TY - JOUR AU - Holzinger, Philipp AU - Bodden, Eric ID - 21597 JF - International Symposium on Advanced Security on Software and Systems (ASSS) TI - A Systematic Hardening of Java's Information Hiding ER - TY - JOUR AU - Bonifacio, Rodrigo AU - Krüger, Stefan AU - Narasimhan, Krishna AU - Bodden, Eric AU - Mezini, Mira ID - 21599 JF - European Conference on Object-Oriented Programming (ECOOP) TI - Dealing with Variability in API Misuse Specification ER - TY - CONF AU - Shivarpatna Venkatesh, Ashwin Prasad AU - Bodden, Eric ID - 22462 T2 - International Workshop on AI and Software Testing/Analysis (AISTA) TI - Automated Cell Header Generator for Jupyter Notebooks ER - TY - CONF AU - Kummita, Sriteja AU - Piskachev, Goran AU - Spath, Johannes AU - Bodden, Eric ID - 23374 T2 - 2021 International Conference on Code Quality (ICCQ) TI - Qualitative and Quantitative Analysis of Callgraph Algorithms for Python ER - TY - CONF AU - Karakaya, Kadiray AU - Bodden, Eric ID - 30084 T2 - 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM) TI - SootFX: A Static Code Feature Extraction Tool for Java and Android ER - TY - CONF AB - Static analysis is used to automatically detect bugs and security breaches, and aids compileroptimization. Whole-program analysis (WPA) can yield high precision, however causes long analysistimes and thus does not match common software-development workflows, making it often impracticalto use for large, real-world applications.This paper thus presents the design and implementation ofModAlyzer, a novel static-analysisapproach that aims at accelerating whole-program analysis by making the analysis modular andcompositional. It shows how to computelossless, persisted summaries for callgraph, points-to anddata-flow information, and it reports under which circumstances this function-level compositionalanalysis outperforms WPA.We implementedModAlyzeras an extension to LLVM and PhASAR, and applied it to 12 real-world C and C++ applications. At analysis time,ModAlyzermodularly and losslessly summarizesthe analysis effect of the library code those applications share, hence avoiding its repeated re-analysis.The experimental results show that the reuse of these summaries can save, on average, 72% ofanalysis time over WPA. Moreover, because it is lossless, the module-wise analysis fully retainsprecision and recall. Surprisingly, as our results show, it sometimes even yields precision superior toWPA. The initial summary generation, on average, takes about 3.67 times as long as WPA. AU - Schubert, Philipp AU - Hermann, Ben AU - Bodden, Eric ID - 21598 T2 - European Conference on Object-Oriented Programming (ECOOP) TI - Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis ER - TY - JOUR AU - Dann, Andreas Peter AU - Plate, Henrik AU - Hermann, Ben AU - Ponta, Serena Elisa AU - Bodden, Eric ID - 31132 JF - IEEE Transactions on Software Engineering KW - Software SN - 0098-5589 TI - Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite ER - TY - CONF AU - Piskachev, Goran AU - Krishnamurthy, Ranjith AU - Bodden, Eric ID - 26407 T2 - 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM) TI - SecuCheck: Engineering configurable taint analysis for software developers ER - TY - CONF AU - Luo, Linghui AU - Schäf, Martin AU - Sanchez, Daniel AU - Bodden, Eric ID - 22463 T2 - Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering TI - IDE Support for Cloud-Based Static Analyses ER - TY - CONF AU - Karakaya, Kadiray AU - Bodden, Eric ID - 33840 T2 - 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM) TI - SootFX: A Static Code Feature Extraction Tool for Java and Android ER -