Abstract
Static analysis is a general name for various methods of program examination without actually executing it. In particular, it is widely used to discover errors and vulnerabilities in software. Taint analysis usually denotes the process of checking the flow of user-provided data in the program in order to find potential vulnerabilities. It can be performed either statically or dynamically. In the paper we evaluate several improvements for the static taint analyzer Irbis [1], which is based on a special case of interprocedural graph reachability problem - the so-called IFDS problem, originally proposed by Reps et al. [2]. The analyzer is currently being developed at the Ivannikov Institute for System Programming of the Russian Academy of Sciences (ISP RAS). The evaluation is based on several real projects with known vulnerabilities and a subset of the Juliet Test Suite for C/C++ [3]. The chosen subset consists of more than 5 thousand tests for 11 different CWEs.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
