JavaScript has been a de facto standard language for client-side web programs, and now it
is expanding its territory to general purpose programs. In this article, we classify the client …

Existing coverage-based fuzzers usually use the individual control flow graph (CFG) edge
coverage to guide the fuzzing process, which has shown great potential in finding …

Call graphs play an important role in different contexts, such as profiling and vulnerability
propagation analysis. Generating call graphs in an efficient manner can be a challenging …

The goal of Automated Program Repair (APR) is to find a fix to software bugs, without human
intervention. The so-called Generate and Validate (G&V) approach deemed to be the most …

Mobile mini-programs in WeChat have gained significant popularity since their debut in
2017, reaching a scale similar to that of Android apps in the Play Store. Like Google …

Understanding program behaviors is important to verify program properties or to optimize
programs. Static analysis is a widely used technique to approximate program behaviors via …

Node. js is a popular non-browser JavaScript platform that provides useful but sometimes
also vulnerable packages. On one hand, prior works have proposed many program analysis …

Taint-style vulnerabilities, such as OS command injection and path traversal, are common
and severe software weaknesses. There exists an inherent trade-off between analysis …

Running on host mobile applications, mini apps have gained increasing popularity these
days for its convenience in installation and usage. However, being easy to use allows mini …

REpresentational State Transfer (REST) is considered as one standard software
architectural style to build web APIs that can integrate software systems over the internet …