English
Related papers

Related papers: Accelerating JavaScript Static Analysis via Dynami…

200 papers

Precise and fast static type analysis for dynamically typed language is very difficult. This is mainly because the lack of static type information makes it difficult to approximate all possible values of a variable. Actually, the existing…

Software Engineering · Computer Science 2023-02-16 Ryutaro Kodama , Yoshitaka Arahori , Kathuhiko Gondow

Context: Static analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false-positive rate is essential for the adaption in practice and for precise…

Software Engineering · Computer Science 2024-03-13 Anna-Katharina Wickert , Michael Schlichtig , Marvin Vogel , Lukas Winter , Mira Mezini , Eric Bodden

Static analysis remains one of the most popular approaches for detecting and correcting poor or vulnerable program code. It involves the examination of code listings, test results, or other documentation to identify errors, violations of…

Artificial Intelligence · Computer Science 2021-08-27 Fitzroy D. Nembhard , Marco M. Carvalho

WebAssembly is the new low-level language for the web and has now been implemented in all major browsers since over a year. To ensure the security, performance, and correctness of future web applications, there is a strong need for dynamic…

Programming Languages · Computer Science 2018-09-03 Daniel Lehmann , Michael Pradel

We show that abstract interpretation-based static program analysis can be made efficient and precise enough to formally verify a class of properties for a family of large programs with few or no false alarms. This is achieved by refinement…

Programming Languages · Computer Science 2016-08-14 Bruno Blanchet , Patrick Cousot , Radhia Cousot , Jerôme Feret , Laurent Mauborgne , Antoine Miné , David Monniaux , Xavier Rival

Dynamic programming languages, such as PHP, JavaScript, and Python, provide built-in data structures including associative arrays and objects with similar semantics-object properties can be created at run-time and accessed via arbitrary…

Software Engineering · Computer Science 2014-05-07 David Hauzar , Jan Kofroň , Pavel Baštecký

Java 7 introduced programmable dynamic linking in the form of the invokedynamic framework. Static analysis of code containing programmable dynamic linking has often been cited as a significant source of unsoundness in the analysis of Java…

Programming Languages · Computer Science 2020-01-09 George Fourtounis , Yannis Smaragdakis

The popularity and wide adoption of JavaScript both at the client and server side makes its code analysis more important than ever before. Most of the algorithms for vulnerability analysis, coding issue detection, or type inference rely on…

Software Engineering · Computer Science 2024-05-14 Gábor Antal , Péter Hegedűs , Zoltán Tóth , Rudolf Ferenc , Tibor Gyimóthy

Detecting semantic interference remains a challenge in collaborative software development. Recent lightweight static analysis techniques improve efficiency over SDG-based methods, but they still suffer from a high rate of false positives. A…

Software Engineering · Computer Science 2025-10-03 Victor Lira , Paulo Borba , Rodrigo Bonifácio , Galileu Santos e Matheus barbosa

Context: Exhaustive fuzzing of modern JavaScript engines is infeasible due to the vast number of program states and execution paths. Coverage-guided fuzzers waste effort on low-risk inputs, often ignoring vulnerability-triggering ones that…

Software Engineering · Computer Science 2025-12-23 Kishan Kumar Ganguly , Tim Menzies

Information flow analysis prevents secret or untrusted data from flowing into public or trusted sinks. Existing mechanisms cover a wide array of options, ranging from lightweight taint analysis to heavyweight information flow control that…

Cryptography and Security · Computer Science 2019-06-28 Cristian-Alexandru Staicu , Daniel Schoepe , Musard Balliu , Michael Pradel , Andrei Sabelfeld

Static analysis is sound in theory, but an implementation may unsoundly fail to analyze all of a program's code. Any such omission is a serious threat to the validity of the tool's output. Our work is the first to measure the prevalence of…

Software Engineering · Computer Science 2024-07-11 Jordan Samhi , René Just , Tegawendé F. Bissyandé , Michael D. Ernst , Jacques Klein

The amount of JavaScript embedded in Web pages has substantially grown in the past decade, leading to large and complex pages that are computationally intensive for mobile devices. In this paper, we propose JSAnalyzer, an easy-to-use tool…

Software Engineering · Computer Science 2021-06-29 Moumena Chaqfeh , Jacinta Hu , Waleed Hashmi , Russell Coke , Lakshmi Subramanian , Yasir Zaki

Static analysis approximates the results of a program by examining only its syntax. For example, control-flow analysis (CFA) determines which syntactic lambdas (for functional languages) or (for object-oriented) methods may be invoked at…

Programming Languages · Computer Science 2021-07-28 Davis Ross Silverman , Yihao Sun , Kristopher Micinski , Thomas Gilray

Version control system tools empower developers to independently work on their development tasks. These tools also facilitate the integration of changes through merging operations, and report textual conflicts. However, when developers…

Software Engineering · Computer Science 2023-10-16 Galileu Santos de Jesus , Paulo Borba , Rodrigo Bonifácio , Matheus Barbosa de Oliveira

Dynamic program slicing can significantly reduce the code developers need to inspect by narrowing it down to only a subset of relevant program statements. However, despite an extensive body of research showing its usefulness, dynamic…

Software Engineering · Computer Science 2022-01-04 Bogdan Alexandru Stoica , Swarup K. Sahoo , James R. Larus , Vikram S. Adve

We propose a data-driven method for synthesizing a static analyzer to detect side-channel information leaks in cryptographic software. Compared to the conventional way of manually crafting such a static analyzer, which can be labor…

Software Engineering · Computer Science 2021-02-16 Jingbo Wang , Chungha Sung , Mukund Raghothaman , Chao Wang

Parallel programming in high-performance computing depends on low-level APIs such as MPI, requiring users to manage synchronization and resources manually. Several correctness checking tools exist to help bug-free code development, though…

Distributed, Parallel, and Cluster Computing · Computer Science 2026-03-04 Yussur Mustafa Oraji , Alexander Hück , Christian Bischof

In recent years, there has been significant progress in the development and industrial adoption of static analyzers. Such analyzers typically provide a large, if not huge, number of configurable options controlling the precision and…

Software Engineering · Computer Science 2020-10-01 Muhammad Numair Mansur , Benjamin Mariano , Maria Christakis , Jorge A. Navas , Valentin Wüstholz

Static analysis tools come in many forms andconfigurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements…