This data set is for ISSTA 2021 Paper: Validating Static Warnings via Testing Code Fragments Static analysis is an important approach for finding bugs and vulnerabilities in software. However, inspecting and confirming static warnings are challenging and time-consuming. In this paper, we present a novel solution that automatically generates test cases based on static warnings to validate true and false positives. We designed a syntactic patching algorithm that can generate syntactically valid, semantic preserving executable code fragments from static warnings. We developed a build and testing system to automatically test code fragments using fuzzers, KLEE and Valgrind. We evaluated our techniques using 12 real-world C projects and 1955 war...
International audienceSoftware validation remains crucial in software development process. Tradition...
Developers and security analysts have been using static analysis for a long time to ana-lyze program...
We describe a new technique for finding potential buffer overrun vulnerabilities in security-critica...
This data set is for ISSTA 2021 Paper: Validating Static Warnings via Testing Code Fragments Static...
Static code analysis tools are known to flag a large number of false positives. A false positive is ...
Static bug detection tools help developers detect problems in the code, including bad programming pr...
This is a replication data package for a paper titled "Static Code Analysis Alarms Filtering Reloade...
Abstract. Safety-critical software in industry is typically subjected to both dy-namic testing as we...
This thesis addresses several aspects of using static code analysis tools for detection of security ...
Static analysis is nowadays an essential component of many software development toolsets, attracting...
This repository contains the evaluation script and the corresponding data of the ISSTA'22 paper "An ...
A large number of tools that automate the process of finding errors in pro-grams has recently emerge...
Background. Industrial software increasingly relies on open source software. Therefore, industrial p...
Indiana University-Purdue University Indianapolis (IUPUI)Static code analysis tools are known to fla...
Testing to detect semantic bugs is essential, especially for critical systems. Coverage-guided fuzzi...
International audienceSoftware validation remains crucial in software development process. Tradition...
Developers and security analysts have been using static analysis for a long time to ana-lyze program...
We describe a new technique for finding potential buffer overrun vulnerabilities in security-critica...
This data set is for ISSTA 2021 Paper: Validating Static Warnings via Testing Code Fragments Static...
Static code analysis tools are known to flag a large number of false positives. A false positive is ...
Static bug detection tools help developers detect problems in the code, including bad programming pr...
This is a replication data package for a paper titled "Static Code Analysis Alarms Filtering Reloade...
Abstract. Safety-critical software in industry is typically subjected to both dy-namic testing as we...
This thesis addresses several aspects of using static code analysis tools for detection of security ...
Static analysis is nowadays an essential component of many software development toolsets, attracting...
This repository contains the evaluation script and the corresponding data of the ISSTA'22 paper "An ...
A large number of tools that automate the process of finding errors in pro-grams has recently emerge...
Background. Industrial software increasingly relies on open source software. Therefore, industrial p...
Indiana University-Purdue University Indianapolis (IUPUI)Static code analysis tools are known to fla...
Testing to detect semantic bugs is essential, especially for critical systems. Coverage-guided fuzzi...
International audienceSoftware validation remains crucial in software development process. Tradition...
Developers and security analysts have been using static analysis for a long time to ana-lyze program...
We describe a new technique for finding potential buffer overrun vulnerabilities in security-critica...