Predictive models in software engineering: Challenges and opportunities
Predictive models are one of the most important techniques that are widely applied in many
areas of software engineering. There have been a large number of primary studies that …
areas of software engineering. There have been a large number of primary studies that …
Learning to detect memory-related vulnerabilities
Memory-related vulnerabilities can result in performance degradation or even program
crashes, constituting severe threats to the security of modern software. Despite the …
crashes, constituting severe threats to the security of modern software. Despite the …
Goshawk: Hunting memory corruptions via structure-aware and object-centric memory operation synopsis
Existing tools for the automated detection of memory corruption bugs are not very effective in
practice. They typically recognize only standard memory management (MM) APIs (eg …
practice. They typically recognize only standard memory management (MM) APIs (eg …
Detecting {API}{Post-Handling} Bugs Using Code and Description in Patches
Program APIs must be used in accordance with their specifications. API post-handling (APH)
is a common type of specification that deals with APIs' return checks, resource releases, etc …
is a common type of specification that deals with APIs' return checks, resource releases, etc …
Boosting Static Resource Leak Detection via LLM-based Resource-Oriented Intention Inference
Resource leaks, caused by resources not being released after acquisition, often lead to
performance issues and system crashes. Existing static detection techniques rely on …
performance issues and system crashes. Existing static detection techniques rely on …
bjXnet: an improved bug localization model based on code property graph and attention mechanism
J Han, C Huang, S Sun, Z Liu, J Liu - Automated Software Engineering, 2023 - Springer
Bug localization technologies and tools are widely used in software engineering. Although
state-of-the-art methods have achieved great progress, they only consider the source code …
state-of-the-art methods have achieved great progress, they only consider the source code …
Detecting kernel memory bugs through inconsistent memory management intention inferences
Modern operating system kernels, typically written in low-level languages such as C and
C++, are tasked with managing extensive memory resources. Memory-related errors, such …
C++, are tasked with managing extensive memory resources. Memory-related errors, such …
AbsIntIO: Towards Showing the Absence of Integer Overflows in Binaries using Abstract Interpretation
A Küchler, L Wenning, F Wendland - Proceedings of the 2023 ACM Asia …, 2023 - dl.acm.org
In the past years, the CWE-190 integer overflow led to many vulnerabilities. Program
verification techniques such as Abstract Interpretation can show that no such bug is present …
verification techniques such as Abstract Interpretation can show that no such bug is present …
Mining resource-operation knowledge to support resource leak detection
Resource leaks, which are caused by acquired resources not being released, often result in
performance degradation and system crashes. Resource leak detection relies on two …
performance degradation and system crashes. Resource leak detection relies on two …
Do Language Models Learn Semantics of Code? A Case Study in Vulnerability Detection
Recently, pretrained language models have shown state-of-the-art performance on the
vulnerability detection task. These models are pretrained on a large corpus of source code …
vulnerability detection task. These models are pretrained on a large corpus of source code …