I read the paper with great interest. I looked for it because it said that the implementation was publicly available, and I found this repository. When I actually used it, the behavior was different from what I expected.

For example, the regular expression ^(a|ab)+$, which was shown to be True Negative in the paper, seems to be wrongly detected as EOLS in the static analysis part. Note that this example is reported as Negative because the dynamic analysis cannot generate a valid attack string. However, I believe that if it is as described in the paper, it should be found negative in the static analysis portion.

Here is the code I ran before I used the tool.

mvn compile
mvn install
java -classpath target/Rengar-1.0-jar-with-dependencies.jar --enable-preview rengar.cli.Main -s XihhfGFiKSs=

Here, XihhfGFiKSs= is the result of base64 encoding of the regular expression ^(a|ab)+$.
Am I executing it incorrectly? If so, I would like to know how to build and execute it correctly.

Referring to the code, I considered the possibility that Rengar-fold was being called because the part of the code written in reference to the ReDoSHunter implementation, which is a prior study, was being executed.
I am also curious about the Unfold implementation and would like to know which file it is implemented in.

Translated with DeepL.com (free version)