Tootfinder

@… an afterthought:
<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290024> is not exactly a blocker, however i…

Agentic Property-Based Testing: Finding Bugs Across the Python Ecosystem
Muhammad Maaz, Liam DeVoe, Zac Hatfield-Dodds, Nicholas Carlini
https://arxiv.org/abs/2510.09907 https:/…

Agentic Property-Based Testing: Finding Bugs Across the Python Ecosystem
Property-based testing (PBT) is a lightweight formal method, typically implemented as a randomized testing framework. Users specify the input domain for their test using combinators supplied by the PBT framework, and the expected properties or invariants as a unit-test function. The framework then searches for a counterexample, e.g. by generating inputs and calling the test function. In this work, we demonstrate an LLM-based agent which analyzes Python modules, infers function-specific and cros…

code bugs are real
coke bugz are not
both keep you busy
like it or not

One other thing this installer intentionally does not do is setup any kind of update system. Autoupdate is super important for regular users, not just to gain new features or fix bugs but also because browsers tend to issue security updates on a near weekly basis. Having autoupdate enabled therefore keeps users secure. However as an employee (and the actual desktop release manager on the technical side), I know when Vivaldi needs updating and what security issues I might have by not doing so…

🐛 Using nanotechnology to target crop-munching pests and spare beneficial bugs
https://phys.org/news/2025-09-nanotechnology-crop-munching-pests-beneficial.html

Using nanotechnology to target crop-munching pests and spare beneficial bugs
A bane of farmers' existence, it's estimated that plant-eating pests are responsible for the loss of up to 40% of pre-harvest yields globally. But a new generation of crop treatments that target only "bad" bugs could mean big gains for the Canadian agriculture sector, improving pest management tools in an industry that in 2024 generated over $142 billion.

Apple baut Bug-Bounty-Programm aus, gibt bis zu 2 Millionen Dollar
Apple verdoppelt bis vervierfacht seine Auszahlungen für das Entdecken von Sicherheitslücken. Neue Kategorien decken mehr Bugs ab.
https:/…

Today we had the first day of the Koha DACH Hackfest in Göttingen. After a tour through the data center we started various discussions on Koha. The first feature that was requested was something I actually implemented some time ago (passing SQL to the ElasticSearch indexer), but failed to add to a weird wrapper script I did not know existed. Which I primptly fixed:

Verify Distributed Deep Learning Model Implementation Refinement with Iterative Relation Inference
Zhanghan Wang, Ding Ding, Hang Zhu, Haibin Lin, Aurojit Panda
https://arxiv.org/abs/2508.09505

Verify Distributed Deep Learning Model Implementation Refinement with Iterative Relation Inference
Distributed machine learning training and inference is common today because today's large models require more memory and compute than can be provided by a single GPU. Distributed models are generally produced by programmers who take a sequential model specification and apply several distribution strategies to distribute state and computation across GPUs. Unfortunately, bugs can be introduced in the process, and a distributed model implementation's outputs might differ from the sequential model'…

If you run Debian 13 systemd-networkd bridging you are going to have a very bad day if you do a stable update of systemd
(It will segfault leaving you with no network)
Update: as pointed out by Colin you also have to be using VLANs.
https://bugs.debian.org/cgi-bin/bugrep

It's 2025 and the Finder still occasionally does things I would consider to be bugs.

McMining: Automated Discovery of Misconceptions in Student Code
Erfan Al-Hossami, Razvan Bunescu
https://arxiv.org/abs/2510.08827 https://arxiv.org/pdf/251…

McMining: Automated Discovery of Misconceptions in Student Code
When learning to code, students often develop misconceptions about various programming language concepts. These can not only lead to bugs or inefficient code, but also slow down the learning of related concepts. In this paper, we introduce McMining, the task of mining programming misconceptions from samples of code from a student. To enable the training and evaluation of McMining systems, we develop an extensible benchmark dataset of misconceptions together with a large set of code samples wher…

An experience-based classification of quantum bugs in quantum software
Nils Quetschlich, Olivia Di Matteo
https://arxiv.org/abs/2509.03280 https://arxiv.or…

An experience-based classification of quantum bugs in quantum software
As quantum computers continue to improve in quality and scale, there is a growing need for accessible software frameworks for programming them. However, the unique behavior of quantum systems means specialized approaches, beyond traditional software development, are required. This is particularly true for debugging due to quantum bugs, i.e., bugs that occur precisely because an algorithm is a quantum algorithm. Pinpointing a quantum bug's root cause often requires significant developer time, as…

OpenAI is launching an AI agent to help developers find and verify bugs in their code.
https://www.axios.com/2025/10/30/openai-security-agent-code-threats

OpenAI's new agent hunts software bugs like a human
The new agent, called Aardvark, can detect bugs and propose patches to security teams.

Linux 6.17 mit AVC erschienen
Linux 6.17 friert bcachefs ein, vereinfacht mit Active Vector Control das Mitigieren von CPU-Bugs und liest per HFI die Performance von CPU-Kernen aus.
https://www.heise.de/news/Lin…

Automated Discovery of Test Oracles for Database Management Systems Using LLMs
Qiuyang Mang, Runyuan He, Suyang Zhong, Xiaoxuan Liu, Huanchen Zhang, Alvin Cheung
https://arxiv.org/abs/2510.06663

Automated Discovery of Test Oracles for Database Management Systems Using LLMs
Since 2020, automated testing for Database Management Systems (DBMSs) has flourished, uncovering hundreds of bugs in widely-used systems. A cornerstone of these techniques is test oracle, which typically implements a mechanism to generate equivalent query pairs, thereby identifying bugs by checking the consistency between their results. However, while applying these oracles can be automated, their design remains a fundamentally manual endeavor. This paper explores the use of large language mode…

from my link log —
Mix-testing: revealing a new class of compiler concurrency bugs.
https://johnwickerson.wordpress.com/2024/06/28/mix-testing-revealing-a-new-class-of-compiler-bugs/
saved 2024-06-29

Mix-testing: revealing a new class of compiler bugs
I’m delighted that Luke Geeson’s work on “mix testing” (a collaboration with James Brotherston, Wilco Dijkstra, Alastair Donaldson, Lee Smith, Tyler Sorensen, and myself) will app…

> The reason Copeland created this default admin user "ONEDAY" with a predictable, daily password was due to customer demand
[Generate "Mocking SpongeBob" meme with the text: Business Logic]
https://www.theregister.com/2025/09/02/fros…

Frostbyte10 bugs put thousands of refrigerators at major grocery chains at risk
: Major flaws uncovered in Copeland controllers: Patch now

#Jellyfin for #Roku 3.0.9-rc1 has been released and is ready for testing!
Please open tickets for any bugs you find. Existing bugs won't block release, but bugs introduced from the 3.0.9 changes will.

MIO: Multiverse Debugging in the Face of Input/Output -- Extended Version with Additional Appendices
Tom Lauwaerts, Maarten Steevens, Christophe Scholliers
https://arxiv.org/abs/2509.06845

MIO: Multiverse Debugging in the Face of Input/Output -- Extended Version with Additional Appendices
Debugging non-deterministic programs on microcontrollers is notoriously challenging, especially when bugs manifest in unpredictable, input-dependent execution paths. A recent approach, called multiverse debugging, makes it easier to debug non-deterministic programs by allowing programmers to explore all potential execution paths. Current multiverse debuggers enable both forward and backward traversal of program paths, and some facilitate jumping to any previously visited states, potentially bra…

🇺🇦 #NowPlaying on KEXP's #VarietyMix
Sudan Archives:
🎵 A BUG'S LIFE
#SudanArchives
https://sudanarchives.bandcamp.com/track/a-bugs-life
https://open.spotify.com/track/1D7qrNAEbZ0G4oR6YZTvFK

The coolest bugs are the "a feature I expected isn't implemented" bugs.

Those bugs are not going to inject themselves into the codebase:

I it bugs me a lot when I see HTML pop up in #git commit messages. I think it's an unfortunate combo of 4 things leading to it: People don't trust their forges for archival (which is good, but then please just use Reviewed-on footers with URIs and use web archival tools), MarkDown being the mess it is allowing HTML as fallback, forges taking in their mdwn into commits (worse: squashes), and bot…

HotBugs.jar: A Benchmark of Hot Fixes for Time-Critical Bugs
Carol Hanna, Federica Sarro, Mark Harman, Justyna Petke
https://arxiv.org/abs/2510.07529 https://

HotBugs.jar: A Benchmark of Hot Fixes for Time-Critical Bugs
Hot fixes are urgent, unplanned changes deployed to production systems to address time-critical issues. Despite their importance, no existing evaluation benchmark focuses specifically on hot fixes. We present HotBugs.jar, the first dataset dedicated to real-world hot fixes. From an initial mining of 10 active Apache projects totaling over 190K commits and 150K issue reports, we identified 746 software patches that met our hot-fix criteria. After manual evaluation, 679 were confirmed as genuine …

NanoTag: Systems Support for Efficient Byte-Granular Overflow Detection on ARM MTE
Mingkai Li, Hang Ye, Joseph Devietti, Suman Jana, Tanvir Ahmed Khan
https://arxiv.org/abs/2509.22027

NanoTag: Systems Support for Efficient Byte-Granular Overflow Detection on ARM MTE
Memory safety bugs, such as buffer overflows and use-after-frees, are the leading causes of software safety issues in production. Software-based approaches, e.g., Address Sanitizer (ASAN), can detect such bugs with high precision, but with prohibitively high overhead. ARM's Memory Tagging Extension (MTE) offers a promising alternative to detect these bugs in hardware with a much lower overhead. However, in this paper, we perform a thorough investigation of Google Pixel 8, the first production i…

New version of Android "Android 16 QPR1" is now out, that's supposed to be a minor quarterly release. No idea if they fixed all the bugs I've been finding. But they've changed the UI around. Again. For instance the icons showing WiFi and cellular signal strength have changed.
Maybe it's better, maybe it's worse, but I grow weary of these changes. Some images here.

Jš alguém contrastou a quantidade de bugs que causam desaparecimentos de coisas com quantos causam o aparecimento de coisas?
Ouve-se falar muito de bugs que levam ao desaparecimento de jogos, ebooks, criptomoedas, o diabo a quatro. Mas nunca se ouve falar de bugs que causem os aparecimentos equivalentes. Curioso, não é?
https://

Modeling Student Learning with 3.8 Million Program Traces
Alexis Ross, Megha Srivastava, Jeremiah Blanchard, Jacob Andreas
https://arxiv.org/abs/2510.05056 https://

Modeling Student Learning with 3.8 Million Program Traces
As programmers write code, they often edit and retry multiple times, creating rich "interaction traces" that reveal how they approach coding tasks and provide clues about their level of skill development. For novice programmers in particular, these traces reflect the diverse reasoning processes they employ to code, such as exploratory behavior to understand how a programming concept works, re-strategizing in response to bugs, and personalizing stylistic choices. In this work, we explore what ca…

Anthropic details three infrastructure bugs that intermittently degraded Claude's responses between August and early September, and explains how they were fixed (Anthropic)
https://www.anthropic.com/engineering/a-postmortem-of-three-recent-issues

A postmortem of three recent issues
This is a technical report on three bugs that intermittently degraded responses from Claude. Below we explain what happened, why it took time to fix, and what we're changing.

Oracle links extortion campaign to bugs addressed in July patch https://therecord.media/oracle-links-extortion-campaign-to-patched-vulnerabilities

Educating and entertaining, well delivered on both the technical and the social side by Steven Rostedt on hardware bugs (#Spectre) back then and discussing solutions with the #Linux #community and Linus…

Affinity being bought by Canva was disappoiting but what really bugs me is the campaign they are building right now. Its slogan ""Creative Freedom is coming" sounds more like a threat for me. This smells of the idea of cloud service being sold as freedom as if it was the 2010s.

Upon arrival in Australia and some other countries passengers are sprayed with stuff to either disinfect them or kill insects.
And on California highways, upon entering the state, there are agricultural inspection stations to try to block bad bugs and stuff from getting into the state. (There is reason to believe that this system was established as a pretense in order to reduce the flow of "Okies" during the Dust Bowl era.)
Well, now that the anti-vax disease has struc…

With iOS 26.1 now released, is it worth updating if we are still holding on iOS 18?
How's battery life? Bugs?
My iOS 18.5 is working quite well so i'm not really in a rush
#ios #liquidglass

@… for the bug, https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289991
― 15.0R discussion should be freebsd-stable, not freebsd-current

Lässt man ein Gerät wegen auslaufender OS-Lizenz vom Hersteller aktualisieren, würde man selbstverständlich doch erwarten, dass auch die Herstellersoftware mit aktualisiert wird (oder?).
Ok, im Gespräch kam heraus, dass er das nicht vorhatte. Klassiker mit "Never touch a running system" (naturgemäß kann aber nicht beantwortet werden, ob gemeldete Bugs denn raus wären).
Und im Ergebnis wurde es auch nicht mehr gemacht. Och...

<hoponpop> my program works if i take out the bugs.

#libreoffice bugs can be quite fun; they often have slide decks and documents attached which don't quite work. One I just fixed was from a Biker group, with a morbid slide on what members had died from - showing most weren't from biking - alas a numbered list screwup had 12 bee sting deaths instead of 1 (among other problems)

🇺🇦 #NowPlaying on KEXP's #VarietyMix
Sudan Archives:
🎵 A BUG'S LIFE
#SudanArchives
https://sudanarchives.bandcamp.com/track/a-bugs-life
https://open.spotify.com/track/1D7qrNAEbZ0G4oR6YZTvFK

ah yes, that time i made, by mistake, a fork rabbit, and discovered my mistake when the bug was triggered on a production system
https://lobste.rs/search?q=commenter%3Afanf fork rabbit

100% I've never seen graphical glitches this prevalent on any Apple software since I started using MacOS in 2003. Definitely the glitchiest iOS I've ever seen. @… https://pdx.social/@louie/115280388834

One thing I wasn't ready for on the bike commute was the bugs. Riding next to the river in summer is wonderful, but now when I head home the bugs are out, and they are tiny little bastards that fly into my face and my arms and get stuck on me. I do not love it. Hoping this works.
#biking #bikeTooter

Squirrels at War: First Strike
#writingcommunity #visualinspiration Earlier installments can be read from this page. *** Normally with a new ship we would go on a shakedown cruise for several weeks to test systems and fix bugs. We didn’t have the time. We had to hope t…

Do you have the ability to write code for Apple platforms? Do you know what MDM / device management is? Do you understand what Compliance is? Do you care about being able to use a Mac or iPad or iPhone for work or school?
Does the idea of dealing with the bugs that can crop up from things like "this needs to be reliably managed like a server, but a human randomly sleeps it mid-process and when it wakes up it's in a different country!" sound interesting to you?
If so - come be my direct co-worker!
Need to be able to be based in/work within the US, but the team itself is fully remote. Multiple positions open.
Feel free to DM me with questions
https://jobs.apple.com/en-us/details/200628824-0836/software-engineer-test-infrastructure

Bug Histories as Sources of Compiler Fuzzing Mutators
Lingjun Liu, Feiran Qin, Owolabi Legunsen, Marcelo d'Amorim
https://arxiv.org/abs/2510.07834 https://

Bug Histories as Sources of Compiler Fuzzing Mutators
Bugs in compilers, which are critical infrastructure today, can have outsized negative impacts. Mutational fuzzers aid compiler bug detection by systematically mutating compiler inputs, i.e., programs. Their effectiveness depends on the quality of the mutators used. Yet, no prior work used compiler bug histories as a source of mutators. We propose IssueMut, the first approach for extracting compiler fuzzing mutators from bug histories. Our insight is that bug reports contain hints about program…

289970 – FreeBSD Installer live system: /bin/sh: history: not found following installation
<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289970>
Spun off from:
― <

Sources: Meta aims to launch its next-gen Llama AI model, Llama 4.X, by the end of 2025; the TBD team developing Llama 4.X is also trying to fix Llama 4 bugs (Jyoti Mann/Business Insider)
https://www.businessinsider.com/meta-superintelligen…

Meta races to launch latest Llama AI model by year-end, sources say
Meta plans to launch its latest AI model, called Llama 4.X, by year-end, two people familiar with the matter told Business Insider.

Compiler Bugs Detection in Logic Synthesis Tools via Linear Upper Confidence Bound
Hui Zeng, Zhihao Xu, Hui Li, Siwen Wang, Qian Ma
https://arxiv.org/abs/2509.01149 https://

Compiler Bugs Detection in Logic Synthesis Tools via Linear Upper Confidence Bound
Field-Programmable Gate Arrays (FPGAs) play an indispensable role in Electronic Design Automation (EDA), translating Register-Transfer Level (RTL) designs into gate-level netlists. The correctness and reliability of FPGA logic synthesis tools are critically important, as unnoticed bugs in these tools may infect the final hardware implementations. However, recent approaches often rely heavily on random selection strategies, limiting the structural diversity of the generated HDL test cases and re…

2 issues resolved in the #Jellyfin for #Roku 3.0.9 RC-1!
I know I said it last time, but I'm loving this release methodology!
The items found weren't bugs, but side effects of changes that only occur if you use Jellyfin in a specific way.
I love catching these before we…

PerfBench: Can Agents Resolve Real-World Performance Bugs?
Spandan Garg, Roshanak Zilouchian Moghaddam
https://arxiv.org/abs/2509.24091 https://arxiv.org/p…

PerfBench: Can Agents Resolve Real-World Performance Bugs?
Performance bugs are inefficiencies in software that waste computational resources without causing functional failures, making them particularly challenging to detect and fix. While recent advances in Software Engineering agents have shown promise in automated bug fixing, existing benchmarks primarily focus on functional correctness and fail to evaluate agents' abilities to identify and resolve non-functional issues like performance bugs. We introduce PerfBench, a benchmark comprising 81 real-w…

Automated Formal Verification of a Software Fault Isolation System
Matthew Sotoudeh, Zachary Yedidia
https://arxiv.org/abs/2508.15898 https://arxiv.org/pdf…

Automated Formal Verification of a Software Fault Isolation System
Software fault isolation (SFI) is a popular way to sandbox untrusted software. A key component of SFI is the verifier that checks the untrusted code is written in a subset of the machine language that guarantees it never reads or writes outside of a region of memory dedicated to the sandbox. Soundness bugs in the SFI verifier would break the SFI security model and allow the supposedly sandboxed code to read protected memory. In this paper, we address the concern of SFI verifier bugs by performi…

@…
> pkg: An error occurred while fetching package: Unknown error
<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=28723…

🇺🇦 #NowPlaying on KEXP's #MiddayShow
Sudan Archives:
🎵 A BUG'S LIFE
#SudanArchives
https://sudanarchives.bandcamp.com/track/a-bugs-life
https://open.spotify.com/track/1D7qrNAEbZ0G4oR6YZTvFK

"we do not only find bugs in systemd"
TIL some #AMI #firmware limits PE binaries to 24 sections

Replaced article(s) found for cs.SE. https://arxiv.org/list/cs.SE/new
[1/1]:
- Challenging Bug Prediction and Repair Models with Synthetic Bugs
Ali Reza Ibrahimzada, Yang Chen, Ryan Rong, Reyhaneh Jabbarvand

How legacy carmakers fell behind Tesla and Chinese EV brands in software, as a Toyota Woven engineer says the company's new Arene platform is "full of bugs" (Financial Times)
https://www.ft.com/content/d5d5b7fb-30fc-4f32-86d2-7499bcc433b6

‘Full of bugs’: how the world’s biggest carmakers fell behind in software
The shift from a manufacturing model to a digital one is proving difficult and expensive for many of the industry’s traditional companies

The view on the way to work along the Oak Leaf Trail is lovely at some spots...
(Though stopping for the photo I got attacked by bugs, which is not great.)
#biking #bikeTooter #mke

from my link log —
GHC: from bug to merge.
http://neilmitchell.blogspot.com/2018/12/ghc-from-bug-to-merge.html
saved 2018-12-12 ht…

Interleaved Learning and Exploration: A Self-Adaptive Fuzz Testing Framework for MLIR
Zeyu Sun, Jingjing Liang, Weiyi Wang, Chenyao Suo, Junjie Chen, Fanjiang Xu
https://arxiv.org/abs/2510.07815

Interleaved Learning and Exploration: A Self-Adaptive Fuzz Testing Framework for MLIR
MLIR (Multi-Level Intermediate Representation) has rapidly become a foundational technology for modern compiler frameworks, enabling extensibility across diverse domains. However, ensuring the correctness and robustness of MLIR itself remains challenging. Existing fuzzing approaches-based on manually crafted templates or rule-based mutations-struggle to generate sufficiently diverse and semantically valid test cases, making it difficult to expose subtle or deep-seated bugs within MLIR's complex…

Formalizing Linear Motion G-code for Invariant Checking and Differential Testing of Fabrication Tools
Yumeng He, Chandrakana Nandi, Sreepathi Pai
https://arxiv.org/abs/2509.00699

Formalizing Linear Motion G-code for Invariant Checking and Differential Testing of Fabrication Tools
The computational fabrication pipeline for 3D printing is much like a compiler - users design models in Computer Aided Design (CAD) tools that are lowered to polygon meshes to be ultimately compiled to machine code by 3D slicers. For traditional compilers and programming languages, techniques for checking program invariants are well-established. Similarly, methods like differential testing are often used to uncover bugs in compilers themselves, which makes them more reliable. The fabrication pi…

@… <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290024#c6> confirmed, thanks.
tcsh whilst booted from FreeBSD-14.3-RELEASE-amd6…

A Generic and Efficient Python Runtime Verification System and its Large-scale Evaluation
Zhuohang Shen, Mohammed Yaseen, Denini Silva, Kevin Guan, Junho Lee, Marcelo d'Amorim, Owolabi Legunsen
https://arxiv.org/abs/2509.06324

A Generic and Efficient Python Runtime Verification System and its Large-scale Evaluation
Runtime verification (RV) now scales for testing thousands of open-source Java projects, helping find hundreds of bugs. The popular Python ecosystem could use such benefits. But, today's Python RV systems are limited to a domain or specification logic, or slow. We propose PyMOP, a generic, extensible, and efficient RV system for Python. PyMOP supports five logics, implements five existing monitoring algorithms, ships with 73 API specs of Python and widely-used libraries, supports three instrume…

111
ayuda | aide | Hilfe | aiuto | ajuda | hulp | hjälp | hjælp | hjelp | apu | pomoc | помощь | βοήθεια | yardım | مساعدة | עזרה | मदद | 帮助 | 助け | 도움
recently modified <https://bugs.freebsd.org/bu…

LSPFuzz: Hunting Bugs in Language Servers
Hengcheng Zhu, Songqiang Chen, Valerio Terragni, Lili Wei, Jiarong Wu, Yepang Liu, Shing-Chi Cheung
https://arxiv.org/abs/2510.00532 ht…

LSPFuzz: Hunting Bugs in Language Servers
The Language Server Protocol (LSP) has revolutionized the integration of code intelligence in modern software development. There are approximately 300 LSP server implementations for various languages and 50 editors offering LSP integration. However, the reliability of LSP servers is a growing concern, as crashes can disable all code intelligence features and significantly impact productivity, while vulnerabilities can put developers at risk even when editing untrusted source code. Despite the w…

FuzzRDUCC: Fuzzing with Reconstructed Def-Use Chain Coverage
Kai Feng, Jeremy Singer, Angelos K Marnerides
https://arxiv.org/abs/2509.04967 https://arxiv.o…

FuzzRDUCC: Fuzzing with Reconstructed Def-Use Chain Coverage
Binary-only fuzzing often struggles with achieving thorough code coverage and uncovering hidden vulnerabilities due to limited insight into a program's internal dataflows. Traditional grey-box fuzzers guide test case generation primarily using control flow edge coverage, which can overlook bugs not easily exposed through control flow analysis alone. We argue that integrating dataflow analysis into the fuzzing process can enhance its effectiveness by revealing how data propagates through the pro…

@… many thanks.
<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290024#h1>

@… yeah, I need to test for bugs such as these:
https://mastodon.bsd.cafe/@grahamperrin/115431909232654236

CircInspect: Integrating Visual Circuit Analysis, Abstraction, and Real-Time Development in Quantum Debugging
Mushahid Khan, Prashant J. Nair, Olivia Di Matteo
https://arxiv.org/abs/2509.25199

CircInspect: Integrating Visual Circuit Analysis, Abstraction, and Real-Time Development in Quantum Debugging
Software bugs typically result from errors in specifications or code translation. While classical software engineering has evolved with various tools and methodologies to tackle such bugs, the emergence of quantum computing presents unique challenges. Quantum software development introduces complexities due to the probabilistic nature of quantum computing, distinct algorithmic primitives, and potential hardware noise. In this paper, we introduce CircInspect, an interactive tool tailored for deb…

LLM-GUARD: Large Language Model-Based Detection and Repair of Bugs and Security Vulnerabilities in C and Python
Akshay Mhatre, Noujoud Nader, Patrick Diehl, Deepti Gupta
https://arxiv.org/abs/2508.16419

LLM-GUARD: Large Language Model-Based Detection and Repair of Bugs and Security Vulnerabilities in C++ and Python
Large Language Models (LLMs) such as ChatGPT-4, Claude 3, and LLaMA 4 are increasingly embedded in software/application development, supporting tasks from code generation to debugging. Yet, their real-world effectiveness in detecting diverse software bugs, particularly complex, security-relevant vulnerabilities, remains underexplored. This study presents a systematic, empirical evaluation of these three leading LLMs using a benchmark of foundational programming errors, classic security flaws, a…

Abstain and Validate: A Dual-LLM Policy for Reducing Noise in Agentic Program Repair
Jos\'e Cambronero, Michele Tufano, Sherry Shi, Renyao Wei, Grant Uy, Runxiang Cheng, Chin-Jung Liu, Shiying Pan, Satish Chandra, Pat Rondon
https://arxiv.org/abs/2510.03217

Abstain and Validate: A Dual-LLM Policy for Reducing Noise in Agentic Program Repair
Agentic Automated Program Repair (APR) is increasingly tackling complex, repository-level bugs in industry, but ultimately agent-generated patches still need to be reviewed by a human before committing them to ensure they address the bug. Showing unlikely patches to developers can lead to substantial noise, wasting valuable developer time and eroding trust in automated code changes. We introduce two complementary LLM-based policies to reduce such noise: bug abstention and patch validation polic…

Automated Repair of OpenID Connect Programs (Extended Version)
Tamjid Al Rahat, Yanju Chen, Yu Feng, Yuan Tian
https://arxiv.org/abs/2510.02773 https://arx…

Automated Repair of OpenID Connect Programs (Extended Version)
OpenID Connect has revolutionized online authentication based on single sign-on (SSO) by providing a secure and convenient method for accessing multiple services with a single set of credentials. Despite its widespread adoption, critical security bugs in OpenID Connect have resulted in significant financial losses and security breaches, highlighting the need for robust mitigation strategies. Automated program repair presents a promising solution for generating candidate patches for OpenID imple…

Deep Learning Based Concurrency Bug Detection and Localization
Zuocheng Feng, Kaiwen Zhang, Miaomiao Wang, Yiming Cheng, Yuandao Cai, Xiaofeng Li, Guanjun Liu
https://arxiv.org/abs/2508.20911

Deep Learning Based Concurrency Bug Detection and Localization
Concurrency bugs, caused by improper synchronization of shared resources in multi-threaded or distributed systems, are notoriously hard to detect and thus compromise software reliability and security. The existing deep learning methods face three main limitations. First, there is an absence of large and dedicated datasets of diverse concurrency bugs for them. Second, they lack sufficient representation of concurrency semantics. Third, binary classification results fail to provide finer-grained …

Arguzz: Testing zkVMs for Soundness and Completeness Bugs
Christoph Hochrainer, Valentin W\"ustholz, Maria Christakis
https://arxiv.org/abs/2509.10819 https://

Arguzz: Testing zkVMs for Soundness and Completeness Bugs
Zero-knowledge virtual machines (zkVMs) are increasingly deployed in decentralized applications and blockchain rollups since they enable verifiable off-chain computation. These VMs execute general-purpose programs, frequently written in Rust, and produce succinct cryptographic proofs. However, zkVMs are complex, and bugs in their constraint systems or execution logic can cause critical soundness (accepting invalid executions) or completeness (rejecting valid ones) issues. We present Arguzz, t…

XAMT: Cross-Framework API Matching for Testing Deep Learning Libraries
Bin Duan, Ruican Dong, Naipeng Dong, Dan Dongseong Kim, Guowei Yang
https://arxiv.org/abs/2508.12546 https…

XAMT: Cross-Framework API Matching for Testing Deep Learning Libraries
Deep learning powers critical applications such as autonomous driving, healthcare, and finance, where the correctness of underlying libraries is essential. Bugs in widely used deep learning APIs can propagate to downstream systems, causing serious consequences. While existing fuzzing techniques detect bugs through intra-framework testing across hardware backends (CPU vs. GPU), they may miss bugs that manifest identically across backends and thus escape detection under these strategies. To addre…

When Bugs Linger: A Study of Anomalous Resolution Time Outliers and Their Themes
Avinash Patil
https://arxiv.org/abs/2509.16140 https://arxiv.org/pdf/2509.…

When Bugs Linger: A Study of Anomalous Resolution Time Outliers and Their Themes
Efficient bug resolution is critical for maintaining software quality and user satisfaction. However, specific bug reports experience unusually long resolution times, which may indicate underlying process inefficiencies or complex issues. This study presents a comprehensive analysis of bug resolution anomalies across seven prominent open-source repositories: Cassandra, Firefox, Hadoop, HBase, SeaMonkey, Spark, and Thunderbird. Utilizing statistical methods such as Z-score and Interquartile Rang…

Metamorphic Coverage
Jinsheng Ba, Yuancheng Jiang, Manuel Rigger
https://arxiv.org/abs/2508.16307 https://arxiv.org/pdf/2508.16307

Metamorphic Coverage
Metamorphic testing is a widely used methodology that examines an expected relation between pairs of executions to automatically find bugs, such as correctness bugs. We found that code coverage cannot accurately measure the extent to which code is validated and mutation testing is computationally expensive for evaluating metamorphic testing methods. In this work, we propose Metamorphic Coverage (MC), a coverage metric that examines the distinct code executed by pairs of test inputs within metam…

FalseCrashReducer: Mitigating False Positive Crashes in OSS-Fuzz-Gen Using Agentic AI
Paschal C. Amusuo, Dongge Liu, Ricardo Andres Calvo Mendez, Jonathan Metzman, Oliver Chang, James C. Davis
https://arxiv.org/abs/2510.02185

FalseCrashReducer: Mitigating False Positive Crashes in OSS-Fuzz-Gen Using Agentic AI
Fuzz testing has become a cornerstone technique for identifying software bugs and security vulnerabilities, with broad adoption in both industry and open-source communities. Directly fuzzing a function requires fuzz drivers, which translate random fuzzer inputs into valid arguments for the target function. Given the cost and expertise required to manually develop fuzz drivers, methods exist that leverage program analysis and Large Language Models to automatically generate these drivers. However…