2025
QualityFlow: An Agentic Workflow for Program Synthesis Controlled by LLM Quality Checks.
CoRR, January, 2025
2024
User-assisted code query customization and optimization.
Int. J. Softw. Tools Technol. Transf., October, 2024
A Deep Dive into Large Language Models for Automated Bug Localization and Repair.
Proc. ACM Softw. Eng., 2024
NL2Code-Reasoning and Planning with LLMs for Code Development.
Proceedings of the 30th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, 2024
Understanding Developer-Analyzer Interactions in Code Reviews.
Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, 2024
Inference for Ever-Changing Policy of Taint Analysis.
Proceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice, 2024
2023
Compositional Taint Analysis for Enforcing Security Policies at Scale.
,
,
,
,
,
,
,
,
,
,
,
Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, 2023
User-Assisted Code Query Optimization.
Proceedings of the 12th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis, 2023
Long-term Static Analysis Rule Quality Monitoring Using True Negatives.
Proceedings of the 45th IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice, 2023
A Language-agnostic Framework for Mining Static Analysis Rules from Code Changes.
Proceedings of the 45th IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice, 2023
Shifting Left for Early Detection of Machine-Learning Bugs.
Proceedings of the Formal Methods - 25th International Symposium, 2023
2022
Static Analysis for AWS Best Practices in Python Code.
Proceedings of the 36th European Conference on Object-Oriented Programming, 2022
2021
SAND: a static analysis approach for detecting SQL antipatterns.
Proceedings of the ISSTA '21: 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2021
2020
Synthesizing Precise and Useful Commutativity Conditions.
J. Autom. Reason., 2020
2019
Introduction to the special issue: SAAP-2017 (Static Analysis of Android Apps: Security and Privacy).
J. Comput. Lang., 2019
2018
Automatic Generation of Precise and Useful Commutativity Conditions (Extended Version).
CoRR, 2018
Automatic Generation of Precise and Useful Commutativity Conditions.
Proceedings of the Tools and Algorithms for the Construction and Analysis of Systems, 2018
2017
Z3str2: an efficient solver for strings, regular expressions, and length constraints.
Formal Methods Syst. Des., 2017
Using Abstract Interpretation to Correct Synchronization Faults.
Proceedings of the Verification, Model Checking, and Abstract Interpretation, 2017
Foraging goes mobile: Foraging while debugging on mobile devices.
Proceedings of the 2017 IEEE Symposium on Visual Languages and Human-Centric Computing, 2017
A solver for a theory of string and bit-vectors.
Proceedings of the 39th International Conference on Software Engineering, 2017
Identifying Android library dependencies in the presence of code obfuscation and minimization.
Proceedings of the 39th International Conference on Software Engineering, 2017
Visual Configuration of Mobile Privacy Policies.
Proceedings of the Fundamental Approaches to Software Engineering, 2017
2016
Synergies among Testing, Verification, and Repair for Concurrent Programs (Dagstuhl Seminar 16201).
Dagstuhl Reports, 2016
A Solver for a Theory of Strings and Bit-vectors.
CoRR, 2016
Revamping JavaScript static analysis via localization and remediation of root causes of imprecision.
Proceedings of the 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2016
Directed synthesis of failing concurrent executions.
Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, 2016
IPA: improving predictive analysis with pointer analysis.
Proceedings of the 25th International Symposium on Software Testing and Analysis, 2016
Pinpointing mobile malware using code analysis.
Proceedings of the International Conference on Mobile Software Engineering and Systems, 2016
Cognitive mobile security: invited conference keynote.
Proceedings of the International Conference on Mobile Software Engineering and Systems, 2016
Improving design validation of mobile application user interface implementation.
Proceedings of the International Conference on Mobile Software Engineering and Systems, 2016
Eavesdropping and obfuscation techniques for smartphones.
Proceedings of the International Conference on Mobile Software Engineering and Systems, 2016
A framework for automatic anomaly detection in mobile applications.
Proceedings of the International Conference on Mobile Software Engineering and Systems, 2016
FASE: functionality-aware security enforcement.
Proceedings of the 32nd Annual Conference on Computer Security Applications, 2016
2015
Datacentric Semantics for Verification of Privacy Policy Compliance by Mobile Applications.
Proceedings of the Verification, Model Checking, and Abstract Interpretation, 2015
Light: replay via tightly bounded recording.
Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, 2015
Automatic detection, correction, and visualization of security vulnerabilities in mobile apps.
Proceedings of the 3rd International Workshop on Mobile Development Lifecycle, 2015
ShamDroid: gracefully degrading functionality in the presence of limited resource access.
Proceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, 2015
Labyrinth: Visually Configurable Data-Leakage Detection in Mobile Applications.
Proceedings of the 16th IEEE International Conference on Mobile Data Management, 2015
Dynamic detection of inter-application communication vulnerabilities in Android.
Proceedings of the 2015 International Symposium on Software Testing and Analysis, 2015
Application- and User-Sensitive Privacy Enforcement in Mobile Systems.
Proceedings of the 2nd ACM International Conference on Mobile Software Engineering and Systems, 2015
Access-rights Analysis in the Presence of Subjects.
Proceedings of the 29th European Conference on Object-Oriented Programming, 2015
Privacy Analysis of Android Apps: Implicit Flows and Quantitative Analysis.
Proceedings of the Computer Information Systems and Industrial Management, 2015
Effective Search-Space Pruning for Solvers of String Equations, Regular Expressions and Length Constraints.
Proceedings of the Computer Aided Verification - 27th International Conference, 2015
MorphDroid: Fine-grained Privacy Verification.
Proceedings of the 31st Annual Computer Security Applications Conference, 2015
2014
Incorporating data abstractions into concurrency control
PhD thesis, 2014
A Bayesian Approach to Privacy Enforcement in Smartphones.
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014
Grail: context-aware fixing of concurrency bugs.
Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, (FSE-22), Hong Kong, China, November 16, 2014
Integrating Security, Analytics and Application Management into the Mobile Development Lifecycle.
Proceedings of the 2nd International Workshop on Mobile Development Lifecycle, 2014
Flint: fixing linearizability violations.
Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications, 2014
Hybrid security analysis of web JavaScript code via dynamic partial evaluation.
Proceedings of the International Symposium on Software Testing and Analysis, 2014
ALETHEIA: Improving the Usability of Static Security Analysis.
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014
2013
Path- and index-sensitive string analysis based on monadic second-order logic.
ACM Trans. Softw. Eng. Methodol., 2013
Tightfit: adaptive parallelization with foresight.
Proceedings of the Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, 2013
Turning nondeterminism into parallelism.
Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications, 2013
Finding your way in the testing jungle: a learning approach to web security testing.
Proceedings of the International Symposium on Software Testing and Analysis, 2013
Andromeda: Accurate and Scalable Security Analysis of Web Applications.
Proceedings of the Fundamental Approaches to Software Engineering, 2013
2012
JANUS: exploiting parallelism via hindsight.
Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, 2012
2011
Learning minimal abstractions.
Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2011
HAWKEYE: effective discovery of dataflow impediments to parallelization.
Proceedings of the 26th Annual ACM SIGPLAN Conference on Object-Oriented Programming, 2011
F4F: taint analysis of framework-based web applications.
Proceedings of the 26th Annual ACM SIGPLAN Conference on Object-Oriented Programming, 2011
Saving the world wide web from vulnerable JavaScript.
Proceedings of the 20th International Symposium on Software Testing and Analysis, 2011
2010
A dynamic evaluation of the precision of static heap abstractions.
Proceedings of the 25th Annual ACM SIGPLAN Conference on Object-Oriented Programming, 2010
2009
TAJ: effective taint analysis of web applications.
Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, 2009