Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Differential static program analysis

a static program and analysis method technology, applied in the field of static code analysis, can solve the problems of limiting the usability of commercial analysis tools, false reports, and high false reports of static analysis tools

Inactive Publication Date: 2014-04-24
IBM CORP
View PDF1 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

The patent describes a method and system for analyzing programs using a combination of high-level and low-level analyses. The high-level analysis is performed using a processor to generate one or more high-level findings, while the low-level analysis is performed using a processor to generate one or more low-level findings. The low-level findings are then mapped to the high-level findings to create a concise combination report that categorizes each finding according to its associated level of analysis. The combination report can also link analyses to associate a suppressed finding in one analysis with a full report on the finding in another analysis. The technical effect of this patent is to provide a more comprehensive analysis of programs that can identify and categorize high-level and low-level findings, and to facilitate the linking of analyses to better understand the overall context and significance of the findings.

Problems solved by technology

These violations may be false reports due to the approximations the analysis applies to put bounds on the state space of the program, which could otherwise be infinite.
Since the tested properties are mostly hard to verify statically (e.g., security vulnerabilities, concurrency bugs, typestate violations, etc.), static analysis tools typically have a high proportion of false reports.
This limits the usability of commercial analysis tools: The size of the report, together with the poor quality of many of the findings, makes it difficult to translate the report into an actionable list of remediation tasks.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Differential static program analysis
  • Differential static program analysis
  • Differential static program analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018]The present principles provide for a differential static analysis, where using multiple analyses of increasing granularity enables the reporting of fewer findings compared to using more fine-grained analyses. Moreover, each of the reported findings is reported at an intuitive level, making it easier for the analyst to take appropriate remediating action in response to discovered violations. By grouping together similar findings, the job of the human reviewer is made much simpler, as similar violations are listed in such a way as to make identifying root causes easier.

[0019]Static security analysis typically takes the form of taint analysis, where the analysis is parameterized by a set of security rules, each rule being a triple , where Src denotes source statements that read untrusted user inputs, San denotes downgrader statements that endorse untrusted data by validating and / or sanitizing it, and Snk denotes sink statements which perform security-sensitive operations. Given a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Methods for program analysis include performing a high-level analysis on a program using a processor to generate one or more high-level findings; performing one or more low-level analyses on the program using a processor to generate one or more low-level findings; mapping the one or more low-level findings to the high-level findings to generate a concise combination report that categorizes each finding according to the highest-level analysis that produces the finding.

Description

BACKGROUND[0001]1. Technical Field[0002]The present invention relates to static code analysis and, more particularly, to using multiple analyses with differing levels of precision to make static analysis reports more useful.[0003]2. Description of the Related Art[0004]Static code analysis is a powerful approach for software verification. Static analysis typically features one-sided error: a subject program is safe with regard to the tested property if no violations of the property are discovered by the analysis, which over-approximates the program's set of possible behaviors. However, if the analysis does report violations of the property, then that doesn't necessarily imply that the program is incorrect. These violations may be false reports due to the approximations the analysis applies to put bounds on the state space of the program, which could otherwise be infinite.[0005]Since the tested properties are mostly hard to verify statically (e.g., security vulnerabilities, concurrenc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(United States)
IPC IPC(8): G06F9/44
CPCG06F8/75G06F11/3604
Inventor GUARNIERI, SALVATORE ANGELOTRIPP, OMERPISTOIA, MARCO
Owner IBM CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products