liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Tools for static code analysis: A survey
Linköping University, Department of Computer and Information Science.
2009 (English)Independent thesis Advanced level (degree of Master (One Year)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

This thesis has investigated what different tools for static code analysis, with anemphasis on security, there exist and which of these that possibly could be used in a project at Ericsson AB in Linköping in which a HIGA (Home IMS Gateway) is constructed. The HIGA is a residential gateway that opens up for the possibility to extend an operator’s Internet Multimedia Subsystem (IMS) all the way to the user’s home and thereby let the end user connect his/her non compliant IMS devices, such as a media server, to an IMS network.

Static analysis is the process of examining the source code of a program and in that way test a program for various weaknesses without having to actually execute it (compared to dynamic analysis such as testing).

As a complement to the regular testing, that today is being performed in the HIGA project, four different static analysis tools were evaluated to find out which one was best suited for use in the HIGA project. Two of them were open source tools and two were commercial.

All of the tools were evaluated in five different areas: documentation, installation & integration procedure, usability, performance and types of bugs found. Furthermore all of the tools were later on used to perform testing of two modules of the HIGA.

The evaluation showed many differences between the tools in all areas and not surprisingly the two open source tools turned out to be far less mature than the commercial ones. The tools that were best suited for use in the HIGA project were Fortify SCA and Flawfinder.

As far as the evaluation of the HIGA code is concerned some different bugs which could have jeopardized security and availability of the services provided by it were found.

Place, publisher, year, edition, pages
2009. , 119 p.
Keyword [en]
Static analysis, Software security, IMS, HIGA
National Category
Computer Science
URN: urn:nbn:se:liu:diva-16658ISRN: LIU-IDA/LITH-EX-A--09/003--SEOAI: diva2:160205
2009-02-06, al-Khwarizmi, IDA, Linköpings universitet, Linköping, 10:00 (Swedish)
Available from: 2009-02-16 Created: 2009-02-09 Last updated: 2009-02-16Bibliographically approved

Open Access in DiVA

fulltext(0 kB)2516 downloads
File information
File name FULLTEXT01.pdfFile size 0 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Hellström, Patrik
By organisation
Department of Computer and Information Science
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 2516 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 1618 hits
ReferencesLink to record
Permanent link

Direct link