Fig. 1. Diagnostic Algorithm using Syntax Information
Fig. 2. Diagnostic Algorithm using Flow Information
Table 1. Classification by Information from Compiler Phase
Table 2. Diagnostic Method using Syntax Information
Table 3. Diagnostic Method using Flow Information
Table 4. Implementation List(using Syntax Information)
Table 5. Implementation List(using Flow Information)
Table 6. Result using Juliet Test Suite
References
- SungMoon Hong, Seungcheol Shin, Kyung-Goo Doh, Detection of Security Vulnerability From the Knowledge-Base Representation of Source Code, Journal of The Korea Information Science Society pp.1618-1620, June 2014.
- CWE, Common Weakness Enumeration, https://cwe.mitre.org/
- CERT, Computer Emergency Response Team, https://wiki.sei.cmu.edu/confluence/
- Kyungsook Han, Damho Lee, Changwoo Pyo, Classificati on of Diagnostic Information and Analysis Methods for Weaknesses in C/C++ Programs, Journal of The Korea Society of Computer and Information Vol. 22 No. 3, pp. 81-88. March 2017. https://doi.org/10.9708/JKSCI.2017.22.03.081
- Alfred V. Aho, Ravi Sethi, Jeffrey D. Ullman, "Compilers: Principled, Techniques, and Tools", Addison Wesley, 1986
- JavaCC, https://javacc.org/
- Juliet test-suite, https://samate.nist.gov/SRD/testsuite.php/
- MICRO FOCUS Inc., https://software.microfocus.com/
- Sparrow Co., https://sparrowpasso.com/
- CODEMIND, https://www.codemind.co.kr/
- Minero Aoki, "Compiler structure and principle : Language processing system learned by the compiler", 2009
- C. Cadar, and K. Sen, "Symbolic execution for software testing: three decades late," Communications of the ACM, 56.2 pp.82-90, July 2013. https://doi.org/10.1145/2408776.2408795
- P. Cousot, and R. Cousot, "Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints, "Proceedings of the 4th ACM SIGACT- SIGPLAN symposium on Principles of programming languages, pp238-252, ACM, January 1977.
- Kuznetsov, Volodymyr, Kinder, Johannes, Bucur, Stefan, Candea, George, "Efficient State Merging in Symbolic Execution", 2012
- LLVM, http://llvm.org/