Context Static analysis exploits techniques that parse program source code or bytecode,
often traversing program paths to check some program properties. Static analysis …

Memory corruption errors in C/C++ programs remain the most common source of security
vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption …

This paper presents Soot, a framework for optimizing Java* bytecode. The framework is
implemented in Java and supports three intermediate representations for representing Java …

Measurement of software security is a long-standing challenge to the research community.
At the same time, practical security metrics and measurements are essential for secure …

Pointer analysis is a fundamental static program analysis, with a rich literature and wide
applications. The goal of pointer analysis is to compute an approximation of the set of …

Reentrancy bugs, one of the most severe vulnerabilities in smart contracts, have caused
huge financial loss in recent years. Researchers have proposed many approaches to …

Most points-to analysis research has been done on different systems by different groups,
making it difficult to compare results, and to understand interactions between individual …

The goal of points-to analysis for Java is to determine the set of objects pointed to by a
reference variable or a reference object field. We present object sensitivity, a new form of …

Interprocedural analyses enable optimizing compilers to more precisely model the effects of
non-inlined procedure calls, potentially resulting in substantial increases in application …

Regression testing is applied to modified software to provide confidence that the changed
parts behave as intended and that the unchanged parts have not been adversely affected by …