Program Static Analysis Alert Interactive Ranking Method Research

Posted on:2018-06-01

Degree:Master

Type:Thesis

Country:China

Candidate:L Sun

Full Text:PDF

GTID:2428330623450886

Subject:Software engineering

Abstract/Summary:

PDF Full Text Request

In software development process,software testing is an essential part of the software test process,and we use the static analysis tools to analyze the program code.Currently,the static analysis technology tends to develop to simulated implementation technology,which is able to find detects that only can be detected by the traditional sense of dynamic testing,such as symbol execution,abstract interpretation,value dependency analysis,and so on.It applies solving tool with mathematical constraints to reduce the path,or reach the path analysis to reduce false positives to increase efficiency.The current static analysis tools,both from the scientific point of view and practical point of view,there is still much room for improvement.The false alarm rate of the best international analysis is not looking that good.It can report only a few hundred types of defects.Static analysis tools will find a large number of defect reports,but most of them are false positives.It will need developers to manually identify what defects are false positives,and what is a real flaw.This situation not only largely reduces the progress of the development but also bring troubles to the program developers.Therefore,if the report can be reordered,so that the real report of the defect can be placed at the forefront and the false reports at the end of the reporting team.It will be very helpful for both the developer and the entire project development process.First of all,this paper analyzes the algorithm of static analysis report sorting at home and abroad,summarizes the related technology of static analysis,and lays the foundation for the subsequent vote ranking algorithm.Then,by analyzing the report-related characteristics generated by the Software Security Analysis Platform,we find some rules of true positives and false positives,and combined with our static analysis platform,put forward a new interactive ranking method,so the developers can vote on the report.Then,through the defect report sorting algorithm,a new and better sorting will arrive.Finally,we use our Software Security Analysis Platform to test and analyze the test case,and verify the validity of the interactive ranking method and the practicality of the Software Security Analysis Platform.

Keywords/Search Tags:

Static Analysis, Software Testing, Interactive, Ranking Algorithm

PDF Full Text Request

Related items

1	Research Of Equipment Software Static Testing Base On Testbed And Polyspace
2	The Research On Software Security Testing Based On Static Testing Method
3	Based On Static Source Code Analysis Of Software Security Testing Techniques And To Achieve
4	Research And Implement On The Automatic Tool For The Software Static Analysis
5	Research And Implements On Static Detection Technology For Source-oriented Software Vulnerability
6	A Static Testing Method For Detecting Null Pointer Fault Of Array
7	Static Testing For Bad Behavior Of Resource Based On Fault Pattern Detection
8	Research On The Key Techniques Of Embedded-Software Testing For The Weapon-Control Computer
9	Testing And Problem Analysis Of Defect Testing System DTS
10	Research On The Improvement Of Software Vulnerability Detection And Evaluation Based On Static Analysis And Empirical Study