US20140130015A1 - Hybrid Program Analysis - Google Patents

Hybrid Program Analysis Download PDF

Info

Publication number
US20140130015A1
US20140130015A1 US13/670,270 US201213670270A US2014130015A1 US 20140130015 A1 US20140130015 A1 US 20140130015A1 US 201213670270 A US201213670270 A US 201213670270A US 2014130015 A1 US2014130015 A1 US 2014130015A1
Authority
US
United States
Prior art keywords
analysis
dynamic
application
program
static
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/670,270
Other languages
English (en)
Inventor
Evgeny BESKROVNY
Marco Pistoia
Omer Tripp
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US13/670,270 priority Critical patent/US20140130015A1/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: TRIPP, OMER, BESKROVNY, EVGENY, PISTOIA, MARCO
Priority to US13/672,165 priority patent/US10275238B2/en
Priority to CN201310524568.9A priority patent/CN103810096A/zh
Publication of US20140130015A1 publication Critical patent/US20140130015A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/74Reverse engineering; Extracting design information from source code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases

Definitions

  • This disclosure relates to program analysis, and more particularly, to a hybrid program analysis.
  • the process of program analysis may generally be divided into two groups, static program analysis and dynamic program analysis.
  • static program analysis an analysis of computer software may be performed without executing the application being analyzed.
  • dynamic program analysis the application is executed on a real or virtual processor using test inputs during an analysis.
  • Rice's theorem states that, for any non-trivial property of partial functions, there is no general and effective method to determine whether an algorithm determines a partial function with that property. Rice's theorem not only provides a theoretical upper bound, but also a limitation that's encountered by many analyses of practical interest.
  • An improved technique has been introduced to perform a two-stage analysis, where a dynamic program analysis is first run to determine dynamic hints for an ensuing static analysis, which may then use the dynamic hints for modeling of challenging code constructs.
  • a dynamic program analysis is first run to determine dynamic hints for an ensuing static analysis, which may then use the dynamic hints for modeling of challenging code constructs.
  • the dynamic analysis records the exact types of objects allocated by the newInstance call, and then the static program analysis may use this data for pointer analysis to resolve virtual calls.
  • the problems targeted by the two-stage analysis are undecidable and sound approximate solutions are often prohibitive in their loss of precision. That is, the two-stage analysis is merely an improved compromise as compared to static program analysis.
  • a hybrid program analysis method includes initiating a static program analysis of an application, generating, by a static program analyzer, a query to a dynamic program analyzer upon determining a code construct of the application requiring dynamic analysis, passing control from the static program analyzer to the dynamic program analyzer and initiating a dynamic program analysis of the code construct, resolving, by the dynamic program analyzer, the query into a set of arguments with which to invoke the code construct of the application, generating, by the dynamic program analyzer, the set of arguments, invoking, by the dynamic program analyzer, the code construct of the application using set of arguments, answering, by the dynamic program analyzer, the query, and passing control from the dynamic program analyzer to the static program analyzer and continuing the static program analysis of the application.
  • a computer program product for performing a hybrid program analysis comprises a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising computer readable program code configured to perform the hybrid program analysis.
  • a hybrid program analysis system comprises a memory device storing a plurality of instructions embodying the system and an application, and a processor configured to receive the application and execute the plurality of instructions to perform a method comprising initiating a static program analysis of the application, generating, by a static program analyzer, a query to a dynamic program analyzer upon determining a code construct of the application requiring dynamic analysis, resolving, by the dynamic program analyzer, the query into a set of arguments with which to invoke the code construct of the application, generating, by the dynamic program analyzer, the set of arguments, invoking, by the dynamic program analyzer, the code construct of the application using the set of arguments, returning, by the dynamic program analyzer, an answer corresponding to the query to the static program analyzer, and continuing the static program analysis of the application.
  • FIG. 1 is a flow diagram of a routine for purposes of explaining an exemplary embodiment of the present disclosure
  • FIG. 2 is flow diagram of an illustrative method for a hybrid method of program analysis according to an embodiment of the present disclosure
  • FIG. 3 is a block diagram depicting an exemplary computer system for performing a method for hybrid method of program analysis according to an embodiment of the present disclosure
  • FIG. 4 is a flow diagram of a routine for purposes of explaining an exemplary embodiment of the present disclosure.
  • FIG. 5 is a block diagram depicting an exemplary computer system for performing a method for hybrid method of program analysis according to an embodiment of the present disclosure.
  • a framework is implemented for a hybrid method of program analysis including a static program analysis and a dynamic program analysis.
  • embodiments of the disclosure are not limited to the particular methods and/or apparatus described herein. Rather, embodiments of the disclosure are more broadly related to enhanced techniques for performing program analysis.
  • specific software e.g., Java
  • syntax, protocols, operating platforms e.g., hardware or software
  • embodiments of the disclosure are not limited to such software, syntax, protocols, operating platforms, etc.
  • numerous modifications can be made to the embodiments shown that are within the scope of the claimed invention. That is, no limitations with respect to embodiments shown and described herein are intended or should be inferred.
  • the hybrid method may provide precise input arguments for use in the dynamic program analysis for runs or executions of given computer readable instructions, with knowledge of which queries the static scanner will place. Having control over the input arguments, the response of the dynamic program analysis is made specific for program runs that are appropriate for answering the query posed by a static analyzer.
  • the input arguments chosen by a dynamic analyzer may all lead down a selected branch ( 104 or 105 ) of a conditional statement 101 . Then, when the static analyzer asks about the possible types flowing into Object o, the answer by the dynamic program analysis is Class1 and Class2.
  • the dynamic program analysis is specialized for a query at hand.
  • the specialization of the dynamic program analysis enables precise information for the specific control flow corresponding to the query to be obtained, as illustrated in the example above.
  • a dynamic program analysis initiated at the point (e.g., a false branch) where the static program analysis queries an answer, enables a concise and precise answer, as the dynamic analyzer is pointed toward a particular control flow.
  • FIG. 2 is flow diagram of an illustrative hybrid method of program analysis 200 according to an embodiment of the present disclosure. More particularly, with reference to FIG. 2 , a hybrid method of program analysis 200 includes a static program analysis of application code at 201 . Upon reaching a code construct where a dynamic analyzer is required at 202 , a static analyzer submits a query to the dynamic analyzer to retrieve relevant information at 203 .
  • the relevant information may include possible types allocated by a newInstance statement, etc.
  • the request may be associated with contextual information.
  • the dynamic analyzer resolves the request, along with the contextual information, into one or more sets of arguments with which to invoke the subject application at 204 . Examples of these arguments include command-line arguments, or more generally, data inputs, which would lead execution down a desired code path.
  • Symbolic analysis techniques such as a demand-driven symbolic analysis for object-oriented programs and frameworks, may be used resolve the input arguments.
  • the extraction of input arguments may be treated as a goal-reachability problem, wherein semantics of all statements, including inter-procedural flow and exceptional conditions, are modeled.
  • the analysis finds a precondition P for postcondition R, the analysis guarantees that any state which satisfies P must necessarily drive program execution to R. No other exceptions will be thrown before reaching R.
  • the goal-reachability problem is based on a backward symbolic analysis.
  • a backward symbolic analysis computes weakest preconditions (described herein) over each control-flow path, going backwards from the goal statement to an input argument. If the computed precondition P for any path r is satisfiable, then a satisfying assignment for P gives the input arguments that would force execution along r to the goal.
  • the application is then invoked and the query answered by the dynamic analyzer at 205 . If, for example, the query is for a possible resolution of a reflective allocation in the routine above, then the answer would be Class1. If the query concerns the evaluation of a conditional branch, then the answer would be true or false. In view of the foregoing, the answer may take various forms. The exemplary answers described herein are not intended to be limiting.
  • the hybrid method 200 continues if additional application code is available at 206 with the static analyzer at 201 .
  • the hybrid method 200 takes application code as input and outputs application properties (see FIG. 3 ).
  • the application properties may reveal application behaviors, and may include application metrics (e.g., objective, reproducible and quantifiable measurements of application behavior).
  • a dynamic program analysis may be specialized for a query at hand.
  • an exemplary hybrid program analyzer 301 includes a static program analyzer 302 and a dynamic program analyzer 303 .
  • the static program analyzer 302 passes control of the application analysis to a dynamic program analyzer 303 at 202 .
  • the dynamic program analyzer 303 passes control of the application analysis back to the status program analyzer 302 at 206 .
  • any of the methods described herein can include an additional step of providing a system comprising distinct software modules embodied on one or more tangible computer readable storage media. All the modules (or any subset thereof) can be on the same medium, or each can be on a different medium, for example.
  • the modules can include any or all of the components shown in the figures.
  • the modules include a first module, e.g., 302 , which scans application code using a static program analysis, a second module, e.g., 303 , which receives a query from the first module corresponding to a specific branch of the application, wherein the second module performs a dynamic program analysis in response to the query, and a third module, e.g., hybrid program analyzer, e.g., 301 , that outputs properties of the application in accordance with the static program analysis and the dynamic program analysis.
  • the method steps can then be carried out using the distinct software modules of the system, as described above, executing on one or more hardware processors.
  • an inherent aspect of static program analysis is data abstraction, which enables finite yet sound exploration of the state space of the application.
  • a common abstraction in security analysis is to use access paths to denote untrusted heap regions.
  • the contextual information provided by the static program analysis includes the abstract state at the point where the query is issued. This may be illustrated via the following example of web-application security analysis 400 depicted in FIG. 4 :
  • the getParameter call is a security source, which reads (untrusted) user-provided data.
  • the println call is a security sink that renders the data to the response HTML.
  • a possible query by the static program analysis is whether the data reaching the sink, that is the println call at block 403 , contains certain characters (e.g., illegal characters ‘ ⁇ ’ and ‘>’), in which case the above code is determined to be vulnerable.
  • a possible abstract state at the sink call is ⁇ username.*, data.* ⁇ , which denotes that the values pointed-to by username and data are untrusted due to the source call.
  • the dynamic program analysis may synthesize test payloads that pass through the true branch of the conditional statement before arriving at the sink call.
  • the dynamic program analysis may map these constraints into input arguments to the application (see also block 204 in FIG. 2 ).
  • the weakest-precondition approach attempts to find a solution for the constraint system induced by the contextual information provided by the static analysis, and the path constraints induced by backward traversal, that is outputs to input arguments, of the execution path connecting the program's entry location to the queried location. More formally, according to an exemplary implementation of the weakest-precondition approach, given a statement S, the weakest-precondition of S is a function mapping any postcondition R to a precondition. The result of this function, denoted wp (S,R), is the “weakest” precondition on the initial state or input argument ensuring that execution of S terminates in a final state satisfying R.
  • the weakest precondition semantics may be used to provide the greatest set of possible input arguments leading to the given output observation.
  • application may refer to individual statements and declarations in computer readable code, individual objects, complete source code of an application, etc.
  • embodiments described herein are not limited to source code and may be applied to object code.
  • embodiments of the present disclosure are not limited to the analysis of certain levels or types of code and may be implemented in any case where program analysis is applicable.
  • embodiments of the disclosure may be particularly well-suited for use in an electronic device or alternative system. Accordingly, embodiments of the present disclosure may take the form of an entirely hardware embodiment or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “processor”, “circuit,” “module” or “system.” Furthermore, embodiments of the present disclosure may take the form of a computer program product embodied in one or more computer readable medium(s) having computer readable program code stored thereon.
  • the computer-usable or computer-readable medium may be a computer readable storage medium.
  • a computer readable storage medium may be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or any suitable combination of the foregoing.
  • a computer-readable storage medium may be any tangible medium that can contain or store a program for use by or in connection with an instruction execution system, apparatus or device.
  • Computer program code for carrying out operations of embodiments of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++ or the like and conventional procedural programming languages, such as the “C” programming language or similar programming languages.
  • the program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server.
  • the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
  • LAN local area network
  • WAN wide area network
  • Internet Service Provider for example, AT&T, MCI, Sprint, EarthLink, MSN, GTE, etc.
  • These computer program instructions may be stored in a computer-readable medium that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable medium produce an article of manufacture including instruction means which implement the function/act specified in the flowchart and/or block diagram block or blocks.
  • the computer program instructions may be stored in a computer readable medium that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
  • FIG. 5 is a block diagram depicting an exemplary computer system for performing a hybrid method of program analysis according to an embodiment of the present disclosure.
  • the computer system shown in FIG. 5 includes a processor 501 , memory 502 , signal source 503 , system bus 504 , Hard Drive (HD) controller 505 , keyboard controller 506 , serial interface controller 507 , parallel interface controller 508 , display controller 509 , hard disk 510 , keyboard 511 , serial peripheral device 512 , parallel peripheral device 513 , and display 514 .
  • HD Hard Drive
  • the processor 501 , memory 502 , signal source 503 , HD controller 505 , keyboard controller 506 , serial interface controller 507 , parallel interface controller 508 , display controller 509 are connected to the system bus 504 .
  • the hard disk 510 is connected to the HD controller 505 .
  • the keyboard 511 is connected to the keyboard controller 506 .
  • the serial peripheral device 512 is connected to the serial interface controller 507 .
  • the parallel peripheral device 513 is connected to the parallel interface controller 508 .
  • the display 514 is connected to the display controller 509 .
  • FIG. 5 In different applications, some of the components shown in FIG. 5 can be omitted.
  • the whole system shown in FIG. 5 is controlled by computer readable instructions, which are generally stored in the hard disk 510 , EPROM or other non-volatile storage such as software.
  • the software can be downloaded from a network (not shown in the figures), stored in the hard disk 510 .
  • a software downloaded from a network can be loaded into the memory 502 and executed by the processor 501 so as to complete the function determined by the software.
  • the processor 501 may be configured to perform one or more methodologies described in the present disclosure, illustrative embodiments of which are shown in the above figures and described herein. Embodiments of the present disclosure can be implemented as a routine that is stored in memory 502 and executed by the processor 501 to process the signal from the signal source 503 .
  • the computer system is a general-purpose computer system that becomes a specific purpose computer system when executing the routine of the present disclosure.
  • FIG. 5 can support methods according to the present disclosure, this system is only one example of a computer system. Those skilled of the art should understand that other computer system designs can be used to implement the present invention.
  • processor as used herein is intended to include any processing device, such as, for example, one that includes a central processing unit (CPU) and/or other processing circuitry (e.g., digital signal processor (DSP), microprocessor, etc.). Additionally, it is to be understood that the term “processor” may refer to a multi-core processor that contains multiple processing cores in a processor or more than one processing device, and that various elements associated with a processing device may be shared by other processing devices.
  • CPU central processing unit
  • DSP digital signal processor
  • processor may refer to a multi-core processor that contains multiple processing cores in a processor or more than one processing device, and that various elements associated with a processing device may be shared by other processing devices.
  • memory as used herein is intended to include memory and other computer-readable media associated with a processor or CPU, such as, for example, random access memory (RAM), read only memory (ROM), fixed storage media (e.g., a hard drive), removable storage media (e.g., a diskette), flash memory, etc.
  • I/O circuitry as used herein is intended to include, for example, one or more input devices (e.g., keyboard, mouse, etc.) for entering data to the processor, and/or one or more output devices (e.g., printer, monitor, etc.) for presenting the results associated with the processor.
  • each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s).
  • the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
US13/670,270 2012-11-06 2012-11-06 Hybrid Program Analysis Abandoned US20140130015A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US13/670,270 US20140130015A1 (en) 2012-11-06 2012-11-06 Hybrid Program Analysis
US13/672,165 US10275238B2 (en) 2012-11-06 2012-11-08 Hybrid program analysis
CN201310524568.9A CN103810096A (zh) 2012-11-06 2013-10-30 混合程序分析方法和系统

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US13/670,270 US20140130015A1 (en) 2012-11-06 2012-11-06 Hybrid Program Analysis

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13/672,165 Continuation US10275238B2 (en) 2012-11-06 2012-11-08 Hybrid program analysis

Publications (1)

Publication Number Publication Date
US20140130015A1 true US20140130015A1 (en) 2014-05-08

Family

ID=50623598

Family Applications (2)

Application Number Title Priority Date Filing Date
US13/670,270 Abandoned US20140130015A1 (en) 2012-11-06 2012-11-06 Hybrid Program Analysis
US13/672,165 Active 2034-08-22 US10275238B2 (en) 2012-11-06 2012-11-08 Hybrid program analysis

Family Applications After (1)

Application Number Title Priority Date Filing Date
US13/672,165 Active 2034-08-22 US10275238B2 (en) 2012-11-06 2012-11-08 Hybrid program analysis

Country Status (2)

Country Link
US (2) US20140130015A1 (zh)
CN (1) CN103810096A (zh)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140181836A1 (en) * 2012-12-21 2014-06-26 International Business Machines Corporation Hybrid dependency analysis using dynamic and static analyses
US20140372988A1 (en) * 2013-06-14 2014-12-18 Microsoft Corporation Using a Static Analysis for Configuring a Follow-On Dynamic Analysis for the Evaluation of Program Code
US10339320B2 (en) * 2016-11-18 2019-07-02 International Business Machines Corporation Applying machine learning techniques to discover security impacts of application programming interfaces

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9626389B1 (en) * 2016-01-29 2017-04-18 International Business Machines Corporation Data compression model for mobile device disconnected operations
US10747748B2 (en) 2016-01-29 2020-08-18 International Business Machines Corporation Generating mobile data schema to support disconnected operations
US10360134B2 (en) * 2017-10-31 2019-07-23 Commissariat A L'energie Atomique Et Aux Energies Alternatives System, method and computer program product for detecting infeasible events in dynamic programs

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE69432974T2 (de) 1993-05-10 2004-05-27 Thinking Software, Inc., Cupertino Verfahren und vorrichtung zur automatischen analyse eines zielprogramms
US20070008887A1 (en) 2005-06-24 2007-01-11 Eugene Gorbatov Platform power management of a computing device using quality of service requirements of software tasks
CN1908895B (zh) 2005-08-02 2010-05-05 国际商业机器公司 验证应用程序全球化问题的系统和方法
US8286149B2 (en) * 2007-10-15 2012-10-09 International Business Machines Corporation Apparatus for and method of implementing feedback directed dependency analysis of software applications
CN101639804A (zh) 2008-07-29 2010-02-03 国际商业机器公司 确定程序中的内存泄漏位置的方法和装置
US8201118B2 (en) 2009-05-30 2012-06-12 International Business Machines Corporation Method and system for dynamic automated hint generation for enhanced reachability analysis
CN101968766B (zh) 2010-10-21 2012-09-05 上海交通大学 计算机程序实际运行时触发软件漏洞的检测系统
US8621441B2 (en) * 2010-12-27 2013-12-31 Avaya Inc. System and method for software immunization based on static and dynamic analysis
CN102073825B (zh) 2011-01-28 2013-02-20 李清宝 基于路径驱动的可执行程序安全性检测方法
US8732669B2 (en) * 2011-03-11 2014-05-20 Oracle International Corporation Efficient model checking technique for finding software defects
US8726392B1 (en) * 2012-03-29 2014-05-13 Symantec Corporation Systems and methods for combining static and dynamic code analysis

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140181836A1 (en) * 2012-12-21 2014-06-26 International Business Machines Corporation Hybrid dependency analysis using dynamic and static analyses
US9262202B2 (en) * 2012-12-21 2016-02-16 International Business Machines Corporation Hybrid dependency analysis using dynamic and static analyses
US20140372988A1 (en) * 2013-06-14 2014-12-18 Microsoft Corporation Using a Static Analysis for Configuring a Follow-On Dynamic Analysis for the Evaluation of Program Code
US10339320B2 (en) * 2016-11-18 2019-07-02 International Business Machines Corporation Applying machine learning techniques to discover security impacts of application programming interfaces
US11544384B2 (en) 2016-11-18 2023-01-03 International Business Machines Corporation Applying machine learning techniques to discover security impacts of application programming interfaces

Also Published As

Publication number Publication date
US20140130019A1 (en) 2014-05-08
US10275238B2 (en) 2019-04-30
CN103810096A (zh) 2014-05-21

Similar Documents

Publication Publication Date Title
Feist et al. Slither: a static analysis framework for smart contracts
US10303448B2 (en) Systems and methods for graph-based analysis of software
Sridharan et al. F4F: taint analysis of framework-based web applications
Hills et al. An empirical study of PHP feature usage: a static analysis perspective
Tan et al. Making k-object-sensitive pointer analysis more precise with still k-limiting
Sharma et al. Testing container classes: Random or systematic?
US11650905B2 (en) Testing source code changes
US10275238B2 (en) Hybrid program analysis
US20150007140A1 (en) Prioritization of tests of computer program code
Brucker et al. On the static analysis of hybrid mobile apps: A report on the state of apache cordova nation
Backes et al. R-droid: Leveraging android app analysis with static slice optimization
CN110532185B (zh) 测试方法、装置、电子设备和计算机可读存储介质
US20240121261A1 (en) Automated Security Analysis of Software Libraries
Li et al. PCA: memory leak detection using partial call-path analysis
KR102118236B1 (ko) 컨트랙트에 대한 운영 체제 지원 기법
Dhok et al. Type-aware concolic testing of JavaScript programs
Arlt et al. Joogie: Infeasible code detection for java
Ali et al. Constructing call graphs of Scala programs
Hamann et al. A uniform information-flow security benchmark suite for source code and bytecode
Cseppentő et al. Evaluating code‐based test input generator tools
Kundu et al. A UML model-based approach to detect infeasible paths
Ahishakiye et al. Coverage analysis of net inscriptions in coloured Petri net models
US11593249B2 (en) Scalable points-to analysis via multiple slicing
Sousa et al. Preventing atomicity violations with contracts
Olivieri et al. MichelsonLiSA: a static analyzer for tezos

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BESKROVNY, EVGENY;PISTOIA, MARCO;TRIPP, OMER;SIGNING DATES FROM 20121018 TO 20121023;REEL/FRAME:029251/0479

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION