Abstract
Software defects are easy to cause when programming by C++ language, because of its features of flexibility and complexity, as well as its large number of undefined behaviors. According to “MISRA C++ 2008” safe subset, a method of software defects mining is raised based on static analysis technology. Source files can be converted into XML intermediate files, while rules in safe subset are expressed by XQuery expressions. And then match each rule to XML intermediate files to find the location of defects in source files. The experimental result of the prototype system shows that the software defects conflicting to safety rules can be mined effectively with low false alarm rate and low false negative rate.
Supported by “the Fundamental Research Funds for the Central Universities” under Grant DUT12JR03, and “the Fundamental Research Funds for the Central Universities” under Grant No. 1600-893321.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chen, H., Wang, J., Wei, D.: High Confidence Software Engineering Technologies. Acta Electronica Sinica 31(12), 1933–1938 (2003)
Christey, S., Martin, R.A.: Vulnerability Type Distributions in CVE. The MITRE Corporation, 1–38 (2007)
Hoare, C.A.R.: The verifying compiler: A grand challenge for computing research. Journal of the ACM 50(1), 63–69 (2003)
Zhang, J.: Sharp Static Analysis of Programs. Chinese Journal of Computers 31(9), 1549–1553 (2008)
Cui, Z., Wang, L., Li, X.: Target-Directed Concolic Testing. Chinese Journal of Computers 34(6), 953–964 (2011)
Hwang, J.G., Jo, H.J., Kim, B.H., Jeong, R.G.: Development of Automatic Testing Tool for Software Coding Rules for Railway Signalling. In: IEEE T&D Asia (2009)
Chess, B., McGraw, G.: Static analysis for security. IEEE Security & Privacy (6), 67–69 (2004)
Larochelle, D., Evans, D.: Statically Detecting Likely Buffer Overflow Vulnerabilities. In: Proc.10th Usenix Security Symp. (USENIX 2001), pp. 177–189. Usenix Assoc. (2001)
Chen, H., Wagner, D.: MOPS:An Infrastructure for Examining Security Properties of Software. In: Proc. 9th ACM Conf. Computer and Communications Security (CCS 2002), pp. 235–244. ACM Press (2002)
Zheng, H., Zhou, K.: Research on XML based static software security analysis. In: Proc. 2nd WRI World Congress on Software Engineering (WCSE 2010), pp. 141–144 (2010)
Antoniol, G.: XML-Oriented gcc AST Analysis and Transformations. In: Proceedings of the Third IEEE International Workshop on Source Code Analysis and Manipulation, pp. 869–901 (2005)
Kraft, N.A., Duffy, E.B., Malloy, B.A.: Grammar Recovery from Parse Trees and Metrics-Guided Grammar Refactoring. IEEE Transactions on Software Engineering 35(6), 780–794 (2009)
Kraft, N.A., Malloy, B.A., Power, J.F.: An Infrastructure to Support Interoperability in Reverse Engineering. Information and Software Technology 49(3), 292–307 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lai, X., Zhou, K., Li, L., Tang, L., Yao, Y., Yu, L. (2012). A Method of Software Defects Mining Based on Static Analysis. In: Jiang, H., Ding, W., Ali, M., Wu, X. (eds) Advanced Research in Applied Artificial Intelligence. IEA/AIE 2012. Lecture Notes in Computer Science(), vol 7345. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31087-4_80
Download citation
DOI: https://doi.org/10.1007/978-3-642-31087-4_80
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31086-7
Online ISBN: 978-3-642-31087-4
eBook Packages: Computer ScienceComputer Science (R0)