Implement Static Analysis Tool using JavaCC (JavaCC를 이용한 정적 분석 도구 구현)

KIMBYEONGCHEOL (김병철); Changjin Kim (김창진); Seongcheol Yun (윤성철); Han, Kyung sook (한경숙)

doi:10.9708/jksci.2018.23.12.089

Implement Static Analysis Tool using JavaCC

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2018, 23(12), pp.89-94
DOI : 10.9708/jksci.2018.23.12.089
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science
Received : October 18, 2018
Accepted : November 20, 2018
Published : December 31, 2018

KIMBYEONGCHEOL ¹, Changjin Kim ¹, Seongcheol Yun ¹, Han, Kyung sook ¹

¹한국산업기술대학교

Accredited

ABSTRACT

In this paper, we implemented a static analysis tool for weakness. We implemented on JavaCC using syntax information and control flow information among various information. We also tested the performance of the tool using Juliet-test suite on Eclipse. We were classified using information necessary for diagnosis and diagnostic methods were studied and implemented. By mapping the information obtained at each compiler phase the security weakness, we expected to link the diagnostic method with the program analysis information to the security weakness. In the future, we will extend to implement diagnostic tools using other analysis information.

KEYWORDS

Security, Weakness, Static Analysis, Syntax Information, Flow Information

Citation status

* References for papers published after 2023 are currently being built.

[journal] SungMoon Hong / 2014 / Detection of Security Vulnerability From the Knowledge-Base Representation of Source Code / Journal of The Korea Information Science Society : 1618~1620

[web] CWE / Common Weakness Enumeration / https://cwe.mitre.org/

[web] CERT / Computer Emergency Response Team / https://wiki.sei.cmu.edu/confluence/

[journal] 한경숙 / 2017 / Classification of Diagnostic Information and Analysis Methods for Weaknesses in C/C++ Programs / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 22(3) : 81~88

[book] Alfred V. Aho / 1986 / Compilers:Principled, Techniques, and Tools / Addison Wesley

[web] / JavaCC / https://javacc.org/

[web] / Juliet test-suite / https://samate.nist.gov/SRD/testsuite.php/

[web] / MICRO FOCUS Inc. / https://software.microfocus.com/

[web] / Sparrow Co / https://sparrowpasso.com/

[web] / CODEMIND / https://www.codemind.co.kr/

[other] Minero Aoki / 2009 / Compiler structure and principle :Language processing system learned by the compiler

[journal] C. Cadar / 2013 / Symbolic execution for software testing: three decades late / Communications of the ACM 56(2) : 82~90

[confproc] P. Cousot / 1977 / Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints / Proceedings of the 4th ACM SIGACT- SIGPLAN symposium on Principles of programming languages / ACM : 238~252

[confproc] Kuznetsov / 2012 / Efficient State Merging in Symbolic Execution

[web] / LLVM / http://llvm.org/

This paper was written with support from the National Research Foundation of Korea.

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Implement Static Analysis Tool using JavaCC

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Implement Static Analysis Tool using JavaCC

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (1)

REFERENCES (15) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.