{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,16]],"date-time":"2026-07-16T20:01:18Z","timestamp":1784232078910,"version":"3.55.0"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,12,21]],"date-time":"2020-12-21T00:00:00Z","timestamp":1608508800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100011199","name":"European Research Council","doi-asserted-by":"publisher","award":["851895"],"award-info":[{"award-number":["851895"]}],"id":[{"id":"10.13039\/100011199","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,12,21]]},"DOI":"10.1145\/3324884.3416576","type":"proceedings-article","created":{"date-parts":[[2021,1,27]],"date-time":"2021-01-27T23:38:56Z","timestamp":1611790736000},"page":"956-967","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["No strings attached"],"prefix":"10.1145","author":[{"given":"Aryaz","family":"Eghbali","sequence":"first","affiliation":[{"name":"University of Stuttgart, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Michael","family":"Pradel","sequence":"additional","affiliation":[{"name":"University of Stuttgart, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2021,1,27]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM.2012.28"},{"key":"e_1_3_2_1_2_1","volume-title":"Symposium on Principles of Programming Languages (POPL). ACM, 4--16","author":"Ammons Glenn","unstructured":"Glenn Ammons, Rastislav Bod\u00edk, and James R. Larus. 2002. Mining specifications. In Symposium on Principles of Programming Languages (POPL). ACM, 4--16."},{"key":"e_1_3_2_1_3_1","volume-title":"A Survey of Dynamic Analysis and Test Generation for JavaScript. Comput. Surveys","author":"Andreasen Esben","year":"2017","unstructured":"Esben Andreasen, Liang Gong, Anders M\u00f8ller, Michael Pradel, Marija Selakovic, Koushik Sen, and Cristian-Alexandru Staicu. 2017. A Survey of Dynamic Analysis and Test Generation for JavaScript. Comput. Surveys (2017)."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2014.2372785"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772701"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2591062.2591111"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213872"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-17524-9_1"},{"key":"e_1_3_2_1_9_1","volume-title":"Developer Economics: State of the Developer Nation","author":"Carraz Michael","year":"2020","unstructured":"Michael Carraz, Konstaninos Korakitis, Peter Crocker, Richard Muir, and Christina Voskoglou. 2020. Developer Economics: State of the Developer Nation. SlashData, Ltd.."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931073"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2597073.2597108"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/502034.502042"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2010.5609723"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44898-5_1"},{"key":"e_1_3_2_1_16_1","volume-title":"10th USENIX Security Symposium, August 13--17","author":"Cowan Crispin","year":"2001","unstructured":"Crispin Cowan, Matt Barringer, Steve Beattie, Greg Kroah-Hartman, Michael Frantzen, and Jamie Lokier. 2001. FormatGuard: Automatic Protection From printf Format String Vulnerabilities. In 10th USENIX Security Symposium, August 13--17, 2001, Washington, D.C., USA, Dan S. Wallach (Ed.). USENIX. http:\/\/www.usenix.org\/publications\/library\/proceedings\/sec01\/cowanbarringer.html"},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the 12th Conference on USENIX Security Symposium -","volume":"12","author":"Scott","unstructured":"Scott A. Crosby and Dan S. Wallach. 2003. Denial of Service via Algorithmic Complexity Attacks. In Proceedings of the 12th Conference on USENIX Security Symposium - Volume 12. USENIX."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","unstructured":"Andrew Habib and Michael Pradel. 2018. How Many of All Bugs Do We Find? A Study of Static Bug Detectors. In ASE.","DOI":"10.1145\/3238147.3238213"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"crossref","unstructured":"Xue Han and Tingting Yu. 2016. An Empirical Study on Performance Bugs for Highly Configurable Software Systems. In ESEM.","DOI":"10.1145\/2961111.2962602"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"crossref","unstructured":"David Hovemeyer and William Pugh. 2004. Finding bugs is easy. In Companion to the Conference on Object-Oriented Programming Systems Languages and Applications (OOPSLA). ACM 132--136.","DOI":"10.1145\/1028664.1028717"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Md Johirul Islam Giang Nguyen Rangeet Pan and Hridesh Rajan. 2019. A Comprehensive Study on Deep Learning Bug Characteristics. In FSE.","DOI":"10.1145\/3338906.3338955"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254075"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1572272.1572286"},{"key":"e_1_3_2_1_24_1","volume-title":"Ernst","author":"Kiezun Adam","year":"2009","unstructured":"Adam Kiezun, Philip J. Guo, Karthick Jayaraman, and Michael D. Ernst. 2009. Automatic creation of SQL Injection and cross-site scripting attacks. In ICSE. 199--209."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3318162"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"crossref","unstructured":"Zhenmin Li and Yuanyuan Zhou. 2005. PR-Miner: Automatically Extracting Implicit Programming Rules and Detecting Violations in Large Software Code. In European Software Engineering Conference and Symposium on Foundations of Software Engineering (ESEC\/FSE). ACM 306--315.","DOI":"10.1145\/1095430.1081755"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Yepang Liu Chang Xu and S.C. Cheung. 2014. Characterizing and Detecting Performance Bugs for Smartphone Applications. In ICSE. 1013--1024.","DOI":"10.1145\/2568225.2568229"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346281.1346323"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00045"},{"key":"e_1_3_2_1_30_1","first-page":"100","article-title":"Differential Testing for Software","volume":"10","author":"McKeeman William M.","year":"1998","unstructured":"William M. McKeeman. 1998. Differential Testing for Software. Digital Technical Journal 10, 1 (1998), 100--107.","journal-title":"Digital Technical Journal"},{"key":"e_1_3_2_1_31_1","volume-title":"An Empirical Study of Client-Side JavaScript Bugs. In Symposium on Empirical Software Engineering and Measurement (ESEM). 55--64","author":"Ocariza Frolin S.","year":"2013","unstructured":"Frolin S. Ocariza Jr., Kartik Bajaj, Karthik Pattabiraman, and Ali Mesbah. 2013. An Empirical Study of Client-Side JavaScript Bugs. In Symposium on Empirical Software Engineering and Measurement (ESEM). 55--64."},{"key":"e_1_3_2_1_32_1","volume-title":"International Conference on Automated Software Engineering (ASE). 371--382","author":"Pradel Michael","unstructured":"Michael Pradel and Thomas R. Gross. 2009. Automatic Generation of Object Usage Specifications from Large Method Traces. In International Conference on Automated Software Engineering (ASE). 371--382."},{"key":"e_1_3_2_1_33_1","volume-title":"European Conference on Object-Oriented Programming (ECOOP).","author":"Pradel Michael","year":"2015","unstructured":"Michael Pradel and Koushik Sen. 2015. The Good, the Bad, and the Ugly: An Empirical Study of Implicit Type Conversions in JavaScript. In European Conference on Object-Oriented Programming (ECOOP)."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3276517"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2016.2532875"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884829"},{"key":"e_1_3_2_1_37_1","volume-title":"Detecting Format String Vulnerabilities with Type Qualifiers. In 10th USENIX Security Symposium, August 13--17","author":"Shankar Umesh","year":"2001","unstructured":"Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David A. Wagner. 2001. Detecting Format String Vulnerabilities with Type Qualifiers. In 10th USENIX Security Symposium, August 13--17, 2001, Washington, D.C., USA, Dan S. Wallach (Ed.). USENIX. http:\/\/www.usenix.org\/publications\/library\/proceedings\/sec01\/shankar.html"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2318202.2318207"},{"key":"e_1_3_2_1_39_1","volume-title":"Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers. In USENIX Security Symposium. 361--376","author":"Staicu Cristian-Alexandru","year":"2018","unstructured":"Cristian-Alexandru Staicu and Michael Pradel. 2018. Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers. In USENIX Security Symposium. 361--376."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294276"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115668"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2015.7332456"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2010.15"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.59"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115663"},{"key":"e_1_3_2_1_46_1","unstructured":"Peipei Wang Chris Brown Jamie A Jennings and Kathryn T Stolee. [n.d.]. An Empirical Study on Regular Expression Bugs. ([n. d.])."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236072"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213866"},{"key":"e_1_3_2_1_49_1","volume-title":"MAPO: Mining and Recommending API Usage Patterns. In European Conference on Object-Oriented Programming (ECOOP). 318--343","author":"Zhong Hao","year":"2009","unstructured":"Hao Zhong, Tao Xie, Lu Zhang, Jian Pei, and Hong Mei. 2009. MAPO: Mining and Recommending API Usage Patterns. In European Conference on Object-Oriented Programming (ECOOP). 318--343."}],"event":{"name":"ASE '20: 35th IEEE\/ACM International Conference on Automated Software Engineering","location":"Virtual Event Australia","acronym":"ASE '20","sponsor":["SIGAI ACM Special Interest Group on Artificial Intelligence","SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS"]},"container-title":["Proceedings of the 35th IEEE\/ACM International Conference on Automated Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3324884.3416576","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3324884.3416576","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:01:38Z","timestamp":1750197698000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3324884.3416576"}},"subtitle":["an empirical study of string-related software bugs"],"short-title":[],"issued":{"date-parts":[[2020,12,21]]},"references-count":48,"alternative-id":["10.1145\/3324884.3416576","10.1145\/3324884"],"URL":"https:\/\/doi.org\/10.1145\/3324884.3416576","relation":{},"subject":[],"published":{"date-parts":[[2020,12,21]]},"assertion":[{"value":"2021-01-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}