English
Related papers

Related papers: Demystifying Regular Expression Bugs: A comprehens…

200 papers

Regular expressions (regexes) are a powerful mechanism for solving string-matching problems. They are supported by all modern programming languages, and have been estimated to appear in more than a third of Python and JavaScript projects.…

Software Engineering · Computer Science 2023-03-07 Louis G. Michael , James Donohue , James C. Davis , Dongyoon Lee , Francisco Servant

This paper explores the extent to which regular expressions (regexes) are portable across programming languages. Many languages offer similar regex syntaxes, and it would be natural to assume that regexes can be ported across language…

Software Engineering · Computer Science 2021-05-11 James C. Davis , Louis G. Michael , Christy A. Coghlan , Francisco Servant , Dongyoon Lee

Regular expressions are used for diverse purposes, including input validation and firewalls. Unfortunately, they can also lead to a security vulnerability called ReDoS (Regular Expression Denial of Service), caused by a super-linear…

Software Engineering · Computer Science 2022-12-16 Sk Adnan Hassan , Zainab Aamir , Dongyoon Lee , James C. Davis , Francisco Servant

Software engineers use regular expressions (regexes) across a wide range of domains and tasks. To support regexes, software projects must integrate a regex engine, whether provided natively by the language runtime (e.g., Python's re) or…

Software Engineering · Computer Science 2026-03-03 Berk Çakar , Dongyoon Lee , James C. Davis

In an algorithmic complexity attack, a malicious party takes advantage of the worst-case behavior of an algorithm to cause denial-of-service. A prominent algorithmic complexity attack is regular expression denial-of-service (ReDoS), in…

Cryptography and Security · Computer Science 2017-01-17 Valentin Wüstholz , Oswaldo Olivo , Marijn J. H. Heule , Isil Dillig

Regular Expression Denial of Service (ReDoS) is a vulnerability class that has become prominent in recent years. Attackers can weaponize such weaknesses as part of asymmetric cyberattacks that exploit the slow worst-case matching time of…

Cryptography and Security · Computer Science 2025-08-27 Masudul Hasan Masud Bhuiyan , Berk Çakar , Ethan H. Burmane , James C. Davis , Cristian-Alexandru Staicu

Existing support for regular expressions in automated test generation or verification tools is lacking. Common aspects of regular expression engines found in mainstream programming languages, such as backreferences or greedy matching, are…

Programming Languages · Computer Science 2020-03-16 Blake Loring , Duncan Mitchell , Johannes Kinder

Web services use server-side input sanitization to guard against harmful input. Some web services publish their sanitization logic to make their client interface more usable, e.g., allowing clients to debug invalid requests locally.…

Cryptography and Security · Computer Science 2023-03-06 Efe Barlas , Xin Du , James C. Davis

There has been much work on synthesizing and repairing regular expressions (regexes for short) from examples. These programming-by-example (PBE) methods help the users write regexes by letting them reflect their intention by examples.…

Programming Languages · Computer Science 2022-08-23 Nariyoshi Chida , Tachio Terauchi

Refactoring is a common practice in software development, aimed at improving the internal code structure in order to make it easier to understand and modify. Consequently, it is often assumed that refactoring makes the code less prone to…

Software Engineering · Computer Science 2025-05-14 Isabella Ferreira , Lawrence Arkoh , Anderson Uchôa , Ana Carla Bibiano , Alessandro Garcia , Wesley K. G. Assunção

ReDoS is a well-known type of algorithmic complexity attack, where an adversary supplies maliciously crafted strings to a regular expression matching engine, aiming to exhaust computational resources of systems. Even quadratic-time behavior…

Data Structures and Algorithms · Computer Science 2026-05-11 Soh Kumabe , Yuya Uezato

Regular expressions are a concise yet expressive language for expressing patterns. For instance, in networked software, they are used for input validation and intrusion detection. Yet some widely deployed regular expression matchers based…

Programming Languages · Computer Science 2013-01-08 James Kirrage , Asiri Rathnayake , Hayo Thielecke

Refactoring is a critical process in software development, aiming at improving the internal structure of code while preserving its external behavior. Refactoring engines are integral components of modern Integrated Development Environments…

Software Engineering · Computer Science 2024-09-24 Haibo Wang , Zhuolin Xu , Huaien Zhang , Nikolaos Tsantalis , Shin Hwei Tan

Background: Security regressions are vulnerabilities introduced in a previously unaffected software system. They often happen as a result of source code changes (e.g., a bug fix) and can have severe effects. Aims: To increase the…

Software Engineering · Computer Science 2022-07-06 Larissa Braz , Enrico Fregnan , Vivek Arora , Alberto Bacchelli

Regular expressions (regexes) are foundational to modern computing for critical tasks like input validation and data parsing, yet their ubiquity exposes systems to regular expression denial of service (ReDoS), a vulnerability requiring…

Artificial Intelligence · Computer Science 2025-10-13 Sicheol Sung , Joonghyuk Hahn , Yo-Sub Han

Composing regexes is a common but challenging engineering activity. Software engineers struggle with regex complexity, leading to defects, performance issues, and security vulnerabilities. Researchers have proposed tools to synthesize…

Software Engineering · Computer Science 2025-09-25 Berk Çakar , Charles M. Sale , Sophie Chen , Dongyoon Lee , James C. Davis

In pull-based development systems, code reviews and pull request comments play important roles in improving code quality. In such systems, reviewers attempt to carefully check a piece of code by different unit tests. Unfortunately,…

Software Engineering · Computer Science 2022-05-20 F. Khoshnoud , A. Rezaei Nasab , Z. Toudeji , A. Sami

Software developers attempt to reproduce software bugs to understand their erroneous behaviours and to fix them. Unfortunately, they often fail to reproduce (or fix) them, which leads to faulty, unreliable software systems. However, to…

Software Engineering · Computer Science 2021-08-12 Mohammad Masudur Rahman , Foutse Khomh , Marco Castelluccio

Deep learning has gained substantial popularity in recent years. Developers mainly rely on libraries and tools to add deep learning capabilities to their software. What kinds of bugs are frequently found in such software? What are the root…

Software Engineering · Computer Science 2019-06-05 Md Johirul Islam , Giang Nguyen , Rangeet Pan , Hridesh Rajan

As a software system evolves, its architecture tends to degrade, and gradually impedes software maintenance and evolution activities and negatively impacts the quality attributes of the system. The main root cause behind architecture…

Software Engineering · Computer Science 2023-08-07 Ruiyin Li , Peng Liang , Paris Avgeriou
‹ Prev 1 2 3 10 Next ›