Source code and binary analysis of software defects

Abstract

This extended abstract presents the techniques to identify a selected set of software defects (bugs, bad practices, etc.) within both source code and binary executables. We present the results from six different static analysis tests applied on both the source code and the binary executables (with and without optimization) on three different applications. We compare the precision of the static analysis results from the source code and the binary executable forms of the same software. Ideally the results from an analysis of source code and its binary would be identical, but in practice the source code and binary representation cause slightly different techniques to be used with different amounts and types of information readily available.Our work defines a few defect analyses to support what might later be a larger collection of analyses. Our goal is to more thoroughly evaluate software quality and eliminate, as much as possible, the classic asymmetry of information about software, specifically quality as understood by the software developer vs. the software user. It is not well studied how static analysis of source code and binaries are related for purposes of evaluating general quality and our work is focused in this direction; much less are the tools for such work openly available. Our work also presents an open framework well suited for identifying general software properties of both source code and binary executables.