scholarly journals Multi-language static code analysis on the LARA framework

2021 ◽  
Author(s):  
Gil Teixeira ◽  
João Bispo ◽  
Filipe F. Correia
Keyword(s):  
Code Analysis ◽  
Static Code Analysis

Analysis of the Tools for Static Code Analysis

2021 ◽  
Author(s):  
Danilo Nikolic ◽  
Darko Stefanovic ◽  
Dusanka Dakic ◽  
Srdan Sladojevic ◽  
Sonja Ristic
Keyword(s):  
Code Analysis ◽  
Static Code Analysis

scholarly journals Enhanced Bug Prediction in JavaScript Programs with Hybrid Call-Graph Based Invocation Metrics

Technologies ◽  
2020 ◽  
Vol 9 (1) ◽  
pp. 3
Author(s):  
Gábor Antal ◽  
Zoltán Tóth ◽  
Péter Hegedűs ◽  
Rudolf Ferenc
Keyword(s):  
Software Maintenance ◽  
Positive Impact ◽  
Source Code ◽  
Code Analysis ◽  
Static Source ◽  
Static Code Analysis ◽  
Function Calls ◽  
Hybrid Code ◽  
Code Metrics ◽  
Scripting Language

Bug prediction aims at finding source code elements in a software system that are likely to contain defects. Being aware of the most error-prone parts of the program, one can efficiently allocate the limited amount of testing and code review resources. Therefore, bug prediction can support software maintenance and evolution to a great extent. In this paper, we propose a function level JavaScript bug prediction model based on static source code metrics with the addition of a hybrid (static and dynamic) code analysis based metric of the number of incoming and outgoing function calls (HNII and HNOI). Our motivation for this is that JavaScript is a highly dynamic scripting language for which static code analysis might be very imprecise; therefore, using a purely static source code features for bug prediction might not be enough. Based on a study where we extracted 824 buggy and 1943 non-buggy functions from the publicly available BugsJS dataset for the ESLint JavaScript project, we can confirm the positive impact of hybrid code metrics on the prediction performance of the ML models. Depending on the ML algorithm, applied hyper-parameters, and target measures we consider, hybrid invocation metrics bring a 2–10% increase in model performances (i.e., precision, recall, F-measure). Interestingly, replacing static NOI and NII metrics with their hybrid counterparts HNOI and HNII in itself improves model performances; however, using them all together yields the best results.

Cloud Property Graph: Connecting Cloud Security Assessments with Static Code Analysis

2021 ◽  
Author(s):  
Christian Banse ◽  
Immanuel Kunz ◽  
Angelika Schneider ◽  
Konrad Weiss
Keyword(s):  
Cloud Security ◽  
Code Analysis ◽  
Cloud Property ◽  
Static Code Analysis

A Case Study on Testing for Software Security

2012 ◽  
pp. 89-112
Author(s):  
Natarajan Meghanathan ◽  
Alexander Roy Geoghegan
Keyword(s):  
Software Security ◽  
Denial Of Service ◽  
Source Code ◽  
Code Analysis ◽  
Software Vulnerabilities ◽  
Static Code Analysis ◽  
Software Program ◽  
Automated Tools ◽  
High Level

The high-level contribution of this book chapter is to illustrate how to conduct static code analysis of a software program and mitigate the vulnerabilities associated with the program. The automated tools used to test for software security are the Source Code Analyzer and Audit Workbench, developed by Fortify, Inc. The first two sections of the chapter are comprised of (i) An introduction to Static Code Analysis and its usefulness in testing for Software Security and (ii) An introduction to the Source Code Analyzer and the Audit Workbench tools and how to use them to conduct static code analysis. The authors then present a detailed case study of static code analysis conducted on a File Reader program (developed in Java) using these automated tools. The specific software vulnerabilities that are discovered, analyzed, and mitigated include: (i) Denial of Service, (ii) System Information Leak, (iii) Unreleased Resource (in the context of Streams), and (iv) Path Manipulation. The authors discuss the potential risk in having each of these vulnerabilities in a software program and provide the solutions (and the Java code) to mitigate these vulnerabilities. The proposed solutions for each of these four vulnerabilities are more generic and could be used to correct such vulnerabilities in software developed in any other programming language.

scholarly journals Atomicity Violation in Multithreaded Applications and Its Detection in Static Code Analysis Process

2020 ◽  
Vol 10 (22) ◽  
pp. 8005
Author(s):  
Damian Giebas ◽  
Rafał Wojszczyk
Keyword(s):  
Parallel Computing ◽  
Source Code ◽  
Code Analysis ◽  
Atomicity Violation ◽  
Code Model ◽  
Analysis Process ◽  
Static Code Analysis ◽  
Violation Detection ◽  
Definition Of

This paper is a contribution to the field of research dealing with the parallel computing, which is used in multithreaded applications. The paper discusses the characteristics of atomicity violation in multithreaded applications and develops a new definition of atomicity violation based on previously defined relationships between operations, that can be used to atomicity violation detection. A method of detection of conflicts causing atomicity violation was also developed using the source code model of multithreaded applications that predicts errors in the software.

Sign in / Sign up

Export Citation Format

Share Document