English
Related papers

Related papers: QLCoder: A Query Synthesizer For Static Analysis o…

200 papers

We introduce QLPro, a vulnerability detection framework that systematically integrates LLMs and static analysis tools to enable comprehensive vulnerability detection across entire open-source projects.We constructed a new dataset, JavaTest,…

Software Engineering · Computer Science 2025-07-22 Junze Hu , Xiangyu Jin , Yizhe Zeng , Yuling Liu , Yunpeng Li , Dan Du , Kaiyu Xie , Hongsong Zhu

Recent advancements in automatic code generation using large language models (LLMs) have brought us closer to fully automated secure software development. However, existing approaches often rely on a single agent for code generation, which…

Software Engineering · Computer Science 2024-11-06 Ana Nunez , Nafis Tanveer Islam , Sumit Kumar Jha , Peyman Najafirad

Identifying vulnerabilities in source code is crucial, especially in critical software components. Existing methods such as static analysis, dynamic analysis, formal verification, and recently Large Language Models are widely used to detect…

CodeChecker is an open source project that integrates different static analysis tools such as the Clang Static Analyzer and Clang-Tidy into the build systems, continuous integration loops, and development workflows of C++ programmers. It…

Software Engineering · Computer Science 2024-08-06 Gabor Horvath , Reka Kovacs , Richard Szalay , Zoltan Porkolab , Gyorgy Orban , Daniel Krupp

Large language models (LLMs) are widely used in software development. However, the code generated by LLMs often contains vulnerabilities. Several secure code generation methods have been proposed to address this issue, but their current…

Cryptography and Security · Computer Science 2025-11-14 Shih-Chieh Dai , Jun Xu , Guanhong Tao

Static Application Security Testing (SAST) tools are integral to modern DevSecOps pipelines, yet tools like CodeQL, Semgrep, and SonarQube remain fundamentally constrained: they require expert-crafted queries, generate excessive false…

Cryptography and Security · Computer Science 2026-02-11 George Tsigkourakos , Constantinos Patsakis

Modern software relies on a multitude of automated testing and quality assurance tools to prevent errors, bugs and potential vulnerabilities. This study sets out to provide a head-to-head, quantitative and qualitative evaluation of six…

Software Engineering · Computer Science 2025-08-07 Damian Gnieciak , Tomasz Szandala

Software is prone to security vulnerabilities. Program analysis tools to detect them have limited effectiveness in practice due to their reliance on human labeled specifications. Large language models (or LLMs) have shown impressive code…

Cryptography and Security · Computer Science 2025-04-08 Ziyang Li , Saikat Dutta , Mayur Naik

Static analysis is a powerful technique for bug detection in critical systems like operating system kernels. However, designing and implementing static analyzers is challenging, time-consuming, and typically limited to predefined bug…

Software Engineering · Computer Science 2025-09-05 Chenyuan Yang , Zijie Zhao , Zichen Xie , Haoyu Li , Lingming Zhang

Existing literature heavily relies on static analysis tools to evaluate LLMs for secure code generation and vulnerability detection. We reviewed 1,080 LLM-generated code samples, built a human-validated ground-truth, and compared the…

Cryptography and Security · Computer Science 2026-02-06 Ehsan Firouzi , Mohammad Ghafari

Security analysts routinely query system logs to detect threats and investigate incidents, but each log source uses its own semi-structured format: logs are cheap to produce, but expensive to use. The standard approach, building per-source…

Cryptography and Security · Computer Science 2026-05-22 Evan Luo , Julien Piet , David Wagner

Static analysis is an important approach for finding bugs and vulnerabilities in software. However, inspecting and confirming static warnings are challenging and time-consuming. In this paper, we present a novel solution that automatically…

Software Engineering · Computer Science 2021-06-30 Ashwin Kallingal Joshy , Xueyuan Chen , Benjamin Steenhoek , Wei Le

Static analysis is the process of analyzing software code without executing the software. It can help find bugs and potential problems in software that may only appear at runtime. Although many static analysis tools have been developed for…

Software Engineering · Computer Science 2023-04-11 Pengzhan Zhao , Xiongfei Wu , Zhuo Li , Jianjun Zhao

The impending arrival of cryptographically relevant quantum computers (CRQCs) threatens the security foundations of modern software: Shor's algorithm breaks RSA, ECDSA, ECDH, and Diffie-Hellman, while Grover's algorithm reduces the…

Cryptography and Security · Computer Science 2026-05-19 Animesh Shaw

Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents…

Cryptography and Security · Computer Science 2016-04-07 Bhargava Shastry , Fabian Yamaguchi , Konrad Rieck , Jean-Pierre Seifert

Static security analysis is a widely used technique for detecting software vulnerabilities across a wide range of weaknesses, application domains, and programming languages. While prior work surveyed static analyzes for specific weaknesses…

Cryptography and Security · Computer Science 2026-02-23 Kevin Hermann , Sven Peldszus , Thorsten Berger

Open-source software (OSS) pipelines rely on automated static analysis tools to prevent the introduction of vulnerabilities in code. However, there is limited understanding of the efficacy of these tools across the OSS ecosystem over time.…

Cryptography and Security · Computer Science 2026-05-11 Jean-Charles Noirot Ferrand , Kyle Domico , Yohan Beugin , Patrick McDaniel

Static analysis tools are widely used to detect software bugs and vulnerabilities but often struggle with scalability and efficiency in complex codebases. Traditional approaches rely on manually crafted annotations -- labeling functions as…

Scaling quantum computing to practical applications necessitates reliable quantum error correction. Although numerous correction codes have been proposed, the overall correction efficiency critically limited by the decode algorithms. We…

Quantum Physics · Physics 2025-06-04 Gengyuan Hu , Wanli Ouyang , Chao-Yang Lu , Chen Lin , Han-Sen Zhong

Static analysis tools are widely used to detect bugs, vulnerabilities, and code smells. Traditionally, developers must resolve these warnings manually. Because this process is tedious, developers sometimes ignore warnings, leading to an…

Software Engineering · Computer Science 2026-04-14 Pascal Joos , Islem Bouzenia , Michael Pradel
‹ Prev 1 2 3 10 Next ›