• Title/Summary/Keyword: Static Analysis

Search Result 895, Processing Time 0.107 seconds

Analysis of Detection Ability Impact of Clang Static Analysis Tool by Source Code Obfuscation Technique (소스 코드 난독화 기법에 의한 Clang 정적 분석 도구의 성능 영향 분석)

  • Jin, Hongjoo;Park, Moon Chan;Lee, Dong Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.3
    • /
    • pp.605-615
    • /
    • 2018
  • Due to the rapid growth of the Internet of Things market, the use of the C/C++ language, which is the most widely used language in embedded systems, is also increasing. To improve the quality of code in the C/C++ language and reduce development costs, it is better to use static analysis, a software verification technique that can be performed in the first half of the software development life cycle. Many programs use static analysis to verify software safety and many static analysis tools are being used and studied. In this paper, we use Clang static analysis tool to check security weakness detection performance of verified test code. In addition, we compared the static analysis results of the test codes applied with the source obfuscation techniques, layout obfuscation, data obfuscation, and control flow obfuscation techniques, and the static analysis results of the original test codes, Analyze the detection ability impact of the Clang static analysis tool.

Static Analysis of Three Dimensional Solid Structure by Finite Element-Transfer Stiffness Coefficent Method Introducing Hexahedral Element (육면체 요소를 도입한 유한요소-전달강성계수법에 의한 3차원 고체 구조물의 정적 해석)

  • Choi, Myung-Soo;Moon, Deok-Hong
    • Journal of Power System Engineering
    • /
    • v.16 no.1
    • /
    • pp.78-83
    • /
    • 2012
  • The authors suggest the algorithm for the static analysis of a three dimensional solid structure by using the finite element-transfer stiffness coefficient method (FE-TSCM) and the hexahedral element of the finite element method (FEM). MATLAB codes were made by both FE-TSCM and FEM for the static analysis of three dimensional solid structure. They were applied to the static analyses of a very thick plate structure and a three dimensional solid structure. In this paper, as we compare the results of FE-TSCM with those of FEM, we confirm that FE-TSCM introducing the hexahedral element for the static analysis of a three dimensional solid structure is very effective from the viewpoint of the computational accuracy, speed, and storage.

Static Analysis of Large Scale Software Repositories Using WALA and Boa (WALA와 Boa를 활용하여 대규모 소프트웨어 저장소를 정적으로 분석하는 도구 개발)

  • Park, Gyunghee;Ryu, Sukyoung
    • Journal of KIISE
    • /
    • v.44 no.10
    • /
    • pp.1081-1086
    • /
    • 2017
  • A program analysis of a large-scale open-source software repository has a significant meaning in that it allows us to examine the changes and improvements of the software in repositories, and this brings more reliable results based on a large amount of programs. In this paper, we introduce a new static analysis framework WALABOA, which enables a scalable static analysis of large-scale software repositories. In addition, we show new findings from applying WALABOA, together with a module comparing the analysis results from a static analysis and a dynamic analysis, in evaluation of the field-based analysis, one of JavaScript static analysis techniques used in WALA.

A Study on the Improvement of Source Code Static Analysis Using Machine Learning (기계학습을 이용한 소스코드 정적 분석 개선에 관한 연구)

  • Park, Yang-Hwan;Choi, Jin-Young
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1131-1139
    • /
    • 2020
  • The static analysis of the source code is to find the remaining security weaknesses for a wide range of source codes. The static analysis tool is used to check the result, and the static analysis expert performs spying and false detection analysis on the result. In this process, the amount of analysis is large and the rate of false positives is high, so a lot of time and effort is required, and a method of efficient analysis is required. In addition, it is rare for experts to analyze only the source code of the line where the defect occurred when performing positive/false detection analysis. Depending on the type of defect, the surrounding source code is analyzed together and the final analysis result is delivered. In order to solve the difficulty of experts discriminating positive and false positives using these static analysis tools, this paper proposes a method of determining whether or not the security weakness found by the static analysis tools is a spy detection through artificial intelligence rather than an expert. In addition, the optimal size was confirmed through an experiment to see how the size of the training data (source code around the defects) used for such machine learning affects the performance. This result is expected to help the static analysis expert's job of classifying positive and false positives after static analysis.

A Study on Software Static Analysis Method on IEC 62279 (IEC 62279 규격의 소프트웨어 정적분석에 관한 연구)

  • Jin, Zhe-Huan;Li, Chang-Long;Lee, Jae-Ho;Kim, Jae-Sik;Lee, Key-Seo
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.10 no.4
    • /
    • pp.513-519
    • /
    • 2015
  • Static analysis is one of the software source code analysis tools. 9 static analysis methods of three groups are recommended by international electro-technical commission about software safety related standard in IEC 62279. In this paper we choose the proper static analysis method from IEC 62279 about the train wayside communication system, Shorten the time of railway signalling software development using LDRA tools. And it wil be useful to improve the effective development of the safety-related software.

A GQM Approach to Evaluation of the Quality of SmartThings Applications Using Static Analysis

  • Chang, Byeong-Mo;Son, Janine Cassandra;Choi, Kwanghoon
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.14 no.6
    • /
    • pp.2354-2376
    • /
    • 2020
  • SmartThings is one of the most popular open platforms for home automation IoT solutions that allows users to create their own applications called SmartApps for personal use or for public distribution. The nature of openness demands high standards on the quality of SmartApps, but there have been few studies that have evaluated this thoroughly yet. As part of software quality practice, code reviews are responsible for detecting violations of coding standards and ensuring that best practices are followed. The purpose of this research is to propose systematically designed quality metrics under the well-known Goal/Question/Metric methodology and to evaluate the quality of SmartApps through automatic code reviews using a static analysis. We first organize our static analysis rules by following the GQM methodology, and then we apply the rules to real-world SmartApps to analyze and evaluate them. A study of 105 officially published and 74 community-created real-world SmartApps found a high ratio of violations in both types of SmartApps, and of all violations, security violations were most common. Our static analysis tool can effectively inspect reliability, maintainability, and security violations. The results of the automatic code review indicate the common violations among SmartApps.

Equivalent Static Analysis of Progressive Collapse Using Equivalent Load for Stiffness (강성등가하중을 이용한 등가정적 연쇄붕괴 해석)

  • Hwang, Young-Chul;Kim, Gye-Joong;Kim, Chee-Kyeong
    • Proceedings of the Computational Structural Engineering Institute Conference
    • /
    • /
    • pp.375-380
    • /
    • 2007
  • The goal of this paper is to develop a rational static method which consider efficiently the dynamic effect of the gravity load following sudden removal of element. For this goal this paper introduce the equivalent load for element stiffness which is a preceding research result and will develop equivalent static analysis which will be able to predict the maximum behavior considering dynamic effect. Some examples are provided to verify it. Equivalent static analysis is compared with the analysis method which is recommended by the GSA2003 guidelines and the time-history analysis which is the most accurate for dynamic behavior.

  • PDF

Effects of damping ratio on dynamic increase factor in progressive collapse

  • Mashhadi, Javad;Saffari, Hamed
    • Steel and Composite Structures
    • /
    • v.22 no.3
    • /
    • pp.677-690
    • /
    • 2016
  • In this paper, the effect of damping ratio on nonlinear dynamic analysis response and dynamic increase factor (DIF) in nonlinear static analysis of structures against column removal are investigated and a modified empirical DIF is presented. To this end, series of low and mid-rise moment frame structures with different span lengths and number of storeys are designed and the effect of damping ratio in DIF is investigated, performing several nonlinear static and dynamic analyses. For each damping ratio, a nonlinear dynamic analysis and a step by step nonlinear static analysis are carried out and the modified empirical DIF formulas are derived. The results of the analysis reveal that DIF is decreased with increasing damping ratio. Finally, an empirical formula is recommended that relates to damping ratio. Therefore, the new modified DIF can be used with nonlinear static analysis instead of nonlinear dynamic analysis to assess the progressive collapse potential of moment frame buildings with different damping ratios.

Evaluation of the Structural Stability of Platform Screen Door (PSD) due to Train Wind Pressure (열차 진입 시 풍압에 의한 완전 밀폐형 승강장 스크린 도어(PSD)시스템의 구조 안정성 평가)

  • Lee, Jae-Youl;Ryu, Bong-Jo;Kim, Dong-Hyun;Lee, Eun-Kyu;Shin, Kwang-Bok
    • Journal of the Korean Society for Railway
    • /
    • v.9 no.5
    • /
    • pp.594-600
    • /
    • 2006
  • In this study, transient and quasi-static analysis were done for the evaluation of structural integrity of the platform screen door due to train wind pressure. Fluent 6.0 was used to calculate the train wind pressure, and Ansys 10.0 was used to evaluate the structural stability of platform screen door due to train wind pressure. Transient analysis was used to check the design requirements of platform screen door, and quasi-static analysis was introduced to save the calculating time and check quickly structural performances when compared to those of transient analysis. The results show that structural stability of the platform screen door under train wind pressure is proven and quasi-static analysis can quickly check the structural integrity of platform screen door.

Compliance Effect Modeling based on Quasi-static Analysis for Real-time Multibody Vehicle Dynamics (실시간 다물체 차량 해석을 위한 준정적법의 컴플라이언스 효과 모델링)

  • Jeong, Wan-Hee;Ha, Kyoung-Nam;Kim, Sung-Soo
    • Proceedings of the KSME Conference
    • /
    • /
    • pp.1003-1008
    • /
    • 2007
  • Compliance effect consideration method for real-time multibody vehicle dynamics is proposed using quasi-static analysis. The multibody vehicle model without bush elements is used based on the subsystem synthesis method which provides real-time computation on the multibody vehicle model. Reaction forces are computed in the suspension subsystem. According to deformation from the quasi-static analysis using reaction forces and bush stiffness, suspension hardpoint locations and suspension linkage orientation are changed. To validate the proposed method, quarter car simulations of McPherson strut and multilink suspension subsystems. Full car bump run simulations are also carried out comparing with the ADAMS vehicle model with bush elements. CPU times are also measured to see the real-time capabilities of the proposed method.

  • PDF