English
Related papers

Related papers: Minimizing False Positives in Static Bug Detection…

200 papers

Static analysis plays a crucial role in software vulnerability detection, yet faces a persistent precision-scalability tradeoff. In large codebases like the Linux kernel, traditional static analysis tools often generate excessive false…

Software Engineering · Computer Science 2025-06-03 Haonan Li , Hang Zhang , Kexin Pei , Zhiyun Qian

Due to increasingly complex software design and rapid iterative development, code defects and security vulnerabilities are prevalent in modern software. In response, programmers rely on static analysis tools to regularly scan their…

Software Engineering · Computer Science 2022-03-21 Anant Kharkar , Roshanak Zilouchian Moghaddam , Matthew Jin , Xiaoyu Liu , Xin Shi , Colin Clement , Neel Sundaresan

Static analysis tools (SATs) are widely adopted in both academia and industry for improving software quality, yet their practical use is often hindered by high false positive rates, especially in large-scale enterprise systems. These false…

Software Engineering · Computer Science 2026-01-28 Xueying Du , Jiayi Feng , Yi Zou , Wei Xu , Jie Ma , Wei Zhang , Sisi Liu , Xin Peng , Yiling Lou

Static Application Security Testing (SAST) tools are critical to software quality, identifying potential code issues early in development. However, they often produce false positive warnings that require manual review, slowing down…

Software Engineering · Computer Science 2025-06-03 Jinbao Chen , Hongjing Xiang , Zuohong Zhao , Luhao Li , Yu Zhang , Boyao Ding , Qingwei Li , Songyuan Xiong

Identifying and resolving software faults remains a challenging and resource-intensive process. Traditional fault localization techniques, such as Spectrum-Based Fault Localization (SBFL), leverage statistical analysis of test coverage but…

Software Engineering · Computer Science 2025-03-20 Md Nakhla Rafi , Dong Jae Kim , Tse-Hsun Chen , Shaowei Wang

Static analysis is a widely used technique in software engineering for identifying and mitigating bugs. However, a significant hurdle lies in achieving a delicate balance between precision and scalability. Large Language Models (LLMs) offer…

Software Engineering · Computer Science 2023-11-17 Haonan Li , Yu Hao , Yizhuo Zhai , Zhiyun Qian

Software vulnerabilities continue to be ubiquitous, even in the era of AI-powered code assistants, advanced static analysis tools, and the adoption of extensive testing frameworks. It has become apparent that we must not simply prevent…

Due to the impressive code comprehension ability of Large Language Models (LLMs), a few studies have proposed to leverage LLMs to locate bugs, i.e., LLM-based FL, and demonstrated promising performance. However, first, these methods are…

Software Engineering · Computer Science 2025-02-19 Chuyang Xu , Zhongxin Liu , Xiaoxue Ren , Gehao Zhang , Ming Liang , David Lo

Static bug finders have been widely-adopted by developers to find bugs in real world software projects. They leverage predefined heuristic static analysis rules to scan source code or binary code of a software project, and report violations…

Software Engineering · Computer Science 2021-12-24 Junjie Wang , Yuchao Huang , Song Wang , Qing Wang

A key challenge in security analysis is the manual evaluation of potential security weaknesses generated by static application security testing (SAST) tools. Numerous false positives (FPs) in these reports reduce the effectiveness of…

Cryptography and Security · Computer Science 2025-07-15 Jonas Wagner , Simon Müller , Christian Näther , Jan-Philipp Steghöfer , Andreas Both

False-positive bug reports represent a significant yet underexplored challenge in the development and maintenance of the Linux kernel. They occur when correct system behavior is mistakenly flagged as a defect, consuming developer effort…

Software Engineering · Computer Science 2026-05-11 Jiashuo Tian , Dong Wang , Chen Yang , Haichi Wang , Zan Wang , Junjie Chen

Modern software development pipelines face growing challenges in securing large codebases with extensive dependencies. Static analysis tools like Bandit are effective at vulnerability detection but suffer from high false positives and lack…

Cryptography and Security · Computer Science 2025-09-23 Jugal Gajjar , Kamalasankari Subramaniakuppusamy , Relsy Puthal , Kaustik Ranaware

The widespread adoption of open-source software (OSS) has accelerated software innovation but also increased security risks due to the rapid propagation of vulnerabilities and silent patch releases. In recent years, large language models…

Cryptography and Security · Computer Science 2025-11-12 Junxiao Han , Zheng Yu , Lingfeng Bao , Jiakun Liu , Yao Wan , Jianwei Yin , Shuiguang Deng , Song Han

Ensuring code correctness remains a challenging problem even as large language models (LLMs) become increasingly capable at code-related tasks. While LLM-based program repair systems can propose bug fixes using only a user's bug report,…

Software Engineering · Computer Science 2025-02-21 Adam Stein , Arthur Wayne , Aaditya Naik , Mayur Naik , Eric Wong

Despite their remarkable success, large language models (LLMs) have shown limited ability on safety-critical code tasks such as vulnerability detection. Typically, static analysis (SA) tools, like CodeQL, CodeGuru Security, etc., are used…

Cryptography and Security · Computer Science 2025-09-15 Ira Ceka , Feitong Qiao , Anik Dey , Aastha Valecha , Gail Kaiser , Baishakhi Ray

Large language models (LLMs) have demonstrated strong performance on a wide range of software engineering tasks, including code generation and analysis. However, most prior work relies on cloud-based models or specialized hardware, limiting…

Software Engineering · Computer Science 2026-04-28 Jelena Ilić Vulićević

Large language models (LLMs) and LLM-based Agents have been applied to fix bugs automatically, demonstrating the capability in addressing software defects by engaging in development environment interaction, iterative validation and code…

Software Engineering · Computer Science 2025-10-21 Xiangxin Meng , Zexiong Ma , Pengfei Gao , Chao Peng

While static analysis is useful in detecting early-stage hardware security bugs, its efficacy is limited because it requires information to form checks and is often unable to explain the security impact of a detected vulnerability. Large…

Cryptography and Security · Computer Science 2025-05-01 Baleegh Ahmad , Hammond Pearce , Ramesh Karri , Benjamin Tan

Static Application Security Testing (SAST) tools are essential for identifying software vulnerabilities, but they often produce a high volume of false positives (FPs), imposing a substantial manual triage burden on developers. Recent…

Software Engineering · Computer Science 2026-02-02 Yunpeng Xiong , Ting Zhang

Large language models (LLMs) are becoming more advanced and widespread and have shown their applicability to various domains, including cybersecurity. Static malware analysis is one of the most important tasks in cybersecurity; however, it…

Cryptography and Security · Computer Science 2024-11-25 Shota Fujii , Rei Yamagishi
‹ Prev 1 2 3 10 Next ›