English
Related papers

Related papers: Validating Static Warnings via Testing Code Fragme…

200 papers

The evaluation of Large Language Models (LLMs) for code generation relies heavily on the quality and robustness of test cases. However, existing benchmarks often lack coverage for subtle corner cases, allowing incorrect solutions to pass.…

Software Engineering · Computer Science 2026-02-25 Jingwei Shi , Xinxiang Yin , Jing Huang , Jinman Zhao , Shengyu Tao

Symbolic execution is a program analysis technique executing programs with symbolic instead of concrete inputs. This principle allows for exploring many program paths at once. Despite its wide adoption -- in particular for program testing…

Programming Languages · Computer Science 2023-10-13 Arthur Correnson , Dominic Steinhoefel

Students often struggle with solving programming problems when learning to code, especially when they have to do it online, with one of the most common disadvantages of working online being the lack of personalized help. This help can be…

A gradual type system allows developers to declare certain types to be enforced by the compiler (i.e., statically typed), while leaving other types to be enforced via runtime checks (i.e., dynamically typed). When runtime checks fail,…

Programming Languages · Computer Science 2025-03-03 Felipe Bañados Schwerter , Ronald Garcia , Reid Holmes , Karim Ali

Test instability in a floating-point program occurs when the control flow of the program diverges from its ideal execution assuming real arithmetic. This phenomenon is caused by the presence of round-off errors that affect the evaluation of…

Programming Languages · Computer Science 2020-01-10 Laura Titolo , Mariano Moscato , Cesar A. Muñoz

Vulnerable software represents a tremendous threat to modern information systems. Vulnerabilities in widespread applications may be used to spread malware, steal money and conduct target attacks. To address this problem, developers and…

Cryptography and Security · Computer Science 2018-07-06 Maksim Shudrak , Vyacheslav Zolotarev

False-positive bug reports represent a significant yet underexplored challenge in the development and maintenance of the Linux kernel. They occur when correct system behavior is mistakenly flagged as a defect, consuming developer effort…

Software Engineering · Computer Science 2026-05-11 Jiashuo Tian , Dong Wang , Chen Yang , Haichi Wang , Zan Wang , Junjie Chen

This report examines the synergy between Large Language Models (LLMs) and Static Application Security Testing (SAST) to improve vulnerability discovery. Traditional SAST tools, while effective for proactive security, are limited by high…

Cryptography and Security · Computer Science 2025-11-06 Vaibhav Agrawal , Kiarash Ahi

Input sanitization mechanisms are widely used to mitigate vulnerabilities to injection attacks such as cross-site scripting. Static analysis tools and techniques commonly used to ensure that applications utilize sanitization functions.…

Cryptography and Security · Computer Science 2018-04-04 Mahmoud Mohammadi , Bill Chu , Heather Richter Lipford

Fuzzing has become a popular technique for automatically detecting vulnerabilities and bugs by generating unexpected inputs. In recent years, the fuzzing process has been integrated into continuous integration workflows (i.e., continuous…

Software Engineering · Computer Science 2026-02-06 Tatsuya Shirai , Olivier Nourry , Yutaro Kashiwa , Kenji Fujiwara , Hajimu Iida

Designing a static analysis is generally a substantial undertaking, requiring significant expertise in both program analysis and the domain of the program analysis, and significant development resources. As a result, most program analyses…

Programming Languages · Computer Science 2018-10-17 Colin S. Gordon

Context: Static code analysis (SCA) tools play a vital role in software development, reducing the cost and time required for code reviews. However, high false-positive and false-negative rates are reported for the best tools in the…

Software Engineering · Computer Science 2026-03-03 Lakmal Deshapriya , Sherlock A. Licorish , Brendon J. Woodford

Formally verified compilers and formally verified static analyzers are a solution to the problem that certain industries face when they have to demonstrate to authorities that the object code they run truly corresponds to its source code…

Logic in Computer Science · Computer Science 2024-07-12 David Monniaux

A widespread belief in the blockchain security community is that automated techniques are only good for detecting shallow bugs, typically of small value. In this paper, we present the techniques and insights that have led us to repeatable…

Static analysis is a classical technique for improving software security and software quality in general. Fairly recently, a new static analyzer was implemented in the GNU Compiler Collection (GCC). The present paper uses the GCC's analyzer…

Software Engineering · Computer Science 2025-12-05 Jukka Ruohonen , Mubashrah Saddiqa , Krzysztof Sierszecki

A code clone is a pair of code fragments, within or between software systems that are similar. Since code clones often negatively impact the maintainability of a software system, several code clone detection techniques and tools have been…

Software Engineering · Computer Science 2020-05-05 Golam Mostaeen , Banani Roy , Chanchal Roy , Kevin Schneider , Jeffrey Svajlenko

Static analysis tools are frequently used to scan the source code and detect deviations from the project coding guidelines. Given their importance, linters are often introduced to classrooms to educate students on how to detect and…

Software Engineering · Computer Science 2023-07-20 Eman Abdullah AlOmar , Salma Abdullah AlOmar , Mohamed Wiem Mkaouer

In modern software development, vulnerability detection is crucial due to the inevitability of bugs and vulnerabilities in complex software systems. Effective detection and elimination of these vulnerabilities during the testing phase are…

Cryptography and Security · Computer Science 2025-09-29 Christopher Scherb , Luc Bryan Heitz , Hermann Grieder

Static analysis plays a key role in finding bugs, including security issues. A critical step in static analysis is building accurate call graphs that model function calls in a program. However, due to hard-to-analyze language features,…

Software Engineering · Computer Science 2025-06-24 Masudul Hasan Masud Bhuiyan , Gianluca De Stefano , Giancarlo Pellegrino , Cristian-Alexandru Staicu

Formal verification can provably guarantee the correctness of critical system software, but the high proof burden has long hindered its wide adoption. Recently, Large Language Models (LLMs) have shown success in code analysis and synthesis.…

Formal Languages and Automata Theory · Computer Science 2023-11-27 Jianan Yao , Ziqiao Zhou , Weiteng Chen , Weidong Cui