Context Static analysis exploits techniques that parse program source code or bytecode,
often traversing program paths to check some program properties. Static analysis …

Unlike coverage-based fuzzing that gives equal attention to every part of a code, directed
fuzzing aims to direct a fuzzer to a specific target in the code, eg, the code with potential …

Program correctness and incorrectness are two sides of the same coin. As a programmer,
even if you would like to have correctness, you might find yourself spending most of your …

Heap data is potentially unbounded and seemingly arbitrary. Hence, unlike stack and static
data, heap data cannot be abstracted in terms of a fixed set of program variables. This …

In parallel with the meteoric rise of mobile software, we are witnessing an alarming
escalation in the number and sophistication of the security threats targeted at mobile …

We present a new Strong UPdate Analysis for C programs, called Supa, that enables
computing points-to information on-demand via value-flow refinement, in environments with …

Researchers have reported that static analysis tools rarely achieve a false-positive rate that
would make them attractive to developers. We overcome this problem by a technique that …

Bug reports and patch commits are dramatically increasing for OS kernels, incentivizing a
critical need for kernel-level bug reproduction and patch testing. Directed greybox fuzzing …

Java reflection has been widely used in a variety of applications and frameworks. It allows a
software system to inspect and change the behaviour of its classes, interfaces, methods, and …

We present Supa, a value-flow-based demand-driven flow-and context-sensitive pointer
analysis with strong updates for C and C++ programs. Supa enables computing points-to …