Dissertations / Theses on the topic 'Static Analysis Tool'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Static Analysis Tool.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
Morgenthaler, John David. "Static analysis for a software transformation tool /." Diss., Connect to a 24 p. preview or request complete full text in PDF format. Access restricted to UC campuses, 1997. http://wwwlib.umi.com/cr/ucsd/fullcit?p9804509.
Full textDutko, Adam M. "THE RELATIONAL DATABASE: A NEW STATIC ANALYSIS TOOL?" Cleveland State University / OhioLINK, 2011. http://rave.ohiolink.edu/etdc/view?acc_num=csu1313678735.
Full textBaca, Dejan. "Automated static code analysis : A tool for early vulnerability detection." Licentiate thesis, Karlskrona : Department of Systems and Software Engineering, School of Engineering, Blekinge Institute of Technology, 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-00429.
Full textGustafson, Christopher, and Sam Florin. "Qualification of Tool for Static Code Analysis : Processes and Requirements for Approval of Static Code Analysis in the Aviation Industry." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-277941.
Full textInom flygindustrin är användandet av olika programmeringsverktyg inte lika självklart som inom andra industrier. På grund av de katastrofala konsekvenser som fel i mjukvaran i ett flygplan kan resultera i finns det rigorösa krav på mjukvaruutvecklingsprocessen. Ett av dessa krav är att en viss kodstandard måste upprätthållas. Kodstandarder används för att exkludera vissa strukturer i kod som kan leda till oönskat beteende. Upprätthållandet av en viss kodstandard är en långdragen process att genomföra manuellt, och kan därför automatiseras med hjälp av ett statiskt kodanalysverktyg. För att kunna använda ett sådant verktyg behövs däremot en formell verktygskvalificering. I denna uppsats kommer kvalificeringsprocessen av ett verktyg för statisk kodanalys att evalueras enligt de krav som de två stora flygmyndigheterna EASA och FAA ställer. För att förklara processen av att kvalificera ett sådant verktyg gjordes en litteraturstudie följt av en fallstudie av det existerande verktyget Parasoft C/C++ test. Resultaten av litteraturstudien beskriver de olika processerna som måste genomföras för att kvalificera ett statiskt kodanalysverktyg. Noterbart är att resultaten visar att inga krav ställs på utvecklingsprocessen av verktyget själv. Detta betyder att ett existerande kommersiellt verktyg kan kvalificeras utan att verktygsutvecklarna själva behöver bidra med extra information. Fallstudien visade hur verktyget Parasoft C/C++ test kan konfigureras och verifieras att följa en viss kodstandard. Vidare resulterade fallstudien i utkast av de nödvändiga dokumenten som behöver produceras för att kommunicera kvalificeringsprocessen till en myndighet. De resultat som presenteras i denna uppsats är i sig inte tillräckliga för beskriva hela kvalificeringsprocessen. Ytterligare överväganden som är specifika till den mjukvaran som verktyget ska användas till att utveckla måste göras för att en komplett kvalificering ska kunna genomföras. Uppsatsen bidrar däremot med riktlinjer och vägledning av majoriteten av de processerna som behöver genomföras. Ytterligare forskning kan göras för att bidra med den kompletta bilden av verktygskvalificering av ett statiskt kodanalysverktyg, samt hur kvalificering kan göras av andra typer av verktyg.
Eads, Joshua Michael. "EtherAnnotate: a transparent malware analysis tool for integrating dynamic and static examination." Diss., Rolla, Mo. : Missouri University of Science and Technology, 2010. http://scholarsmine.mst.edu/thesis/pdf/Eads_09007dcc807a2d75.pdf.
Full textVita. The entire thesis text is included in file. Title from title screen of thesis/dissertation PDF file (viewed May 4, 2010) Includes bibliographical references (p. 65-68).
Al, Awadi Wali. "An Assessment of Static and Dynamic malware analysis techniques for the android platform." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2015. https://ro.ecu.edu.au/theses/1635.
Full textHubert, Laurent. "Foundations and implementation of a tool bench for static analysis of Java bytecode programs." Rennes 1, 2010. http://www.theses.fr/2010REN1S122.
Full textDans cette thèse, nous nous intéressons à l’analyse statique du bytecode Java. L’initialisation d’un système d’information est une phase délicate où des propriétés de sécurité sont vérifiées et des invariants installés. L’initialisation en Java pose des difficultés, que ce soit pour les champs, les objets ou les classes. De ces difficultés peuvent résulter des failles de sécurité, des erreurs d’exécution (bugs), ou une plus grande difficulté à valider statiquement ces logiciels. Cette thèse propose des analyses statiques répondant aux problèmes d’initialisation de champs, d’objets et de classes. Ainsi, nous décrivons une analyse de pointeurs nuls qui suit finement l’initialisation des champs et permet de prouver l’absence d’exception de pointeur nuls (NullPointerException) et de raffiner le graphe de flot de contrôle intra-procédural. Nous proposons aussi une analyse pour raffiner le graphe de flot de contrôle inter-procédural liée à l’initialisation de classe et permettant de modéliser plus finement le contenu des champs statiques. Enfin, nous proposons un système de type permettant de garantir que les objets manipulés sont complètement initialisés, et offrant ainsi une solution formelle et automatique à un problème de sécurité connu. Les fondations sémantiques de ces analyses sont données. Les analyses sont décrites formellement et prouvées correctes. Pour pouvoir adapter ces analyses, formalisées sur de petits langages, au bytecode, nous avons développé une bibliothèque logicielle. Elle nous a permis de produire des prototypes efficaces gérant l’intégralité du bytecode Java
Gebhard, Gernot [Verfasser], and Reinhard [Akademischer Betreuer] Wilhelm. "Static timing analysis tool validation in the presence of timing anomalies / Gernot Gebhard. Betreuer: Reinhard Wilhelm." Saarbrücken : Saarländische Universitäts- und Landesbibliothek, 2013. http://d-nb.info/1053679947/34.
Full textLerner, Harry 1969. "Static types to dynamic variables : re-assessing the methods of prehistoric Huron chipped stone tool documentation and analysis in Ontario." Thesis, McGill University, 2000. http://digitool.Library.McGill.CA:80/R/?func=dbin-jump-full&object_id=33298.
Full textHameed, Muhammad Muzaffar, and Muhammad Zeeshan ul Haq. "DefectoFix : An interactive defect fix logging tool." Thesis, Blekinge Tekniska Högskola, Avdelningen för programvarusystem, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5268.
Full textKrál, Benjamin. "Forenzní analýza malware." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2018. http://www.nusl.cz/ntk/nusl-385910.
Full textHomdim, Tchuenteu Joel Landry. "Analysis and dynamic modeling of intermediate distributors for balancing of production lines." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2019. http://amslaurea.unibo.it/18626/.
Full textHellström, Patrik. "Tools for static code analysis: A survey." Thesis, Linköping University, Department of Computer and Information Science, 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-16658.
Full textThis thesis has investigated what different tools for static code analysis, with anemphasis on security, there exist and which of these that possibly could be used in a project at Ericsson AB in Linköping in which a HIGA (Home IMS Gateway) is constructed. The HIGA is a residential gateway that opens up for the possibility to extend an operator’s Internet Multimedia Subsystem (IMS) all the way to the user’s home and thereby let the end user connect his/her non compliant IMS devices, such as a media server, to an IMS network.
Static analysis is the process of examining the source code of a program and in that way test a program for various weaknesses without having to actually execute it (compared to dynamic analysis such as testing).
As a complement to the regular testing, that today is being performed in the HIGA project, four different static analysis tools were evaluated to find out which one was best suited for use in the HIGA project. Two of them were open source tools and two were commercial.
All of the tools were evaluated in five different areas: documentation, installation & integration procedure, usability, performance and types of bugs found. Furthermore all of the tools were later on used to perform testing of two modules of the HIGA.
The evaluation showed many differences between the tools in all areas and not surprisingly the two open source tools turned out to be far less mature than the commercial ones. The tools that were best suited for use in the HIGA project were Fortify SCA and Flawfinder.
As far as the evaluation of the HIGA code is concerned some different bugs which could have jeopardized security and availability of the services provided by it were found.
Königsson, Niklas. "Limitations of static analysis tools : An evaluation of open source tools for C." Thesis, Umeå universitet, Institutionen för datavetenskap, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:umu:diva-155299.
Full textRamos, Alexander. "Evaluating the ability of static code analysis tools to detect injection vulnerabilities." Thesis, Umeå universitet, Institutionen för datavetenskap, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:umu:diva-128302.
Full textMamun, Md Abdullah Al, and Aklima Khanam. "Concurrent Software Testing : A Systematic Review and an Evaluation of Static Analysis Tools." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-4310.
Full textBusch, Benjamin C. "Cognitive bargaining model an analysis tool for third party incentives?" Thesis, Monterey, California : Naval Postgraduate School, 2009. http://edocs.nps.edu/npspubs/scholarly/theses/2009/Dec/09Dec%5FBusch.pdf.
Full textThesis Advisor(s): Looney, Robert. Second Reader: Tsypkin, Mikhail. "December 2009." Description based on title screen as viewed on January 29, 2010. Author(s) subject terms: Inducements, bargaining, war, Ukraine, Russia, denuclearization, Prospect Theory, rational choice, cognitive, model, bargaining and war. Includes bibliographical references (p. 75-80). Also available in print.
Hunt, Andrew W. "Basic Expeditionary Airfield Resource (BEAR) Requirements Analysis Tool (BRAT)." Quantico, VA : Marine Corps Command and Staff College, 2008. http://handle.dtic.mil/100.2/ADA491134.
Full textPekari, Gregory Chivers Kurt Miles Erickson Brian G. Belcher Robert C. Kartashov Vitalii. "An analysis comparing Commander Submarine Force U.S. Pacific Fleet (CSP) current inventory management tool versus PACFLT Regional Inventory Stocking Model (PRISM) : a proposed demand-based management tool /." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03Jun%5FPekari.pdf.
Full text"MBA professional report"--Cover. Joint authors: Kurt Miles Chivers, Brian G. Erickson, Robert C. Belcher, Vitalii Kartashov. Thesis advisor(s): Raymond Franck, Keebom Kang, Dan Dolk. Includes bibliographical references (p. 119-120). Also available online.
Freeman, Wilma M. Milton Pamela. "Electronic Commerce : case analyses and tools utilized in the accomplishment of buying Defense /." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2004. http://library.nps.navy.mil/uhtbin/hyperion/04Sep%5FFreeman.pdf.
Full textThesis advisor(s): Marshall Engelbeck, E. Cory Yoder. Includes bibliographical references (p. 57-61). Also available online.
Lee, Dave. "Informatics tools for the analysis and assignment of phosphorylation status in proteomics." Thesis, University of Manchester, 2015. https://www.research.manchester.ac.uk/portal/en/theses/informatics-tools-for-the-analysis-and-assignment-of-phosphorylation-status-in-proteomics(48d2cc82-5bb2-4f07-9cdd-670467db4378).html.
Full textFisch, Johan, and Carl Haglund. "Using the SEI CERT Secure Coding Standard to Reduce Vulnerabilities." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-176409.
Full textMilton, Pamela, and Wilma M. Freeman. "Electronic Commerce : case analyses and tools utilized in the accomplishment of buying Defense." Thesis, Monterey, California. Naval Postgraduate School, 2004. http://hdl.handle.net/10945/1430.
Full textThis study examines the significant issues relative to Ecommerce and how it has resulted in protests, disputes and litigations in the Federal acquisition process. How Ecommerce has evolved since the mandate in October 1993 by former President Clinton and in particularly how it relates to the Department of Defense Acquisition Workforce. It specifically addresses the traditional acquisition process versus the contemporary as it relates to Electronic Commerce and the tools utilized by the Acquisition Workforce to accomplish their buying activities.
Civilian, PEO Aviation
Civilian, US Army Aviation and Missile Command Acquisition Center
Rahaman, Sazzadur. "From Theory to Practice: Deployment-grade Tools and Methodologies for Software Security." Diss., Virginia Tech, 2020. http://hdl.handle.net/10919/99849.
Full textDoctor of Philosophy
Automatic screening tools have great potentials to reduce the gap between the theory and the practice of software security. However, the goal of scalable automated code screening is largely hindered by the practical difficulty of reducing false positives without compromising analysis quality. To enable compile-time security checking of cryptographic vulnerabilities, I developed highly precise static analysis tools (CryptoGuard and TaintCrypt) that developers can use routinely. Both CryptoGuard and TaintCrypt uncovered numerous vulnerabilities in real-world software, which proves the effectiveness. Oracle has implemented our cryptographic code screening algorithms for Java in its internal code analysis platform, Parfait, and detected numerous vulnerabilities that were previously unknown. I also designed a specification language named SpanL to easily express rules for automated code screening. SpanL enables domain experts to create domain-specific security checking. Unfortunately, tools and guidelines are not sufficient to ensure baseline security in internet-wide ecosystems. I found that the lack of proper compliance checking induced a huge gap in the payment card industry (PCI) ecosystem. I showed that none of the PCI scanners (out of 6), we tested are fully compliant with the guidelines, issuing certificates to merchants that still have major vulnerabilities. Consequently, 86% (out of 1,203) of the e-commerce websites we tested, are non-compliant. To improve the testbeds in the light of our work, the PCI Security Council shared a copy of our PCI measurement paper to the dedicated companies that host the PCI certification testbeds.
Base, Jessica. "Using International Trade as an Economic Development Tool: A Case Study Analysis and Applied Framework for Cleveland, Ohio." University of Cincinnati / OhioLINK, 2010. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1277123604.
Full textNshimiyimana, Jean Marie Mr, Oluwafeyisayo Oyeniyi, Mathew Mr Seiler, Kimberly Ms Hawkins, and Temitope Mr Adeyanju. "Development of Public Health Indicator Visualization Tool." Digital Commons @ East Tennessee State University, 2019. https://dc.etsu.edu/asrf/2019/schedule/32.
Full textRamos, Cordoba Eloy. "Development of new tools for local electron distribution analysis." Doctoral thesis, Universitat de Girona, 2014. http://hdl.handle.net/10803/133376.
Full textAquesta tesi es centra en el desenvolupament i aplicació de noves eines per a l'anàlisi de la distribució electrònica en molècules, posant èmfasi en els conceptes de espins locals i estats d'oxidació. La tesi es pot dividir en tres parts. La primera està dedicada a la formulació d'una nova definició d'àtom dins de la molècula que reprodueix les propietats de l'anàlisi QTAIM (Quantum theory of atoms in molecules) amb un cost computacional associat molt més baix. A la segona part proposem una nova metodologia per a obtenir espins locals a partir de l'anàlisi de la funció d'ona i relacionam aquest concepte amb l'enllaç químic iatom el caràcter radical de les molècules. Per últim, estudiem les configuracions electròniques dels àtoms dins de les molècules i obtenim estats d'oxidació efectius a partir de l'anàlisi dels orbitals atòmics efectius
Palikareva, Hristina. "Techniques and tools for the verification of concurrent systems." Thesis, University of Oxford, 2012. http://ora.ox.ac.uk/objects/uuid:fc2028e1-2a45-459a-afdd-70001893f3d8.
Full textDheka, Gilbert. "A comparative analysis of community mediation as a tool of transformation in the litigation systems of South Africa and the United States of America." University of the Western Cape, 2016. http://hdl.handle.net/11394/5514.
Full textBlank, Malin, and Anna Maria Persson. "The Swedish food retail market : An econometric analysis of the competition on local food retail markets." Thesis, Linköping University, Department of Management and Economics, 2004. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-2521.
Full textThe Swedish food retail market contains of three major actors, ICA, KF and Axfood, all in all dominating 75 percent of the total market shares. The scant number of retailing actors indicates that the Swedish food retail market is a highly concentrated oligopoly, which as a fact has given rise to definite discussions and argumentations concerning the market situation. But is the food retail market imperfect and how do we reach a workable competition? Economic theory does not provide any clear answer on these questions, but is rather divided into two fundamentally different approaches to define competition: the static and the dynamic perspective on competition.
In an attempt to examine the competition on local Swedish retail markets, the purpose of this study is to carry out an econometric model estimating the situation. The model serves to explain the variation of ICA’s achievements measured in terms of turnovers obtained in the company. The explanatory variables composing the model are divided into three separate groupings: degreeof market concentration, storespecific factors and region-specific factors. Furthermore, in order to find out which one of the competitive explanations best fits the reality, the regression results are interpreted from a static and a dynamic perspective of competition. In part, we also aim to compare the results with the outline of the Swedish competition law.
We found that the level of concentration obtained in our material is high and is steadily increasing. We also found that stores do not, in any great extent, use price, service and quality as competitive methods. Thus, to gain competitive advantage, market actors must find other ways to carry out strategic market activities. The region-specific variables had either none or very little influence on ICA’s turnover. According to these findings, neither the static nor the dynamic perspective of competition is solely able to produce an accurate method for reaching a state of a workable competition. Instead, a combination of the static and the dynamic ideas may be regarded as the most advantageous way to generate suitable conditions for competition to be efficient. Therefore, in order to promote workable competition, the Swedish competition law must consist of a balance between the static and the dynamic view of competition.
Brannon, Brittany Ann. "Faulty Measurements and Shaky Tools: An Exploration into Hazus and the Seismic Vulnerabilities of Portland, OR." PDXScholar, 2013. https://pdxscholar.library.pdx.edu/open_access_etds/1410.
Full textMargolis, David. "An analysis of electronic surveillance in the USAPATRIOT act." Honors in the Major Thesis, University of Central Florida, 2005. http://digital.library.ucf.edu/cdm/ref/collection/ETH/id/776.
Full textBachelors
Health and Public Affairs
Legal Studies
Spong, Kaitlyn M. "“Your love is too thick”: An Analysis of Black Motherhood in Slave Narratives, Neo-Slave Narratives, and Our Contemporary Moment." ScholarWorks@UNO, 2018. https://scholarworks.uno.edu/td/2573.
Full textSimmons, Stephanie Catherine. "Exploring Colonization and Ethnogenesis through an Analysis of the Flaked Glass Tools of the Lower Columbia Chinookans and Fur Traders." Thesis, Portland State University, 2014. http://pqdtopen.proquest.com/#viewpdf?dispub=1560956.
Full textThis thesis is an historical archaeological study of how Chinookan peoples at three villages and employees of the later multicultural Village at Fort Vancouver negotiated the processes of contact and colonization. Placed in the theoretical framework of practice theory, everyday ordinary activities are studied to understand how cultural identities are created, reinforced, and changed (Lightfoot et al. 1998; Martindale 2009; Voss 2008). Additionally uneven power relationships are examined, in this case between the colonizer and the colonized, which could lead to subjugation but also resistance (Silliman 2001). In order to investigate these issues, this thesis studies how the new foreign material of vessel glass was and was not used during the everyday practice of tool production.
Archaeological studies have found that vessel glass, which has physical properties similar to obsidian, was used to create a variety of tool forms by cultures worldwide (Conte and Romero 2008). Modified glass studies (Harrison 2003; Martindale and Jurakic 2006) have demonstrated that they can contribute important new insights into how cultures negotiated colonization. In this study, modified glass tools from three contact period Chinookan sites: Cathlapotle, Meier, and Middle Village, and the later multiethnic Employee Village of Fort Vancouver were examined. Glass tool and debitage analysis based on lithic macroscopic analytical techniques was used to determine manufacturing techniques, tool types, and functions. Additionally, these data were compared to previous analyses of lithics and trade goods at the study sites.
This thesis demonstrates that Chinookans modified glass into tools, though there was variation in the degree to which glass was modified and the types of tools that were produced between sites. Some of these differences are probably related to availability, how glass was conceptualized by Native Peoples, or other unidentified causes. This study suggests that in some ways glass was just another raw material, similar to stone, that was used to create tools that mirrored the existing lithic technology. However at Cathlapotle at least, glass appears to have been relatively scarce and perhaps valued even as a status item. While at Middle Village, glass (as opposed to stone) was being used about a third of the time to produce tools.
Glass tool technology at Cathlapotle, Meier, and Middle Village was very similar to the existing stone tool technology dominated by expedient/low energy tools; however, novel new bottle abraders do appear at Middle Village. This multifaceted response reflects how some traditional lifeways continued, while at the same time new materials and technology was recontextualized in ways that made sense to Chinookan peoples.
Glass tools increase at the Fort Vancouver Employee Village rather than decrease through time. This response appears to be a type of resistance to the HBC's economic hegemony and rigid social structure. Though it is impossible to know if such resistance was consciously acted on or was just part of everyday activities that made sense in the economic climate of the time.
Overall, this thesis demonstrates how a mundane object such as vessel glass, can provide a wealth of information about how groups like the Chinookans dealt with a changing world, and how the multiethnic community at Fort Vancouver dealt with the hegemony of the HBC. Chinookan peoples and the later inhabitants of the Fort Vancouver Employee Village responded to colonization in ways that made sense to their larger cultural system. These responses led to both continuity and change across time. (Abstract shortened by UMI.)
Mendonça, Vinícius Rafael Lobo de. "Estudo, definição e implementação de um sistema de recomendação para priorizar os avisos gerados por ferramentas de análise estática." Universidade Federal de Goiás, 2014. http://repositorio.bc.ufg.br/tede/handle/tede/4338.
Full textApproved for entry into archive by Luciana Ferreira (lucgeral@gmail.com) on 2015-03-24T14:55:54Z (GMT) No. of bitstreams: 2 Dissertação - Vinícius Rafael Lobo de Mendonça - 2014.pdf: 4110263 bytes, checksum: 2e2be342a6c3301f64fa41a675b85ba9 (MD5) license_rdf: 23148 bytes, checksum: 9da0b6dfac957114c6a7714714b86306 (MD5)
Made available in DSpace on 2015-03-24T14:55:54Z (GMT). No. of bitstreams: 2 Dissertação - Vinícius Rafael Lobo de Mendonça - 2014.pdf: 4110263 bytes, checksum: 2e2be342a6c3301f64fa41a675b85ba9 (MD5) license_rdf: 23148 bytes, checksum: 9da0b6dfac957114c6a7714714b86306 (MD5) Previous issue date: 2014-11-19
Recommendation systems try to guide the user carrying out a task providing him with useful information about it. Considering the context of software development, programs are ever increasing, making it difficult to carry out a detailed verification of warnings generated by automatic static analyzers. In this work, we propose a recommendation system, called WarningsFIX, which aims at helping developers on handling the high number of warnings reported by automatic static analyzers. The back end of this system is composed of seven open-source static analysis tools collecting data, which subsequently are used for visualizing information through TreeMaps. The intention is to combine the outcomes of different static analyzers such that WarningsFIX recommends the analysis of warnings with highest chance to be a true positive. Therefore, the information related to warnings are displayed in four levels of detail: program, package, class, and line. The nodes may be classified in the first three levels: amount of warnings, number of tools and suspicions rate. An exploratory study was carried out and the limitations, advantages and disadvantages of the proposed approach were discussed.
O Sistema de Recomendação apoia um usuário na realização de uma tarefa. Considerando o atual contexto do desenvolvimento de software, programas estão cada vez maiores, tornando difícil a realização de uma avaliação detalhada dos avisos gerados pelos analisadores estáticos. Nesse trabalho, propõe-se um sistema de recomendação, chamado WarningsFIX, que tem objetivo de ajudar os desenvolvedores manipular o alto nível dos avisos emitidos pelos analisadores estáticos. O back end desse sistema é composto de sete ferramentas de análise estática de código aberto para coleta de dados, que são visualizados por meio de TreeMap. O objetivo é combinar os resultados de diferentes analisadores estáticos, assim recomendar a análise de avisos com alta chance de ser verdadeiro positivo. Portanto, a informações relacionadas ao nó são visualizadas em quatro níveis de visualização: programa, pacote, classe e linha. Além disso, os nós podem ser classificados em três tipos: quantidade de avisos, quantidade de ferramentas e taxa de suspeição. Um estudo exploratório foi realizado e as limitações, vantagens e desvantagens da abordagem proposta foram discutidas.
Holmberg, Anna. "Jämförelse av statiska kodanalysverktyg : En fallstudie om statiska kodanalysverktygs förmåga att hitta sårbarheter i kod." Thesis, Högskolan Dalarna, Mikrodataanalys, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:du-35593.
Full textSäkerhetsbrister som förekommer i webbapplikationer kan leda till stora konsekvenser. PHP är ett språk som ofta används för webbapplikationer och det ställer höga krav på hur språket används för att det ska vara säkert. Det finns flera funktioner i PHP som bör hanteras varsamt för att inte säkerhetsbrister ska uppstå. Statisk kodanalys kan hjälpa till med att hitta sårbarheter i kod men det finns vissa nackdelar som kan uppkomma med statiska kodanalysverktyg. En nackdel är falska positiva vilket betyder att verktyget rapporterar in sårbarheter som inte finns. Det finns också falska negativa som betyder att verktyget inte hittar sårbarheten alls vilket kan leda till en falsk trygghetskänsla för användaren av verktyget. Med hjälp av färdiga testfall så har tre verktyg utretts i en fallstudie för att ta reda på om verktygen skiljer sig i sin förmåga till att undvika falska positiva och falska negativa. Studien undersöker också om verktygens regler tar PHP-språkets sårbara funktioner i beaktning. För att kunna besvara forskningsfrågan har en dokumentsinsamling genomförts för att få information om verktygen och olika sårbarheter. Studiens syfte är att jämföra statiska kodanalysverktygs förmåga att hitta sårbarheter i PHP-kod. De verktyg som utreddes var SonarQube, Visual Code Grepper (VCG) och Exakat. Studiens analys visar att VCG hittade mest sårbarheter men lyckades inte undvika falska positiva sårbarheter. Exakat hade noll falska positiva men kunde inte undvika falska negativa i lika stor utsträckning som VCG. SonarQube undvek alla falska positiva men hittade inte någon av de sårbarheter som testades i testfallen. Enligt verktygens regler visade sig VCG ta mest hänsyn till de riskfyllda funktioner som finns i PHP. Studiens resultat visar att verktygens förmåga att undvika falska positiva och falska negativa och deras anpassning för PHP språkets sårbara funktioner skiljde sig åt.
Lin, Ping-Hung, and 林炳宏. "Nonlinear Static Analysis of Machine Tool Spindle." Thesis, 2008. http://ndltd.ncl.edu.tw/handle/53411161558941559449.
Full textDevaraj, Arvind. "A Static Slicing Tool for Sequential Java Programs." Thesis, 2007. http://etd.iisc.ernet.in/2005/3891.
Full textMao, Jun-Kai, and 毛俊凱. "The Development of Machine Tool Spindle Test Platform for Static and Dynamic Characteristics Analysis." Thesis, 2006. http://ndltd.ncl.edu.tw/handle/05207158229000672678.
Full text國立中興大學
機械工程學系所
94
In the manufacturing process of the machine tools, the performance of spindle is the key point in machine tools, and it decides the working process quality and production efficiency. With the view of engineering design, test and analyze is used to verify the quality and design after designed. With the view of assembled, test and analyze is used to verify the basis assembled, and is regarded as the reference for improve the products quality. With the view of customer, the result of analyze is to take for a reference that customer demand. It this paper, we developed the spindle single test platform, and planed the procedure about test and analyze of spindle. The object is to understand the quiet dynamic characteristic of the spindle even more by this. All of the results done by the test platform we developed, include amount of dynamic rotational accuracy is examined to make static stiffness measuring and is analyzed , running-in test and thermal displacement to the spindle of two different attitudes(each for before and after bearing contacting angle 250 and down preload of spindle, contact another piece for back end bearing contact angle 150 of spindle). The result Inspection, no matter in radial stiffness or axial stiffness, it is taller than 250 ones that lowered the spindle preload of back end bearing that 150 back end bearings have not lowered the spindle preload, The Inspection in dynamic rotational accuracy of two spindle, can find out that it is not high to the influence which dynamic rotational accuracy that the bearing is contact angle and preload, In thermal displacement, the spindle is more difficult to be influenced by environment temperature in case of pouring into cooling liquid, It is to make testing in the atmosphere that the past Running-in, but the result Inspection by way of the test platform, after the sleeve pours into the cooling liquid , can reach the even result of lubrication within shorter time.
Peng, Zih-Yun, and 彭子芸. "Implementing a Worst-Case Execution Time ILP Memory Model for a Static Analysis Tool." Thesis, 2017. http://ndltd.ncl.edu.tw/handle/36amd8.
Full text國立中山大學
資訊工程學系研究所
106
Real-time systems impose deadlines on tasks. Hard real-time systems require a guarantee that no deadline is ever missed. Such a guarantee is impossible if a program’s execution time ever exceeds its deadline. The challenge is therefore to determine the program’s worst case execution time (WCET), so the deadline can be set accordingly. Although it is impossible to know the true WCET of most nontrivial programs, an upper bound is sufficient to guarantee that the deadline is met. Such an upper bound can be derived through a static analysis that analyzes the worst-case execution time of each portion of the source code and the worst-case flow between these portions. One such static analyzer is the SWEdish execution time tool (SWEET). This thesis extends the work of previous students in our laboratory, who have adapted SWEET to work with the ARM processor, by fixing SWEET’s machine model [2] and memory model [1]. Despite those previous efforts, it was not possible to release the code for public use, because [1] only adapted the memory model to one of SWEET’s calculation methods (path-based). Another, more-commonly used method (IPET) was not supported. This thesis has therefore solved the problems of supporting IPET for the ARM, with the sophisticated memory model of [1].
Chen, Ting-An, and 陳亭諳. "A Tool for Static WCET Analysis with Accurate Memory Modeling for ARM Programs that Use Scratchpad Memory." Thesis, 2014. http://ndltd.ncl.edu.tw/handle/00562241414929200635.
Full text國立中山大學
資訊工程學系研究所
102
In order to guarantee the reliability of the real-time system, each process should be complete before the deadline. Therefore, providing accurate WCET for scheduler would be a key factor. WCET can derive by two method: measurement-base or static analysis. Since measurement-base cannot guarantee the safety of WCET, we use static analysis in this thesis. In this thesis, we use SWEET (SWEdish execution time tool) to estimates WCET for ARM. Since the memory module of SWEET for ARM is out of date and cannot provide accurate WCET. Therefore, we propose a simplified architecture for analyzing the time costs of memory read accesses and memory write accesses. This method can not only derive the memory access time of DRAM but also SPM. Additionally, in order to prevent over-optimizing issue of allocator on WCET, we also provide a more efficient way to generate nearly worst case flow paths. Experiment result shows our memory module can improve 43%~46% of WCET compares to the situation which assumed every memory access is worst.
Mirko, Staderini. "Towards the Assessment and the Improvement of Smart Contract Security." Doctoral thesis, 2022. http://hdl.handle.net/2158/1272428.
Full text"A Tool to Reduce Defects due to Dependencies between HTML5, JavaScript and CSS3." Master's thesis, 2016. http://hdl.handle.net/2286/R.I.39436.
Full textDissertation/Thesis
Masters Thesis Computer Science 2016
Wu, Yan-Hua, and 吳彥樺. "Static and Dynamic Analyses and Improved Design of Machine Tool Structures." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/99605839220892746410.
Full text東南科技大學
機械工程研究所
101
This thesis investigates the structural vibration problems of machine tools, and proposes improved designs of the machines in order to reduce the possibilities of resonance and increase precision and stabilities during cutting operation. The CAD model of a machine tool was first imported to the finite element software ANSYS Workbench to perform convergence analysis, after which a model with a proper number of nodes was selected. Then, static analysis, dynamic analysis and harmonic response analysis were performed on the finite element model with appropriate loadings and boundary conditions, acquiring deformations, equivalent stresses, natural frequencies, mode shapes, and harmonic response functions of the structure. The Hooke’s law was also employed to calculate their dynamic stiffnesses. Based on the analyzed results, structural weakness was identified. By raising the fundamental natural frequency and reducing the structural mass, the dynamic characteristics of the machine tool can be enhanced. The design results show that the improved models produce higher natural frequencies and lower masses, which can effectively decrease the possibilities of structural resonance on the machine tool.
Aljawder, Dana. "Identifying unsoundness of call graphs in android static analysis tools." Thesis, 2016. https://hdl.handle.net/2144/17085.
Full textAlikhashashneh, Enas A. "Using Machine Learning Techniques to Improve Static Code Analysis Tools Usefulness." Thesis, 2019. http://hdl.handle.net/1805/19942.
Full textThis dissertation proposes an approach to reduce the cost of manual inspections for as large a number of false positive warnings that are being reported by Static Code Analysis (SCA) tools as much as possible using Machine Learning (ML) techniques. The proposed approach neither assume to use the particular SCA tools nor depends on the specific programming language used to write the target source code or the application. To reduce the number of false positive warnings we first evaluated a number of SCA tools in terms of software engineering metrics using a highlighted synthetic source code named the Juliet test suite. From this evaluation, we concluded that the SCA tools report plenty of false positive warnings that need a manual inspection. Then we generated a number of datasets from the source code that forced the SCA tool to generate either true positive, false positive, or false negative warnings. The datasets, then, were used to train four of ML classifiers in order to classify the collected warnings from the synthetic source code. From the experimental results of the ML classifiers, we observed that the classifier that built using the Random Forests (RF) technique outperformed the rest of the classifiers. Lastly, using this classifier and an instance-based transfer learning technique, we ranked a number of warnings that were aggregated from various open-source software projects. The experimental results show that the proposed approach to reduce the cost of the manual inspection of the false positive warnings outperformed the random ranking algorithm and was highly correlated with the ranked list that the optimal ranking algorithm generated.
(7013450), Enas Ahmad Alikhashashneh. "USING MACHINE LEARNING TECHNIQUES TO IMPROVE STATIC CODE ANALYSIS TOOLS USEFULNESS." Thesis, 2019.
Find full textThis dissertation proposes an approach to reduce the cost of manual inspections for as large a number of false positive warnings that are being reported by Static Code Analysis (SCA) tools as much as possible using Machine Learning (ML) techniques. The proposed approach neither assume to use the particular SCA tools nor depends on the specific programming language used to write the target source code or the application. To reduce the number of false positive warnings we first evaluated a number of SCA tools in terms of software engineering metrics using a highlighted synthetic source code named the Juliet test suite. From this evaluation, we concluded that the SCA tools report plenty of false positive warnings that need a manual inspection. Then we generated a number of datasets from the source code that forced the SCA tool to generate either true positive, false positive, or false negative warnings. The datasets, then, were used to train four of ML classifiers in order to classify the collected warnings from the synthetic source code. From the experimental results of the ML classifiers, we observed that the classifier that built using the Random Forests
(RF) technique outperformed the rest of the classifiers. Lastly, using this classifier and an instance-based transfer learning technique, we ranked a number of warnings that were aggregated from various open-source software projects. The experimental results show that the proposed approach to reduce the cost of the manual inspection of the false positive warnings outperformed the random ranking algorithm and was highly correlated with the ranked list that the optimal ranking algorithm generated.
Reynolds, Zachary P. "Identifying and documenting false positive patterns generated by static code analysis tools." Thesis, 2017. https://doi.org/10.7912/C22651.
Full textStatic code analysis tools are known to flag a large number of false positives. A false positive is a warning message generated by a static code analysis tool for a location in the source code that does not have any known problems. This thesis presents our approach and results in identifying and documenting false positives generated by static code analysis tools. The goal of our study was to understand the different kinds of false positives generated so we can (1) automatically determine if a warning message from a static code analysis tool truly indicates an error, and (2) reduce the number of false positives developers must triage. We used two open-source tools and one commercial tool in our study. Our approach led to a hierarchy of 14 core false positive patterns, with some patterns appearing in multiple variations. We implemented checkers to identify the code structures of false positive patterns and to eliminate them from the output of the tools. Preliminary results showed that we were able to reduce the number of warnings by 14.0%-99.9% with a precision of 94.2%-100.0% by applying our false positive filters in different cases.
Chia-HsiuYeh and 葉家秀. "Volumetric Error Analysis for Five-Axis Virtual Machine Tools under Static Load." Thesis, 2011. http://ndltd.ncl.edu.tw/handle/30362656835698934647.
Full textKao, Mei-Chan, and 高美琴. "The Analysis of Mathematical Tools in Senior High School Physics Textbooks - The Statics Unit as an Example." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/s6j86k.
Full text淡江大學
中等學校教師在職進修數學教學碩士學位班
101
The main purpose of this study is to figure out the teaching material structure which is checked againt the Curriculum Guideline issued by the Ministry of Education (MOE) in 2009 and to analyze the representation statics unit in three versions of senior high physics textbooks, as well as to render the using of the mathematical signs when they are presented. With the tools of concept map , content analysis is applied to the teaching materials of three existing versions used in senior high physics textbooks. The findings of this study : There are some sequence differences of concept among different versions of statics unit materials, but they are consistant with the mapping in the Curriculum Guideline 2009. The amount of the common concepts comprises about 70 percent of the senior high statics unit concepts. In the teaching materials of statics unit , all the three versions primarily use the mathematical signs of Proportional relationship, Pythagorean Theorem, Algebra, Trigonometric function and Vector. Each version of using math signs were shows difference in depth in calculation. The statics unit is scheduled in the physics courses in the first term of Grade 11, which adopts many mathematical signs corresponding to the Curriculum Guideline, such as the Proportional relationship and Pythagorean Theorem in the math courses at junior high, the Algebra of Σ signs in the second term in grade 10 , the Trigonometric Function and Vector in the first term in grade 11. But part of the material of Trigonometric Function is in the first term in grade 12. Finally, the findings of this study as suggestions are made for the reference of textbook compilers, users and researchers.