METHODS FOR ANALYZING SOFTWARE SOURCE CODE
DOI:
https://doi.org/10.26906/SUNZ.2025.3.106Keywords:
source code analysis, static analysis, dynamic analysis, software defects, code security, software quality, analysis tools, artificial intelligence, machine learning, automated verification, code2vec, VulLibMiner, CI/CDAbstract
Relevance . The study of methods for analyzing source code is driven by several current trends in the field of software engineering. On the one hand, the increasing complexity and scale of software solutions necessitate the enhancement of software quality and stability. On the other hand, the growing frequency of cyber threats demands greater attention to the security of source code. Modern software systems are involved in critical areas such as financial operations, healthcare, industrial automation, and infrastructure management. Errors and deficiencies in such systems can lead to serious consequences, including significant economic losses, failures in the operation of essential services, and even threats to human life. In an environment of intensifying competition and rapid digitalization, software quality has become a key factor in the success of companies in the market. The implementation of effective source code analysis methods is becoming essential not only for large enterprises, but also for small and medium-sized businesses seeking to develop reliable and secure software solutions. Emphasis should be placed on the promising potential of integrating modern technologies of artificial intelligence and machine learning into the process of code analysis. Such approaches enable the automatic detection and classification of errors, which significantly reduces the time required for their identification and resolution, while also improving the accuracy and efficiency of the analysis. Thus, the development and deepening of research in the field of source code analysis methods is a vital task of modern software engineering, as it enables the resolution of urgent challenges related to software quality assurance and system security. The object of research. the source code of software is considered a structure subject to formal, semantic, and behavioral analysis, aimed at identifying errors, vulnerabilities, architectural flaws, and violations of coding standards. Purpose of the article. The study focuses on existing methods of source code analysis, particularly static and dynamic approaches, their tool support, and the prospects of applying modern technologies, especially artificial intelligence, to enhance the efficiency of error detection, and to ensure the quality, reliability, and security of software code throughout all stages of the software development lifecycle. Research results. The classification of software source code analysis methods has been systematized, including static, dynamic, hybrid, and intelligent approaches. A comparative analysis of static and dynamic techniques has been conducted based on key criteria such as efficiency, error coverage, resource intensity, and applicability at various stages of the software development lifecycle. Typical categories of errors detectable through dynamic analysis have been identified, including memory leaks, resource access errors, and performance issues. The potential of intelligent tools, particularly neural network-based models such as code2vec and VulLibMiner, has been examined for automated analysis and vulnerability prediction. The feasibility of a comprehensive approach that integrates both static and dynamic analysis has been substantiated as the most effective strategy for ensuring the quality and security of software systems. Conclusions. Static analysis is effective for early error detection and ensuring code compliance with established standards. Dynamic analysis is essential for identifying runtime errors such as memory leaks and race conditions. Neither method is universal; the best results are achieved through their combination. Intelligent approaches (AI/ML) significantly enhance the automation and accuracy of code analysis. The comprehensive implementation of code analysis contributes to the development of secure, high-quality, and maintainable software.Downloads
References
1. C. Sadowski, J. van Gogh, Jaspan C., E. Söderberg, C. Winter. Tricorder: Building a program analysis ecosystem. ICSE '15: Proceedings of the 37th International Conference on Software Engineering, vol., 2015. P. 598-608. https://doi.org/10.1109/ICSE.2015.76 . DOI: https://doi.org/10.1109/ICSE.2015.76
2. Ayewah N., Pugh W. The Google FindBugs fixit. ISSTA '10: Proceedings of the 19th international symposium on Software testing and analysis, 2010. P. 241-252. https://doi.org/10.1145/1831708.1831738 . DOI: https://doi.org/10.1145/1831708.1831738
3. B. Chess, G. McGraw. Static Analysis for Security. IEEE Security & Privacy, vol. 2, No. 6, 2004. P. 76-79. https://doi.org/10.1109/MSP.2004.111 . DOI: https://doi.org/10.1109/MSP.2004.111
4. Z. Li, L. Tan, Y. Wang, S. Lu, Y. Zhou, C. Zhai. Have Things Changed Now? An Empirical Study of Bug Characteristics in Modern Open Source Software. Proceedings of the 1st Workshop on Architectural and System Support for Improving Software Dependability, ASID 2006, San Jose, California, USA, October 21, 2006. 9 p. https://doi.org/10.1145/1181309.1181314. DOI: https://doi.org/10.1145/1181309.1181314
5. T. Chen, L. Li, B. Shan, G. Liang, D. Li, Q. Wang, T. Xie. Identifying Vulnerable Third-Party Java Libraries from Textual Descriptions of Vulnerabilities and Libraries. Cornell University. Computer Science. Cryptography and Security, 2023. 23 p. https://doi.org/10.48550/arXiv.2307.08206 .
6. Uri Alon, Meital Zilberstein, Omer Levy, Eran Yahav. code2vec: Learning Distributed Representations of Code. Cornell University. Computer Science. Machine Learning, 2018. 23 p. https://doi.org/10.48550/arXiv.1803.09473 . DOI: https://doi.org/10.1145/3290353
7. Flach P. A. Machine Learning: The Art and Science of Algoritms that Makes Sense of Data. Cambridge: Cambridge University Press, 2012. 291 p. https://doi.org/10.1017/CBO9780511973000 . DOI: https://doi.org/10.1017/CBO9780511973000
Downloads
Published
Issue
Section
License
Copyright (c) 2025 S. Kuzhel , A. Lytvynov , O. Pliekhov
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
