2022 IEEE 7th International Conference on Smart Cloud (SmartCloud)

Software Source Code Security Audit Algorithm

Supporting Incremental Checking
2022 IEEE 7th International Conference on Smart Cloud (SmartCloud) | 978-1-6654-5179-6/22/$31.00 ©2022 IEEE | DOI: 10.1109/SmartCloud55982.2022.00015

1st Xiuli Li 2nd Guoshi Wang 3rd Chuping Wang

Haikou Power Supply Bureau, Hainan Information and Communication Information and Communication
Power Grid Co., Ltd. Branch of Hainan Power Grid, Branch of Hainan Power Grid,
Haikou 570100, China Haikou 570100, China Haikou 570100, China
[email protected] [email protected] [email protected]

4th Yanyan Qin 5th Ning Wang

Information and Communication Information and Communication
Branch of Hainan Power Grid, Branch of Hainan Power Grid,
Haikou 570100, China Haikou 570100, China
[email protected] [email protected]

Abstract—Source code security audit is an effective
technique to deal with security vulnerabilities and software bugs.
As one kind of white-box testing approaches, it can effectively
help developers eliminate defects in the code. However, it suffers
from performance issues. In this paper, we propose an
incremental checking mechanism which enables fast source code
security audits. And we conduct comprehensive experiments to
verify the effectiveness of our approach.
Keywords—Source Code, Security Audit, Incremental
Checking
I. INTRODUCTION
Source code defect analysis is a technology that finds
security vulnerabilities, bugs and code quality defects in the
program by analyzing the source code of the software [1-3].
Compared with the traditional black-box program testing
methods, source code analysis is a white-box software testing
technology. Black-box-based testing cannot understand the
internal operating logic and specific implementation of the
software, while white-box testing can see all the details of the
internal implementation of the software, so source code defect
analysis can more comprehensively find problems in the
software. It can efficiently detect the code defects in the
software source code that may lead to serious security
vulnerabilities and system operation exception, and accurately
locate and alert, so as to effectively help developers eliminate
defects in the code.
A. Research Background
The software source code audit algorithm mainly adopts
the analysis technology based on intermediate representation
and the analysis technology based on logical reasoning [4].
Among them, the analysis technology based on intermediate
representation mainly includes data flow analysis, control
flow analysis, taint analysis, symbolic execution and so on.
Pixy [5] uses static analysis techniques such as value analysis,
taint analysis, and pointer alias analysis to detect
vulnerabilities such as SQL injection and cross-site scripting
in PHP source code. Prefix [6] uses static symbolic execution
technology to simulate the execution of C/C++ source code
programs, and uses constraint solving to detect some paths in
the program. Melange [7] adopts the framework of data flow
analysis to detect security vulnerabilities through complex
analysis of data flow and control flow of the program, and
supports the analysis of large-scale C/C++ source code
programs. K-Miner [8] utilizes the highly standardized
interface in the kernel code to implement pointer analysis with
good scalability and global context-sensitive analysis
technology, and supports the detection of memory crash
vulnerabilities such as null pointer reference, pointer use-
after-free (UAF), pointer double free, and double-checked
lock. The analysis technology based on logical reasoning
mainly refers to model checking, such as MOPS [9], BLAST
[10], SLAM [11], which are typical model checking tools for
C programs. The basic idea is to abstract the program structure
into a state machine (Boolean program), and then traverse the
state machine based on the induced security properties to
detect security vulnerabilities.
B. Mainstream Code Audit Algorithms
(1) Data Flow Analysis Algorithm
Data flow analysis [12] attempts to determine the use or
possible value of each variable at a certain point (statement)
in the program. Data flow analysis generally begins with a
control flow graph of a program. There are two main methods
of data flow analysis, forward analysis, such as reaching
definition, and backward analysis, such as live variables.
(2) Control Flow Analysis Algorithm
The goal of control flow analysis is to obtain a control flow
graph of the program. A control flow graph is a graphical
representation of all the paths a program may take during
execution. According to the relationship between different
statements, especially considering the branch relationship
introduced by "conditional transfer", "loop", etc., the program
structure can be obtained by merging some statements in the
procedure. A control flow graph is a directed graph [13-15].
The nodes in the graph correspond to the combined basic
statement blocks in the program, and the edges in the graph
correspond to possible branch directions, such as conditional
transitions, loops, etc. These are important information for
analyzing program behavior.
(3) Type Analysis Algorithms
Type analysis mainly refers to type checking. The purpose
of type checking is to analyze the program for type errors.
Type errors usually refer to operations that violate type
constraints, such as multiplying two strings, out-of-bounds
access to an array, etc. Type checking is usually static, but can
also be dynamic. Type checking at compile time is static
checking.
(4) Constraint Solving

978-1-6654-5179-6/22/$31.00 ©2022 IEEE 53

DOI 10.1109/SmartCloud55982.2022.00015
Authorized licensed use limited to: University of West London. Downloaded on August 13,2023 at 03:46:14 UTC from IEEE Xplore. Restrictions apply.
 Constraint solving is to convert program code into a set of
constraints and obtain a solution that satisfies the constraints
through a constraint solver [16-19]. Path-oriented test data
generation can be well reduced to a constraint solving problem.
The analysis of invariants in a program can also be reduced to
a constraint solving problem. Recent research has shown that
many other program analysis problems can also be reduced to
constraint solving problems: since the constraints obtained
from the program are usually represented in first-order or
second-order form, they can be further transformed into a
form that can be handled by a constraint solver.
II. RELATED WORK INTRODUCTION
This research focuses on the key issues of source code
security audit, and proposes a code audit method that
optimizes data flow structure and depth-first traversal of code
paths based on code fragmentation technology, and uses
auxiliary computing to improve the efficiency and accuracy of
code mining for defect detection. The core idea of this method
is to use the front-end parser to decompose the code into
intermediate structures, and the program slicing technology
decomposes the control flow graph into multiple independent
sub-flow graphs. The statements in the subflow graph are
semantically related to a particular sensitive operational
context, while other irrelevant statements are excluded. In-
depth traversal path analysis on the subflow graph can avoid
the interference of irrelevant statements as much as possible,
generate a set of program paths, and finally complete code
defect identification through taint analysis.
III. DETAILED INTRODUCTION TO ALGORITHM TECHNOLOGY
A. The Overall Framework of Code Detection
As shown in Fig. 1, the overall framework of the system is
as follows:
Fig. 1. Code Defect Analysis System Architecture
B. Front-end Compilation
(1) Source Code Front-end Processing Subsystem
Composition
The front-end compilation is the entry point of the entire
system, and it is also the basis for the work of other parts. Its
main task is to read the file to be detected, perform lexical
analysis, syntax analysis and other operations on it, and extract
valuable information in the file to generate an abstract syntax
tree (AST). By traversing the syntax tree structure, the syntax
structure is converted into an intermediate code structure.
The tool front-end is implemented using Antlr4 [20], a
powerful grammar generator tool that can be used to read,
process, execute and translate structured text or binary files.
(2) Lexical Analyzer
Like an article written in natural language, the source
program is composed of a series of sentences which are
54
Authorized licensed use limited to: University of West London. Downloaded on August 13,2023 at 03:46:14 UTC from IEEE Xplore. Restrictions apply.
composed of word symbols according to certain rules, and
word symbols are composed of characters according to certain
rules. Therefore, the source program is actually a set of strings
composed of characters that meet the standardization of the
programming language according to certain rules.
The function of lexical analysis is to scan the strings of the
source program one by one from left to right, identify word
symbols as output according to lexical rules, and output
relevant error information for lexical errors found during the
recognition process.
The stream of words identified by lexical analysis is the
input to syntax parsing, and syntax parsing determines
whether they form a legitimate sentence. Constants identified
by lexical analysis and user-defined names are respectively
registered in a constant table and a symbol table, and the
symbol table is frequently used at various stages of
compilation.
(3) Syntax Analyzer
There is a specific set of rules to follow when writing
programs using a certain programming design. For example,
in C language, a program consists of multiple functions, a
function consists of declarations and statements, a statement
consists of expressions, and so on. This set of rules precisely
describes the syntax of a well-formed programming language.
A syntax analyzer can determine the grammatical structure of
a source program, detect grammatical errors in the source
program, and recover from common errors and continue
processing the rest of the program.
A syntax analyzer takes a sequence of lexemes from a
lexical analyzer and verifies that the sequence can be
generated from the grammar of the source language. The
syntax analyzer will construct a syntax tree and pass it to other
parts of the compiler for further processing. In the process of
building the syntax tree, it verifies whether the sequence of
lexemes conforms to the grammar of the source language.
(4) Intermediate Code Generation
In the analysis-synthesis model of the compiler, the front-
end analyzes the source program and produces an intermediate
representation, and the back-end generates object code on this
basis. Ideally, details related to the source language are
handled in the front-end analysis, while details about the target
machine are handled in the back-end. Content related to
intermediate code includes intermediate code representation,
static type checking, and intermediate code generation.
Based on the above description, Fig. 2 shows the workflow
of obtaining the intermediate code and corresponding data
required the static detection tool source code parsing module.
Fig. 2. Intermediate Code Flow
The part enclosed by the red line in Fig. 2 is the
intermediate code required by our static detection tool. It
 chooses to use stack-based IR. The biggest feature of this IR
is that intermediate code generation and assembly code
generation are very easy to write.
C. CFG Construction
(1) Control Flow Graph Generation
Control Flow Graph (CFG) is a graphical representation
for static analysis obtained after processing the intermediate
form, and generally consists of multiple intermediate code
Basic Blocks. Because the intermediate form after
compilation is used instead of source code, the data and
instructions contained in Basic Block are relatively simple,
and no additional work is required to deal with simplified
function calls, conditional expressions, and other complex
expressions.
In the static detection tool, CFG is generated based on
intermediate code, and the generation process of CFG is
shown in Fig. 3.
Fig. 3. Generate CFG from Intermediate Code
Since the instructions in the code segment are all
intermediate code instructions, it is easy to distinguish jump
instructions from non-jump instructions, so it is relatively
simple to construct a CFG when traversing instructions. This
process is divided into two stages: dividing the BB block and
connecting BB blocks. The specific algorithm is as follows:
a) Divide the BB block: the instructions in a BB block are
executed sequentially, and there is no control flow jump;
the key to dividing the BB block is to find the entry
instruction of each BB block, and the part between two
entry instructions belongs to one BB block. The
instruction that meets the following conditions is the
entry instruction of the BB block:
x The first instruction of the code segment
x The instruction that can be jumped from conditional
transfer instruction or unconditional transfer
instruction
x The instruction immediately following the transfer
instruction
b) Connect the BB blocks: After the BB blocks are divided,
they should be connected to form a CFG. The connection
rules are as follows:
x Create an edge from the CFG's entry BB block to the
BB block containing the first intermediate code
instruction
55
Authorized licensed use limited to: University of West London. Downloaded on August 13,2023 at 03:46:14 UTC from IEEE Xplore. Restrictions apply.
x Create an edge from the BB block containing the last
intermediate code instruction to the exit BB block of
the CFG
Traverse the BB block constructed in a), if the last
intermediate code instruction ip of a BB block is not a transfer
instruction, create an edge from the BB block to the BB block
with the next intermediate code instruction of ip as the entry
instruction; if ip represents an unconditional transfer
instruction, create an edge from the BB block to the BB block
with the target instruction as the entry instruction; if ip
represents a conditional transfer instruction, create an edge
from the BB block to the BB block with the next instruction
of ip as the entry instruction, and create an edge from the BB
block to the BB block with the target instruction as the entry
instruction; if ip represents a switch instruction, create an edge
from the BB block to each BB block which uses the target
instruction as the entry instruction; none of the above is the
case, that is, the last instruction of the BB block is a non-jump
instruction, then the BB block is connected to the BB block
whose entry instruction is the instruction immediately
following the last instruction of the BB block.
Fig. 4 shows the representation structure of CFG and Basic
Block in the program.
Fig. 4. Structure of CFG And Basic Block in The Static Detection Tool
(2) Source Code Slicing
Slice analysis is used to extract statements and predicates
from the control flow graph that affect specific variables at the
point of interest in the program, form a new program (called
slice), and then analyze the behavior of the source program by
analyzing the slice. Massive code context analysis, especially
the problem of taint value analysis, will seriously slow down
the speed of code analysis. Based on the code slice analysis,
the fixed value graph between the taint-related variables and
the security-related variables can be obtained. In order to
alleviate the problem of overvalued faced by fixed value
analysis, the solution is to further decompose and simplify the
control flow graph, and correspond the fixed value operation
to the control flow path, and finally form a tree with sink
function as the root node. The fixed value graph obtained after
decomposing the tree is shown in Fig. 5.
Assuming that x of fun (int x) and source() are both
external controllable sources, their value ranges can be set to
[-215, 215), according to the original fixed value graph, the
value ranges of x and y at the sink point will be [-216, 216)
and [-215, 215) respectively, , but because the parameter y of
the call point sun(a, 1) is assigned a value of 1, the fixed value
results of x and y are different from the data flow path
corresponding to the dotted line. It can be seen that the simple
union operation of the fixed value results of each safety-
related variables cannot accurately describe the execution
 results of different paths. The result of the fixed value analysis
should correspond to the control flow path. The fixed value
results from the solid line path to the sink point are x: [-216,
216) and y: [-215, 215), and the fixed value results
corresponding to the dotted line path are x: [-216, 216) and y:
1.
Fig. 5. Code Slicing
The fixed value result obtained at this time is only a
possible range. For example, the condition of the fixed value
result of the dotted line path is that a<b and a is of type int.
Since the maximum value of b is 215-1, the value range of x
should be [-215, 215), but since y is assigned the constant 1,
its value range belongs to the inevitable range. The inevitable
range of the variable value can generally ensure the correct
execution of the program, and focus on checking whether the
possible domain of each path is complete. Therefore, the path
can be considered as "safe", and the execution result of the
solid line path produces an integer overflow when the
condition a+bı215 is satisfied.
D. Data Flow Analysis
(1) Code Path Depth First Traversal Algorithm
All code path information is generated by traversing the
control flow graph. When dealing with programs with too
many path conditions, all paths cannot be traversed due to the
problem of path explosion, and resulting in low code coverage.
The traversal algorithm based on Worklist is used to solve this
problem and improve code coverage. The basic idea is: every
time a path needs to be selected, the path with less traversal
times is preferred, and another path is added to the Worklist;
after the current path traversal is completed, a node is taken
from the Worklist to start the traversal of another path. The
control flow shown in Fig. 6 is an example:
According to the previous depth-first algorithm, the order
of traversing the paths should be:
x AÆBÆDÆEÆG
x ÆFÆG
x ÆCÆDÆEÆG
x ÆFÆG
If the program limits the maximum number of paths to 2,
then paths 3) and 4) cannot be traversed, that is, the basic block
B is not covered. If the paths in the control flow increase
further, the amount of code that cannot be covered increases
further.
According to the improved Worklist algorithm, the order
of traversing paths is:
x AÆBÆDÆEÆG
56
Authorized licensed use limited to: University of West London. Downloaded on August 13,2023 at 03:46:14 UTC from IEEE Xplore. Restrictions apply.
x ÆCÆDÆFÆG
x AÆBÆDÆFÆG
x ÆCÆDÆEÆG
Fig. 6. Control Flow Graph
(2) Variable-independent Historical State Detection
When traversing the control flow graph, it is necessary to
record the entire state of the variable in the program, which
requires space to store this state information. The variable-
independent historical state detection is to alleviate the
problem of insufficient space due to the increase in the number
of program paths and the storage of too much historical state
information. The original method is to use the current program
state to compare the complete state of the current basic block
each time in history when checking whether the historical state
is hit. we consider the analysis of the current path to terminate
only if the program state hits as a whole. The storage of the
historical state is also to store the program state as a whole,
regardless of whether the state of only one variable in the
whole of the current state is inconsistent with the historical
state. The resulting space consumption problem becomes
more serious when the number of paths increases.
Therefore, we store the state of each variable
independently into the historical state, which can effectively
reduce the space requirement of the historical state; the
historical state comparison is processed by a single variable
hit. Suppose that the basic block BB has been traversed twice
in history, and the existing historical state is {a: X; b: Y, a: Y,
b: Z} (a, b represent variables, X, Y, Z represent states) , the
current program state is {a: X; b: Z}, since variable a can hit,
variable b can also hit, Since variable a can hit, variable b can
also hit, although the historical state of the two hits is the
variable state under different paths, but according to the
improved method, we still think that the historical state is hit
as a whole, so the current path analysis is terminated.
(3) Path Pruning
When traversing the control flow graph, a large number of
program paths are also generated. Using the program static
analysis method for vulnerability detection has the advantages
of fast analysis speed and the ability to find deeply hidden
security vulnerabilities. However, there may be many false
positives when analyzing complex program paths. For false
positives, a lot of resources need to be invested in manual
analysis later. Too much false positive information may also
cause important and useful information to be submerged,
reducing the credibility of the analysis results. There are many
reasons for the false positives in the static analysis process.
The paths of many programs are infeasible paths. Therefore,
how to prune infeasible paths in the process of static analysis
is an important issue to reduce the false positive rate of static
analysis and improve the accuracy of detection results.
To realize the pruning of infeasible paths, it is necessary
to identify it first. Infeasible paths caused by the introduction
of additional control flow when generating intermediate code
and other infeasible paths that can be identified by
determining the value of conditional expressions in the static
analysis phase. The method can prune a large part of infeasible
paths, thereby effectively reducing the false positives of
vulnerability static detection.
Based on the above analysis of the problem, by tracking
the variables whose values can be determined in the static
analysis stage and the propagation of their values, when a
branch statement is encountered, the value of the branch
condition expression is checked, and if its value can be
determined, the analysis of the infeasible path corresponding
to the current value is stopped, so as to realize the pruning of
the infeasible path during the static detection of the
vulnerability. To prune an infeasible path during static
vulnerability detection, it is necessary to determine whether
the path is feasible first, so it is also necessary to check the
current value of the conditional expression. The value of the
expression can be determined only when the values of all
variables in the expression can be determined. So before
evaluating the expression, it is necessary to determine whether
the values of all variables in the conditional expression can be
determined. Therefore, it is necessary to track the current
value state of all variables before reaching the conditional
statement. The reason why the value of a variable can finally
be determined is often because it is assigned a constant value,
so that the static analyzer can determine its specific value.
Track and check the program security state, use the
vulnerability state machine [21] based on the finite state
machine model to describe the transition rules of the program
variable security state, traverse each possible execution path
of the program and identify the current operation, assign the
program variables involved in the current operation with the
corresponding security state according to the vulnerability
state machine, and output the security vulnerability
information by checking the security state of the operation
data at the security-related operation.
Fig. 7. Path Pruning Graph
E. Taint Analysis
(1) Security Rule Set
57
Authorized licensed use limited to: University of West London. Downloaded on August 13,2023 at 03:46:14 UTC from IEEE Xplore. Restrictions apply.
The security rule set is composed of the taint information
source (source), the taint information sink (sink), and contains
detailed description information of defect types: 1) Source:
The taint source usually are the data input by the user, such as
the function that reads the URL parameters in the Web
application. The return value of these function calls is marked
as taint, that is, the data point that the attacker can manipulate.
2) Sink: Checkpoints are some sensitive operations of
programs, such as calling database query statements or
returning data to web pages. If the data of these operations are
tainted, it means that the operations can be exploited by
attackers, that is, the program has vulnerabilities. Security rule
sets can help tools identify if code paths are risky during taint
analysis.
(2) Stain Spread Analysis
After the data flow analysis is completed, the program
taint analysis begins. By parsing the code program path,
marking untrusted input data, statically tracking the
propagation path of tainted data during program execution,
and detecting insecure ways of using tainted data. This method
can detect buffer overflow, format string, command injection
and other problems caused by overwriting of sensitive data
(such as string parameters). When an attack is detected, the
taint analysis technology can provide a detailed attack process,
and give the process of exploiting the vulnerability caused by
the taint data. The taint and its propagation path information
can also be used to generate vulnerability signatures.
In the design chapter of the taint analysis module, it is
mentioned that in order to output the vulnerability instance
report with the information of the taint propagation path, the
internal information of the function must be recorded during
the taint analysis function. Specifically, it is necessary to
record not only the instruction position of the function call
related to taint propagation, but also the position of the return
statement within the function that returns the taint, and the
position of the function call statement.
IV. EXPERIMENTAL EVALUATION
A. Test Data
Test object. The test set of Juliet Test Suite V1.2 [22]
version was used for testing, which was created by the
National Institute of Standards and Technology (NIST) in
2017 for different classifications in CWE [23]. This test case
contains code samples with security vulnerabilities. This test
selects 9282 defect types, covering defect types as follows:
CWE416_Use_After_Free,CWE415_Double_Free,CWE401
_Memory_Leak, CWE457_Use_of_Uninitialized_Variable,
CWE124_Buffer_Underwrite, a total of five typical defect
types.
B. Parameter Setting
This test sample is mainly based on C language, the tool
parameter switch is c support and the front-end configuration
uses Antlr4 [20] to implement C language description.
C. Experimental Arrangement
First, experiments are carried out on the selected samples,
and the accuracy and false alarm rate of the automatic
extraction method of key operations are counted. Second, the
evaluation applies the tool to three other large open source
systems to verify the scalability and practicality of the method.
 D. Test Results
Table 1 counts the actual number of defects detected by
the detection tool for a specific CWE test case, which verifies
that the tool has the ability to analyze the defective code. Fig.
8 shows that there are some false positives in the detection
results with high detection rate of the tool. The main reason
for the false positive is that the dirty data in the code executes
the judgment condition, and the valid value of the judgment
condition is not identified during the static analysis process.
The calculation of this part of the value mainly depends on the
actual result when the system is running. It is difficult to Fig. 8. Example of False Positive Results
calculate the actual value after changing the state.
TABLE I. STATISTICS OF CWE TEST RESULTS

Defect type Description Number of defects Correct defect Error defect Accuracy False alarm rate
CWE124 Buffer Underwrite 564 481 83 0.8529 0.1471
CWE401 Memory Leak 191 166 25 0.869 0.131
CWE415 Double Free 81 80 1 0.988 0.012
CWE416 Use After Free 77 76 1 0.987 0.013
CWE457 Use of Uninitialized Variable 250 248 2 0.992 0.008

E. Experiment Summary [9]
From the data, it can be seen that the tool can effectively [10]
identify code defects, and it has demonstrated high-precision
identification capabilities under specific CWE use cases. At
the same time, the tool can detect multiple code defects in [11]
large-scale application systems such as OpenSSL [24],
PostgreSQL [25], and Ffmpeg [26], which fully demonstrates
the effectiveness of this method in defect detection. The [12]
experimental results show that: 1) The method proposed in
this paper can effectively improve the ability and accuracy of [13]
code defect detection; 2) Using our front-end compilation
technology and code fragmentation method, we can detect fast [14]
analysis results, and the detection efficiency is efficient.
V. CONCLUSION [15]
This paper proposed an incremental checking mechanism
which enables fast source code security audits. The conducted [16]
comprehensive experiments demonstrated the effectiveness
of our proposed approach. [17]
REFERENCES
[18]
[1] L. Tao, S. Golikov, K. Gai, M. Qiu, "A reusable software component
for integrated syntax and semantic validation for services computing",
IEEE Sym. on Service-Oriented System Eng., 127-132, 2015
[19]
[2] K. Zhang, J. Kong, M. Qiu, G. Song, "Multimedia layout adaptation
through grammatical specifications", Multimedia Systems, 10 (3),
245-260, 2005
[20]
[3] M. Qiu, K. Zhang, M. Huang, "Usability in mobile interface browsing",
Web Intelligence and Agent Systems J., 4 (1), 43-59, 2006
[21]
[4] Wu Z, Guo T, Dong W, The techniques of software vulnerability
analysis. Beijing: Science Press, 2014.
[22]
[5] JOVANOVIC N, KRUEGEL C, KIRDA E, “Pixy: A static analysis
tool for detecting web application vulnerabilities,” IEEE Symposium
on Security and Privacy. Oakland, California, USA: 2006.
[6] Bush, W. R. , J. D. Pincus , and D. J. Sielaff, "A static analyzer for [23]
finding dynamic programming errors," John Wiley & Sons, Ltd. 2000.
[7] SHASTRY B, YAMAGUCHI F, et al., “Towards vulnerability [24]
discovery using staged program analysis,” Intl. Conf. on Detection of
Intrusions and Malware, and Vulnerability Asses.. NY USA: Springer,
[25]
2016: 78-97.
[8] GENS D, SCHMITT S, et al., “K-Miner: Uncovering memory
[26]
corruption in Linux,” Net. and Dist. System Sec. Sym. (NDSS), 2018.
CHEN H, WAGNER D. MOPS, “An infrastructure for examining
security properties of software,” Comp. and Comm. Sec. ACM, 2002.
HENZINGER T A, JHALA R, MAJUMDAR R, et al., “Software
verification with BLAST,” 10th International SPIN Workshop on
Model Checking of Software, 2003.
BURCH J, CLARKE E M, Long D, “Symbolic model checking with
partitioned transition relations,” Carnegie-Mellon University,
Department of Computer Science, 1991.
H. Qiu, Q. Zheng, et al., "Topological graph convolutional network-
based urban traffic flow and density prediction", IEEE ITS, 2020
M. Qiu, L. Yang, Z. Shao, E. Sha, "Dynamic and leakage energy
minimization with soft real-time loop scheduling and voltage
assignment", IEEE TVLSI,18 (3), 501-504, 2009
M. Qiu, H. Li, E. Sha, "Heterogeneous real-time embedded software
optimization considering hardware platform", ACM sym. on Applied
Comp., 1637-1641, 2009
M. Qiu, et al., "Efficient algorithm of energy minimization for
heterogeneous wireless sensor network", IEEE EUC, 25-34, 2006
M. Qiu, M. Guo, et al., "Loop scheduling and bank type assignment
for heterogeneous multi-bank memory", JPDC, 69 (6), 546-558, 2009
M. Qiu, Z. Jia, C. Xue, Z. Shao, E. Sha, "Voltage assignment with
guaranteed probability satisfying timing constraint for real-time
multiproceesor DSP", Journal of Signal Proc. System, 2007
H. Huang, V. Chaturvedi, G. Quan, J. Fan, M. Qiu, "Throughput
maximization for periodic real-time systems under the maximal
temperature constraint", ACM TECS, 13 (2s), 1-22, 2014
J. Li, M. Qiu, J. Niu, L. Yang, Y. Zhu, Z. Ming, "Thermal-aware task
scheduling in 3D chip multiprocessor with real-time constrained
workloads", ACM TECS, 12 (2), 1-22, 2013
ANTLR4: Antlr4 software official website[Online].
Available: https://www.antlr.org/.
H. Qiu, M. Qiu, R. Lu, "Secure V2X communication network based on
intelligent PKI and edge computing", IEEE Net., 34 (2), 172-178, 2019
NSA Center for Assured Software. Juliet test suite c/c++ v1.2 user
guide [Online]. Available:
https://samate.nist.gov/SARD/resources/Juliet Test Suite v1.2 for C
Cpp - User Guide.pdf
MITRE, Common Weakness Enumeration[Online]. Available:
https://cwe.mitre.org/
OPENSSL: Openssl software official website[Online].
Available: https://www.openssl.org/.
POSTGRESQL: Postgresql software official website[Online].
Available: https://www.postgresql.org/.
FFMPEG: Ffmpeg software official website[Online].
Available: https://www.ffmpeg.org

58

Authorized licensed use limited to: University of West London. Downloaded on August 13,2023 at 03:46:14 UTC from IEEE Xplore. Restrictions apply.