With the increasing popularity of blockchain, automatically detecting vulnerabilities in smart
contracts is becoming a significant problem. Prior research mainly identifies smart contract …

After decades of research, constructing call graphs for modern C-based software remains
either imprecise or inefficient when scaling up to the ever-growing complexity. The main …

When dealing with millions of lines of C code, we still cannot have the cake and eat it: type
analysis for call graph construction is scalable yet highly imprecise. We address this …

Software projects are complex technical and organizational systems involving large
numbers of artifacts and developers. To understand and tame software complexity, a wide …

Numerous studies demonstrate that browser fingerprinting is detrimental to users' security
and privacy. However, little is known about the effects of browser fingerprinting on Android …

Detecting security vulnerabilities is a crucial part in secure software development. Many
static analysis tools have proved to be effective in finding vulnerabilities, but generally there …

Designing a whole-program static analysis requires trade-offs between precision and
scalability. While a context-insensitive points-to analysis is often considered a good …

The operating system (OS) is the cornerstone for computer systems. It manages hardware
and provides fundamental service for user-level applications. Thus, detecting bugs in OSes …

Call Graphs are a rich data source and form the foundation for advanced static analyses that
can, for example, detect security vulnerabilities or dead code. This information is invaluable …

We consider the problem of making expressive, interactive static analyzers compositional.
Such a technique could help bring the power of server-based static analyses to integrated …