Call graphs play an important role in different contexts, such as profiling and vulnerability
propagation analysis. Generating call graphs in an efficient manner can be a challenging …

Understanding program behaviors is important to verify program properties or to optimize
programs. Static analysis is a widely used technique to approximate program behaviors via …

After decades of research, constructing call graphs for modern C-based software remains
either imprecise or inefficient when scaling up to the ever-growing complexity. The main …

When dealing with millions of lines of C code, we still cannot have the cake and eat it: type
analysis for call graph construction is scalable yet highly imprecise. We address this …

Client-side CSRF is a new type of CSRF vulnerability where the adversary can trick the
client-side JavaScript program to send a forged HTTP request to a vulnerable target site by …

Modern JavaScript applications extensively depend on third-party libraries. Especially for
the Node. js platform, vulnerabilities can have severe consequences to the security of …

Python is an increasingly popular dynamic programming language, particularly used in the
scientific community and well-known for its powerful and permissive high-level syntax. Our …

Previous algorithms for feedback-directed unit test generation iteratively create sequences
of API calls by executing partial tests and by adding new API calls at the end of the test …

The Node. js platform empowers a huge number of software systems programmed with
JavaScript. Node. js employs an asynchronous execution model where event handlers are …

Asynchronous software often exhibits complex and error-prone behaviors that should be
tested thoroughly. Code coverage has been the most popular metric to assess test suite …