2025
Total Recall? How Good Are Static Call Graphs Really?
Proceedings of the Software Engineering 2025, 2025
Bounds for Quantum Circuits using Logic-Based Analysis.
Proceedings of the Software Engineering 2025 Companion Proceedings, 2025
CoPhi - Mining C/C++ Packages for Conan Ecosystem Analysis.
Proceedings of the 22nd IEEE/ACM International Conference on Mining Software Repositories, 2025
MARIN: A Research-Centric Interface for Querying Software Artifacts on Maven Repositories.
Proceedings of the 22nd IEEE/ACM International Conference on Mining Software Repositories, 2025
2024
Total Recall? How Good are Static Call Graphs Really? - Companion Artifact.
Dataset, July, 2024
Total Recall? How Good are Static Call Graphs Really? - Companion Artifact.
Dataset, March, 2024
Exploring Loose Coupling of Slicing with Dynamic Symbolic Execution on the JVM.
Proceedings of the Tests and Proofs - 18th International Conference, 2024
Persisting and Reusing Results of Static Program Analyses on a Large Scale.
Proceedings of the Software Engineering 2024, Fachtagung des GI-Fachbereichs Softwaretechnik, Linz, Austria, February 26, 2024
UpCy: Safely Updating Outdated Dependencies (Summary).
Proceedings of the Software Engineering 2024, Fachtagung des GI-Fachbereichs Softwaretechnik, Linz, Austria, February 26, 2024
A Retrospective Study of one Decade of Artifact Evaluations.
Proceedings of the Software Engineering 2024, Fachtagung des GI-Fachbereichs Softwaretechnik, Linz, Austria, February 26, 2024
2023
(Re)Use of Research Results (Is Rampant).
Commun. ACM, February, 2023
UpCy: Safely Updating Outdated Dependencies.
Dataset, January, 2023
UpCy: Safely Updating Outdated Dependencies.
Dataset, January, 2023
UpCy: Safely Updating Outdated Dependencies.
Dataset, January, 2023
Community Expectations for Research Artifacts and Evaluation Processes.
Proceedings of the Software Engineering 2023, 2023
DGMF: Fast Generation of Comparable, Updatable Dependency Graphs for Software Repositories.
Proceedings of the 20th IEEE/ACM International Conference on Mining Software Repositories, 2023
UPCY: Safely Updating Outdated Dependencies.
Proceedings of the 45th IEEE/ACM International Conference on Software Engineering, 2023
2022
Reproduction Package (Docker container) for the ESEC/FSE 2022 Article 'A Retrospective Study of one Decade of Artifact Evaluations'.
Dataset, September, 2022
Reproduction Package (Docker container) for the FSE 2022 Article 'A Retrospective Study of one Decade of Artifact Evaluations'.
Dataset, August, 2022
Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite.
IEEE Trans. Software Eng., 2022
What Has Artifact Evaluation Ever Done for Us?
IEEE Secur. Priv., 2022
TaintBench: Automatic real-world malware benchmarking of Android taint analyses.
Empir. Softw. Eng., 2022
Analyzing the Direct and Transitive Impact of Vulnerabilities onto Different Artifact Repositories.
DTRAP, 2022
Static data-flow analysis for software product lines in C.
Autom. Softw. Eng., 2022
Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite (Short Summary).
Proceedings of the Software Engineering 2022, 2022
2021
ModGuard : Identifying Integrity & Confidentiality Violations in Java Modules.
IEEE Trans. Software Eng., 2021
Crowdsourcing the State of the Art(ifacts).
CoRR, 2021
Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++.
Proceedings of the 21st IEEE International Working Conference on Source Code Analysis and Manipulation, 2021
Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++.
Proceedings of the 21st IEEE International Working Conference on Source Code Analysis and Manipulation, 2021
Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis.
Proceedings of the 35th European Conference on Object-Oriented Programming, 2021
2020
From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App Security.
Proceedings of the 29th USENIX Security Symposium, 2020
TACAI: an intermediate representation based on abstract interpretation.
Proceedings of the 9th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis, 2020
2019
PhASAR: An Inter-procedural Static Analysis Framework for C/C++.
Proceedings of the Tools and Algorithms for the Construction and Analysis of Systems, 2019
Know your analysis: how instrumentation aids understanding static analysis.
Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, 2019
SootDiff: bytecode comparison across different Java compilers.
Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, 2019
Can an online service predict gender?: on the state-of-the-art in gender identification from texts.
Proceedings of the 2nd International Workshop on Gender Equality in Software Engineering, 2019
2017
Hardening Java's Access Control by Abolishing Implicit Privilege Elevation.
Proceedings of the 2017 IEEE Symposium on Security and Privacy, 2017
CodeMatch: obfuscation won't conceal your repackaged app.
Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, 2017
Hermes: assessment and creation of effective test corpora.
Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, 2017
SootKeeper: runtime reusability for modular static analysis.
Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, 2017
2016
Full-Stack Static Security Analysis for the Java Platform.
PhD thesis, 2016
Call graph construction for Java libraries.
Proceedings of the 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2016
Getting to know you: towards a capability model for Java.
Proceedings of the Software Engineering 2016, 2016
Hidden Truths in Dead Software Paths.
Proceedings of the Software Engineering 2016, 2016
2015
Design your analysis: a case study on implementation reusability of data-flow functions.
Proceedings of the 4th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis, 2015
A vulnerability's lifetime: enhancing version information in CVE databases.
Proceedings of the 15th International Conference on Knowledge Technologies and Data-driven Business, 2015
2014
FlowTwist: efficient context-sensitive inside-out taint analysis for large codebases.
Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, (FSE-22), Hong Kong, China, November 16, 2014
A software product line for static analyses: the OPAL framework.
Proceedings of the 3rd ACM SIGPLAN International Workshop on the State Of the Art in Java Program analysis, 2014