Localising unsafe software resource usage with typed code model

The article presents a method for quality assurance on resource leakage by defect search automation using developed model of program code. Resources requested by the program are identified and assigned extended types storing state markers. Detection occurs by assignment of this markers to elements of code model according to resource management functions, evidencing resource availability. Further analysis is taken place by propagation of the markers according to the rules of a model. Rules are structured a in way that prevents unsafe use of resource handles. Inability to apply specific rule at analysis stage signifies that resource is used in unsafe way, creating potential security flaw in a program

Utilizing type systems for static vulnerability analysis

Programming languages use type systems to reduce number of bugs. Type systems of most languages are not powerful enough to express basic exception safety. Extension of type system in a way that allows representing exception guaranties can provide valuable information to analysis tools. Such tools could even be implemented in type system. We describe a way to extend type system of a given language allowing security invariants to be expressed and vulnerable code to be located