Static Analysis
No mentions found
This entity hasn't been tracked yet, or Iris is still building its knowledge base.
Related Articles from SNS
Finding Memory Leaks in C/C++ Programs via Neuro-Symbolic Augmented Static Analysis
arXiv:2603.27224v4 Announce Type: replace Abstract: Memory leaks remain prevalent in real-world C/C++ software. Static analyzers such as CodeQL provide scalable program analysis but frequently miss such bugs because they cannot recognize project-specific custom memory-management functions and lack path-sensitive control-flow modeling. We present MemHint, a neuro-symbolic pipeline that addresses both limitations by combining LLMs' semantic understanding of code with Z3-based symbolic reasoning.
ClawHub Security Signals: When VirusTotal, Static Analysis, and SkillSpector Disagree
Announce Type: new Abstract: Agent skills extend AI agents with reusable instructions, tools, scripts, references, and workflows, establishing a security boundary distinct from both model safety and traditional package-malware detection. ClawHub Security Signals is a sanitized dataset of 67,453 latest public OpenClaw skill versions. Each row pairs redacted SKILL.md content and sanitized bundled files where present with a final ClawScan registry verdict and evidence from three scanner...
PyFEX: Uncovering Evasive Python-based Threats via Resilient and Exhaustive Path Exploration
arXiv:2606.02196v1 Announce Type: new Abstract: The rapid expansion of the Python ecosystem has fueled two distinct but converging threats: adversaries increasingly target the software supply chain via the Python Package Index (PyPI), while also building evasive, cross-platform malicious binaries compiled from source code written in Python. Current program analysis techniques struggle to address this dual threat. Static analysis based tools are often blinded by runtime obfuscation and...
Beyond Strict Rules: Assessing the Effectiveness of Large Language Models for Code Smell Detection
arXiv:2601.09873v2 Announce Type: replace Abstract: Code smells are symptoms of potential code quality problems that may affect software maintainability, thus increasing development costs and impacting software reliability. Large language models (LLMs) have shown remarkable capabilities for supporting various software engineering activities, but their use for detecting code smells remains underexplored. However, unlike the rigid rules of static analysis tools, LLMs can support flexible and...
LMM-IR: Large-Scale Netlist-Aware Multimodal Framework for Static IR-Drop Prediction
arXiv:2511.12581v2 Announce Type: replace Abstract: Static IR drop analysis is a fundamental and critical task in the field of chip design. Nevertheless, this process can be quite time-consuming, potentially requiring several hours. Moreover, addressing IR drop violations frequently demands iterative analysis, thereby causing the computational burden.
wolfSSL releases a new product; wolfCOSE a zero alloc C embbedded COSE stack
wolfCOSE is a lightweight C library implementing CBOR (RFC 8949) and COSE (RFC 9052/9053) using wolfSSL as the crypto backend. - Complete RFC 9052 message set: all six COSE message types, including multi-signer COSE_Sign and multi-recipientCOSE_Encrypt /COSE_Mac - Post-quantum signing: ML-DSA (Dilithium) at all three security levels - 40 algorithms across signing, encryption, MAC, and key distribution - Zero dynamic allocation: all operations use caller-provided buffers - Tiny footprint: 7.5...
Detecting Flakiness in Quantum Software: A Dynamic Testing Approach
Announce Type: replace Abstract: Flaky tests, tests that pass or fail nondeterministically without changes to code or environment, pose a serious threat to software reliability. While classical software engineering has developed a rich body of techniques to study flakiness, corresponding evidence for quantum software remains limited. Prior work relies mainly on static analysis or small sets of manually reported incidents, leaving open questions about their prevalence, characteristics, and...
scicode-lint: Detecting Methodology Bugs in Scientific Python Code with LLM-Generated Patterns
arXiv:2603.17893v2 Announce Type: replace Abstract: Methodology bugs in scientific Python code produce plausible but incorrect results that traditional linters and static analysis tools cannot detect. Several research groups have built ML-specific linters, demonstrating that detection is feasible. Yet these tools share a sustainability problem: dependency on specific pylint or Python versions, limited packaging, and reliance on manual engineering for every new pattern.
Knowledge Matters: Injecting Project and Testing Knowledge into LLM-based Unit Test Generation
arXiv:2511.14224v3 Announce Type: replace Abstract: Automated unit test generation using large language models (LLMs) holds great promise but often struggles with generating tests that are both correct and maintainable in real-world projects. This paper presents KTester, a novel framework that integrates project-specific knowledge and testing domain knowledge to enhance LLM-based test generation. Our approach first extracts project structure and usage knowledge through static analysis, which...
Automatically Attacking Software Reverse Engineering AI Agents
arXiv:2605.30667v1 Announce Type: new Abstract: Software tools for reverse engineering executable binary files, such as Ghidra, enable malware analysts to safely conduct robust static analysis without having access to original source code. Coupled with the analytic power of large language models (LLM), agentic systems enabled with tools, such as GhidraMCP, can allow analysts to automate a previously human driven process. Although this automation can increase the productivity of a single...