English
Related papers

Related papers: Sorald: Automatic Patch Suggestions for SonarQube …

200 papers

Today's small and medium-sized enterprises (SMEs) in the software industry are faced with major challenges. While having to work efficiently using limited resources they have to perform quality assurance on their code to avoid the risk of…

Software Engineering · Computer Science 2016-11-24 Mario Gleirscher , Dmitriy Golubitskiy , Maximilian Irlbeck , Stefan Wagner

To be practically useful, modern static analyzers must precisely model the effect of both, statements in the programming language as well as frameworks used by the program under analysis. While important, manually addressing these…

Programming Languages · Computer Science 2017-06-27 Pavol Bielik , Veselin Raychev , Martin Vechev

Static bug detection tools help developers detect problems in the code, including bad programming practices and potential defects. Recent efforts to integrate static bug detectors in modern software development workflows, such as in code…

Software Engineering · Computer Science 2024-01-24 Junjie Li , Jinqiu Yang

Flaw-finding static analysis tools typically generate large volumes of code flaw alerts including many false positives. To save on human effort to triage these alerts, a significant body of work attempts to use machine learning to classify…

Software Engineering · Computer Science 2021-05-11 Lori Flynn , William Snavely , Zachary Kurtz

Programmers often add meaningful information about program semantics when naming program entities such as variables, functions, and macros. However, static analysis tools typically discount this information when they look for bugs in a…

Programming Languages · Computer Science 2020-09-22 Roger Scott , Joseph Ranieri , Lucja Kot , Vineeth Kashyap

We propose a method combining machine learning with a static analysis tool (i.e. Infer) to automatically repair source code. Machine Learning methods perform well for producing idiomatic source code. However, their output is sometimes…

Software Engineering · Computer Science 2023-04-24 Ruba Mutasim , Gabriel Synnaeve , David Pichardie , Baptiste Rozière

As software projects become increasingly complex, the volume and variety of issues in code files have grown substantially. Addressing this challenge requires efficient issue detection, resolution, and evaluation tools. This paper presents…

Software Engineering · Computer Science 2025-09-15 Seyed Moein Abtahi , Akramul Azim

Static analysis is sound in theory, but an implementation may unsoundly fail to analyze all of a program's code. Any such omission is a serious threat to the validity of the tool's output. Our work is the first to measure the prevalence of…

Software Engineering · Computer Science 2024-07-11 Jordan Samhi , René Just , Tegawendé F. Bissyandé , Michael D. Ernst , Jacques Klein

With an increasing number of value-flow properties to check, existing static program analysis still tends to have scalability issues when high precision is required. We observe that the key design flaw behind the scalability problem is that…

Software Engineering · Computer Science 2019-12-17 Qingkai Shi , Rongxin Wu , Gang Fan , Charles Zhang

Technical debt is often the result of Short Run decisions made during code development, which can lead to long-term maintenance costs and risks. Hence, evaluating the progression of a project and understanding related code quality aspects…

Software Engineering · Computer Science 2023-05-01 Benedikt Dornauer , Michael Felderer , Johannes Weinzerl , Mircea-Cristian Racasan , Martin Hess

Static analysis tools are traditionally used to detect and flag programs that violate properties. We show that static analysis tools can also be used to perturb programs that satisfy a property to construct variants that violate the…

Static Analysis tools have rules for several code quality issues and these rules are created by experts manually. In this paper, we address the problem of automatic synthesis of code quality rules from examples. We formulate the rule…

Software Engineering · Computer Science 2022-04-20 Pranav Garg , Srinivasan Sengamedu SHS

Formally verified compilers and formally verified static analyzers are a solution to the problem that certain industries face when they have to demonstrate to authorities that the object code they run truly corresponds to its source code…

Logic in Computer Science · Computer Science 2024-07-12 David Monniaux

Open-source software (OSS) pipelines rely on automated static analysis tools to prevent the introduction of vulnerabilities in code. However, there is limited understanding of the efficacy of these tools across the OSS ecosystem over time.…

Cryptography and Security · Computer Science 2026-05-11 Jean-Charles Noirot Ferrand , Kyle Domico , Yohan Beugin , Patrick McDaniel

Static Code Analysis (SCA) tools, while invaluable for identifying potential coding problems, functional bugs, or vulnerabilities, often generate an overwhelming number of warnings, many of which are non-actionable. This overload of alerts…

Software Engineering · Computer Science 2025-11-14 Dávid Kószó , Tamás Aladics , Rudolf Ferenc , Péter Hegedűs

In the open source software (OSS) ecosystem, there exists a complex software supply chain, where developers upstream and downstream widely borrow and reuse code. This results in the widespread occurrence of recurring defects, missing fixes,…

Cryptography and Security · Computer Science 2024-01-31 Fuwei Wang , Yongzhi Liu , Zhiqiang Dong

Context: Static analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false-positive rate is essential for the adaption in practice and for precise…

Software Engineering · Computer Science 2024-03-13 Anna-Katharina Wickert , Michael Schlichtig , Marvin Vogel , Lukas Winter , Mira Mezini , Eric Bodden

Java 7 introduced programmable dynamic linking in the form of the invokedynamic framework. Static analysis of code containing programmable dynamic linking has often been cited as a significant source of unsoundness in the analysis of Java…

Programming Languages · Computer Science 2020-01-09 George Fourtounis , Yannis Smaragdakis

We present HornDroid, a new tool for the static analysis of information flow properties in Android applications. The core idea underlying HornDroid is to use Horn clauses for soundly abstracting the semantics of Android applications and to…

Cryptography and Security · Computer Science 2017-07-26 Stefano Calzavara , Ilya Grishchenko , Matteo Maffei

Developers use logging statements to track software runtime behaviors and system status. Yet, unclear or misleading logs can hide true execution patterns and hinder software maintenance. Current research on logging statement issues is…

Software Engineering · Computer Science 2025-04-23 Renyi Zhong , Yichen Li , Jinxi Kuang , Wenwei Gu , Yintong Huo , Michael R. Lyu