frédéric Cuppens , Nora Cuppens-Boulahia , Joaquin Garcia-Alfaro

Context: Static Application Security Testing Tools (SASTTs) identify software vulnerabilities to support the security and reliability of software applications. Interestingly, several studies have suggested that alternative solutions may be…

Software Engineering · Computer Science 2024-03-15 Matteo Esposito , Valentina Falaschi , Davide Falessi

Build systems are an essential part of modern software engineering projects. As software projects change continuously, it is crucial to understand how the build system changes because neglecting its maintenance can lead to expensive build…

Software Engineering · Computer Science 2017-03-27 Christian Macho , Shane McIntosh , Martin Pinzger

A self-healing application brings itself into a stable state after a failure put the software into an unstable state. For such self-healing software application, finding fix for a previously unseen fault is a grand challenge. Asking the…

Software Engineering · Computer Science 2012-03-27 Mohammad Muztaba Fuad , Debzani Deb , Jinsuk Baek

A Bug Inducing Commit (BIC) is a code change that introduces a bug into the codebase. Although the abnormal or unexpected behavior caused by the bug may not manifest immediately, it will eventually lead to program failures further down the…

Software Engineering · Computer Science 2025-02-20 Gabin An , Jinsu Choi , Jingun Hong , Naryeong Kim , Shin Yoo

To fix a software bug, you must first find it. As software grows in size and complexity, finding bugs is becoming harder. To solve this problem, measures have been developed to rank lines of code according to their "suspiciousness" wrt…

Software Engineering · Computer Science 2018-10-02 David Landsberg , Earl Barr

Access-control misconfigurations are among the main causes of today's data breaches in web applications. However, few techniques are available to support automatic and systematic testing for access-control changes and detecting risky…

Cryptography and Security · Computer Science 2025-05-20 Chengcheng Xiang , Li Zhong , Eric Mugnier , Nathaniel Nguyen , Yuanyuan Zhou , Tianyin Xu

Background: As Infrastructure as Code (IaC) becomes standard practice, ensuring the reliability of IaC scripts is essential. Defect taxonomies are valuable tools for this, offering a common language for issues and enabling systematic…

Software Engineering · Computer Science 2025-06-19 Wendell Oliveira , Filipe Paiva , Thiago Emmanuel Pereira , João Brunet

Refactoring is a well-known technique that is widely adopted by software engineers to improve the design and enable the evolution of a system. Knowing which refactoring operations were applied in a code change is a valuable information to…

Software Engineering · Computer Science 2018-08-07 Danilo Silva , Marco Tulio Valente

Modern software systems often rely on conditional compilation to support optional features and multiple deployment scenarios. In configurable systems, compilation errors may arise only under specific combinations of features, remaining…

Software Engineering · Computer Science 2026-01-26 Rohit Gheyi , Lucas Albuquerque , Márcio Ribeiro , Eduardo Almeida , Danyllo Albuquerque , Mirko Perkusich

Automatic Static Analysis Tools (ASATs) are widely used by software developers to diffuse and enforce coding practices. Yet, we know little about the documentation of ASATs, despite it being critical to learn about the coding practices in…

Software Engineering · Computer Science 2024-02-14 Corentin Latappy , Thomas Degueule , Jean-Rémy Falleri , Romain Robbes , Xavier Blanc , Cédric Teyton

Previous work has shown that early resolution of issues detected by static code analyzers can prevent major costs later on. However, developers often ignore such issues for two main reasons. First, many issues should be interpreted to…

Many applications in important problem domains such as machine learning and computer vision are streaming applications that take a sequence of inputs over time. It is challenging to find knob settings that optimize the run-time performance…

Distributed, Parallel, and Cluster Computing · Computer Science 2021-08-25 Yan Pei , Keshav Pingali