Patent application number | Description | Published |
20110219361 | CORRECT REFACTORING OF CONCURRENT SOFTWARE - Automated refactorings as implemented in modern IDEs for Java usually make no special provisions for concurrent code. Thus, refactored programs may exhibit unexpected new concurrent behaviors. We analyze the types of such behavioral changes caused by current refactoring engines and develop techniques to make them behavior-preserving, ranging from simple techniques to deal with concurrency-related language constructs to a framework that computes and tracks synchronization dependencies. By basing our development directly on the Java Memory Model we can state and prove precise correctness results about refactoring concurrent programs. We show that a broad range of refactorings are not influenced by concurrency at all, whereas other important refactorings can be made behavior-preserving for correctly synchronized programs by using our framework. Experience with a prototype implementation shows that our techniques are easy to implement and require only minimal changes to existing refactoring engines. | 09-08-2011 |
20120102471 | GENERATING SPECIFICATIONS OF CLIENT-SERVER APPLICATIONS FOR STATIC ANALYSIS - Systems and methods are provided for creating a data structure associated with a software application that is based on at least one framework. According to the method, source code and at least one configuration file of the software application is analyzed by at least one framework-specific processor so as to determine entry point information indicating entry points in the source code, request attribute access information indicating where attributes attached to a request data structure are read and written, and forward information indicating forwards performed by the software application. A data structure for a static analysis engine is created based on this information. The data structure includes a list of synthetic methods that model framework-related behavior of the software application, and a list of entry points indicating the synthetic methods and/or application methods of the software application that can be invoked by the framework. | 04-26-2012 |
20120102474 | STATIC ANALYSIS OF CLIENT-SERVER APPLICATIONS USING FRAMEWORK INDEPENDENT SPECIFICATIONS - Systems and methods are provided for statically analyzing a software application that is based on at least one framework. According to the method, source code of the software application and a specification associated with the software application are analyzed. The specification includes a list of synthetic methods that model framework-related behavior of the software application, and a list of entry points indicating the synthetic methods and/or application methods of the software application that can be invoked by the framework. Based on the source code and the specification, intermediate representations for the source code and the synthetic methods are generated. Based on the intermediate representations and the specification, call graphs are generated to model which application methods of the software application invoke synthetic methods or other application methods of the software application. The software application is statically analyzed based on the call graphs and the intermediate representations so as to generate analysis results for the software application. | 04-26-2012 |
20120110551 | SIMULATING BLACK BOX TEST RESULTS USING INFORMATION FROM WHITE BOX TESTING - Systems, methods are program products for simulating black box test results using information obtained from white box testing, including analyzing computer software (e.g., an application) to identify a potential vulnerability within the computer software application and a plurality of milestones associated with the potential vulnerability, where each of the milestones indicates a location within the computer software application, tracing a path from a first one of the milestones to an entry point into the computer software application, identifying an input to the entry point that would result in a control flow from the entry point and through each of the milestones, describing the potential vulnerability in a description indicating the entry point and the input, and presenting the description via a computer-controlled output medium. | 05-03-2012 |
20120131670 | Global Variable Security Analysis - A method includes determining selected global variables in a program for which flow of the selected global variables through the program is to be tracked. The selected global variables are less than all the global variables in the program. The method includes using a static analysis performed on the program, tracking flow through the program for the selected global variables. In response to one or more of the selected global variables being used in security-sensitive operations in the flow, use is analyzed of each one of the selected global variables in a corresponding security-sensitive operation. In response to a determination the use may be a potential security violation, the potential security violation is reported. Apparatus and computer program products are also disclosed. | 05-24-2012 |
20120174082 | REFACTORING PROGRAMS FOR FLEXIBLE LOCKING - Disclosed is a novel computer implemented system, on demand service, computer program product and a method that provides a set of lock usages that improves concurrency resulting in execution performance of the software application by reducing lock contention through refactoring. More specifically, disclosed is a method to refactor a software application. The method starts with accessing at least a portion of a software application that can execute in an operating environment where there are more two or more threads of execution. Next, a determination is made if there is at least one lock used in the software application to enforce limits on accessing a resource. In response to determining that there is a lock with a first type of construct with a given set of features, the software application is refactored with the lock to preserve behavior of the software application. | 07-05-2012 |
20120254839 | SIMULATING BLACK BOX TEST RESULTS USING INFORMATION FROM WHITE BOX TESTING - Systems, methods are program products for simulating black box test results using information obtained from white box testing, including analyzing computer software (e.g., an application) to identify a potential vulnerability within the computer software application and a plurality of milestones associated with the potential vulnerability, where each of the milestones indicates a location within the computer software application, tracing a path from a first one of the milestones to an entry point into the computer software application, identifying an input to the entry point that would result in a control flow from the entry point and through each of the milestones, describing the potential vulnerability in a description indicating the entry point and the input, and presenting the description via a computer-controlled output medium. | 10-04-2012 |
20130054221 | GENERATING SPECIFICATIONS FOR EXPRESSION LANGUAGE EXPRESSIONS AND TAG LIBRARIES - Systems and methods are provided for creating a data structure associated with a software application that is based on at least one framework. According to the method, at least one Java Server Page file associated with the software application is analyzed. The Java Server Page (JSP) file includes at least one call to at least one library tag, and at least one Expression Language (EL) expression. A set of tag library usage information for the JSP file is generated based. The set of tag library usage information includes at least one variable, and a value of the at least one variable created by the at least one call. The EL expression is evaluated based on the variable and the value of the variable. A data structure is created for a static analysis engine based on EL expression. The data structure includes at least one Java expression representing the EL expression. | 02-28-2013 |
20130091487 | SCALABLE PROPERTY-SENSITIVE POINTS-TO ANALYSIS FOR PROGRAM CODE - A novel system, computer program product, and method are disclosed for transforming a program to facilitate points-to analysis. The method begins with accessing at least a portion of program code, such as JavaScript. In one example, a method with at least one dynamic property correlation is identified for extraction. When a method m is identified for extraction with the dynamic property correlation, a body of the loop l in the method m is extracted. A new method m | 04-11-2013 |
20130275951 | RACE DETECTION FOR WEB APPLICATIONS - A method of executing a rendering engine including executing a web application including at least two operations a single thread of execution, generating an auxiliary map for instrumentation accesses of the web application, and detecting and reporting concurrent memory accesses of the web application as a race. | 10-17-2013 |
20130290786 | AUTOMATED TESTING OF APPLICATIONS WITH SCRIPTING CODE - A novel system, computer program product, and method are disclosed for feedback-directed automated test generation for programs, such as JavaScript, in which execution is monitored to collect information that directs the test generator towards inputs that yield increased coverage. Several instantiations of the framework are implemented, corresponding to variations on feedback-directed random testing, in a tool called Artemis. | 10-31-2013 |
20140143880 | Global Variable Security Analysis - A method includes determining selected global variables in a program for which flow of the selected global variables through the program is to be tracked. The selected global variables are less than all the global variables in the program. The method includes using a static analysis performed on the program, tracking flow through the program for the selected global variables. In response to one or more of the selected global variables being used in security-sensitive operations in the flow, use is analyzed of each one of the selected global variables in a corresponding security-sensitive operation. In response to a determination the use may be a potential security violation, the potential security violation is reported. Apparatus and computer program products are also disclosed. | 05-22-2014 |