English
Related papers

Related papers: Validating Static Warnings via Testing Code Fragme…

200 papers

Programs expecting structured inputs often consist of both a syntactic analysis stage, which parses raw input, and a semantic analysis stage, which conducts checks on the parsed input and executes the core logic of the program.…

Software Engineering · Computer Science 2019-06-11 Rohan Padhye , Caroline Lemieux , Koushik Sen , Mike Papadakis , Yves Le Traon

As quantum computing is rising in popularity, the amount of quantum programs and the number of developers writing them are increasing rapidly. Unfortunately, writing correct quantum programs is challenging due to various subtle rules…

Software Engineering · Computer Science 2024-05-17 Matteo Paltenghi , Michael Pradel

Flakiness is a major concern in Software testing. Flaky tests pass and fail for the same version of a program and mislead developers who spend time and resources investigating test failures only to discover that they are false alerts. In…

Software Engineering · Computer Science 2021-11-08 Guillaume Haben , Sarra Habchi , Mike Papadakis , Maxime Cordy , Yves Le Traon

A key challenge in security analysis is the manual evaluation of potential security weaknesses generated by static application security testing (SAST) tools. Numerous false positives (FPs) in these reports reduce the effectiveness of…

Cryptography and Security · Computer Science 2025-07-15 Jonas Wagner , Simon Müller , Christian Näther , Jan-Philipp Steghöfer , Andreas Both

The irreversible nature of blockchain transactions makes the identification of smart contract vulnerabilities an essential requirement for secure system development. While Large Language Models (LLMs) are increasingly integrated into…

Cryptography and Security · Computer Science 2026-05-13 Stefan-Claudiu Susan , Andrei Arusoaie , Dorel Lucanu

Static malware analysis is well-suited to endpoint anti-virus systems as it can be conducted quickly by examining the features of an executable piece of code and matching it to previously observed malicious code. However, static code…

Cryptography and Security · Computer Science 2018-06-19 Matilda Rhode , Pete Burnap , Kevin Jones

We introduce QLPro, a vulnerability detection framework that systematically integrates LLMs and static analysis tools to enable comprehensive vulnerability detection across entire open-source projects.We constructed a new dataset, JavaTest,…

Software Engineering · Computer Science 2025-07-22 Junze Hu , Xiangyu Jin , Yizhe Zeng , Yuling Liu , Yunpeng Li , Dan Du , Kaiyu Xie , Hongsong Zhu

Static analysis tools are widely used to detect software bugs and vulnerabilities but often struggle with scalability and efficiency in complex codebases. Traditional approaches rely on manually crafted annotations -- labeling functions as…

Static analysis of structures is a fundamental step for determining the stability of structures. Both linear and non-linear static analyses consist of the resolution of sparse linear systems obtained by the finite element method. The…

Machine Learning · Computer Science 2022-01-17 Luca Grementieri , Francesco Finelli

The mass production of complex software has made it impossible to manually test it for security vulnerabilities. Automated security testing tools come in a variety of flavors, function at various stages of software development, and target…

Software Engineering · Computer Science 2023-01-18 Yan Wu , Jingyi Su , David D. Moran , Chris D. Near

Modern automotive software is highly complex and consists of millions lines of code. For safety-relevant automotive software, it is recommended to use sound static program analysis to prove the absence of runtime errors. However, the…

Software Engineering · Computer Science 2023-10-26 Jesko Hecking-Harbusch , Jochen Quante , Maximilian Schlund

The emergence of vibe coding, a paradigm where non-technical users instruct Large Language Models (LLMs) to generate executable codes via natural language, presents both significant opportunities and severe risks for the construction…

Software Engineering · Computer Science 2026-04-28 S M Jamil Uddin

Software vulnerabilities are constantly being reported and exploited in software products, causing significant impacts on society. In recent years, the main approach to vulnerability detection, fuzzing, has been integrated into the…

Software Engineering · Computer Science 2025-10-21 Tatsuya Shirai , Olivier Nourry , Yutaro Kashiwa , Kenji Fujiwara , Yasutaka Kamei , Hajimu Iida

Fixing static analysis alerts in source code with Large Language Models (LLMs) is becoming increasingly popular. However, LLMs often hallucinate and perform poorly for complex and less common alerts. Retrieval-augmented generation (RAG)…

Software Engineering · Computer Science 2025-11-04 Yuan-An Xiao , Weixuan Wang , Dong Liu , Junwei Zhou , Shengyu Cheng , Yingfei Xiong

Modern Large Language Model (LLM)-based programming agents often rely on test execution feedback to refine their generated code. These tests are synthetically generated by LLMs. However, LLMs may produce invalid or hallucinated test cases,…

Software Engineering · Computer Science 2026-02-27 Hamed Taherkhani , Jiho Shin , Muhammad Ammar Tahir , Md Rakib Hossain Misu , Vineet Sunil Gattani , Hadi Hemmati

Maintenance is a dominant component of software cost, and localizing reported defects is a significant component of maintenance. We propose a scalable approach that leverages the natural language present in both defect reports and source…

Software Engineering · Computer Science 2012-11-14 Zachary P. Fry , Westley Weimer

As researchers, we already understand how to make testing more effective and efficient at finding bugs. However, as fuzzing (i.e., automated testing) becomes more widely adopted in practice, practitioners are asking: Which assurances does a…

Software Engineering · Computer Science 2018-12-18 Marcel Böhme

Generation-based fuzzing is a software testing approach which is able to discover different types of bugs and vulnerabilities in software. It is, however, known to be very time consuming to design and fine tune classical fuzzers to achieve…

Cryptography and Security · Computer Science 2019-01-25 Martin Sablotny , Bjørn Sand Jensen , Chris W. Johnson

We present an alternative approach to creating static bug finders. Instead of relying on human expertise, we utilize deep neural networks to train static analyzers directly from data. In particular, we frame the problem of bug finding as a…

Software Engineering · Computer Science 2020-03-30 Yu Wang , Fengjuan Gao , Linzhang Wang , Ke Wang

Symbolic execution detects vulnerabilities with precision, but applying it to large codebases requires harnesses that set up symbolic state, model dependencies, and specify assertions. Writing these harnesses has traditionally been a manual…

Cryptography and Security · Computer Science 2026-04-09 Md Shafiuzzaman , Achintya Desai , Wenbo Guo , Tevfik Bultan