Auflistung nach Schlagwort "Static Analysis"
1 - 4 von 4
Treffer pro Seite
Sortieroptionen
- ZeitschriftenartikelAutomatically Detecting and Mitigating Issues in Program Analyzers(Softwaretechnik-Trends Band 44, Heft 2, 2024) Mansur, Muhammad NumairThis dissertation tackles two major challenges that impede the incorporation of static analysis tools into software development workflows, despite their potential to detect bugs and vulnerabilities in software before deployment. The first challenge addressed is unintentional unsoundness in program analyzers, such as SMT solvers and Datalog engines, which are susceptible to undetected soundness issues that can lead to severe consequences, particularly in safety-critical software. The dissertation presents novel, publicly available techniques that detected over 55 critical soundness bugs in these tools. The second challenge is balancing soundness, precision, and performance in static analyzers, which struggle with integration into diverse development scenarios due to their inability to scale and adapt to different program sizes and resource constraints. To combat this, the dissertation introduces an approach to automatically tailor abstract interpreters to specific code and resource conditions and presents a method for horizontally scaling analysis tools in cloud-based platforms.
- ZeitschriftenartikelModular Collaborative Program Analysis(Softwaretechnik-Trends Band 44, Heft 2, 2024) Helm, DominikStatic analyses are essential to ensure the efficiency and security of software. They face challenges as we use ever more and ever more complex software. We address these challenges by enabling collaborative analyses composed of small, maintainable modules. In this thesis, we propose the blackboard analysis architecture that allows independent modules to collaborate using a central data store. This architecture is framework-independent, applicable to a broad range of static analyses regardless of their implementation paradigm, and allows for modular soundness proofs. Using four case studies and an extensive evaluation, we show how the blackboard analysis architecture allows improving the soundness, precision, and scalability of static analyses and fosters the exploration of trade-offs between these qualities.
- Konferenzbeitragpycheckmate – Addressing Challenges in Automatic Code Evaluation and Feedback Generation for Python Novices(Proceedings of the Sixth Workshop "Automatische Bewertung von Programmieraufgaben" (ABP 2023), 2023) Brocker, Annabell; Schroeder, UlrikIn academic settings, code assessment differs from traditional software testing by encompassing not only functional correctness but also critical structural aspects like naming conventions and programming concepts. Conventional static analysis tools like Pylint and Flake8, along with input-output unit tests, are deemed inadequate for introductory Python courses. To address this gap, this paper introduces pycheckmate, a library, tailored for automatic testing and targeted feedback in introductory Python programming courses.
- KonferenzbeitragA Unified Lattice Model and Framework for Purity Analyses(Software Engineering and Software Management 2019, 2019) Helm, Dominik; Kübler, Florian; Eichberg, Michael; Reif, Michael; Mezini, MiraThis paper was presented in 2018 at the 33rd ACM/IEEE International Conference on Automated Software Engineering and proposes a framework for purity analyses. Analyzing methods in object-oriented programs whether they are side-effect free and also deterministic, i.e., mathematically pure, has been the target of extensive research. Identifying such methods helps to find code smells and security related issues, and helps analyses detecting concurrency bugs. Pure methods are further used for formal specifications and proving the pureness is necessary to ensure correct specifications. However, no common terminology exists which describes the purity of methods. Furthermore, some terms (e.g., pure or side-effect free) are used inconsistently. Further, all current approaches only report selected purity information making them only suitable for a smaller subset of the potential use cases. We present a fine-grained unified lattice model which puts the purity levels found in the literature into relation and which adds a new level that generalizes existing definitions. We have also implemented a scalable, modularized purity analysis which produces significantly more precise results for real-world programs than the best-performing related work. The analysis shows that all defined levels are found in real-world projects.