English
Related papers

Related papers: Sorald: Automatic Patch Suggestions for SonarQube …

200 papers

Static code analysis (SCA) tools are widely used as effective ways to detect bugs and vulnerabilities in software systems. However, the reports generated by these tools often contain a large number of non-actionable findings, which can…

Software Engineering · Computer Science 2026-04-21 Tamás Aladics , Norbert Vándor , Rudolf Ferenc , Péter Hegedűs

A long-standing open challenge for automated program repair is the overfitting problem, which is caused by having insufficient or incomplete specifications to validate whether a generated patch is correct or not. Most available repair…

Software Engineering · Computer Science 2021-11-11 Omar I. Al-Bataineh , Anastasiia Grishina , Leon Moonen

Java reflection has been increasingly used in a wide range of software. It allows a software system to inspect and/or modify the behaviour of its classes, interfaces, methods and fields at runtime, enabling the software to adapt to…

Programming Languages · Computer Science 2017-06-15 Yue Li , Tian Tan , Jingling Xue

Knowledge-based systems reason over some knowledge base. Hence, an important issue for such systems is how to acquire the knowledge needed for their inference. This paper assesses active learning methods for acquiring knowledge for "static…

Software Engineering · Computer Science 2020-10-23 Xueqi Yang , Zhe Yu , Junjie Wang , Tim Menzies

(Note: This work is a preprint.) Static analysis (SA) tools produce many diagnostic alerts indicating that source code in C or C++ may be defective and potentially vulnerable to security exploits. Many of these alerts are false positives.…

Software Engineering · Computer Science 2025-08-06 David Svoboda , Lori Flynn , William Klieber , Michael Duggan , Nicholas Reimer , Joseph Sible

Mobile application security has been one of the major areas of security research in the last decade. Numerous application analysis tools have been proposed in response to malicious, curious, or vulnerable apps. However, existing tools, and…

Cryptography and Security · Computer Science 2018-06-29 Richard Bonett , Kaushal Kafle , Kevin Moran , Adwait Nadkarni , Denys Poshyvanyk

Early identification of security issues in software development is vital to minimize their unanticipated impacts. Code review is a widely used manual analysis method that aims to uncover security issues along with other coding issues in…

Software Engineering · Computer Science 2024-07-18 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Static analysis is a growing application of software engineering, leading to a range of essential security tools, bug-finding tools, as well as software verification. Recent years show an increase of universal static analysis tools that…

Programming Languages · Computer Science 2024-04-22 Avi Hayoun , Veselin Raychev , Jack Hair

Static analysis remains one of the most popular approaches for detecting and correcting poor or vulnerable program code. It involves the examination of code listings, test results, or other documentation to identify errors, violations of…

Artificial Intelligence · Computer Science 2021-08-27 Fitzroy D. Nembhard , Marco M. Carvalho

Automatic Static Analysis Tools (ASATs) are widely used by software developers to diffuse and enforce coding practices. Yet, we know little about the documentation of ASATs, despite it being critical to learn about the coding practices in…

Software Engineering · Computer Science 2024-02-14 Corentin Latappy , Thomas Degueule , Jean-Rémy Falleri , Romain Robbes , Xavier Blanc , Cédric Teyton

In this paper, we present a novel marriage of static and dynamic analysis. Given a large code base with many functions and a mature test suite, we propose using static analysis to find functions 1) with assertions or other evident…

Software Engineering · Computer Science 2016-09-22 Mohammad Amin Alipour , Alex Groce , Chaoqiang Zhang , Anahita Sanadaji , Gokul Caushik

Java static analysis frameworks are commonly compared under the assumption that analysis algorithms and configurations compose monotonically and yield semantically comparable results across tools. In this work, we show that this assumption…

Software Engineering · Computer Science 2026-04-02 Fangtian Zhong , Ollie Wold , Joseph Windmann

To enhance the compatibility in the version control of Java Third-party Libraries (TPLs), Maven adopts Semantic Versioning (SemVer) to standardize the underlying meaning of versions, but users could still confront abnormal execution and…

Software Engineering · Computer Science 2022-09-02 Lyuye Zhang , Chengwei Liu , Zhengzi Xu , Sen Chen , Lingling Fan , Bihuan Chen , Yang Liu

Context. Companies commonly invest effort to remove technical issues believed to impact software qualities, such as removing anti-patterns or coding styles violations. Objective. Our aim is to analyze the diffuseness of Technical Debt (TD)…

Software Engineering · Computer Science 2021-03-09 Valentina Lenarduzzi , Nyyti Saarimäki , Davide Taibi

Privacy-enhancing blocking tools based on filter-list rules tend to break legitimate functionality. Filter-list maintainers could benefit from automated breakage detection tools that allow them to proactively fix problematic rules before…

Cryptography and Security · Computer Science 2024-05-09 Saiid El Hajj Chehade , Sandra Siby , Carmela Troncoso

Static analysis is a powerful technique for automatic verification of programs but raises major engineering challenges when developing a full-fledged analyzer for a realistic language such as Java. This paper describes the Sawja library: a…

Static analysis tools, or linters, detect violation of source code conventions to maintain project readability. Those tools automatically fix specific violations while developers edit the source code. However, existing tools are designed…

Software Engineering · Computer Science 2020-05-25 Yuki Ueda , Takashi Ishio , Akinori Ihara , Kenichi Matsumoto

Implementing bug-free concurrent programs is a challenging task in modern software development. State-of-the-art static analyses find hundreds of concurrency bugs in production code, scaling to large codebases. Yet, fixing these bugs in…

Software Engineering · Computer Science 2021-08-09 Andreea Costea , Abhishek Tiwari , Sigmund Chianasta , Kishore R , Abhik Roychoudhury , Ilya Sergey

Fix pattern-based patch generation is a promising direction in Automated Program Repair (APR). Notably, it has been demonstrated to produce more acceptable and correct patches than the patches obtained with mutation operators through…

Software Engineering · Computer Science 2019-02-18 Kui Liu , Anil Koyuncu , Dongsun Kim , Tegawendé F. Bisyandé

Static analysis tools are frequently used to scan the source code and detect deviations from the project coding guidelines. Given their importance, linters are often introduced to classrooms to educate students on how to detect and…

Software Engineering · Computer Science 2023-07-20 Eman Abdullah AlOmar , Salma Abdullah AlOmar , Mohamed Wiem Mkaouer