Machine learning for actionable warning identification: A comprehensive survey
Actionable Warning Identification (AWI) plays a crucial role in improving the usability of static
code analyzers. With recent advances in Machine Learning (ML), various approaches have …
code analyzers. With recent advances in Machine Learning (ML), various approaches have …
Survey of approaches for postprocessing of static analysis alarms
T Muske, A Serebrenik - ACM Computing Surveys (CSUR), 2022 - dl.acm.org
Static analysis tools have showcased their importance and usefulness in automated
detection of defects. However, the tools are known to generate a large number of alarms …
detection of defects. However, the tools are known to generate a large number of alarms …
Mining fix patterns for findbugs violations
Several static analysis tools, such as Splint or FindBugs, have been proposed to the
software development community to help detect security vulnerabilities or bad programming …
software development community to help detect security vulnerabilities or bad programming …
Learning to reduce false positives in analytic bug detectors
Due to increasingly complex software design and rapid iterative development, code defects
and security vulnerabilities are prevalent in modern software. In response, programmers rely …
and security vulnerabilities are prevalent in modern software. In response, programmers rely …
Software model checking for people who love automata
M Heizmann, J Hoenicke, A Podelski - … , July 13-19, 2013. Proceedings 25, 2013 - Springer
In this expository paper, we use automata for software model checking in a new way. The
starting point is to fix the alphabet: the set of statements of the given program. We show how …
starting point is to fix the alphabet: the set of statements of the given program. We show how …
Skipanalyzer: An embodied agent for code analysis with large language models
We introduce SkipAnalyzer, the first large language model (LLM)-powered embodied agent
for static code analysis. It can detect bugs, filter false positive warnings, and patch the …
for static code analysis. It can detect bugs, filter false positive warnings, and patch the …
Aletheia: Improving the usability of static security analysis
The scale and complexity of modern software systems complicate manual security auditing.
Automated analysis tools are gradually becoming a necessity. Specifically, static security …
Automated analysis tools are gradually becoming a necessity. Specifically, static security …
Survey of approaches for handling static analysis alarms
T Muske, A Serebrenik - 2016 IEEE 16th International Working …, 2016 - ieeexplore.ieee.org
Static analysis tools have showcased their importance and usefulness in automated
detection of code anomalies and defects. However, the large number of alarms reported and …
detection of code anomalies and defects. However, the large number of alarms reported and …
Optimizing symbolic execution for malware behavior classification
Increasingly software correctness, reliability, and security is being analyzed using tools that
combine various formal and heuristic approaches. Often such analysis becomes expensive …
combine various formal and heuristic approaches. Often such analysis becomes expensive …
BanditFuzz: fuzzing SMT solvers with multi-agent reinforcement learning
We present BanditFuzz, a multi-agent reinforcement learning (RL) guided performance
fuzzer for state-of-the-art Satisfiability Modulo Theories (SMT) solvers. BanditFuzz constructs …
fuzzer for state-of-the-art Satisfiability Modulo Theories (SMT) solvers. BanditFuzz constructs …