Spelling suggestions: "subject:"static core analysis""
1 |
Code Profiling : Static Code AnalysisBorchert, Thomas January 2008 (has links)
<p>Capturing the quality of software and detecting sections for further scrutiny within are of high interest for industry as well as for education. Project managers request quality reports in order to evaluate the current status and to initiate appropriate improvement actions and teachers feel the need of detecting students which need extra attention and help in certain programming aspects. By means of software measurement software characteristics can be quantified and the produced measures analyzed to gain an understanding about the underlying software quality.</p><p>In this study, the technique of code profiling (being the activity of creating a summary of distinctive characteristics of software code) was inspected, formulized and conducted by means of a sample group of 19 industry and 37 student programs. When software projects are analyzed by means of software measurements, a considerable amount of data is produced. The task is to organize the data and draw meaningful information from the measures produced, quickly and without high expenses.</p><p>The results of this study indicated that code profiling can be a useful technique for quick program comparisons and continuous quality observations with several application scenarios in both industry and education.</p>
|
2 |
Vulnerability Analysis of Vagrant BoxesHolmqvist, Andreas, Lycke, Fredrik January 2017 (has links)
Virtual machines are often considered more secure than regular machines due to the abstraction from the hardware layer. Abstraction does provide some extra security benefits, but many vulnerabilities that exist on a regular machine still exist on virtual machines. Moreover, the sheer amount of virtual machines that are running on many systems makes it difficult to analyse potential vulnerabilities. Vagrant is a management tool for virtual machines packaged in what is called boxes. There are currently no way to automatically scan these Vagrant boxes for vulnerabilities or insecure configurations to determine whether or not they are secure. Therefore we want to establish a method to detect the vulnerabilities of these boxes automatically without launching the box or executing code. There are two main parts in the method used to investigate the boxes. First there is the base box scanning. A base box is an image of which the final box is built upon. This base box is launched, a list of packages is extracted, and the information is then sent to a vulnerability scanner. There is also the analysis of the Vagrantfile. The Vagrantfile is the file that is used to ready the base box with needed software and configurations. The configuration file is written in Ruby and in order to extract information from this file a static code analysis is performed. The result for each box scanned is a list of all the vulnerabilities present on the base box as well as security configurations like SSH settings and shared folders that is retrieved from the Vagrantfile. The results are not completely accurate because the base box is used for the scan, rather than the box itself. Some of the configurations in the Vagrantfiles could not be retrieved because it required code execution or support for configurations done in by other means, like bash. The method does however provide a good indication of how many vulnerabilities a given box possesses.
|
3 |
INCORPORATING CERT SECURE CODING STANDARDS IN TERMS OF UNDEFINED BEHAVIOR AND USELESS CONDITIONS INTO THE CPPCHECK PROJECTAnwar, Alsulaiman Z. 01 August 2014 (has links)
No description available.
|
4 |
Bobox Runtime Optimization / Bobox Runtime OptimizationKrížik, Lukáš January 2015 (has links)
The goal of this thesis is to create a tool for an optimization of code for the task-based parallel framework called Bobox. The optimizer tool reduces a number of short and long running tasks based on a static code analysis. Some cases of short-running tasks cause an unnecessary scheduling overhead. The Bobox scheduler can schedule a task even though the task does not have all input data. Unless, the scheduler has enough information not to schedule such task. In order to remove such short-running task, the tool analyses its input usage and informs the scheduler. Long-running tasks inhibit a parallel execution in some cases. A bigger task granularity can significantly improve execution times in a parallel environment. In order to remove a long-running task, the tool has to be able to evaluate a runtime code complexity and yield a task execution in the appropriate place. Powered by TCPDF (www.tcpdf.org)
|
5 |
A Large-Scale Analysis of How OpenSSL Is Used in Open-Source SoftwareHeidbrink, Scott Jared 01 March 2018 (has links)
As vulnerabilities become more common the security of applications are coming under increased scrutiny. In regards to Internet security, recent work discovers that many vulnerabilities are caused by TLS library misuse. This misuse is attributed to large and confusing APIs and developer misunderstanding of security generally. Due to these problems there is a desire for simplified TLS libraries and security handling. However, as of yet there is no analysis of how the existing APIs are used, beyond how incorrect usage motivates the need to replace them. We provide an analysis of contemporary usage of OpenSSL across 410 popular secure applications. These insights will inform the security community as it addresses TLS library redesign.
|
6 |
Exposure of Patterns in Parallel Memory AccesLundgren, Björn, Ödlund, Anders January 2007 (has links)
<p>The concept and advantages of a Parallel Memory Architecture (PMA) in computer systems have been known for long but it’s only in recent time it has become interesting to implement modular parallel memories even in handheld embedded systems. This thesis presents a method to analyse source code to expose possible parallel memory accesses. Memory access Patterns may be found, categorized and the corresponding code marked for optimization. As a result a PMA compatible with found pattern(s) and code optimization may be specified.</p>
|
7 |
Programinio kodo statinės analizės taisyklių kūrimas ir tyrimas / Design And Analysis Of Custom Static Code Analysis RulesGečiauskas, Ramūnas 25 August 2010 (has links)
Šiame dokumente aprašytas darbas susideda iš trijų dalių. Pirmoje dalyje atlikome inžinerinę programinio kodo valdymo sistemos „SourceHQ“ analizę ir projektavimą. Palyginome rinkoje esančius analogus, jų privalumus ir trūkumus. Glaustai pateikėme architektūrą ir aprašėme pasirinktus realizavimo sprendimus. Dokumento antroje dalyje ištyrėme jau egzistuojančias statinės kodo analizė taisykles ir pasiūlėme jas išplėsti naujomis. Aprašėme analizei naudojamus įrankius, jų veikimo principus ir pateikiamus rezultatus. Paskutinėje darbo dalyje ištyrėme ir eksperimentiškai išbandėme naujai realizuotas mūsų pasiūlytas taisykles. Palyginome testų rezultatus programų veikimo našumo charakteristikos aspektais. Įrodėme mūsų programinio kodo statinės analizės taisyklės privalumus. / This final master’s thesis consists of three major parts. The first section covers engineering aspects of source code management system called “SourceHQ” that we developed, including its analysis and design details. We will provide key details and basis of chosen technologies, business analysis, and design decisions as well as discuss system functionality and its future prospects. The second part is dedicated to testing and ensuring system quality, which led us to design and develop custom static source code analysis rules. We will formulate and explain their potential use and benefits. We will describe additional tools and methods being used and provide main results of static source code analysis. In the final part of our work we go deeper into static source code analysis. We perform experiments based on our designed and developed custom rules on various .NET Framework applications and systems. We cover major performance benefits and drawbacks of every rule separately and display how this approach lets developers optimize their source code in an early development stage. We provide research data based on extensive experiments and conclude how using FxCop tool provided with our improved custom code analysis rules can automatically discover and suggest improvements in CIL code.
|
8 |
Validation of Machine Learning and Visualization based Static Code Analysis Technique / Validering av Machine Learning and Visualization bygger statisk kod analysteknikMahmood, Waqas, Akhtar, Muhammad Faheem January 2009 (has links)
Software security has always been an afterthought in software development which results into insecure software. Companies rely on penetration testing for detecting security vulnerabilities in their software. However, incorporating security at early stage of development reduces cost and overhead. Static code analysis can be applied at implementation phase of software development life cycle. Applying machine learning and visualization for static code analysis is a novel idea. Technique can learn patterns by normalized compression distance NCD and classify source code into correct or faulty usage on the basis of training instances. Visualization also helps to classify code fragments according to their associated colors. A prototype was developed to implement this technique called Code Distance Visualizer CDV. In order test the efficiency of this technique empirical validation is required. In this research we conduct series of experiments to test its efficiency. We use real life open source software as our test subjects. We also collected bugs from their corresponding bug reporting repositories as well as faulty and correct version of source code. We train CDV by marking correct and faulty version of code fragments. On the basis of these trainings CDV classifies other code fragments as correct or faulty. We measured its fault detection ratio, false negative and false positive ratio. The outcome shows that this technique is efficient in defect detection and has low number of false alarms. / Software trygghet har alltid varit en i efterhand inom mjukvaruutveckling som leder till osäker mjukvara. Företagen är beroende av penetrationstester för att upptäcka säkerhetsproblem i deras programvara. Att införliva säkerheten vid tidigt utvecklingsskede minskar kostnaderna och overhead. Statisk kod analys kan tillämpas vid genomförandet av mjukvaruutveckling livscykel. Tillämpa maskininlärning och visualisering för statisk kod är en ny idé. Teknik kan lära mönster av normaliserade kompressionständning avstånd NCD och klassificera källkoden till rätta eller felaktig användning på grundval av utbildning fall. Visualisering bidrar också till att klassificera code fragment utifrån deras associerade färger. En prototyp har utvecklats för att genomföra denna teknik som kallas Code Avstånd VISUALISERARE CDV. För att testa effektiviteten hos denna teknik empirisk validering krävs. I denna forskning vi bedriver serie experiment för att testa dess effektivitet. Vi använder verkliga livet öppen källkod som vår test ämnen. Vi har också samlats in fel från deras motsvarande felrapportering förråd samt fel och rätt version av källkoden. Vi utbildar CDV genom att markera rätt och fel version av koden fragment. På grundval av dessa träningar CDV klassificerar andra nummer fragment som korrekta eller felaktiga. Vi mätt sina fel upptäckt förhållandet falska negativa och falska positiva förhållandet. Resultatet visar att den här tekniken är effektiv i fel upptäckt och har låga antalet falsklarm. / waqasmah@gmail.com +46762316108
|
9 |
Exposure of Patterns in Parallel Memory AccesLundgren, Björn, Ödlund, Anders January 2007 (has links)
The concept and advantages of a Parallel Memory Architecture (PMA) in computer systems have been known for long but it’s only in recent time it has become interesting to implement modular parallel memories even in handheld embedded systems. This thesis presents a method to analyse source code to expose possible parallel memory accesses. Memory access Patterns may be found, categorized and the corresponding code marked for optimization. As a result a PMA compatible with found pattern(s) and code optimization may be specified.
|
10 |
Design and Implementation of a Source Code Profiling Toolset for Embedded System AnalysisQin, An January 2010 (has links)
The market needs for embedded or mobile devices were exploding in the last few years. Customers demand for devices that not only have high capacity of managing various complex jobs, but also can do it fast. Manufacturers therefore, are looking for a new field of processors that fits the special needs of embedded market, for example low power consumption, highly integrated with most components, but also provides the ability to handle different use cases. The traditional ASICs satisfied the market with great performance-per-watt but limited scalability. ASIP processors on the other hand, impact the new market with the ability of high-speed optimized general computing while energy efficiency is only slightly lower than ASICs. One essential problem in ASIP design is how to find the algorithms that can be accelerated. Hardware engineers used to optimize the instruction set manually. But with the toolset introduced in this thesis, design automation can be made by program profiling and the development cycle can be trimmed therefore reducing the cost. Profiling is the process of exposing critical parts of a certain program via static code analysis or dynamic performance analysis. This thesis introduced a code profiler that targeted at discovering repetition section of a program through static and dynamic analysis. The profiler also measures the payload of each loop and provides profiling report with a user friendly GUI client.
|
Page generated in 0.087 seconds