Static analysis is an important tool for detecting bugs in real-world software. The advent of
numerous analysis algorithms with their own tradeoffs has led to the proliferation of …

Numerical abstract domains are a key component of modern static analyzers. Despite recent
advances, precise analysis with highly expressive domains remains too costly for many real …

This paper concerns the scalability challenges of symbolic abstraction: given a formula ϕ in
a logic L and an abstract domain A, find a most precise element in the abstract domain that …

Real world applications make heavy use of powerful libraries and frameworks, posing a
significant challenge for static analysis as the library implementation may be very complex or …

The most popular static taint analysis tools for Android allow users to change the underlying
analysis algorithms through configuration options. However, the large configuration spaces …

Static program analyses are routinely applied as the basis of code optimizations and to
detect safety and security issues in software systems. For their results to be reliable, static …

Many program verification tools can be customized via run-time configuration options that
trade off performance, precision, and soundness. However, in practice, users often run tools …

We present a heuristic for approximating the likelihood of reaching a given program
statement using 1) branch selectivity (representing the percentage of values that satisfy a …

In languages like C, out-of-bounds array accesses lead to security vulnerabilities and
crashes. Even in managed languages like Java, which check array bounds at run time, out …

Testing and debugging the implementation of static analysis is a challenging task, often
involving significant manual effort from domain experts in a tedious and unprincipled …