본문 바로가기
  • Home

Evaluation of Static Analyzers for Weakness in C/C++ Programs using Juliet and STONESOUP Test Suites

  • Journal of The Korea Society of Computer and Information
  • Abbr : JKSCI
  • 2017, 22(3), pp.17-25
  • DOI : 10.9708/jksci.2017.22.03.017
  • Publisher : The Korean Society Of Computer And Information
  • Research Area : Engineering > Computer Science
  • Received : March 13, 2017
  • Accepted : March 23, 2017
  • Published : March 31, 2017

Hyunji Seo 1 Younggwan Park 1 Kim Taehwan 1 Han, Kyung sook 2 Changwoo Pyo 1

1홍익대학교
2한국산업기술대학교

Accredited

ABSTRACT

In this paper, we compared four analyzers Clang, CppCheck, Compass, and a commercial one from a domestic startup using the NIST’s Juliet test suit and STONESOUP that is introduced recently. Tools showed detection efficacy in the order of Clang, CppCheck, the domestic one, and Compass under Juliet tests; and Clang, the domestic one, Compass, and CppCheck under STONESOUP tests. We expect it would be desirable to utilize symbolic execution for vulnerability analysis in the future. On the other hand, the results of tool evaluation also testifies that Juliet and STONESOUP as a benchmark for static analysis tools can reveal differences among tools. Finally, each analyzer has different CWEs that it can detect all given test programs. This result can be used for selection of proper tools with respect to specific CWEs.

Citation status

* References for papers published after 2022 are currently being built.