English
Related papers

Related papers: slash: A Technique for Static Configuration-Logic …

200 papers

Software debloating tools seek to improve program security and performance by removing unnecessary code, called bloat. While many techniques have been proposed, several barriers to their adoption have emerged. Namely, debloating tools are…

Software Engineering · Computer Science 2024-06-14 Michael D. Brown , Adam Meily , Brian Fairservice , Akshay Sood , Jonathan Dorn , Eric Kilmer , Ronald Eytchison

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

Identifying which software versions are affected by a vulnerability is critical for patching, risk mitigation. Despite a growing body of tools, their real-world effectiveness remains unclear due to narrow evaluation scopes often limited to…

Software Engineering · Computer Science 2025-09-10 Xingchu Chen , Chengwei Liu , Jialun Cao , Yang Xiao , Xinyue Cai , Yeting Li , Jingyi Shi , Tianqi Sun , Haiming Chen ang Wei Huo

Statistical fault localization is an easily deployed technique for quickly determining candidates for faulty code locations. If a human programmer has to search the fault beyond the top candidate locations, though, more traditional…

Software Engineering · Computer Science 2021-01-11 Ezekiel Soremekun , Lukas Kirschner , Marcel Böhme , Andreas Zeller

Over 70% of security vulnerabilities in critical software systems today result from memory safety violations. To address this challenge, fuzzing and static analysis are widely used automated methods to discover such vulnerabilities. Fuzzing…

Cryptography and Security · Computer Science 2026-03-31 Keno Hassler , Philipp Görz , Stephan Lipp

Early identification of security issues in software development is vital to minimize their unanticipated impacts. Code review is a widely used manual analysis method that aims to uncover security issues along with other coding issues in…

Software Engineering · Computer Science 2024-07-18 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Deep learning has been shown to be a promising tool in detecting software vulnerabilities. In this work, we train neural networks with program slices extracted from the source code of C/C++ programs to detect software vulnerabilities. The…

Cryptography and Security · Computer Science 2024-05-29 Zhen Huang , Amy Aumpansub

It is quite common for security testing to be delayed until after the software has been developed, but vulnerabilities may get noticed throughout the implementation phase and the earlier they are discovered, the easier and cheaper it will…

Software Engineering · Computer Science 2018-05-25 Rahma Mahmood , Qusay H. Mahmoud

Many tools and libraries are readily available to build and operate distributed Web applications. While the setup of operational environments is comparatively easy, practice shows that their continuous secure operation is more difficult to…

Cryptography and Security · Computer Science 2012-07-13 Matteo Maria Casalino , Michele Mangili , Henrik Plate , Serena Elisa Ponta

This paper focuses on effective user diagnostics generated during the deductive verification of probabilistic programs. Our key principle is based on providing slices for (1) error reporting, (2) proof simplification, and (3) preserving…

Programming Languages · Computer Science 2025-12-25 Philipp Schröer , Darion Haase , Joost-Pieter Katoen

Even competent programmers make mistakes. Automatic verification can detect errors, but leaves the frustrating task of finding the erroneous line of code to the user. This paper presents an automatic approach for identifying potential error…

Logic in Computer Science · Computer Science 2014-09-17 Robert Koenighofer , Ronald Toegl , Roderick Bloem

Memory leaks remain prevalent in real-world C/C++ software. Static analyzers such as CodeQL provide scalable program analysis but frequently miss such bugs because they cannot recognize project-specific custom memory-management functions…

Software Engineering · Computer Science 2026-04-29 Huihui Huang , Jieke Shi , Bo Wang , Zhou Yang , David Lo

The complexity of software in embedded systems has increased significantly over the last years so that software verification now plays an important role in ensuring the overall product quality. In this context, SAT-based bounded model…

Software Engineering · Computer Science 2009-11-20 Lucas Cordeiro , Bernd Fischer , Joao Marques-Silva

Pointers are a powerful, but dangerous feature provided by the C and C++ programming languages, and incorrect use of pointers is a common source of bugs and security vulnerabilities. Making secure software is crucial, as vulnerabilities…

Formal Languages and Automata Theory · Computer Science 2024-11-01 Vlad-Alexandru Teodorescu , Dorel Lucanu

Memory disclosure attacks play an important role in the exploitation of memory corruption vulnerabilities. By analyzing recent research, we observe that bypasses of defensive solutions that enforce control-flow integrity or attempt to…

Cryptography and Security · Computer Science 2020-07-08 Robert Gawlik , Philipp Koppe , Benjamin Kollenda , Andre Pawlowski , Behrad Garmany , Thorsten Holz

Compilers are complex, and significant effort has been expended on testing them. Techniques such as random program generation and differential testing have proved highly effective and have uncovered thousands of bugs in production…

Software Engineering · Computer Science 2025-01-03 Davide Italiano , Chris Cummins

Modern configurable systems offer customization via intricate configuration spaces, yet such flexibility introduces pervasive configuration-related issues such as misconfigurations and latent softwarebugs. Existing diagnosability supports…

Software Engineering · Computer Science 2025-09-01 Shiwen Shan , Yintong Huo , Yuxin Su , Zhining Wang , Dan Li , Zibin Zheng

Boundary value analysis and testing (BVT) is fundamental in software quality assurance because faults tend to cluster at input extremes, yet testers often struggle to understand and justify why certain input-output pairs represent…

Software Engineering · Computer Science 2026-02-02 Sabinakhon Akbarova , Felix Dobslaw , Robert Feldt

Testing is one of the most indispensable tasks in software engineering. The role of testing in software development has grown significantly because testing is able to reveal defects in the code in an early stage of development. Many unit…

Software Engineering · Computer Science 2010-12-07 Norbert Pataki

Large Language Models (LLMs) have shown great promise in vulnerability identification. As C/C++ comprises half of the Open-Source Software (OSS) vulnerabilities over the past decade and updates in OSS mainly occur through commits, enhancing…

Cryptography and Security · Computer Science 2024-09-12 Zeqing Qin , Yiwei Wu , Lansheng Han
‹ Prev 1 2 3 10 Next ›