Advanced Static Analysis for Software Assurance
Agency / Branch:
DOD / MDA
Software continues to be deployed with large numbers of flaws. Existing approaches for detecting flaws in software are mostly dynamic: they rely on the executing the software on a particular set of inputs. In contrast, static approaches consider allpossible executions of the program. Static approaches have achieved some success, but to date have not realized their full potential because they are based on analysis of superficial surface structures, are not interprocedural, not whole-program, and areblind to aliasing effects. We have developed highly-advanced static analysis technology for reverse engineering that addresses these shortcomings, and we now propose to apply that technology to finding flaws in software. Our technology computes thedependence graph representation of programs, which captures their semantics at a much deeper level. We propose a tool that will address a wide range of flaws including resource mismanagement errors, failure mode checking, division by zero defects, andillegal conversions. The challenge is to achieve accuracy (fewer false positives) and completeness (fewer false negatives), while maintaining the ability to scale to very large programs. We propose to prototype the system in Phase I, and develop anexperimentation plan to measure its efficacy. The proposed tool will used to significantly enhance the quality of software systems. It will allow software developers to develop higher-quality software with lower software assurance costs.
Small Business Information at Submission:
317 N. Aurora Street Ithaca, NY 14850
Number of Employees: