Systems And Methods For Software Analysis

US 20150363294A1
Filed: 06/10/2015
Published: 12/17/2015
Est. Priority Date: 06/13/2014
Status: Abandoned Application

First Claim

Patent Images

1. A method for identifying software comprising:

obtaining a software file;

determining a plurality of artifacts for the software file;

accessing a database which stores a plurality of reference artifacts for each of a plurality of reference software files;

comparing the plurality of artifacts to the plurality of reference artifacts; and

identifying the software file by identifying the reference software file having the plurality of reference artifacts that match the plurality of artifacts.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer program products are provided for identifying software files, flaws in code, and program fragments by obtaining a software file, determining a plurality of artifacts, accessing a database which stores a plurality of reference artifacts for reference software files, comparing at least one of the artifacts to at least one of the reference artifacts stored in the database, and identifying the software file by identifying the reference software file having the reference artifacts that correspond to the plurality of artifacts. Certain embodiments can also automatically provide updated versions of files, patches to be applied, or repaired blocks of code to replace flawed blocks. Example embodiments can accept a wide variety of file types, including source code and binary files and can analyze source code or convert files to an intermediate representation (IR) and analyze the IR.

Citations

50 Claims

1. A method for identifying software comprising:
- obtaining a software file;
  
  determining a plurality of artifacts for the software file;
  
  accessing a database which stores a plurality of reference artifacts for each of a plurality of reference software files;
  
  comparing the plurality of artifacts to the plurality of reference artifacts; and
  
  identifying the software file by identifying the reference software file having the plurality of reference artifacts that match the plurality of artifacts.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1 wherein the plurality of artifacts includes one or more of a call graph, control flow graph, use-def chain, def-use chain, dominator tree, basic block, variable, constant, branch semantic, and protocol.
  - 3. The method of claim 1 wherein the plurality of artifacts includes one or more of a system call trace and execution trace.
  - 4. The method of claim 1 wherein the plurality of artifacts includes one or more of a loop invariant, type information, Z notation, and label transition system representation.
  - 5. The method of claim 1 wherein the plurality of artifacts includes one or more artifacts determined from any of an in-line code comment, commit history, documentation file, and common vulnerabilities and exposure source entry.
  - 6. The method of claim 1 wherein the plurality of artifacts are each a graph artifact.
  - 7. The method of claim 1 wherein the plurality of artifacts are each a meta data artifact.
  - 8. The method of claim 1 wherein the plurality of reference artifacts match the plurality of artifacts when at least a fuzzy match exists between the plurality of reference artifacts and the plurality of artifacts.
  - 9. The method of claim 1 wherein determining the plurality of artifacts for the software file includes converting the software file into an intermediate representation and determining at least one of the plurality of artifacts from the intermediate representation.
  - 10. The method of claim 1 further comprising determining whether a newer version of the software file exists by analyzing at least one of the reference artifacts associated with the identified reference software file.
  - 11. The method of claim 10 further comprising automatically providing the newer version of the software file.
  - 12. The method of claim 1 further comprising determining whether a patch for the software file exists by analyzing at least one of the reference artifacts associated with the identified reference software file.
  - 13. The method of claim 12 further comprising automatically applying the patch to the software file.
  - 14. The method of claim 12 further comprising analyzing the patch to determine a repair portion of the patch that corresponds to a repair of a flaw in the software file, and applying only the repair portion of the patch to the software file.
  - 15. The method of claim 14 wherein analyzing the patch includes converting the patch into an intermediate representation and determining at least one patch artifact from the intermediate representation.
  - 16. The method of claim 1 further comprising determining whether a flaw exists in the software file by analyzing at least one of the reference artifacts associated with the identified reference software file and at least one of the artifacts associated with the software file.
  - 17. The method of claim 16 further comprising automatically repairing the flaw in the software file.
  - 18. The method of claim 17 wherein automatically repairing the flaw comprises replacing a block of source code with a repair block of source code.
  - 19. The method of claim 17 wherein automatically repairing the flaw comprises replacing a block of binary code with a repair block of binary code.
  - 20. The method of claim 17 wherein automatically repairing the flaw comprises replacing a block of intermediate representation in the software file with a repair block of intermediate representation.

21. A method comprising:
- obtaining one or more software files;
  
  determining a plurality of artifacts for the one or more software files;
  
  accessing a database which stores a plurality of reference artifacts; and
  
  identifying a program fragment for the one or more software files by matching the plurality of artifacts that correspond to the program fragment to the plurality of reference artifacts that correspond to the program fragment.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 22. The method of claim 21 wherein the program fragment has been identified in the database to correspond to a flaw.
  - 23. The method of claim 21 wherein the program fragment corresponds to a flaw in the one or more software files.
  - 24. The method of claim 21 wherein the program fragment corresponds to a flaw that is selected from the group consisting of a bug, a security vulnerability, and a protocol deficiency.
  - 25. The method of claim 23 further comprising automatically repairing the flaw in the one or more software files.
  - 26. The method of claim 25 wherein automatically repairing the flaw includes providing a repair program fragment to replace a flaw program fragment.
  - 27. The method of claim 23 further comprising offering one or more repair options to a user to repair the flaw.
  - 28. The method of claim 27 further comprising ordering the one or more repair options offered to the user.
  - 29. The method of claim 28 wherein the ordering of the one or more repair options is based on one or more previous repair options selected by the user.
  - 30. The method of claim 28 wherein the ordering of the one or more repair options is based on a likelihood of success for each of the repair options.
  - 31. The method of claim 21 wherein the program fragment has been identified in the database to correspond to a feature.
  - 32. The method of claim 31 further comprising automatically augmenting the feature with a feature enhancement.
  - 33. The method of claim 21 wherein the plurality of artifacts include a graph artifact.
  - 34. The method of claim 21 wherein the plurality of artifacts include a developmental artifact.
  - 35. The method of claim 21 wherein the plurality of artifacts each are a meta data artifact.
  - 36. The method of claim 21 wherein determining the plurality of artifacts for the one or more software files includes converting the one or more software files into an intermediate representation and determining at least one of the plurality of artifacts from the intermediate representation.
  - 37. The method of claim 21 wherein the one or more software files are each in a source code format.
  - 38. The method of claim 21 wherein the one or more software files are each in a binary code format.
  - 39. The method of claim 21 wherein the one or more software files are files within a software project.

40. A system for identifying software comprising:
- an interface capable of communicating with a source having a software file;
  
  a storage device which stores a plurality of reference artifacts for each of a plurality of reference software files; and
  
  a processor communicatively coupled to the interface and the storage device, and configured to;
  
  cause the software file to be obtained;
  
  determine a plurality of artifacts for the software file;
  
  access the plurality of reference artifacts in the storage device;
  
  compare the plurality of artifacts to the plurality of reference artifacts; and
  
  identify the software file by identifying the reference software file having the plurality of reference artifacts that matched the plurality of artifacts.
- View Dependent Claims (41, 42, 43, 44)
- - 41. The system of claim 40 wherein determine the plurality of artifacts for the software file includes converting the software file into an intermediate representation and determining at least one of the plurality of artifacts from the intermediate representation.
  - 42. The system of claim 40 further comprising the processor also being configured to determine whether a patch for the software file exists by analyzing at least one of the reference artifacts associated with the identified reference software file.
  - 43. The system of claim 40 further comprising the processor also being configured to automatically apply a patch to the software file.
  - 44. The system of claim 42 further comprising the processor also being configured to analyze the patch to determine a repair portion of the patch that corresponds to a repair of a flaw in the software file, and apply only the repair portion of the patch to the software file.

45. A system comprising:
- an interface capable of communicating with a source having one or more software files;
  
  a storage device which stores a plurality of reference artifacts; and
  
  a processor communicatively coupled to the interface and the storage device, and configured to;
  
  cause one or more software files to be obtained;
  
  determine a plurality of artifacts for the one or more software files;
  
  access a database which stores a plurality of reference artifacts; and
  
  identify a program fragment for the one or more software files by matching the plurality of artifacts that correspond to the program fragment to the plurality of reference artifacts that correspond to the program fragment.
- View Dependent Claims (46, 47, 48)
- - 46. The system of claim 45 wherein the program fragment has been identified in the database to correspond to a flaw.
  - 47. The system of claim 45 wherein the program fragment corresponds to a flaw that is selected from the group consisting of a bug, a security vulnerability, and a protocol deficiency.
  - 48. The system of claim 45 further comprising the processor also being configured to automatically repair the flaw in the one or more software files.

49. A non-transitory computer readable medium with an executable program stored thereon, wherein the program instructs a processing device to perform the following steps:
- obtain a software file;
  
  determine a plurality of artifacts for the software file;
  
  access a database which stores a plurality of reference artifacts for each of a plurality of reference software files;
  
  compare the plurality of artifacts to the plurality of reference artifacts; and
  
  identify the software file by identifying the reference software file having the plurality of reference artifacts that match the plurality of artifacts.

50. A non-transitory computer readable medium with an executable program stored thereon, wherein the program instructs a processing device to perform the following steps:
- obtain one or more software files;
  
  determine a plurality of artifacts for the one or more software files;
  
  access a database which stores a plurality of reference artifacts; and
  
  identify a program fragment for the one or more software files by matching the plurality of artifacts that correspond to the program fragment to the plurality of reference artifacts that correspond to the program fragment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Charles Stark Draper Laboratory Incorporated
Original Assignee
Charles Stark Draper Laboratory Incorporated
Inventors
Carback, Richard T. III, Gaynor, Brad D., Brock, Neil A., Shnidman, Nathan R.

Application Number

US14/735,639
Publication Number

US 20150363294A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/362   Software debugging

G06F 11/3672   Test management

G06F 8/37   Compiler construction; Pars...

G06F 8/70   Software maintenance or man...

G06F 8/73   Program documentation

G06F 8/75   Structural analysis for pro...

Systems And Methods For Software Analysis

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

Systems And Methods For Software Analysis

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links