STATIC CODE ANALYSIS

A lot of the defects that are present in a program are not visible to the compiler. Static code analysis is a way to find bugs and reduce the defects in a software application. This paper gives you an overview on static code analysis, well-known tools and the benefits of this practice.code, analysis

Lab Package: Static Code Analysis

Antud bakalaureusetöö eesmärgiks on luua uus versioon staatilist koodianalüüsi tutvustavast praktikumimaterjalist, mida kasutatakse Tartu Ülikoolis aines “Tarkvara Testimine (MTAT.03.159)”. Töös kirjeldatakse nii peamisi põhjuseid muutusteks kui ka töö käigus valminud uuenenud materjale. Loodud materjale rakendati eelnimetatud aines ning neile antud tagasiside oli positiivne. Töö lõpeb tudengite antud tagasiside analüüsiga ning lisatud on ka soovitusi edasisteks parandusteks.The main goal of this thesis is to enhance the lab materials about static code analysis used in the course “Software Testing (MTAT.03.159)” in the University of Tartu. The motivation for the changes is explained and the new materials are introduced in this work. The materials were applied in the course and received positive feedback. Students’ feedback given after the execution of the lab is analyzed with suggestions for future improvements given

Enabling Operator Reordering in Data Flow Programs Through Static Code Analysis

In many massively parallel data management platforms, programs are represented as small imperative pieces of code connected in a data flow. This popular abstraction makes it hard to apply algebraic reordering techniques employed by relational DBMSs and other systems that use an algebraic programming abstraction. We present a code analysis technique based on reverse data and control flow analysis that discovers a set of properties from user code, which can be used to emulate algebraic optimizations in this setting.Comment: 4 pages, accepted and presented at the First International Workshop on Cross-model Language Design and Implementation (XLDI), affiliated with ICFP 2012, Copenhage

Applying static code analysis for domain-specific languages

The use of code quality control platforms for analysing source code is increasingly gaining attention in the developer community. These platforms are prepared to parse and check source code written in a variety of general-purpose programming languages. The emergence of domain-specific languages enables professionals from different areas to develop and describe problem solutions in their disciplines. Thus, source code quality analysis methods and tools can also be applied to software artefacts developed with a domain-specific language. To evaluate the quality of domain-specific language code, every software component required by the quality platform to parse and query the source code must be developed. This becomes a time-consuming and error-prone task, for which this paper describes a model-driven interoperability strategy that bridges the gap between the grammar formats of source code quality parsers and domain-specific text languages. This approach has been tested on the most widespread platforms for designing text-based languages and source code analysis. This interoperability approach has been evaluated on a number of specific contexts in different domain areas

Predicting access to persistent objects through static code analysis

In this paper, we present a fully-automatic, high-accuracy approach to predict access to persistent objects through static code analysis of object-oriented applications. The most widely-used previous technique uses a simple heuristic to make the predictions while approaches that offer higher accuracy are based on monitoring application execution. These approaches add a non-negligible overhead to the application’s execution time and/or consume a considerable amount of memory. By contrast, we demonstrate in our experimental study that our proposed approach offers better accuracy than the most common technique used to predict access to persistent objects, and makes the predictions farther in advance, without performing any analysis during application executionThis work has been supported by the European Union’s Horizon 2020 research and innovation program (grant H2020-MSCA-ITN-2014-642963), the Spanish Government (grant SEV2015-0493 of the Severo Ochoa Program), the Spanish Ministry of Science and Innovation (contract TIN2015-65316) and Generalitat de Catalunya (contract 2014-SGR-1051). The authors would also like to thank Alex Barceló for his feedback on the formalization included in this paper.Peer ReviewedPostprint (author's final draft

Qualitative and Quantitative Evaluation of Static Code Analysis Tools

poster abstractStatic code analysis (SCA) is a methodology of detecting errors in programs without actually compiling the source code to binary format and executing it on a machine. The main goal of a SCA tool is to aid developers in quickly identifying errors that can jeopardize the security and integrity of the program. With the vast array of SCA tools available, each specializing in particular languages, error types, and detection methodologies, choosing the optimal tool(s) can be a daunting task for any software developer, or organization. This, however, is not a problem associated only with SCA tools, but applies to any application domain where many tools exist and a selection of a subset of these tools is needed for effectively tackling a given problem. To address this fundamental challenge with selecting the most appropriate SCA tool for a particular problem, this research is performing a comprehensive study of different available SCA tool, both commercial and open-source. The end goal of this study is to not only evaluate how different SCA tools perform with respect to locating specific errors in source code (i.e., the quality of the tool), but to model the behavior of each SCA tool using quantitative metrics gathered from the source code, such as source lines of code (SLOC), cyclometic complexity, and function points. The behavioral model can then be used to prescreen existing (and new) source code, and select the most appropriate SCA tool, or set of SCA tools, that can identify the most errors in the source code undergoing analysis

Applying static code analysis to firewall policies for the purpose of anomaly detection

Department Head: Bruce Austin Draper.2009 Summer.Includes bibliographical references (pages 71-74).Treating modern firewall policy languages as imperative, special purpose programming languages, in this thesis we will try to apply static code analysis techniques for the purpose of anomaly detection. We will first abstract a policy in common firewall policy language into an intermediate language, and then we will try to apply anomaly detection algorithms to it. The contributions made by this thesis are: 1. An analysis of various control flow instructions in popular firewall policy languages 2. Introduction of an intermediate firewall policy language, with emphasis on control flow constructs. 3. Application of Static Code Analysis to detect anomalies in firewall policy, expressed in intermediate firewall policy language. 4. Sample implementation of Static Code Analysis of firewall policies, expressed in our abstract language using Datalog language