Static analysis based error reduction for software applications
First Claim
1. A method for analyzing software code comprising the steps of:
- a) automatically generating program graphs representing said code utilizing static analysis techniques;
b) automatically applying a set of rules to said program flow analysis graphs;
c) automatically identifying potential software problems from rules set analysis results; and
, d) reporting said software problems where one or more of best practices violations and coding errors may occur control and data flow analysis.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for providing “static analysis” of programs to aid in improving runtime performance, stability, security and privacy characteristics of deployed application code. The method includes performing a set of analyses that sifts through the program code and identifies programming security and/or privacy model coding errors. In particular the invention focuses on identifying coding errors that cause loss of correctness, performance degradation, security, privacy and maintainability vulnerabilities. A deep analysis of the program is performed using detailed control and data flow analyses. These deeper analyses provide a much better perspective of the overall application behavior. This deep analysis is in contrast to shallow analyses in current industry tools, which inspect or model a single or a few classes at a time.
135 Citations
30 Claims
-
1. A method for analyzing software code comprising the steps of:
-
a) automatically generating program graphs representing said code utilizing static analysis techniques;
b) automatically applying a set of rules to said program flow analysis graphs;
c) automatically identifying potential software problems from rules set analysis results; and
,d) reporting said software problems where one or more of best practices violations and coding errors may occur control and data flow analysis. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 23, 24, 25)
-
-
20. A static analysis framework for analyzing software code, said framework comprising:
-
means for automatically generating program graphs;
rule search engine for automatically applying a set of rules to said program graphs;
means for automatically identifying potential software problems from rules set analysis results; and
,means for reporting said problems to enable correction of instances where one or more of best practices violations and common coding errors may occur. - View Dependent Claims (21, 22, 26, 27, 28, 29)
-
-
30. A computer program device readable by a machine, tangibly embodying a program of instructions executable by a machine to perform method steps for analyzing software code, said method steps comprising:
-
a) automatically generating program graphs representing said code utilizing static analysis techniques;
b) automatically applying a set of rules to said program graphs;
c) automatically identifying potential software problems from rules set analysis results; and
,d) reporting said software problems to enable correction of instances where one or more of best practices violations and common coding errors may occur.
-
Specification