English
Related papers

Related papers: Evaluation of Static Analysis Tools for Finding Vu…

200 papers

In our times, when the world is increasingly becoming more dependent on software programs, writing bug-free, correct programs is crucial. Program verification based on formal methods can guarantee this by detecting run-time errors in…

Programming Languages · Computer Science 2024-03-21 Rajendra Kumar Solanki

Measuring and evaluating source code similarity is a fundamental software engineering activity that embraces a broad range of applications, including but not limited to code recommendation, duplicate code, plagiarism, malware, and smell…

Software Engineering · Computer Science 2023-06-29 Morteza Zakeri-Nasrabadi , Saeed Parsa , Mohammad Ramezani , Chanchal Roy , Masoud Ekhtiarzadeh

Open-source software (OSS) has experienced a surge in popularity, attributed to its collaborative development model and cost-effective nature. However, the adoption of specific software versions in development projects may introduce…

Software Engineering · Computer Science 2025-08-15 Yiran Cheng , Ting Zhang , Lwin Khin Shar , Shouguo Yang , Chaopeng Dong , David Lo , Shichao Lv , Zhiqiang Shi , Limin Sun

Static analysis tools are widely used to detect bugs, vulnerabilities, and code smells. Traditionally, developers must resolve these warnings manually. Because this process is tedious, developers sometimes ignore warnings, leading to an…

Software Engineering · Computer Science 2026-04-14 Pascal Joos , Islem Bouzenia , Michael Pradel

Static analysis tools are traditionally used to detect and flag programs that violate properties. We show that static analysis tools can also be used to perturb programs that satisfy a property to construct variants that violate the…

Software measurement is an essential management tool to develop robust and maintainable software systems. Software metrics can be used to control the inherent complexities in software design. To guarantee that the components of the software…

Software Engineering · Computer Science 2022-01-26 Mamdouh Alenezi

Context: Smart contract vulnerabilities pose significant security risks for the Ethereum ecosystem, driving the development of automated tools for detection and mitigation. Smart contracts are written in Solidity, a programming language…

Software Engineering · Computer Science 2025-04-09 Gerardo Iuliano , Davide Corradini , Michele Pasqua , Mariano Ceccato , Dario Di Nucci

Static analysis tools are widely used for vulnerability detection as they understand programs with complex behavior and millions of lines of code. Despite their popularity, static analysis tools are known to generate an excess of false…

Software Engineering · Computer Science 2021-02-17 Yunhui Zheng , Saurabh Pujar , Burn Lewis , Luca Buratti , Edward Epstein , Bo Yang , Jim Laredo , Alessandro Morari , Zhong Su

This paper serves as a progress report on our research, specifically focusing on utilizing interval analysis, an existing static analysis method, for detecting vulnerabilities in smart contracts. We present a selection of motivating…

Software Engineering · Computer Science 2023-09-26 Ştefan-Claudiu Susan , Andrei Arusoaie

Software developers are increasingly dependent on question and answer portals and blogs for coding solutions. While such interfaces provide useful information, there are concerns that code hosted here is often incorrect, insecure or…

Software Engineering · Computer Science 2022-02-04 Sherlock A. Licorish , Markus Wagner

In Software Engineering, some of the most critical activities are maintenance and evolution. However, to perform both with quality, minimizing impacts and risks, developers need to analyze and identify where the main problems come from…

Software Engineering · Computer Science 2020-08-11 Guilherme Lacerda , Fabio Petrillo , Marcelo Pimenta

For a novice programmer, coding is equivalent to a nightmare. A novice programmer tries to replicate steps provided by the faculty and on compilation gets a number of errors which the novice programmer is not able to resolve. This system…

Computers and Society · Computer Science 2013-10-07 Aniket Bhawkar , Rohit Belsare , Fenil Gandhi , Pratiksha Somani

Asynchrony has become an inherent element of JavaScript, as an effort to improve the scalability and performance of modern web applications. To this end, JavaScript provides programmers with a wide range of constructs and features for…

Programming Languages · Computer Science 2019-01-14 Thodoris Sotiropoulos , Benjamin Livshits

Code analysis is fundamental in Software Engineering, supporting debugging, optimization, and security assessment. Human developers approach it through syntax parsing, static semantics inference, and dynamic reasoning. Traditional tools are…

Software Engineering · Computer Science 2026-05-22 Wei Ma , Zhihao Lin , Shangqing Liu , Qiang Hu , Ye Liu , Wenhan Wang , Cen Zhang , Liming Nie , Li Li , Yang Liu , Lingxiao Jiang

Static analysis, the process of examining code without executing it, is crucial for identifying software issues. Yet, static analysis is hampered by its complexity and the need for customization for different targets. Traditional static…

Software Engineering · Computer Science 2023-12-15 Yu Hao , Weiteng Chen , Ziqiao Zhou , Weidong Cui

This paper is an introductory discussion on the cause of open source software vulnerabilities, their importance in the cybersecurity ecosystem, and a selection of detection methods. A recent application security report showed 44% of…

Cryptography and Security · Computer Science 2022-03-31 Stuart Millar

Timing side-channel attacks exploit variations in program execution time to recover sensitive information. Cryptographic implementations are especially vulnerable to these attacks, since even small timing differences in operations such as…

Cryptography and Security · Computer Science 2026-04-21 Nges Brian Njungle , Edwin P. Kayang , Mishel J. Paul , Michel A. Kinsy

The popularity and wide adoption of JavaScript both at the client and server side makes its code analysis more important than ever before. Most of the algorithms for vulnerability analysis, coding issue detection, or type inference rely on…

Software Engineering · Computer Science 2024-05-14 Gábor Antal , Péter Hegedűs , Zoltán Tóth , Rudolf Ferenc , Tibor Gyimóthy

Software visualization approaches for code reviews are often implemented as standalone applications, which use static code analysis. The goal is to visualize the structural changes introduced by a pull / merge request to facilitate the…

Software Engineering · Computer Science 2024-08-16 Alexander Krause-Glau , Lukas Damerau , Malte Hansen , Wilhelm Hasselbring

Developers today use significant amounts of open source code, surfacing the need for ways to automatically audit and upgrade library dependencies, and giving rise to the subfield of Software Composition Analysis (SCA). SCA products are…

Software Engineering · Computer Science 2019-10-01 Darius Foo , Jason Yeo , Hao Xiao , Asankhaya Sharma