iSnare.com - Free Content Articles Directory
Authors Contents [Advanced Search][Add OpenSearch][Job Search]
Distribute your articles to thousands of article sites for only $2 and below! Read more...

Index  Computers and Technology
 

Automated Source Code Analysis

Submitted By: Gwyn Fisher | Word Count: 549 | Views: 135
 
[ Contact the Author] [ Send to a Friend] [ Article Publisher] [Make PDF] [ Print] [ Bookmark & Share]
[ Rate this article] [ Report this article] [ Questions? Ask the community!]
 
Read our Terms of Service before reprinting this article. The submitter specified above has claimed the rights to this article.
Gwyn Fisher

Automated source code analysis is technology aimed at locating and describing areas of weakness in source code. Those weaknesses might be security vulnerabilities, logic errors, implementation defects, concurrency violations, rare boundary conditions, or many other types of problem-causing code.

The name of the associated research field is static code analysis. This is differentiated from more traditional dynamic analysis techniques such as unit or penetration test by the fact that the work is performed at build time using only the source code of the program or module in question. The results reported are therefore generated from a complete view of every possible execution path, rather than some aspect of a necessarily limited observed runtime behavior.

Perhaps the most obvious question confronting any new developer-facing technology is: why?

�Why should developers use a new tool when they already have so many to choose from?

�What makes this technology compelling enough to make me want to add it to my already bloated build chain?

�And what does it do, anyway?

This paper will answer these questions, and more. But for the moment just consider the fact that at time of writing, 80% of the Fortune 500 have already deployed, or are currently engaged in deploying, some kind of automated source code analysis. The reasons for doing so can be stated in as many ways as there are people answering the question, but the basic principle can be found in all of these deployments:

� Tell me what�s wrong with my code before I ship it � don�t let me be the guy responsible for shipping a killer vulnerability or bug into the wild.

There are other compelling reasons, such as:

� Make my existing processes for code review more effective through automation

� Enhance my existing QA resource with 100% coverage of all boundary conditions

� Help me protect my brand as we go to market with new products

But the bottom line remains the capability of this technology to afford developers the ability to scrub their code of obvious and not-so-obvious weaknesses as they work, before they submit their code for check-in and more formal down-stream validation procedures.

Introduction to the technology:

The process of automated source code analysis involves building a rich representation or model of the provided code (akin to a compilation phase), and then simulating all possible execution paths through that model, mapping out the flow of logic on those paths coupled with how and where data objects are created, used and destroyed.

Once the projection of code paths and the mapping of data objects are available, we can look for anomalous conditions that either will or might potentially cause exploitable vulnerabilities, execution failure, or data corruption at runtime.

There are two major families of checking capability typical to this type of analysis: abstract syntax tree (AST) validation and code path analysis. The former case is most frequently applied to validation of the basic syntax and structure of code, whereas the latter is used for more complete types of analysis that depend on understanding the state of a program�s data objects at any particular point on a code execution path.

Important NoticeDISCLAIMER: All information, content, and data in this article are sole opinions and/or findings of the individual user or organization that registered and submitted this article at Isnare.com without any fee. The article is strictly for educational or entertainment purposes only and should not be used in any way, implemented or applied without consultation from a professional. We at Isnare.com do not, in anyway, contribute or include our own findings, facts and opinions in any articles presented in this site. Publishing this article does not constitute Isnare.com's support or sponsorship for this article. Isnare.com is an article publishing service. Please read our Terms of Service for more information.

Gwyn Fisher brings a valuable combination of vision, experience, and direct insight into the developer perspective.http://www.klocwork.com/http://www.klocwork.com/products/
Article Tags: analysis [See Dictionary], code [See Dictionary], source [See Dictionary]
Got a question about this article? Ask the community!
Article published on June 22, 2009 at Isnare.com
Rate this article:


Agile Development - A Brief Introduction
Submitted by: Gwyn Fisher

Agile is based upon a number of guiding principles that all Agile teams follow For the purposes of this discussion, three principles - or values - are of particular interest: Quality software development Iterative flexibility Continuous improvement Quality Software Development The primary focus of Agile development is to enable the development of quality software that satisfies a customer need - i...

Static Analysis For Ruby and Python
Submitted by: Gwyn Fisher

As a developer of static analysis tool for mainstream statically-typed languages, like C++ and Java, I was wondering for quite a while about how well static analysis applies to dynamically-typed languages, like Ruby and Python...

Buying a Digital Projector
Submitted by: Edward Kendricks

Because of the increased need for IT integration in all businesses, quite often a digital projector is high on many people's shopping lists...

Why You Need to Consider Solar Outdoor Lighting?
Submitted by: Christopher Lollini

Solar power systems have evolved substantially in recent years and the underlying technology is starting to be used in other ways to generate free power...

Dungeon Master Basics: How to Play a Dwarf?
Submitted by: Phillip Tucker

Dwarves are one of the iconic races that people most commonly play With their gruff demeanors, their thick beards, their short stature and hardy nature, they appeal to anybody who wants to play a tough and assertive character...

Dungeon Master Basics: How to Play a Half Orc?
Submitted by: Phillip Tucker

Half orcs, the great barbarian race, the mean green fighting machines Ugly as sin and as powerful as a runaway bulldozer, they are popular with everybody who wants to play a tough, rough and gruff pounder...

Is There Really a Place For Print Media in This Digital Age?
Submitted by: Pete Stockton

Well in short, yes But don’t leave yet...

Advantages of a Conference Call Line
Submitted by: James Fu

The world is like a global village, daily something new is invented Conference call system is one of the great inventions made in the telecommunication sector...

Utilizing the Best Registry Cleaners to Their Greatest Capacity
Submitted by: Joey McClaren

Understanding the Current Set of Best Registry Cleaners Just so you have a safe selection to work with, you might wonder how you can separate the best registry cleaners from the others...

How to Set up a Band PA System?
Submitted by: Edward Kendricks

No doubt you will have been to your fair share of live gigs The chances are that if you have ever been to see a really good band, you probably wont have even noticed the PA system...

An Ultrasonic Sieve Cleaner Keeps Your Sieve Mesh Intact
Submitted by: Anindita Biswas

The size of the sieve mesh used to sort raw sample in microscopic analysis is very important in laboratory experiments...

Self-contained Spy Cams Like Spy Pens, Spy Watches, Spy Sunglasses Are Now Accessible to Common People
Submitted by: Walter Smith

Just think of this people having their personal hidden spy cameras; however they are not private detective or some kind of spy above all they have nothing to do with any type of spying business...

Spy Camera – Spy Pen With Built-in DVR to Expose What Your Colleagues up To
Submitted by: Sandra Ruper

At present, you can take along a small digital video recorder or DVR for short in a usual pen that in fact writes too...

Spy Camera – Spy Pen Camera is Perfect For Undercover Work
Submitted by: Marcella Costante

The spy pen camera is perfect for undercover work Use one at residence to watch closely on your personal items, use in a business conference, and use in a coffee shop or on holiday – make out what the hotel employees are up to in your room when you are out...

Spy Camera – Spy Pens to Reveal Strange Activities Happening and to Confirm Honesty of Your Partner
Submitted by: John Velazco

If you would like to reveal strange activities happening or if you would like to confirm the trustworthiness of your spouse, you do not have to employ a detective for this now...

Spy Camera – Spy Pen With Built-in DVR Features Revealed
Submitted by: Thomas Jones

At present, using an ordinary pen couldn’t be more common than this for us However, who could have anticipated that this ordinary item might be converted into an extraordinary one someday...

Spy Camera – Spy Pen With 5 in 1 Function
Submitted by: Marie Mardeko

If you find spying equipment irresistible, this amazing spy pen is for you There are quite a lot of professionals like private detectives, law enforcements, legal representatives, press officers who want to have top secret data and images to carry out their jobs...
Isnare.com Footer Divider

© 2004-2010. Isnare Free Articles - An Isnare Online Technologies Free Articles Project. All Rights Reserved.   Privacy Policy