English
Related papers

Related papers: Localizing Patch Points From One Exploit

200 papers

While recent LLM-based agents can identify many candidate bugs in source code, their reports remain static hypotheses that require manual validation, limiting the practicality of automated bug detection. We frame this challenge as a test…

Software Engineering · Computer Science 2026-04-15 Zijie Zhao , Chenyuan Yang , Weidong Wang , Yihan Yang , Ziqi Zhang , Lingming Zhang

The identification of vulnerabilities is an important element in the software development life cycle to ensure the security of software. While vulnerability identification based on the source code is a well studied field, the identification…

Cryptography and Security · Computer Science 2022-12-05 Andreas Schaad , Dominik Binder

Software bugs are prevalent in modern software systems and notoriously hard to debug manually. Therefore, a large body of research efforts have been dedicated to automated software debugging, including both automated fault localization and…

Software Engineering · Computer Science 2019-10-04 Yiling Lou , Ali Ghanbari , Xia Li , Lingming Zhang , Dan Hao , Lu Zhang

We consider the task of mapping pseudocode to long programs that are functionally correct. Given test cases as a mechanism to validate programs, we search over the space of possible translations of the pseudocode to find a program that…

Machine Learning · Computer Science 2019-06-13 Sumith Kulal , Panupong Pasupat , Kartik Chandra , Mina Lee , Oded Padon , Alex Aiken , Percy Liang

Open source software (OSS) is integral to modern product development, and any vulnerability within it potentially compromises numerous products. While developers strive to apply security patches, pinpointing these patches among extensive…

Cryptography and Security · Computer Science 2024-09-16 Jinhong Yu , Yi Chen , Di Tang , Xiaozhong Liu , XiaoFeng Wang , Chen Wu , Haixu Tang

Automated program repair is a problem of finding a transformation (called a patch) of a given incorrect program that eliminates the observable failures. It has important applications such as providing debugging aids, automatically grading…

Software Engineering · Computer Science 2017-07-18 Sergey Mechtaev , Xiang Gao , Shin Hwei Tan , Abhik Roychoudhury

In modern software ecosystems, 1-day vulnerabilities pose significant security risks due to extensive code reuse. Identifying vulnerable functions in target binaries alone is insufficient; it is also crucial to determine whether these…

Software Engineering · Computer Science 2025-11-04 Siyuan Li , Yaowen Zheng , Hong Li , Jingdong Guo , Chaopeng Dong , Chunpeng Yan , Weijie Wang , Yimo Ren , Limin Sun , Hongsong Zhu

Software fault localization is one of the most expensive, tedious, and time-consuming activities in program debugging. This activity becomes even much more challenging in Software Product Line (SPL) systems due to the variability of…

Software Engineering · Computer Science 2021-09-22 Kien-Tuan Ngo , Thu-Trang Nguyen , Son Nguyen , Hieu Dinh Vo

Cache side-channel attacks extract secrets by examining how victim software accesses cache. To date, practical attacks on cryptosystems and media libraries are demonstrated under different scenarios, inferring secret keys and reconstructing…

Cryptography and Security · Computer Science 2022-10-04 Yuanyuan Yuan , Zhibo Liu , Shuai Wang

Localized adversarial patches aim to induce misclassification in machine learning models by arbitrarily modifying pixels within a restricted region of an image. Such attacks can be realized in the physical world by attaching the adversarial…

Computer Vision and Pattern Recognition · Computer Science 2021-04-01 Chong Xiang , Arjun Nitin Bhagoji , Vikash Sehwag , Prateek Mittal

The number of vulnerabilities reported in open source software has increased substantially in recent years. Security patches provide the necessary measures to protect software from attacks and vulnerabilities. In practice, it is difficult…

Software Engineering · Computer Science 2024-01-17 Zhiyuan Pan , Xing Hu , Xin Xia , Xian Zhan , David Lo , Xiaohu Yang

Bug bisection has been an important security task that aims to understand the range of software versions impacted by a bug, i.e., identifying the commit that introduced the bug. However, traditional patch-based bisection methods are faced…

Machine Learning · Computer Science 2025-10-31 Zheng Zhang , Haonan Li , Xingyu Li , Hang Zhang , Zhiyun Qian

In this paper, we take a deep dive into microarchitectural security from a hardware designer's perspective by reviewing the existing approaches to detect hardware vulnerabilities during the design phase. We show that a protection gap…

Software vulnerabilities are prevalent but fixing software vulnerabilities is not trivial. Studies have shown that a considerable prepatch window exists because it often takes weeks or months for software vendors to fix a vulnerability.…

Cryptography and Security · Computer Science 2024-05-28 Zhen Huang , Hristina Dokic

Memory leak bugs are a major problem in C/C++ programs. They occur when memory objects are not deallocated.Developers need to manually deallocate these objects to prevent memory leaks. As such, several techniques have been proposed to…

Cryptography and Security · Computer Science 2024-08-12 Aniruddhan Murali , Mahmoud Alfadel , Meiyappan Nagappan , Meng Xu , Chengnian Sun

Software vulnerabilities affect all businesses and research is being done to avoid, detect or repair them. In this article, we contribute a new technique for automatic vulnerability fixing. We present a system that uses the rich software…

Software Engineering · Computer Science 2019-12-09 Zimin Chen , Steve Kommrusch , Martin Monperrus

Software vulnerabilities are a serious and crucial concern. Typically, in a program or function consisting of hundreds or thousands of source code statements, there are only a few statements causing the corresponding vulnerabilities. Most…

Cryptography and Security · Computer Science 2024-06-13 Van Nguyen , Trung Le , Chakkrit Tantithamthavorn , Michael Fu , John Grundy , Hung Nguyen , Seyit Camtepe , Paul Quirk , Dinh Phung

Fault localization is one of the most time-consuming and error-prone parts of software debugging. There are several tools for helping developers in the fault localization process, however, they mostly target programs written in Java and…

Software Engineering · Computer Science 2021-08-30 Qusay Idrees Sarhan , Attila Szatmari , Rajmond Toth , Arpad Beszedes

Bug fixing is generally a manually-intensive task. However, recent work has proposed the idea of automated program repair, which aims to repair (at least a subset of) bugs in different ways such as code mutation, etc. Following in the same…

Software Engineering · Computer Science 2019-07-05 Hideaki Hata , Emad Shihab , Graham Neubig

Automatically locating vulnerable statements in source code is crucial to assure software security and alleviate developers' debugging efforts. This becomes even more important in today's software ecosystem, where vulnerable code can flow…

Software Engineering · Computer Science 2022-01-14 Yangruibo Ding , Sahil Suneja , Yunhui Zheng , Jim Laredo , Alessandro Morari , Gail Kaiser , Baishakhi Ray