An approach for modeling dynamic analysis using ontologies
Proceedings of the Eighth International Workshop on Dynamic Analysis
Ontology model-based static analysis of security vulnerabilities
ICICS'11 Proceedings of the 13th international conference on Information and communications security
| Hi-index | 0.00 |
Typical enterprise and military software systems consist of millions of lines of code with complicated dependence on diverse library abstractions. Manually debugging these codes imposes developers overwhelming workload and difficulties. To address software quality concerns efficiently, this paper proposes an ontology-based static analysis approach to automatically detect bugs in the source code of Java programs. First, we elaborate bug list collected, classify bugs into different categories, and translate bug patterns into SWRL (Semantic Web Rule Language) rules using an ontology tool, Protégé. An ontology model of Java program is created according to Java program specification using Protégé as well. Both SWRL rules and the program ontology model are exported in OWL (Web Ontology Language) format. Second, Java source code under analysis is parsed into the Abstract Syntax Tree (AST), which is automatically mapped to the individuals of the program ontology model. SWRL Bridge takes in the exported OWL file (representing the SWRL rules model and program ontology model) and the individuals created for the Java code, conduits to Jess (a rule engine), and obtains inference results indicating any bugs. We perform experiments to compare bug detection capability with well-known FindBugs tool. A prototype of bug detector tool is developed to show the validity of the proposed static analysis approach.