32 results about "Static program analysis" patented technology

Systems and methods are provided for performing static error analysis on source code. A computer system having an operating system may contain a number of source code files. During a normal build process, a build program may be used to set various compilation options and to invoke appropriate compilers that compile the source code files into executable code. Static analysis debugging tools may be used to perform static analysis on the source code files. The appropriate static analysis tools may be invoked using a static analysis tool management program. Directory, path and name modification may be used to invoke the analysis tools. A monitoring program may be used to determine how to invoke the tools. The operating system may be modified so that the static analysis tools are invoked in place of the compilers when the build program is run.

A system and method employing pre- and/or post-condition(s) specified at a source code level and persisted (e.g., in associated object code and/or a specification repository) facilitating static checking of the object code is provided. The system and method are based, at least in part, upon a framework that employs rules for using an interface to be recorded as declarative specifications in an existing language. A specifier can give a method a plug-in pre- and postcondition, which is arbitrary code that examines an object's current state and a static approximation of the method's actuals, decides whether the call is legal and returns the object's state after the call.

The invention belongs to the technical field of program information security monitoring, and particularly relates to an Android application used application program vulnerability detection and analysis method based on code library security specifications. The method comprises the following steps: building a security specification model, i.e., describing the security specifications of the code library by using formalized rule languages; designing a static program analyzer for performing automatic verification based on the security specification model; applying the static program analyzer to two phases, i.e., compilation of application programs and examination of the application programs in an application market, and detecting security vulnerabilities. According to the detection and analysis method provided by the invention, the security risk in the program can be prevented.

The invention discloses a concurrent-program test method based on the lock-object splitting strategy and a test system thereof. The concurrent-program test method includes the steps that relevant codes are analyzed with the static program analysis technology, and shared variables protected without same lock objects are determined; then abnormal access codes of the shared variables are split, the split codes are protected through the same lock objects, and the fine-grained synchronization method is generated; reachability testing (all feasible synchronization sequences are operated) is carried out, interleaved sequences between fine-grained synchronization events on different monitor objects in a raw to-be-test concurrent program are generated and carried out, and as the shared variables are protected through false lock objects, concurrent program errors such as data hazards, atomic against and deadlocking are shown. By means of the concurrent-program test method based on the lock-object splitting strategy and the test system thereof, the capacity of detecting the concurrent program errors can be effectively improved.

A hybrid program analysis method includes initiating a static program analysis of an application, generating, by a static program analyzer, a query to a dynamic program analyzer upon determining a code construct of the application requiring dynamic analysis, resolving, by the dynamic program analyzer, the query into a set of arguments with which to invoke the code construct of the application, generating, by the dynamic program analyzer, the set of arguments, invoking, by the dynamic program analyzer, the code construct of the application using set of arguments, answering, by the dynamic program analyzer, the query, and continuing the static program analysis of the application.

The invention provides a synchronous optimization method and synchronous optimization equipment. The method comprises the following steps: carrying out static program analysis on a compiled method, confirming a synchronous method calling point without carrying out synchronous operation on a synchronous object in the compiled method according to an analysis result and marking the synchronous method calling point; compiling the called synchronous method according to the marked synchronous method calling point to generate a local code allowing to execute the synchronous operation on the synchronous object of the synchronous method; and executing the local code according to the marked synchronous method. The synchronous optimization method and the synchronous optimization equipment have high flexibility and favorable expandability.

The invention discloses a static program analysis system for a target code. The system comprises a decompilation module, an intermediate expression refinement module, a program analysis module and a visual module. The decompilation module adopts a to-be-analyzed target code file as input, performs packaging format removal and decompilation operations on an input file, generates an assembly code, a control flowchart and process boundary and other information and adopts the same as the output of the model; the intermediate expression refinement module generates a corresponding data structure and performs a refinement operation according to the information generated by the decompilation module; the program analysis module generates several expression forms of the to-be-analyzed program according to the information output by the decompilation module and the intermediate expression refinement module; and the visual module is applied to visible display of various patterns and other information in an analysis process. The system analyzes the program behaviors according to actually executed binary codes and has higher fidelity compared with an analysis tool for source codes.

The invention relates to a JavaScript function parameter mismatch detection method based on a static program analysis and natural language processing method. The method comprises the steps of, constructing an abstract syntax tree AST for each file in a JavaScript project, traversing the AST tree, and extracting program related information of a definition function and a construction function of thewhole project; scanning and analyzing the JavaScript file of the whole project, respectively obtaining specific positions of a definition function and a calling function, and constructing a functioncalling graph of the project; according to the extracted annotation information, deducing the type of the parameter through a natural language processing method in combination with probability; and according to the extracted information, detecting the inconsistency of the parameter number, the parameter name and the parameter type, and giving a detection report that the JavaScript function parameters in the project are not matched.

System and method are described for program analysis with data caching. Briefly described, in architecture, the system can be implemented as follows. The present invention for program analysis with data caching includes a counter for tracking each time on of a plurality of blocks of code in the computer program is executed. A counter cache stores the plurality of counters of the plurality of blocks of code that are most recently executed. A storage area stores a plurality of counters of the plurality of blocks of code that are not most recently executed code.

The invention discloses an Internet of Things smart home scene safety analysis method and device, and is used for solving the problems that the safety analysis of an Internet of Things platform has the limitation of a monitoring range, and the analysis is difficult when facing various Internet of Things platforms. The method comprises the following steps: performing static program analysis on an Internet of Things application source code to extract an equipment entity and a linkage rule; identifying the description text of the Internet of Things equipment function and the Internet of Things application purpose to obtain an Internet of Things physical channel; constructing an Internet of Things model composed of entity units based on the equipment entity, the linkage rule and the Internet of Things physical channel; and in the Internet of Things model, detecting whether a path exists between the trigger entity units in the linkage rule and whether the trigger entity units of different Internet of Things applications have accessibility for the same functional attribute or physical channel by using a depth-first algorithm, thereby determining risk factors of the Internet of Things smart home scene.

The invention discloses a static analysis-based Android application Binder communication overload vulnerability detection method, which comprises the following steps of: analyzing an Android framework source code to establish a function call graph, and based on transfer function transact forward analysis, determining a Binder communication interface function exposed by an Android framework; carrying out static analysis on Android application codes, and establishing a data inclusion relation table of a single function through a context-insensitive, flow-sensitive and path-insensitive inter-function data flow analysis technology; selecting functions related to a Binder communication interface function to establish an application data inclusion relation general table; based on the expansion transmission mode, searching an expansion transmission object conforming to the mode, analyzing an expansion statement of the expansion transmission object to judge whether the circulation condition is met or not, and obtaining the Binder communication overload vulnerability conforming to the circulation expansion transmission mode through detection. According to the method, a static program analysis means is adopted, the transmission object is determined by establishing the data inclusion relation of the whole application, and the technical effect of detecting the Binder communication overload vulnerability is achieved.

Providing specialization for a static program analysis procedure by executing an automated agent to monitor a code authoring process for a program under examination that includes a plurality of respective lexical scopes. The agent monitors a corresponding amount of coding time, or a corresponding number of edits, for each of the plurality of respective lexical scopes. A mapping associates each of the plurality of respective lexical scopes with a first quantitative measure of the corresponding amount of time, or a second quantitative measure of the corresponding number of edits, that were used to code each of the plurality of respective lexical scopes. The static analysis procedure is specialized by applying a more refined, detailed, precise, or granular analysis to a first lexical scope that is mapped to a greater amount of time or a greater number of edits than a second lexical scope.

The invention discloses a source code fragment pairing comparison method based on coded sequence representation, and belongs to the technical field of computer programs. The method includes: using a coded sequence source code representation method based on static program analysis to convert a source code text into coded sequence representation; performing data processing on the coded sequence of the source code segment by using Burrows-Wheeler conversion to obtain an index of the coded sequence; through seed screening, finding out subsequence alignment seeds with high similarity from indexes of the coded sequences; using a Smith-Waterman algorithm to take the high-similarity seeds as initial positions of subsequence alignment, and expanding subsequences with a certain similarity thresholdvalue in subsequent sequences; positioning the high-similarity part between the source code fragments according to the source code line number information corresponding to the coding sequence. The technical problems that cross-granularity similarity matching cannot be supported and high-similarity fragment positioning is not accurate enough are solved, cross-granularity source code similarity comparison can be supported, and source code texts which do not need to be compared are required to have the same granularity.

The invention discloses a program source code slice recombination-based software dynamic update hot patch synthesis method, which comprises the following steps of: analyzing source codes and/or binary codes of a new version program and an old version program through a static program, and extracting a certain amount of basic components and data stream slices related to dynamic update; enumerating the combination of the obtained basic components, and automatically generating a corresponding transfer function according to the data flow relationship; and running the generated transfer function on the test case, and outputting a correct transfer function. According to the method, new and old version program codes can be automatically analyzed, and basic components and data stream slices for constructing the conversion function are extracted, so that the object state conversion function is automatically synthesized by utilizing the basic components and the data stream slices, developers are helped, and the labor burden is greatly reduced.