Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- research-articleSeptember 2024Distinguished Paper
Identifying Smart Contract Security Issues in Code Snippets from Stack Overflow
ISSTA 2024: Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and AnalysisSeptember 2024, Pages 1198–1210https://doi.org/10.1145/3650212.3680353Smart contract developers frequently seek solutions to developmental challenges on Q&A platforms such as Stack Overflow (SO). Although community responses often provide viable solutions, the embedded code snippets can also contain hidden vulnerabilities. ...
Analyzing Quantum Programs with LintQ: A Static Analysis Framework for Qiskit
Proceedings of the ACM on Software Engineering (PACMSE), Volume 1, Issue FSEArticle No.: 95, Pages 2144–2166https://doi.org/10.1145/3660802As quantum computing is rising in popularity, the amount of quantum programs and the number of developers writing them are increasing rapidly. Unfortunately, writing correct quantum programs is challenging due to various subtle rules developers need to ...
- short-paperJuly 2024
Detecting Code Comment Inconsistencies using LLM and Program Analysis
FSE 2024: Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software EngineeringJuly 2024, Pages 683–685https://doi.org/10.1145/3663529.3664458Code comments are the most important medium for documenting program logic and design. Nevertheless, as modern software undergoes frequent updates and modifications, maintaining the accuracy and relevance of comments becomes a labor-intensive endeavor. ...
- research-articleJuly 2024
Fuzzing API Error Handling Behaviors using Coverage Guided Fault Injection
ASIA CCS '24: Proceedings of the 19th ACM Asia Conference on Computer and Communications SecurityJuly 2024, Pages 1495–1509https://doi.org/10.1145/3634737.3637650Incorrect handling of Software Application Programming Interfaces (APIs) errors results in bugs or security vulnerabilities that are hard to trigger during regular testing. Most of the existing techniques to detect such errors are based on static ...
Compatible Branch Coverage Driven Symbolic Execution for Efficient Bug Finding
Proceedings of the ACM on Programming Languages (PACMPL), Volume 8, Issue PLDIArticle No.: 213, Pages 1633–1655https://doi.org/10.1145/3656443Symbolic execution is a powerful technique for bug finding by generating test inputs to systematically explore all feasible paths within a given threshold. However, its practical usage is often limited by the path explosion problem. In this paper, we ...
-
Reducing Static Analysis Unsoundness with Approximate Interpretation
Proceedings of the ACM on Programming Languages (PACMPL), Volume 8, Issue PLDIArticle No.: 194, Pages 1165–1188https://doi.org/10.1145/3656424Static program analysis for JavaScript is more difficult than for many other programming languages. One of the main reasons is the presence of dynamic property accesses that read and write object properties via dynamically computed property names. To ...
Program Analysis for Adaptive Data Analysis
Proceedings of the ACM on Programming Languages (PACMPL), Volume 8, Issue PLDIArticle No.: 184, Pages 914–938https://doi.org/10.1145/3656414Data analyses are usually designed to identify some property of the population from which the data are drawn, generalizing beyond the specific data sample. For this reason, data analyses are often designed in a way that guarantees that they produce a low ...
- research-articleMay 2024
PanoptiChrome: A Modern In-browser Taint Analysis Framework
WWW '24: Proceedings of the ACM Web Conference 2024May 2024, Pages 1914–1922https://doi.org/10.1145/3589334.3645699Taint tracking in web browsers is a problem of profound interest because it allows developers to accurately understand the flow of sensitive data across JavaScript (JS) functions. Modern websites load JS functions from either the web server or other ...
- research-articleApril 2024
ARCTURUS: Full Coverage Binary Similarity Analysis with Reachability-guided Emulation
ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 33, Issue 4Article No.: 96, Pages 1–31https://doi.org/10.1145/3640337Binary code similarity analysis is extremely useful, since it provides rich information about an unknown binary, such as revealing its functionality and identifying reused libraries. Robust binary similarity analysis is challenging, as heavy compiler ...
- research-articleJuly 2024
GitBug-Java: A Reproducible Java Benchmark of Recent Bugs
MSR '24: Proceedings of the 21st International Conference on Mining Software RepositoriesApril 2024, Pages 118–122https://doi.org/10.1145/3643991.3644884Bug-fix benchmarks are essential for evaluating methodologies in automatic program repair (APR) and fault localization (FL). However, existing benchmarks, exemplified by Defects4J, need to evolve to incorporate recent bug-fixes aligned with contemporary ...
- research-articleJune 2024
TaiE: Function Identification for Monolithic Firmware
ICPC '24: Proceedings of the 32nd IEEE/ACM International Conference on Program ComprehensionApril 2024, Pages 403–414https://doi.org/10.1145/3643916.3644407The principal tasks of program analysis, including bug searching and code similarity detection, are executed at the function level. However, the accurate identification of functions within stripped binary files poses a significant challenge. This ...
- research-articleMay 2024
PrivacyCAT: Privacy-Aware Code Analysis at Scale
- Ke Mao,
- Cons Åhs,
- Sopot Cela,
- Dino Distefano,
- Nick Gardner,
- Radu Grigore,
- Per Gustafsson,
- Ákos Hajdu,
- Timotej Kapus,
- Matteo Marescotti,
- Gabriela Cunha Sampaio,
- Thibault Suzanne
ICSE-SEIP '24: Proceedings of the 46th International Conference on Software Engineering: Software Engineering in PracticeApril 2024, Pages 106–117https://doi.org/10.1145/3639477.3639742Static and dynamic code analyses have been widely adopted in industry to enhance software reliability, security, and performance by automatically detecting bugs in the code. In this paper, we introduce PrivacyCAT1, a code analysis system developed and ...
- research-articleMay 2024
Dynamic Inference of Likely Symbolic Tensor Shapes in Python Machine Learning Programs
ICSE-SEIP '24: Proceedings of the 46th International Conference on Software Engineering: Software Engineering in PracticeApril 2024, Pages 147–156https://doi.org/10.1145/3639477.3639718In machine learning programs, it is often tedious to annotate the dimensions of shapes of various tensors that get created during execution. We present a dynamic likely tensor shape inference analysis, called ShapeIt, that annotates the dimensions of ...
- research-articleMay 2024
Beyond a Joke: Dead Code Elimination Can Delete Live Code
ICSE-NIER'24: Proceedings of the 2024 ACM/IEEE 44th International Conference on Software Engineering: New Ideas and Emerging ResultsApril 2024, Pages 32–36https://doi.org/10.1145/3639476.3639763Dead Code Elimination (DCE) is a fundamental compiler optimization technique that removes dead code (e.g., unreachable or reachable but whose results are unused) in the program to produce smaller or faster executables. However, since compiler ...
- short-paperMay 2024
Hunting DeFi Vulnerabilities via Context-Sensitive Concolic Verification
ICSE-Companion '24: Proceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion ProceedingsApril 2024, Pages 324–325https://doi.org/10.1145/3639478.3643105Decentralized finance (DeFi) is revolutionizing the traditional centralized finance paradigm with its attractive features such as high availability, transparency, and tamper-proofing. However, attacks targeting DeFi services have severely damaged the ...
Fault Localization on Verification Witnesses (Poster Paper)
ICSE-Companion '24: Proceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion ProceedingsApril 2024, Pages 339–340https://doi.org/10.1145/3639478.3643099Verifiers export violation witnesses, which help independent validators to confirm a reported specification violation. It is assumed that violation witnesses are helpful if they are very precise: ideally, they should describe a single program path for ...
- research-articleMay 2024
GitBug-Actions: Building Reproducible Bug-Fix Benchmarks with GitHub Actions
ICSE-Companion '24: Proceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion ProceedingsApril 2024, Pages 1–5https://doi.org/10.1145/3639478.3640023Bug-fix benchmarks are fundamental in advancing various sub-fields of software engineering such as automatic program repair (APR) and fault localization (FL). A good benchmark must include recent examples that accurately reflect technologies and ...
FlashSyn: Flash Loan Attack Synthesis via Counter Example Driven Approximation
ICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software EngineeringMay 2024, Article No.: 142, Pages 1–13https://doi.org/10.1145/3597503.3639190In decentralized finance (DeFi), lenders can offer flash loans to borrowers, i.e., loans that are only valid within a blockchain transaction and must be repaid with fees by the end of that transaction. Unlike normal loans, flash loans allow borrowers to ...
- research-articleApril 2024
Automatic Semantic Augmentation of Language Model Prompts (for Code Summarization)
ICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software EngineeringMay 2024, Article No.: 220, Pages 1–13https://doi.org/10.1145/3597503.3639183Large Language Models (LLM) are a new class of computation engines, "programmed" via prompt engineering. Researchers are still learning how to best "program" these LLMs to help developers. We start with the intuition that developers tend to consciously ...
- research-articleMarch 2024
WeBridge: Synthesizing Stored Procedures for Large-Scale Real-World Web Applications
Proceedings of the ACM on Management of Data (PACMMOD), Volume 2, Issue 1Article No.: 64, Pages 1–29https://doi.org/10.1145/3639319Modern web applications use databases to store their data. When processing user requests, these applications retrieve and store data in the database server, which incurs network round trips. These round trips significantly increase the application's ...