English
Related papers

Related papers: Targeted Static Analysis for OCaml C Stubs: elimin…

200 papers

It is quite common for security testing to be delayed until after the software has been developed, but vulnerabilities may get noticed throughout the implementation phase and the earlier they are discovered, the easier and cheaper it will…

Software Engineering · Computer Science 2018-05-25 Rahma Mahmood , Qusay H. Mahmoud

Static code analysis is a powerful approach to detect quality deficiencies such as performance bottlenecks, safety violations or security vulnerabilities already during a software system's implementation. Yet, as current software systems…

Software Engineering · Computer Science 2017-10-23 Eric Bodden

Static bug detection tools help developers detect problems in the code, including bad programming practices and potential defects. Recent efforts to integrate static bug detectors in modern software development workflows, such as in code…

Software Engineering · Computer Science 2024-01-24 Junjie Li , Jinqiu Yang

Static analysis is one of the most widely adopted techniques to find software bugs before code is put in production. Designing and implementing effective and efficient static analyses is difficult and requires high expertise, which results…

Software Engineering · Computer Science 2019-06-04 Andrew Habib , Michael Pradel

This paper describes how to adapt a static code analyzer to help novice programmers. Current analyzers have been built to give feedback to experienced programmers who build new applications or systems. The type of feedback and the type of…

Software Engineering · Computer Science 2017-10-03 Tim Blok , Ansgar Fehnker

This paper investigates code LLMs' capability of static analysis during code intelligence tasks such as code summarization and generation. Code LLMs are now household names for their abilities to do some programming tasks that have…

Software Engineering · Computer Science 2026-03-27 Chia-Yi Su , Collin McMillan

Automatically generated static code warnings suffer from a large number of false alarms. Hence, developers only take action on a small percent of those warnings. To better predict which static code warnings should not be ignored, we suggest…

Software Engineering · Computer Science 2022-12-26 Rahul Yedida , Hong Jin Kang , Huy Tu , Xueqi Yang , David Lo , Tim Menzies

Buffer overflow detection and mitigation for C programs has been an important concern for a long time. This paper defines a string buffer overflow analysis for C programs. The key ideas of our formulation are (a) separating buffers from the…

Programming Languages · Computer Science 2014-12-30 Uday P. Khedker

STANSE is a free (available under the GPLv2 license) modular framework for finding bugs in C programs using static analysis. Its two main design goals are 1) ability to process large software projects like the Linux kernel and 2)…

Software Engineering · Computer Science 2012-02-06 Jan Obdržálek , Jiří Slabý , Marek Trtík

Cryptic type error messages are a major obstacle to learning OCaml or other ML-based languages. In many cases, error messages cannot be interpreted without a sufficiently-precise model of the type inference algorithm. The problem of…

Programming Languages · Computer Science 2015-12-08 Arthur Charguéraud

Static analysis tools are widely used for vulnerability detection as they understand programs with complex behavior and millions of lines of code. Despite their popularity, static analysis tools are known to generate an excess of false…

Software Engineering · Computer Science 2021-02-17 Yunhui Zheng , Saurabh Pujar , Burn Lewis , Luca Buratti , Edward Epstein , Bo Yang , Jim Laredo , Alessandro Morari , Zhong Su

Large language models (LLMs) are increasingly used to generate requirements specifications, design documents, code, and test cases. In contrast, much less attention has been given to a more difficult assurance problem: statically verifying…

Software Engineering · Computer Science 2026-05-19 Zhi Quan Zhou , Dave Towey , Tsong Yueh Chen

We report on implementing graph grammars for intelligence analysis in OCaml. Graph grammars are represented as elements of an algebraic data type in OCaml. In addition to algebraic data types, we use other concepts from functional…

Programming Languages · Computer Science 2016-06-06 Rod Moten , Kemafor Anyanwu-Ogan , Sahibi Miranshah

Finding and fixing buggy code is an important and cost-intensive maintenance task, and static analysis (SA) is one of the methods developers use to perform it. SA tools warn developers about potential bugs by scanning their source code for…

Software Engineering · Computer Science 2020-09-04 Yoshiki Higo , Shinpei Hayashi , Hideaki Hata , Meiyappan Nagappan

To put static program analysis at the fingertips of the software developer, we propose a framework for interactive abstract interpretation. While providing sound analysis results, abstract interpretation in general can be quite costly. To…

Programming Languages · Computer Science 2022-11-28 Julian Erhard , Simmo Saan , Sarah Tilscher , Michael Schwarz , Karoliine Holter , Vesal Vojdani , Helmut Seidl

Static Application Security Testing (SAST) tools are integral to modern software development, yet their adoption is undermined by excessive false positives that weaken developer trust and demand costly manual triage. We present ZeroFalse, a…

The sources of reliable, code-level information about vulnerabilities that affect open-source software (OSS) are scarce, which hinders a broad adoption of advanced tools that provide code-level detection and assessment of vulnerable OSS…

Software Engineering · Computer Science 2021-05-10 Therese Fehrer , Rocío Cabrera Lozoya , Antonino Sabetta , Dario Di Nucci , Damian A. Tamburri

OCaml is particularly well-fitted for formal verification. On one hand, it is a multi-paradigm language with a well-defined semantics, allowing one to write clean, concise, type-safe, and efficient code. On the other hand, it is a language…

Logic in Computer Science · Computer Science 2021-09-07 Mário Pereira , António Ravara

Large Language Models (LLMs) are one of the most promising developments in the field of artificial intelligence, and the software engineering community has readily noticed their potential role in the software development life-cycle.…

Software Engineering · Computer Science 2026-03-16 Greta Dolcetti , Vincenzo Arceri , Eleonora Iotti , Sergio Maffeis , Agostino Cortesi , Enea Zaffanella

Knowledge-based systems reason over some knowledge base. Hence, an important issue for such systems is how to acquire the knowledge needed for their inference. This paper assesses active learning methods for acquiring knowledge for "static…

Software Engineering · Computer Science 2020-10-23 Xueqi Yang , Zhe Yu , Junjie Wang , Tim Menzies