English
Related papers

Related papers: Memory Error Detection in Security Testing

200 papers

Temporal memory safety bugs, especially use-after-free and double free bugs, pose a major security threat to C programs. Real-world exploits utilizing these bugs enable attackers to read and write arbitrary memory locations, causing…

Cryptography and Security · Computer Science 2023-03-21 Jie Zhou , John Criswell , Michael Hicks

The role of regression testing in software testing is crucial as it ensures that any new modifications do not disrupt the existing functionality and behaviour of the software system. The desired outcome is for regression tests to yield…

Software Engineering · Computer Science 2025-06-09 Xin Sun , Daniel Ståhl , Kristian Sandahl

In C++, objects can be allocated in static memory, on the stack, or on the heap -- the latter being significantly more performance-costly than the former options. We hypothesized that programmers, particularly those involved in widely-used…

Programming Languages · Computer Science 2024-10-10 Roman Korostinskiy , Eugene Darashkevich , Roman Rusyaev , Yegor Bugayenko

Static code warning tools often generate warnings that programmers ignore. Such tools can be made more useful via data mining algorithms that select the "actionable" warnings; i.e. the warnings that are usually not ignored. In this paper,…

Software Engineering · Computer Science 2021-01-12 Xueqi Yang , Jianfeng Chen , Rahul Yedida , Zhe Yu , Tim Menzies

While memory corruption bugs stemming from the use of unsafe programming languages are an old and well-researched problem, the resulting vulnerabilities still dominate real-world exploitation today. Various mitigations have been proposed to…

Cryptography and Security · Computer Science 2021-08-20 Emanuel Q. Vintila , Philipp Zieris , Julian Horsch

STANSE is a free (available under the GPLv2 license) modular framework for finding bugs in C programs using static analysis. Its two main design goals are 1) ability to process large software projects like the Linux kernel and 2)…

Software Engineering · Computer Science 2012-02-06 Jan Obdržálek , Jiří Slabý , Marek Trtík

Security code review is a time-consuming and labor-intensive process typically requiring integration with automated security defect detection tools. However, existing security analysis tools struggle with poor generalization, high false…

Software Engineering · Computer Science 2026-05-12 Jiaxin Yu , Peng Liang , Yujia Fu , Amjed Tahir , Mojtaba Shahin , Chong Wang , Yangxiao Cai

The concern about global warming increased the interest in the energy efficiency of computer applications. Assuming power is constant, the general trend is that faster programs consume less energy, thus optimizing a program for speed would…

Programming Languages · Computer Science 2024-12-20 Sérgio Queiroz de Medeiros , Marcelo Borges Nogueira , Gustavo Quezado

The lack of transparency about code datasets used to train large language models (LLMs) makes it difficult to detect, evaluate, and mitigate data leakage. We present a perturbation-based method to quantify memorization advantage in code…

Most vulnerability detection studies focus on datasets of vulnerabilities in C/C++ code, offering limited language diversity. Thus, the effectiveness of deep learning methods, including large language models (LLMs), in detecting software…

Software Engineering · Computer Science 2026-02-18 Kohei Dozono , Tiago Espinha Gasiba , Andrea Stocco

This paper is the first attempt at providing a holistic view of the Chrome Web Store (CWS). We leverage historical data provided by ChromeStats to study global trends in the CWS and security implications. We first highlight the extremely…

Cryptography and Security · Computer Science 2024-06-19 Sheryl Hsu , Manda Tran , Aurore Fass

Static cache analysis characterizes a program's cache behavior by determining in a sound but approximate manner which memory accesses result in cache hits and which result in cache misses. Such information is valuable in optimizing…

Programming Languages · Computer Science 2021-08-23 Valentin Touzeau , Claire Maïza , David Monniaux , Jan Reineke

Advancing our understanding of software vulnerabilities, automating their identification, the analysis of their impact, and ultimately their mitigation is necessary to enable the development of software that is more secure. While operating…

Software Engineering · Computer Science 2025-03-18 Serena E. Ponta , Henrik Plate , Antonino Sabetta , Michele Bezzi , Cédric Dangremont

Many applications are being written in more than one language to take advantage of the features that different languages provide such as native code support, improved performance, and language-specific libraries. However, there are few…

Software Engineering · Computer Science 2023-05-19 Kishanthan Thangarajah , Noble Mathews , Michael Pu , Meiyappan Nagappan , Yousra Aafer , Sridhar Chimalakonda

Large language models (LLMs) are now largely involved in software development workflows, and the code they generate routinely includes third-party library (TPL) imports annotated with specific version identifiers. These version choices can…

Software Engineering · Computer Science 2026-05-08 Chengjie Wang , Jingzheng Wu , Xiang Ling , Tianyue Luo , Chen Zhao

Large-scale datacenters often experience memory failures, where Uncorrectable Errors (UEs) highlight critical malfunction in Dual Inline Memory Modules (DIMMs). Existing approaches primarily utilize Correctable Errors (CEs) to predict UEs,…

Hardware Architecture · Computer Science 2024-12-17 Qiao Yu , Wengui Zhang , Min Zhou , Jialiang Yu , Zhenli Sheng , Jasmin Bogatinovski , Jorge Cardoso , Odej Kao

The Common Vulnerability Scoring System (CVSS) is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric score between 0 and 10 is calculated, 10 being the most…

Cryptography and Security · Computer Science 2024-05-09 Julia Wunder , Andreas Kurtz , Christian Eichenmüller , Freya Gassmann , Zinaida Benenson

Developing automated and smart software vulnerability detection models has been receiving great attention from both research and development communities. One of the biggest challenges in this area is the lack of code samples for all…

Software Engineering · Computer Science 2023-03-14 Khadija Hanifi , Ramin F Fouladi , Basak Gencer Unsalver , Goksu Karadag

In this digital era, our privacy is under constant threat as our personal data and traceable online/offline activities are frequently collected, processed and transferred by many software applications. Privacy attacks are often formed by…

Software Engineering · Computer Science 2023-02-13 Pattaraporn Sangaroonsilp , Hoa Khanh Dam , Aditya Ghose

In order to ensure the quality of software and prevent attacks from hackers on critical systems, static analysis tools are frequently utilized to detect vulnerabilities in the early development phase. However, these tools often report a…

Software Engineering · Computer Science 2022-09-28 Thanh Trong Vu , Hieu Dinh Vo