Methods for analyzing the impact of software changes on objective functions and safety functions-Reference-Cited by-同舟云学术

Methods for analyzing the impact of software changes on objective functions and safety functions

Published:2024-04-05 Issue:2 Volume:12 Page:7-15
ISSN:2500-316X
Container-title:Russian Technological Journal
language:
Short-container-title:Rossijskij tehnologičeskij žurnal

Author:

Legkodumov A. А.¹^ORCID,Kozeyev B. N.²^ORCID,Belikov V. V.³^ORCID,Korolkov A. V.³

Affiliation:

1. SFB Laboratory

2. ALFA-BANK

3. MIREA – Russian Technological University

Abstract

Objectives. This paper examines the various approaches to analyzing the impact of software changes, and suggests a new method using function control flows. Impact analysis of software change can require the investment of a lot of time and competence on the part of the expert conducting it. There is no detailed description of methodology for analyzing the impact of changes and it is not established at a legislative level. The proposed method has three aims: reducing the level of requirements for an expert when conducting software research; localizing code areas to establish defects in information protection functions; and reducing the time spent on analyzing the impact of changes.Methods. The study analyzes the common methods for analyzing software changes with a description of their positive and negative sides. The possibility of analyzing changes in the control flow of software functions is considered as an alternative to line-by-line comparison of the full volume of source codes. Represented as tree-shaped graphs, the control flows of different versions of the same software are subject to a merging procedure. The final result is analyzed by an expert from the research organization.Results. The research results of the software change analysis methods are presented with a description of their disadvantages. A description is given of the method for change analysis using function control. This complements existing methods, while eliminating their disadvantages. The study also analyzes the possibility of using this method beyond the tasks defined in the introduction.Conclusions. The use of methods to localize the most vulnerable code sections is considered one of the most promising areas for analyzing change impact. In addition to searching for vulnerable code sections, it is important to evaluate the effectiveness of the control flow comparison method in the analysis of source code when transferred to another code base.

Publisher

RTU MIREA

Reference15 articles.

1. Karpov Yu.G. Model checking. Verifikatsiya parallel’nykh i raspredelennykh programmnykh system (Model checking. Verification of Parallel and Distributed Software Systems). St. Petersburg: BHV-Petersburg; 2010. 560 р. (in Russ.). ISBN 978-5-9775-0404-1

2. Belikov D.V. The use of static source code analysis in software development and testing. Studencheskii forum = Student Forum. 2021;41:90–93 (in Russ.).

3. Belikov D.V. Methods for conducting static analysis of program code. Studencheskii forum = Student Forum. 2022;13(192):15–18 (in Russ.).

4. Kazarin O.V., Skiba V.Yu. About one method of verification of settlement programs. Bezopasnost’ informatsionnykh tekhnologii = IT Security (Russia). 1997;3:40–33 (in Russ.).

5. Shchedrin D.A. Application of machine learning methods and analysis of static code of intelligent systems. Nauchno-issledovatel’skii tsentr “Technical Innovations” = Scientific Journal “Research Center Technical Innovations.” 2023;16:28–32 (in Russ.).