Static code analysis is often used to scan source code for security vulnerabilities. Given the
wide range of existing solutions implementing different analysis techniques, it is very …

Work on automating vulnerability discovery has long been hampered by a shortage of
ground-truth corpora with which to evaluate tools and techniques. This lack of ground truth …

Bug benchmarks are used in development and evaluation of debugging approaches, eg
fault localization and automated repair. Quantitative performance comparison of different …

Abstract Usage of Deep Learning (DL) methods is ubiquitous. It is common in the
DL/Artificial Intelligence domain to use 3rd party software. TensorFlow is one of the most …

The semantics of pointers and memory objects in C has been a vexed question for many
years. C values cannot be treated as either purely abstract or purely concrete entities: the …

We describe work that is part of a research project on static code analysis between the
Alexandru Ioan Cuza University and Bitdefender. The goal of the project is to develop …

In this study, we investigate the limits of the current state of the art AI system for detecting
buffer overflows and compare it with current static analysis tools. To do so, we developed a …

Software applications are frequently deployed with security vulnerabilities that may open the
door to attacks. In business-critical scenarios, such attacks may lead to significant financial …

Context: Memory error vulnerabilities have been consequential and several well-known,
open-source memory error vulnerability detectors exist, built on static and/or dynamic code …

Decompilers are tools designed to recover a high-level language representation (typically in
C code) from program binaries. Over the past five years, decompilers have improved …