English
Related papers

Related papers: Targeted Static Analysis for OCaml C Stubs: elimin…

200 papers

The correctness of compilers is instrumental in the safety and reliability of other software systems, as bugs in compilers can produce executables that do not reflect the intent of programmers. Such errors are difficult to identify and…

Software Engineering · Computer Science 2022-06-17 Md Rafiqul Islam Rabin , Mohammad Amin Alipour

Static bug finders have been widely-adopted by developers to find bugs in real world software projects. They leverage predefined heuristic static analysis rules to scan source code or binary code of a software project, and report violations…

Software Engineering · Computer Science 2021-12-24 Junjie Wang , Yuchao Huang , Song Wang , Qing Wang

We report on the experience of developing Merlin, a language server for the OCaml programming language in development since 2013. Merlin is a daemon that connects to your favourite text editor and provides services that require a…

Programming Languages · Computer Science 2018-10-03 Frédéric Bour , Thomas Refis , Gabriel Scherer

Identifying vulnerabilities in source code is crucial, especially in critical software components. Existing methods such as static analysis, dynamic analysis, formal verification, and recently Large Language Models are widely used to detect…

Formally verified compilers and formally verified static analyzers are a solution to the problem that certain industries face when they have to demonstrate to authorities that the object code they run truly corresponds to its source code…

Logic in Computer Science · Computer Science 2024-07-12 David Monniaux

Designing a static analysis is generally a substantial undertaking, requiring significant expertise in both program analysis and the domain of the program analysis, and significant development resources. As a result, most program analyses…

Programming Languages · Computer Science 2018-10-17 Colin S. Gordon

Over 70% of security vulnerabilities in critical software systems today result from memory safety violations. To address this challenge, fuzzing and static analysis are widely used automated methods to discover such vulnerabilities. Fuzzing…

Cryptography and Security · Computer Science 2026-03-31 Keno Hassler , Philipp Görz , Stephan Lipp

While static analysis is useful in detecting early-stage hardware security bugs, its efficacy is limited because it requires information to form checks and is often unable to explain the security impact of a detected vulnerability. Large…

Cryptography and Security · Computer Science 2025-05-01 Baleegh Ahmad , Hammond Pearce , Ramesh Karri , Benjamin Tan

Despite being the most popular programming language, Python has not yet received enough attention from the community. To the best of our knowledge, there is no general static analysis framework proposed to facilitate the implementation of…

Software Engineering · Computer Science 2022-02-25 Li Li , Jiawei Wang , Haowei Quan

Programmers often add meaningful information about program semantics when naming program entities such as variables, functions, and macros. However, static analysis tools typically discount this information when they look for bugs in a…

Programming Languages · Computer Science 2020-09-22 Roger Scott , Joseph Ranieri , Lucja Kot , Vineeth Kashyap

We make another assault on the longstanding problem of debugging. After exploring why debuggers are not used as widely as one might expect, especially in functional programming environments, we define the characteristics of a debugger which…

Programming Languages · Computer Science 2019-05-17 John Whitington , Tom Ridge

We show that abstract interpretation-based static program analysis can be made efficient and precise enough to formally verify a class of properties for a family of large programs with few or no false alarms. This is achieved by refinement…

Programming Languages · Computer Science 2016-08-14 Bruno Blanchet , Patrick Cousot , Radhia Cousot , Jerôme Feret , Laurent Mauborgne , Antoine Miné , David Monniaux , Xavier Rival

Static analysis remains one of the most popular approaches for detecting and correcting poor or vulnerable program code. It involves the examination of code listings, test results, or other documentation to identify errors, violations of…

Artificial Intelligence · Computer Science 2021-08-27 Fitzroy D. Nembhard , Marco M. Carvalho

Owing to the continued use of C (and C++), spatial safety violations (e.g., buffer overflows) still constitute one of today's most dangerous and prevalent security vulnerabilities. To combat these violations, Checked C extends C with…

Programming Languages · Computer Science 2022-03-28 Aravind Machiry , John Kastner , Matt McCutchen , Aaron Eline , Kyle Headley , Michael Hicks

In recent years, there has been significant progress in the development and industrial adoption of static analyzers. Such analyzers typically provide a large, if not huge, number of configurable options controlling the precision and…

Software Engineering · Computer Science 2020-10-01 Muhammad Numair Mansur , Benjamin Mariano , Maria Christakis , Jorge A. Navas , Valentin Wüstholz

This presentation will cover a framework for application-level tracing of OCaml programs. We outline a solution to the main technical challenge, which is being able to log typed values with lower overhead and maintenance burden than…

Programming Languages · Computer Science 2023-04-12 Darius Foo , Wei-Ngan Chin

We introduce Bug-Injector, a system that automatically creates benchmarks for customized evaluation of static analysis tools. We share a benchmark generated using Bug-Injector and illustrate its efficacy by using it to evaluate the recall…

Software Engineering · Computer Science 2019-09-10 Vineeth Kashyap , Jason Ruchti , Lucja Kot , Emma Turetsky , Rebecca Swords , Shih An Pan , Julien Henry , David Melski , Eric Schulte

Context: Static analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false-positive rate is essential for the adaption in practice and for precise…

Software Engineering · Computer Science 2024-03-13 Anna-Katharina Wickert , Michael Schlichtig , Marvin Vogel , Lukas Winter , Mira Mezini , Eric Bodden

Static analysis is an important approach for finding bugs and vulnerabilities in software. However, inspecting and confirming static warnings are challenging and time-consuming. In this paper, we present a novel solution that automatically…

Software Engineering · Computer Science 2021-06-30 Ashwin Kallingal Joshy , Xueyuan Chen , Benjamin Steenhoek , Wei Le

Static analysis tools are commonly used to detect defects before the code is released. Previous research has focused on their overall effectiveness and their ability to detect defects. However, little is known about the usage patterns of…

Software Engineering · Computer Science 2023-11-14 Georgios Liargkovas , Evangelia Panourgia , Diomidis Spinellis