Comparing Detection Ratio of Three Static Analysis Tools
نویسندگان
چکیده
Static code analysis is a software verification activity in which source code is scrutinized for quality and security. In a Software Development Lifecycle, timely detection of flaws is beneficial and static analysis tools help us to detect flaws at a very early stage. Both commercial and open source static analysis tools are available today. Due to diverse user requirements and capabilities of the tools, a comparison between tools is required. Three open source static analysis tools for security are evaluated in this paper. These are Cppcheck, RATS and Flawfinder. They have been studied and compared to each other on the basis of detection ratio. For the purpose of obtaining the detection ratio, the vulnerabilities were categorized and intentionally introduced into the demo codes.
منابع مشابه
Health Monitoring of Welded Steel Pipes by Vibration Analysis
In the present work, structure health monitoring (SHM) of welded steel pipes was used to diagnosis their state via vibration based damage detection techniques. The dynamic quantities such as Frequency Response Functions (FRFs), mode shapes and modal parameters from structural vibration to detect damage were measured, set on linear averaging mode, with a maximum frequency of analysis of 3.2 kHz....
متن کاملThree dimensional static and dynamic analysis of thick plates by the meshless local Petrov-Galerkin (MLPG) method under different loading conditions
In this paper, three dimensional (3D) static and dynamic analysis of thick plates based on the Meshless Local Petrov-Galerkin (MLPG) is presented. Using the kinematics of a three-dimensional continuum, the local weak form of the equilibrium equations is derived. A weak formulation for the set of governing equations is transformed into local integral equations on local sub-domains by using a uni...
متن کاملDamage Detection in Beam-like Structures using Finite Volume Method
In this paper the damage location in beam like-structure is determined using static and dynamic data obtained using finite volume method. The change of static and dynamic displacement due to damage is used to establish an indicator for determining the damage location. In order to assess the robustness of the proposed method for structural damage detection, three test examples including a static...
متن کاملComparing Model Checking and Static Program Analysis: A Case Study in Error Detection Approaches
Static program analysis and model checking are two different techniques in bug detection that perform error checking statically, without running the program. In general, static program analysis determines run-time properties of programs by examining the code structure while model checking needs to explore the relevant states of the computation. This paper reports on a comparison of such approac...
متن کاملStatic Analysis of Functionally Graded Annular Plate Resting on Elastic Foundation Subject to an Axisymmetric Transverse Load Based on the Three Dimensional Theory of Elasticity
In this paper, static analysis of functionally graded annular plate resting on elastic foundation with various boundary conditions is carried out by using a semi-analytical approach (SSM-DQM). The differential governing equations are presented based on the three dimensional theory of elasticity. The plate is assumed isotropic at any point, while material properties to vary exponentially thro...
متن کامل