Symbolic Execution Based Intra-Procedural Analysis for Search for Defects

Alexey Evgenevich Borodin; Irina Aleksandrovna Dudina

doi:10.15514/ispras-2020-32(6)-7

Symbolic Execution Based Intra-Procedural Analysis for Search for Defects

Proceedings of the Institute for System Programming of RAS ◽

10.15514/ispras-2020-32(6)-7 ◽

2020 ◽

Vol 32 (6) ◽

pp. 87-100

Author(s):

Alexey Evgenevich Borodin ◽

Irina Aleksandrovna Dudina

Keyword(s):

Symbolic Execution ◽

Analysis Tool ◽

Bug Detection ◽

Call Graph ◽

Quality Of Reports ◽

Speed Up ◽

Abstract Domains ◽

Value Numbering ◽

Static Analysis Tool

Svace is a static analysis tool for bug detection in C/C++/Java source code. To analyze a program, Svace performs an intra-procedure analysis of individual functions, starting from the leaves of a call-graph and moving towards the roots, and uses summaries of previously analyzed procedures at call-cites. In this paper, we overview the approaches and techniques employed by Svace for the intra-procedural analysis. This phase is performed by an analyzer engine and an extensible set of detectors. The core engine employs a symbolic execution approach with state merging. It uses value numbering to reduce the set of symbolic expressions, maintains points-to relationship graph for memory modeling, and performs strong and weak updates of program values. Detectors are responsible for discovering and reporting bugs. They calculate different properties of program values using a variety of abstract domains. All detectors work simultaneously orchestrated by the engine. Svace analysis is unsound and employs a variety of heuristics to speed-up. We designed Svace to analyze big projects (several MLOCs) in just a few hours and report as many warnings as possible, while keeping a good quality of reports ≥ 65 of true positives). For example, Tizen 5.5 (20MLOC) analysis takes 8.6 hours and produces 18,920 warnings, more than 70% of which are true-positive.

Download Full-text

Searching for tainted vulnerabilities in static analysis tool Svace

Proceedings of the Institute for System Programming of RAS ◽

10.15514/ispras-2021-33(1)-1 ◽

2021 ◽

Vol 33 (1) ◽

pp. 7-32

Author(s):

Alexey Evgenevich Borodin ◽

Alexey Vyacheslavovich Goremykin ◽

Sergey Pavlovitch Vartanov ◽

Andrey Andreevich Belevantsev

Keyword(s):

High Speed ◽

Symbolic Execution ◽

False Negative ◽

False Negative Rate ◽

False Positives ◽

Analysis Tool ◽

Main Function ◽

Smt Solver ◽

Call Graph ◽

Low Level

The paper is dedicated to search for taint-based errors in the source code of programs, i.e. errors caused by unsafe use of data obtained from external sources, which could potentially be modified by an attacker. The interprocedural static analyzer Svace was used as a basis. The analyzer searches both for defects in the program and searches for suspicious places where the logic of the program may be violated. The goal is to find as many errors as possible at an acceptable speed and a low level of false positives (< 20-35%). To find errors, Svace with help of modified compiler builds a low-level typed intermediate representation, which is used as an input to the main SvEng analyzer. The analyzer builds a call graph and then performs summary-based analysis. In this analysis, the functions are traversed according to the call graph starting from the leaves. After analyzing the function, its summary is created, which will then be used to analyze the call instructions. The analysis has both high speed and good scalability. Intra-procedural analysis is based on symbolic execution with the union of states at merge points of paths. An SMT solver can be used to filter out infeasible paths for some checkers. In this case, the SMT-solver is called only if there is a suspicion of an error. The analyzer has been expanded to find defects of tainted data using. The checkers are implemented as plugins by using the source-sink scheme. The sources are calls of library functions that receive data from outside the program, as well as the arguments of the main function. Sinks are accessing to arrays, using variables as a step or loop boundary, calling functions that require checked arguments. Checkers covering most of the possible types of vulnerabilities for tainted integers and strings have been implemented. The Juliet project was used to assess the coverage. The false negative rate ranged from 46,31% to 81.17% with a small number of false positives.

Download Full-text

Pengaruh Kualitas Sumber Daya Manusia, Pemanfaatan Teknologi Informasi, Dan Sistem Pengendalian Intern Terhadap Ketepatwaktuan Pelaporan Keuangan Pemerintah Desa

Kajian Bisnis STIE Widya Wiwaha ◽

10.32477/jkb.v26i2.274 ◽

2018 ◽

Vol 26 (2) ◽

pp. 131-143

Author(s):

Marlinawati Marlinawati ◽

Dewi Kusuma Wardani

Keyword(s):

Information Technology ◽

Control System ◽

Human Resources ◽

Financial Reporting ◽

Internal Control ◽

Positive Influence ◽

Internal Control System ◽

Speed Up ◽

Village Government

The purpose of this research is to know the influence between the Quality of Human Resources, Utilization of Information Technology and Internal Control System Against Timeliness of Village Government Financial Reporting at Gunungkidul Regency. This research is causative research. The population is the village government in Gunungkidul Regency, especially in Gedangsari subdistrict. Criteria of respondents in the study were to village and village apparatus. We use questionnaire to collect data. We use multiple regression with SPSS program version 16.0 to analyze data. We find that quality of human resources and internal control system have a positive influence on the timeliness of village government financial reporting. On the other hand, utilization of information technology does not influence the timeliness of village government financial reporting. These imply that the quality of human resources and internal control system can speed up the preparation of village government financial reporting.

Download Full-text

Methods of parallel computing for multilevel fuzzy Takagi – Sugeno systems

PROBLEMS IN PROGRAMMING ◽

10.15407/pp2016.02-03.141 ◽

2016 ◽

pp. 141-149

Author(s):

S.V. Yershov ◽

◽

R.М. Ponomarenko ◽

Keyword(s):

Dynamic Models ◽

Fuzzy Inference ◽

Knowledge Bases ◽

Comparative Characteristic ◽

Software Systems ◽

Scientific Papers ◽

Speed Up ◽

Diagnostic Software ◽

Takagi Sugeno

Parallel tiered and dynamic models of the fuzzy inference in expert-diagnostic software systems are considered, which knowledge bases are based on fuzzy rules. Tiered parallel and dynamic fuzzy inference procedures are developed that allow speed up of computations in the software system for evaluating the quality of scientific papers. Evaluations of the effectiveness of parallel tiered and dynamic schemes of computations are constructed with complex dependency graph between blocks of fuzzy Takagi – Sugeno rules. Comparative characteristic of the efficacy of parallel-stacked and dynamic models is carried out.

Download Full-text

Reduction of number of postoperative complications depends on quality of dressing material and wound treatment

Medsestra (Nurse) ◽

10.33920/med-05-2004-10 ◽

2020 ◽

pp. 61-63

Author(s):

Larisa Katkasova ◽

Svetlana Kropotova

Keyword(s):

At Risk ◽

Wound Healing ◽

Postoperative Complications ◽

Wound Treatment ◽

Postoperative Wound ◽

Speed Up ◽

Modern Technologies

Operated patients suffering from diabetes are at risk of developing postoperative complications. Modern technologies of postoperative wound treatment and modern dressings allow to avoid complications and speed up the process of postoperative wound healing.

Download Full-text

Editorial peer-review for improving the quality of reports of biomedical studies

10.1002/14651858.mr000016 ◽

2001 ◽

Cited By ~ 1

Author(s):

TO Jefferson ◽

P Alderson ◽

F Davidoff ◽

E Wager

Keyword(s):

Peer Review ◽

Quality Of Reports

Download Full-text

The compiler as a static analysis tool

Proceedings of the 2007 ACM international conference on SIGAda annual international conference - SIGAda '07 ◽

10.1145/1315580.1315601 ◽

2007 ◽

Cited By ~ 1

Author(s):

Robert B. K. Dewar

Keyword(s):

Static Analysis ◽

Analysis Tool ◽

Static Analysis Tool

Download Full-text

A CDT-Based Heuristic Zone Design Approach for Economic Census Investigators

Mathematical Problems in Engineering ◽

10.1155/2015/828374 ◽

2015 ◽

Vol 2015 ◽

pp. 1-14 ◽

Cited By ~ 1

Author(s):

Changixu Cheng ◽

Xiaomei Song ◽

Jing Yang ◽

Xiatian Hu ◽

Shi Shen ◽

...

Keyword(s):

Delaunay Triangulation ◽

Real World ◽

Heuristic Method ◽

Real World Application ◽

Economic Census ◽

Speed Up ◽

Growth Approach ◽

Special Zone ◽

Required Quality

This paper addresses a special zone design problem for economic census investigators that is motivated by a real-world application. This paper presented a heuristic multikernel growth approach via Constrained Delaunay Triangulation (CDT). This approach not only solved the barriers problem but also dealt with the polygon data in zoning procedure. In addition, it uses a new heuristic method to speed up the zoning process greatly on the premise of the required quality of zoning. At last, two special instances for economic census were performed, highlighting the performance of this approach.

Download Full-text

Does quality of reports of randomised trials affect estimates of intervention efficacy reported in meta-analyses?

The Lancet ◽

10.1016/s0140-6736(98)01085-x ◽

1998 ◽

Vol 352 (9128) ◽

pp. 609-613 ◽

Cited By ~ 2614

Author(s):

David Moher ◽

Ba' Pham ◽

Alison Jones ◽

Deborah J Cook ◽

Alejandro R Jadad ◽

...

Keyword(s):

Randomised Trials ◽

Intervention Efficacy ◽

Quality Of Reports ◽

Meta Analyses

Download Full-text

Improving the Quality of Surgical Pathology Reports for Breast Cancer: A Centralized Audit With Feedback

Archives of Pathology & Laboratory Medicine ◽

10.5858/2008-132-1428-itqosp ◽

2008 ◽

Vol 132 (9) ◽

pp. 1428-1431

Author(s):

Ronald Onerheim ◽

Pierre Racette ◽

André Jacques ◽

Robert Gagnon

Keyword(s):

Breast Cancer ◽

Resection Margin ◽

Lymphatic Invasion ◽

Surgical Pathology ◽

Breast Cancer Surgery ◽

Pathology Report ◽

Good Communication ◽

Quality Of Reports ◽

Pathology Reports

Abstract Context.—Good communication of pathologic characteristics of a malignancy is crucial to therapy choices and accurate prognostication. The information must be easily retrieved from a surgical pathology report. Objectives.—To evaluate, first in 1999, the quality of surgical pathology reports for segmental breast resections for cancer in Quebec hospitals. Subsequently, to reevaluate, in 2003, the same indicators to determine if the first surveillance, with feedback, was associated with an improvement in the quality of the reports. Design.—All Quebec hospitals performing the preset number of 20 or more segmental breast resections for cancer in 1999 and 2003 participated. A committee of pathologists, after review of the literature, chose 7 diagnostic elements deemed vital to a surgical pathology report for conservative breast cancer surgery. Medical archivists in each institution were instructed on how to retrieve the data. The main outcome measure was the presence or absence of the diagnostic information clearly presented on the surgical pathology report. Results.—Fifty-one hospitals participated in 1999 and 50 in 2003. Overall, conformity improved from 85.0% in 1999 for the first evaluation to 92.5% in 2003 for the second evaluation (P < .001). Six of the 7 indicators showed an improvement in the level of conformity between the first and second evaluations. Conformity was weakest for recording the distance between the tumor and the resection margin (68.2%) and vascular/lymphatic invasion (61.4%) in 1999. Conclusions.—Surveillance of quality of surgical pathology reports, with feedback, is significantly associated with an improvement in the quality of reports.

Download Full-text

Usage of 3D Anthropometric Data in CAD/CAM Individual Measurement List

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.1117.283 ◽

2015 ◽

Vol 1117 ◽

pp. 283-286

Author(s):

Inga Dāboliņa ◽

Ausma Viļumsone ◽

Jānis Dāboliņš ◽

Dana Beļakova

Keyword(s):

The Body ◽

Human Anatomy ◽

Anthropometric Data ◽

Individual Measurement ◽

Data Usage ◽

Scanning Device ◽

Wide Range ◽

Cad Cam ◽

Speed Up

Computer aided designing software not only the possibility to speed up the process of putting a new model into production and improve the quality of the products, but also reduces material costs and labour intensity, ensuring an elastic change of the assortment. The designing of clothes includes a row of processes and one of the most time and labour consuming is constructing. A construction displays the layout (pattern) of the surface of the body (garment). As it depends on correct anthropometric data, it is very important to get ones right. The use of 3D surface scanning technologies to produce digitized representations of the human anatomy has the potential to help change the way a wide range of products are designed and produced. Every scanning device is equipped with optic (light) appliances to ensure non-contact measuring. Measurements acquired by 3D scanning device should be checked out for compliance with CAD systems for automatized pattern making procedure. The paper introduces the experiment with scanned data usage in CAD pattern making. The project aims to implement scanned data values in the CAD/CAM individual measurement list for acquiring individualized pattern blocks.

Download Full-text