Java deserialization vulnerability is a severe threat in practice. Researchers have proposed
static analysis solutions to locate candidate vulnerabilities and fuzzing solutions to generate …

Modern software is bloated. Demand for new functionality has led developers to include
more and more features, many of which become unneeded or unused as software evolves …

Java (de) serialization is prone to causing security-critical vulnerabilities that attackers can
invoke existing methods (gadgets) on the application's classpath to construct a gadget chain …

Static analyses have problems modelling dynamic language features soundly while
retaining acceptable precision. The problem is well-understood in theory, but there is little …

The long-standing aspiration for software reuse has made astonishing strides in the past few
years. Many modern software development ecosystems now come with rich sets of publicly …

Java reflection has been widely used in a variety of applications and frameworks. It allows a
software system to inspect and change the behaviour of its classes, interfaces, methods, and …

Call graphs are widely used; in particular for advanced control-and data-flow analyses. Even
though many call graph algorithms with different precision and scalability properties have …

Call graphs have many applications in software engineering, including bug-finding, security
analysis, and code navigation in IDEs. However, the construction of call graphs requires …

When developing and maintaining large software systems, a great deal of effort goes into
dependency management. During the whole lifecycle of a software project, the set of …

Static program analysis is widely used to detect bugs and vulnerabilities early in the life
cycle of software. It models possible program executions without executing a program, and …