Categorizing Code Complexities in Support of Analysis

摘要

Various types of tools are available in the market and they are capable of analysing software: static source code scanners, compilers, test generators, etc. The nature of programming language that the source code is written, affects not only the efficiency of execution but also the complexity of structures, which will hide vulnerabilities behind them to confuse static source code scanners. This paper presents classes of source code elements, called code complexity elements, which affect the ability of static source code scanners to analysing code. We mention relevant assumptions and guidelines for our code complexity classification. Then, we present common code complexity elements in terms of complexity name, description, and enumeration. We then give examples of code complexities in terms of practical test cases. We conclude with future work in this research. To illustrate current status of test case generation, we provide examples on how code complexities are used in organizing test cases in automated test case generators. The descriptive statistics of the test suite from Intelligence Advanced Research Projects Activity's (IARPA) Securely Taking On New Executable Software of Uncertain Provenance (STONESOUP) program, Phase II and III is presented in Appendix.