Results 311 to 320 of about 26,063,160 (372)

Cross-Contract Static Analysis for Detecting Practical Reentrancy Vulnerabilities in Smart Contracts

International Conference on Automated Software Engineering, 2020
Reentrancy bugs, one of the most severe vulnerabilities in smart contracts, have caused huge financial loss in recent years. Researchers have proposed many approaches to detecting them.
Yinxing Xue, Mingliang Ma, Yun Lin, Yulei Sui, Jiaming Ye, T. Peng   +5 more
semanticscholar   +1 more source

Why Do Software Developers Use Static Analysis Tools? A User-Centered Study of Developer Needs and Motivations

IEEE Transactions on Software Engineering, 2020
As increasingly complex software is developed every day, a growing number of companies use static analysis tools to reason about program properties ranging from simple coding style rules to more advanced software bugs, to multi-tier security ...
Lisa Nguyen, Quang Do, J. R. Wright, Karim Ali   +3 more
semanticscholar   +1 more source

Static analysis of Java enterprise applications: frameworks and caches, the elephants in the room

ACM-SIGPLAN Symposium on Programming Language Design and Implementation, 2020
Enterprise applications are a major success domain of Java, and Java is the default setting for much modern static analysis research. It would stand to reason that high-quality static analysis of Java enterprise applications would be commonplace, but ...
A. Antoniadis, Nikos Filippakis, Paddy Krishnan, R. Ramesh, N. Allen, Y. Smaragdakis   +5 more
semanticscholar   +1 more source

Enhancing Static Analysis for Practical Bug Detection: An LLM-Integrated Approach

Proc. ACM Program. Lang.
While static analysis is instrumental in uncovering software bugs, its precision in analyzing large and intricate codebases remains challenging. The emerging prowess of Large Language Models (LLMs) offers a promising avenue to address these complexities.
Haonan Li, Yu Hao, Yizhuo Zhai, Zhiyun Qian   +3 more
semanticscholar   +1 more source

LLM-Assisted Static Analysis for Detecting Security Vulnerabilities

International Conference on Learning Representations
Software is prone to security vulnerabilities. Program analysis tools to detect them have limited effectiveness in practice due to their reliance on human labeled specifications.
Ziyang Li, Saikat Dutta, Mayur Naik
semanticscholar   +1 more source

STALL+: Boosting LLM-based Repository-level Code Completion with Static Analysis

arXiv.org
Repository-level code completion is challenging as it involves complicated contexts from multiple files in the repository. To date, researchers have proposed two technical categories to enhance LLM-based repository-level code completion, i.e., retrieval ...
Junwei Liu, Yixuan Chen, Mingwei Liu, Xin Peng, Yiling Lou   +4 more
semanticscholar   +1 more source

Are Static Analysis Violations Really Fixed? A Closer Look at Realistic Usage of SonarQube

IEEE International Conference on Program Comprehension, 2019
The use of automatic static analysis tools (ASATs) has gained increasing attention in the last few years. Even though available research have already explored ASATs issues and how they are fixed, these studies rely on revisions of the software, instead ...
Diego Marcilio, R. Bonifácio, Eduardo Monteiro, E. Canedo, W. Luz, G. Pinto   +5 more
semanticscholar   +1 more source

Challenges with Responding to Static Analysis Tool Alerts

IEEE Working Conference on Mining Software Repositories, 2019
Static analysis tool alerts can help developers detect potential defects in the code early in the development cycle. However, developers are not always able to respond to the alerts with their preferred action and may turn away from using the tool.
Nasif Imtiaz, A. Rahman, Effat Farhana, L. Williams   +3 more
semanticscholar   +1 more source

Nodest: feedback-driven static analysis of Node.js applications

ESEC/SIGSOFT FSE, 2019
Node.js provides the ability to write JavaScript programs for the server-side and has become a popular language for developing web applications. Node.js allows direct access to the underlying filesystem, operating system resources, and databases, but ...
Benjamin Barslev Nielsen, Behnaz Hassanshahi, François Gauthier   +2 more
semanticscholar   +1 more source

Explaining Static Analysis - A Perspective

2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW), 2019
Static code analysis is widely used to support the development of high-quality software. It helps developers detect potential bugs and security vulnerabilities in a program's source code without executing it.
Marcus Nachtigall, Lisa Nguyen Quang Do, E. Bodden   +2 more
semanticscholar   +1 more source