STATIC CODE ANALYSIS

A lot of the defects that are present in a program are not visible to the compiler. Static code analysis is a way to find bugs and reduce the defects in a software application. This paper gives you an overview on static code analysis, well-known tools and the benefits of this practice.code, analysis

Lab Package: Static Code Analysis

Antud bakalaureusetöö eesmärgiks on luua uus versioon staatilist koodianalüüsi tutvustavast praktikumimaterjalist, mida kasutatakse Tartu Ülikoolis aines “Tarkvara Testimine (MTAT.03.159)”. Töös kirjeldatakse nii peamisi põhjuseid muutusteks kui ka töö käigus valminud uuenenud materjale. Loodud materjale rakendati eelnimetatud aines ning neile antud tagasiside oli positiivne. Töö lõpeb tudengite antud tagasiside analüüsiga ning lisatud on ka soovitusi edasisteks parandusteks.The main goal of this thesis is to enhance the lab materials about static code analysis used in the course “Software Testing (MTAT.03.159)” in the University of Tartu. The motivation for the changes is explained and the new materials are introduced in this work. The materials were applied in the course and received positive feedback. Students’ feedback given after the execution of the lab is analyzed with suggestions for future improvements given

Enabling Operator Reordering in Data Flow Programs Through Static Code Analysis

In many massively parallel data management platforms, programs are represented as small imperative pieces of code connected in a data flow. This popular abstraction makes it hard to apply algebraic reordering techniques employed by relational DBMSs and other systems that use an algebraic programming abstraction. We present a code analysis technique based on reverse data and control flow analysis that discovers a set of properties from user code, which can be used to emulate algebraic optimizations in this setting.Comment: 4 pages, accepted and presented at the First International Workshop on Cross-model Language Design and Implementation (XLDI), affiliated with ICFP 2012, Copenhage

Predicting access to persistent objects through static code analysis

In this paper, we present a fully-automatic, high-accuracy approach to predict access to persistent objects through static code analysis of object-oriented applications. The most widely-used previous technique uses a simple heuristic to make the predictions while approaches that offer higher accuracy are based on monitoring application execution. These approaches add a non-negligible overhead to the application’s execution time and/or consume a considerable amount of memory. By contrast, we demonstrate in our experimental study that our proposed approach offers better accuracy than the most common technique used to predict access to persistent objects, and makes the predictions farther in advance, without performing any analysis during application executionThis work has been supported by the European Union’s Horizon 2020 research and innovation program (grant H2020-MSCA-ITN-2014-642963), the Spanish Government (grant SEV2015-0493 of the Severo Ochoa Program), the Spanish Ministry of Science and Innovation (contract TIN2015-65316) and Generalitat de Catalunya (contract 2014-SGR-1051). The authors would also like to thank Alex Barceló for his feedback on the formalization included in this paper.Peer ReviewedPostprint (author's final draft

Qualitative and Quantitative Evaluation of Static Code Analysis Tools

poster abstractStatic code analysis (SCA) is a methodology of detecting errors in programs without actually compiling the source code to binary format and executing it on a machine. The main goal of a SCA tool is to aid developers in quickly identifying errors that can jeopardize the security and integrity of the program. With the vast array of SCA tools available, each specializing in particular languages, error types, and detection methodologies, choosing the optimal tool(s) can be a daunting task for any software developer, or organization. This, however, is not a problem associated only with SCA tools, but applies to any application domain where many tools exist and a selection of a subset of these tools is needed for effectively tackling a given problem. To address this fundamental challenge with selecting the most appropriate SCA tool for a particular problem, this research is performing a comprehensive study of different available SCA tool, both commercial and open-source. The end goal of this study is to not only evaluate how different SCA tools perform with respect to locating specific errors in source code (i.e., the quality of the tool), but to model the behavior of each SCA tool using quantitative metrics gathered from the source code, such as source lines of code (SLOC), cyclometic complexity, and function points. The behavioral model can then be used to prescreen existing (and new) source code, and select the most appropriate SCA tool, or set of SCA tools, that can identify the most errors in the source code undergoing analysis

Applying static code analysis to firewall policies for the purpose of anomaly detection

Department Head: Bruce Austin Draper.2009 Summer.Includes bibliographical references (pages 71-74).Treating modern firewall policy languages as imperative, special purpose programming languages, in this thesis we will try to apply static code analysis techniques for the purpose of anomaly detection. We will first abstract a policy in common firewall policy language into an intermediate language, and then we will try to apply anomaly detection algorithms to it. The contributions made by this thesis are: 1. An analysis of various control flow instructions in popular firewall policy languages 2. Introduction of an intermediate firewall policy language, with emphasis on control flow constructs. 3. Application of Static Code Analysis to detect anomalies in firewall policy, expressed in intermediate firewall policy language. 4. Sample implementation of Static Code Analysis of firewall policies, expressed in our abstract language using Datalog language

Forming Teams for Teaching Programming based on Static Code Analysis

The use of team for teaching programming can be effective in the classroom because it helps students to generate and acquire new knowledge in less time, but these groups to be formed without taking into account some respects, may cause an adverse effect on the teaching-learning process. This paper proposes a tool for the formation of team based on the semantics of source code (SOFORG). This semantics is based on metrics extracted from the preferences, styles and good programming practices. All this is achieved through a static analysis of code that each student develops. In this way, you will have a record of students with the information extracted; it evaluates the best formation of teams in a given course. The team's formations are based on programming styles, skills, pair programming or with leader.Comment: 9 pages, 5 equations, 5 figures; IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 2, No 3, March 2012. ISSN (Online): 1694-081