English
Related papers

Related papers: SkipAnalyzer: A Tool for Static Code Analysis with…

200 papers

Purpose: In the field of vulnerability repair, previous research has leveraged pretrained models and LLM-based prompt engineering, among which LLM-based approaches show better generalizability and achieve the best performance. However, the…

Software Engineering · Computer Science 2025-12-23 Ruoke Wang , Zongjie Li , Cuiyun Gao , Chaozheng Wang , Yang Xiao , Xuan Wang

A key challenge in security analysis is the manual evaluation of potential security weaknesses generated by static application security testing (SAST) tools. Numerous false positives (FPs) in these reports reduce the effectiveness of…

Cryptography and Security · Computer Science 2025-07-15 Jonas Wagner , Simon Müller , Christian Näther , Jan-Philipp Steghöfer , Andreas Both

Static analysis tools (SATs) are widely adopted in both academia and industry for improving software quality, yet their practical use is often hindered by high false positive rates, especially in large-scale enterprise systems. These false…

Software Engineering · Computer Science 2026-01-28 Xueying Du , Jiayi Feng , Yi Zou , Wei Xu , Jie Ma , Wei Zhang , Sisi Liu , Xin Peng , Yiling Lou

While static analysis is useful in detecting early-stage hardware security bugs, its efficacy is limited because it requires information to form checks and is often unable to explain the security impact of a detected vulnerability. Large…

Cryptography and Security · Computer Science 2025-05-01 Baleegh Ahmad , Hammond Pearce , Ramesh Karri , Benjamin Tan

Failure-inducing inputs play a crucial role in diagnosing and analyzing software bugs. Bug reports typically contain these inputs, which developers extract to facilitate debugging. Since bug reports are written in natural language, prior…

Software Engineering · Computer Science 2025-12-16 Alif Al Hasan , Subarna Saha , Mia Mohammad Imran , Tarannum Shaila Zaman

Automatically locating a bug within a large codebase remains a significant challenge for developers. Existing techniques often struggle with generalizability and deployment due to their reliance on application-specific data and large model…

Software Engineering · Computer Science 2024-07-04 Mahinthan Chandramohan , Dai Quoc Nguyen , Padmanabhan Krishnan , Jovan Jancic

Security vulnerabilities present in a code that has been written in diverse programming languages are among the most critical yet complicated aspects of source code to detect. Static analysis tools based on rule-based patterns usually do…

Cryptography and Security · Computer Science 2025-08-19 Hael Abdulhakim Ali Humran , Ferdi Sonmez

The rapid adoption of large language models (LLMs) in critical domains has spurred extensive research into their security issues. While input manipulation attacks (e.g., prompt injection) have been well studied, Bit-Flip Attacks (BFAs) --…

Cryptography and Security · Computer Science 2025-09-24 Haotian Xu , Qingsong Peng , Jie Shi , Huadi Zheng , Yu Li , Cheng Zhuo

We introduce Bug-Injector, a system that automatically creates benchmarks for customized evaluation of static analysis tools. We share a benchmark generated using Bug-Injector and illustrate its efficacy by using it to evaluate the recall…

Software Engineering · Computer Science 2019-09-10 Vineeth Kashyap , Jason Ruchti , Lucja Kot , Emma Turetsky , Rebecca Swords , Shih An Pan , Julien Henry , David Melski , Eric Schulte

Static analysis tools are traditionally used to detect and flag programs that violate properties. We show that static analysis tools can also be used to perturb programs that satisfy a property to construct variants that violate the…

Large Language Model (LLM) - based Automated Program Repair (APR) systems are increasingly integrated into modern software development workflows, offering automated patches in response to natural language bug reports. However, this reliance…

Software Engineering · Computer Science 2026-05-26 Piotr Przymus , Andreas Happe , Jürgen Cito

This paper presents a novel methodology for enhancing Automated Program Repair (APR) through synthetic data generation utilizing Large Language Models (LLMs). Current APR systems are constrained by the limited availability of high-quality…

Software Engineering · Computer Science 2026-03-31 David de-Fitero-Dominguez , Antonio Garcia-Cabot , Eva Garcia-Lopez

Large language models (LLMs) have demonstrated strong performance on a wide range of software engineering tasks, including code generation and analysis. However, most prior work relies on cloud-based models or specialized hardware, limiting…

Software Engineering · Computer Science 2026-04-28 Jelena Ilić Vulićević

Context: Contemporary code review tools are a popular choice for software quality assurance. Using these tools, reviewers are able to post a linkage between two patches during a review discussion. Large development teams that use a…

Software Engineering · Computer Science 2021-06-07 Dong Wang , Raula Gaikovina Kula , Takashi Ishio , Kenichi Matsumoto

Automated Program Repair (APR) has benefited from the code understanding and generation capabilities of Large Language Models (LLMs). Existing feedback-based APR methods iteratively refine candidate patches using test execution feedback and…

Software Engineering · Computer Science 2026-04-22 Linhao Wu , Yifei Pei , Zhen Yang , Kainan Li , Zhonghang Lu , Hao Tan , Xiran Lyu , Jia Li , Yizhou Chen , Pengyu Xue , Kunwu Zheng , Dan Hao

We present an alternative approach to creating static bug finders. Instead of relying on human expertise, we utilize deep neural networks to train static analyzers directly from data. In particular, we frame the problem of bug finding as a…

Software Engineering · Computer Science 2020-03-30 Yu Wang , Fengjuan Gao , Linzhang Wang , Ke Wang

Despite decades of research, software bug localization remains challenging due to heterogeneous content and inherent ambiguities in bug reports. Existing methods, such as Information Retrieval (IR)-based approaches, often attempt to match…

Software Engineering · Computer Science 2026-03-19 Asif Mohammed Samir , Mohammad Masudur Rahman

Static Application Security Testing (SAST) tools are essential for identifying software vulnerabilities, but they often produce a high volume of false positives (FPs), imposing a substantial manual triage burden on developers. Recent…

Software Engineering · Computer Science 2026-02-02 Yunpeng Xiong , Ting Zhang

Due to the impressive code comprehension ability of Large Language Models (LLMs), a few studies have proposed to leverage LLMs to locate bugs, i.e., LLM-based FL, and demonstrated promising performance. However, first, these methods are…

Software Engineering · Computer Science 2025-02-19 Chuyang Xu , Zhongxin Liu , Xiaoxue Ren , Gehao Zhang , Ming Liang , David Lo

Static analysis tools are widely used to detect software bugs and vulnerabilities but often struggle with scalability and efficiency in complex codebases. Traditional approaches rely on manually crafted annotations -- labeling functions as…