Code embedding, as an emerging paradigm for source code analysis, has attracted much
attention over the past few years. It aims to represent code semantics through distributed …

Directed grey-box fuzzers specialize in testing specific target code. They have been applied
to many security applications such as reproducing known crashes and detecting …

We propose a method, based on program analysis and transformation, for eliminating timing
side channels in software code that implements security-critical applications. Our method …

After decades of research, constructing call graphs for modern C-based software remains
either imprecise or inefficient when scaling up to the ever-growing complexity. The main …

When dealing with millions of lines of C code, we still cannot have the cake and eat it: type
analysis for call graph construction is scalable yet highly imprecise. We address this …

As privacy-sensitive applications based on zero-knowledge proofs (ZKPs) gain increasing
traction, there is a pressing need to detect vulnerabilities in ZKP circuits. This paper studies …

Zero-day Use-After-Free (UAF) vulnerabilities are increasingly popular and highly
dangerous, but few mitigations exist. We introduce a new pointer-analysis-based static …

Enforcing fine-grained Control-Flow Integrity (CFI) is critical for increasing software security.
However, for commercial off-the-shelf (COTS) binaries, constructing highprecision Control …

The restricted logic programming language Datalog has become a popular implementation
target for deductive-analytic workloads including social-media analytics and program …

We present egglog, a fixpoint reasoning system that unifies Datalog and equality saturation
(EqSat). Like Datalog, egglog supports efficient incremental execution, cooperating …