English
Related papers

Related papers: Implementing and Executing Static Analysis Using L…

200 papers

Symbolic execution is a powerful technique for bug finding and program testing. It is successful in finding bugs in real-world code. The core reasoning techniques use constraint solving, path exploration, and search, which are also the same…

Software Engineering · Computer Science 2020-07-20 Sahil Verma , Roland H. C. Yap

An equational logic program is a set of directed equations or rules, which are used to compute in the obvious way (by replacing equals with ``simpler'' equals). We present static analysis techniques for efficient equational logic…

Logic in Computer Science · Computer Science 2007-05-23 Rakesh M. Verma

Data leakage is a well-known problem in machine learning. Data leakage occurs when information from outside the training dataset is used to create a model. This phenomenon renders a model excessively optimistic or even useless in the real…

Programming Languages · Computer Science 2024-08-07 Filip Drobnjaković , Pavle Subotić , Caterina Urban

The role of regression testing in software testing is crucial as it ensures that any new modifications do not disrupt the existing functionality and behaviour of the software system. The desired outcome is for regression tests to yield…

Software Engineering · Computer Science 2025-06-09 Xin Sun , Daniel Ståhl , Kristian Sandahl

Academic research in static analysis produces software implementations. These implementations are time-consuming to develop and some need to be maintained in order to enable building further research upon the implementation. While…

Programming Languages · Computer Science 2024-11-06 Raphaël Monat , Abdelraouf Ouadjaout , Antoine Miné

Context: Static analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false-positive rate is essential for the adaption in practice and for precise…

Software Engineering · Computer Science 2024-03-13 Anna-Katharina Wickert , Michael Schlichtig , Marvin Vogel , Lukas Winter , Mira Mezini , Eric Bodden

Symbolic execution is a software verification technique symbolically running programs and thereby checking for bugs. Ranged symbolic execution performs symbolic execution on program parts, so called path ranges, in parallel. Due to the…

Software Engineering · Computer Science 2024-06-28 Jan Haltermanna , Marie-Christine Jakobs , Cedric Richter , Heike Wehrheim

Input sanitization mechanisms are widely used to mitigate vulnerabilities to injection attacks such as cross-site scripting. Static analysis tools and techniques commonly used to ensure that applications utilize sanitization functions.…

Cryptography and Security · Computer Science 2018-04-04 Mahmoud Mohammadi , Bill Chu , Heather Richter Lipford

Testing is one of the most indispensable tasks in software engineering. The role of testing in software development has grown significantly because testing is able to reveal defects in the code in an early stage of development. Many unit…

Software Engineering · Computer Science 2010-12-07 Norbert Pataki

Identifying vulnerabilities in source code is crucial, especially in critical software components. Existing methods such as static analysis, dynamic analysis, formal verification, and recently Large Language Models are widely used to detect…

In large programming classes, it takes a significant effort from teachers to evaluate exercises and provide detailed feedback. In systems programming, test cases are not sufficient to assess exercises, since concurrency and resource…

Computers and Society · Computer Science 2024-11-07 Roberto Natella

Large language models (LLMs) have demonstrated impressive capabilities in code generation, achieving high scores on benchmarks such as HumanEval and MBPP. However, these benchmarks primarily assess functional correctness and neglect broader…

Software Engineering · Computer Science 2025-08-21 Scott Blyth , Sherlock A. Licorish , Christoph Treude , Markus Wagner

Analyzing the behavior of a program running on a processor that supports speculative execution is crucial for applications such as execution time estimation and side channel detection. Unfortunately, existing static analysis techniques…

Programming Languages · Computer Science 2019-08-16 Meng Wu , Chao Wang

Without quantitative data, deciding whether and how to use static analysis in a development workflow is a matter of expert opinion and guesswork rather than an engineering trade-off. Moreover, relevant data collected under real-world…

Software Engineering · Computer Science 2020-03-09 William R. Nichols

Many security and software testing applications require checking whether certain properties of a program hold for any possible usage scenario. For instance, a tool for identifying software vulnerabilities may need to rule out the existence…

Software Engineering · Computer Science 2018-05-03 Roberto Baldoni , Emilio Coppa , Daniele Cono D'Elia , Camil Demetrescu , Irene Finocchi

Symbolic execution detects vulnerabilities with precision, but applying it to large codebases requires harnesses that set up symbolic state, model dependencies, and specify assertions. Writing these harnesses has traditionally been a manual…

Cryptography and Security · Computer Science 2026-04-09 Md Shafiuzzaman , Achintya Desai , Wenbo Guo , Tevfik Bultan

The C and C++ programming languages are notoriously insecure yet remain indispensable. Developers therefore resort to a multi-pronged approach to find security issues before adversaries. These include manual, static, and dynamic program…

Cryptography and Security · Computer Science 2018-06-13 Dokyung Song , Julian Lettner , Prabhu Rajasekaran , Yeoul Na , Stijn Volckaert , Per Larsen , Michael Franz

Even though much progress has been made in identifying and mitigating smart contract vulnerabilities, we often hear about coding or design issues leading to great financial losses. This paper presents our progress toward finding defects…

Logic in Computer Science · Computer Science 2024-11-01 Stefan-Claudiu Susan

This paper describes how to adapt a static code analyzer to help novice programmers. Current analyzers have been built to give feedback to experienced programmers who build new applications or systems. The type of feedback and the type of…

Software Engineering · Computer Science 2017-10-03 Tim Blok , Ansgar Fehnker

Current merge tools don't detect semantic conflicts, which occur when changes from different developers are textually integrated but semantically interfere with each other. Although researchers have proposed static analyses for detecting…

Software Engineering · Computer Science 2025-07-29 Matheus Barbosa , Paulo Borba , Rodrigo Bonifácio , Victor Lira , Galileu Santos