English
Related papers

Related papers: Learning to Reduce False Positives in Analytic Bug…

200 papers

Static Application Security Testing (SAST) tools play a vital role in modern software development by automatically detecting potential vulnerabilities in source code. However, their effectiveness is often limited by a high rate of false…

Software Engineering · Computer Science 2026-03-12 Tom Ohlmer , Michael Schlichtig , Eric Bodden

Building defect prediction models based on online learning can enhance prediction accuracy. It continuously rebuilds a new prediction model when adding a new data point. However, predicting a module as "non-defective" (i.e., negative…

Software Engineering · Computer Science 2023-08-29 Yuta Yamasaki , Nikolay Fedorov , Masateru Tsunoda , Akito Monden , Amjed Tahir , Kwabena Ebo Bennin , Koji Toda , Keitaro Nakasai

Bug reports are common artefacts in software development. They serve as the main channel for users to communicate to developers information about the issues that they encounter when using released versions of software programs. In the…

Software Engineering · Computer Science 2021-12-21 Arthur D. Sawadogo , Quentin Guimard , Tegawendé F. Bissyandé , Abdoul Kader Kaboré , Jacques Klein , Naouel Moha

Static analyzers are tool sets which are proving to be indispensable to modern programmers. These enable the programmers to detect possible errors and security defects present in the current code base within the implementation phase of the…

Software Engineering · Computer Science 2019-05-14 Eljose E Sajan , Yunpeng Zhang , Liang-Chieh Cheng

Software vulnerabilities bear enterprises significant costs. Despite extensive efforts in research and development of software vulnerability detection methods, uncaught vulnerabilities continue to put software owners and users at risk. Many…

Bug localization aims to reduce debugging time by recommending program elements that are relevant for a specific bug report. To date, researchers have primarily addressed this problem by applying different information retrieval techniques…

Software Engineering · Computer Science 2022-03-08 Agnieszka Ciborowska , Michael J. Decker , Kostadin Damevski

Deep Neural Networks (DNNs) are used in a wide variety of applications. However, as in any software application, DNN-based apps are afflicted with bugs. Previous work observed that DNN bug fix patterns are different from traditional bug fix…

Software Engineering · Computer Science 2021-12-09 Mohammad Wardat , Breno Dantas Cruz , Wei Le , Hridesh Rajan

Automatic detection of software bugs is a critical task in software security. Many static tools that can help detect bugs have been proposed. While these static bug detectors are mainly evaluated on general software projects call into…

Software Engineering · Computer Science 2023-07-11 Nima Shiri harzevili , Jiho Shin , Junjie Wang , Song Wang , Nachiappan Nagappan

Recent advances in neural modeling for bug detection have been very promising. More specifically, using snippets of code to create continuous vectors or \textit{embeddings} has been shown to be very good at method name prediction and…

Software Engineering · Computer Science 2020-05-14 Jón Arnar Briem , Jordi Smit , Hendrig Sellik , Pavel Rapoport

Deep learning had been used in program analysis for the prediction of hidden software defects using software defect datasets, security vulnerabilities using generative adversarial networks as well as identifying syntax errors by learning a…

Software Engineering · Computer Science 2019-07-16 Venkatesh Theru Mohan , Ali Jannesari

As machine-learning (ML) based systems for malware detection become more prevalent, it becomes necessary to quantify the benefits compared to the more traditional anti-virus (AV) systems widely used today. It is not practical to build an…

Cryptography and Security · Computer Science 2018-06-14 William Fleshman , Edward Raff , Richard Zak , Mark McLean , Charles Nicholas

Automatically generated static code warnings suffer from a large number of false alarms. Hence, developers only take action on a small percent of those warnings. To better predict which static code warnings should not be ignored, we suggest…

Software Engineering · Computer Science 2022-12-26 Rahul Yedida , Hong Jin Kang , Huy Tu , Xueqi Yang , David Lo , Tim Menzies

A long-standing open challenge for automated program repair is the overfitting problem, which is caused by having insufficient or incomplete specifications to validate whether a generated patch is correct or not. Most available repair…

Software Engineering · Computer Science 2021-11-11 Omar I. Al-Bataineh , Anastasiia Grishina , Leon Moonen

In this paper, we present an automated feature engineering based approach to dramatically reduce false positives in fraud prediction. False positives plague the fraud prediction industry. It is estimated that only 1 in 5 declared as fraud…

Artificial Intelligence · Computer Science 2017-10-30 Roy Wedge , James Max Kanter , Santiago Moral Rubio , Sergio Iglesias Perez , Kalyan Veeramachaneni

Even competent programmers make mistakes. Automatic verification can detect errors, but leaves the frustrating task of finding the erroneous line of code to the user. This paper presents an automatic approach for identifying potential error…

Logic in Computer Science · Computer Science 2014-09-17 Robert Koenighofer , Ronald Toegl , Roderick Bloem

Despite various approaches being employed to detect vulnerabilities, the number of reported vulnerabilities shows an upward trend over the years. This suggests the problems are not caught before the code is released, which could be caused…

Cryptography and Security · Computer Science 2025-02-14 Karl Tamberg , Hayretdin Bahsi

Despite extensive research, Large Language Models continue to hallucinate when generating code, particularly when using libraries. On NL-to-code benchmarks that require library use, we find that LLMs generate code that uses non-existent…

Computation and Language · Computer Science 2026-04-13 Clarissa Miranda-Pena , Andrew Reeson , Cécile Paris , Josiah Poon , Jonathan K. Kummerfeld

Static code warning tools often generate warnings that programmers ignore. Such tools can be made more useful via data mining algorithms that select the "actionable" warnings; i.e. the warnings that are usually not ignored. In this paper,…

Software Engineering · Computer Science 2021-01-12 Xueqi Yang , Jianfeng Chen , Rahul Yedida , Zhe Yu , Tim Menzies

Automated test generators, such as search based software testing (SBST) techniques, replace the tedious and expensive task of manually writing test cases. SBST techniques are effective at generating tests with high code coverage. However,…

Software Engineering · Computer Science 2022-06-15 Anjana Perera

Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents…

Cryptography and Security · Computer Science 2016-04-07 Bhargava Shastry , Fabian Yamaguchi , Konrad Rieck , Jean-Pierre Seifert