본문 바로가기
  • Home

Classification of Diagnostic Information and Analysis Methods for Weaknesses in C/C++ Programs

  • Journal of The Korea Society of Computer and Information
  • Abbr : JKSCI
  • 2017, 22(3), pp.81-88
  • DOI : 10.9708/jksci.2017.22.03.081
  • Publisher : The Korean Society Of Computer And Information
  • Research Area : Engineering > Computer Science
  • Received : March 9, 2017
  • Accepted : March 23, 2017
  • Published : March 31, 2017

Han, Kyung sook 1 Damho Lee 2 Changwoo Pyo 2

1한국산업기술대학교
2홍익대학교

Accredited

ABSTRACT

In this paper, we classified the weaknesses of C/C++ programs listed in CWE based on the diagnostic information produced at each stage of program compilation. Our classification identifies which stages should be responsible for analyzing the weaknesses. We also present algorithmic frameworks for detecting typical weaknesses belonging to the classes to demonstrate validness of our scheme. For the weaknesses that cannot be analyzed by using the diagnostic information, we separated them as a group that are often detectable by the analyses that simulate program execution, for instance, symbolic execution and abstract interpretation. We expect that classification of weaknesses, and diagnostic information accordingly, would contribute to systematic development of static analyzers that minimizes false positives and negatives.

Citation status

* References for papers published after 2022 are currently being built.