A study on the usage of unsafe functions in gcc compared to mobile software systems

2017 
A case study is presented that empirically analyzes the use of known unsafe functions in gcc, a well-known general purpose software system, along with their distribution over a 5-year period from, 2012 through 2016. The 5-year history of gcc studied is comprised of a total of over 26 million lines of code. gcc was statically analyzed with the use of srcML and a tool created by one of the authors. A count of each unsafe function type present in each year of the system was recorded, along with a count of safe replacement functions, and their distributions analyzed. The results were compared to findings from a previous study on networking and mobile systems. The results show free, strcmp, strlen, and memcpy to be the most prevalent unsafe functions used among the years of gcc studied. This information can help developers by showing where they should direct their attention when refactoring their system to improve security, and thereby improve the system's robustness, reliability, and overall quality. By focusing on the most prevalent unsafe functions, developers can plan their refactoring process to be more effective. The fact that unsafe functions are still being used despite there being safer alternatives shows a need for new security standards, better education about security and security issues, and supervision of programmers to ensure they follow those standards.
    • Correction
    • Source
    • Cite
    • Save
    • Machine Reading By IdeaReader
    8
    References
    1
    Citations
    NaN
    KQI
    []