Type Annotation for SAST

Authors Marco Pereira, Alberto Simões , Pedro Rangel Henriques

Thumbnail PDF


  • Filesize: 0.58 MB
  • 13 pages

Document Identifiers

Author Details

Marco Pereira
  • Checkmarx, Braga, Portugal
  • University of Minho, Braga, Portugal
Alberto Simões
  • Checkmarx, Braga, Portugal
  • 2Ai, School of Technology, IPCA, Portugal
Pedro Rangel Henriques
  • ALGORITMI Research Centre/ LASI, DI-University of Minho, Braga, Portugal

Cite AsGet BibTex

Marco Pereira, Alberto Simões, and Pedro Rangel Henriques. Type Annotation for SAST. In 12th Symposium on Languages, Applications and Technologies (SLATE 2023). Open Access Series in Informatics (OASIcs), Volume 113, pp. 12:1-12:13, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2023)


Static Application Security Testing (SAST) is a type of software security testing that analyzes the source code of an application to identify security vulnerabilities and coding errors. It helps detect security vulnerabilities in software code before deployment reducing the risk of exploitation by attackers. The work presented in this document describes the work performed to upgrade Checkmarx’s SAST tool allowing the execution of vulnerability detection taking into account expression types. For this to be possible, every expression in the Document Object Model needs to have a specific type assigned accordingly to the kind of operation and to the different operand types. At the current stage, this project is already supporting the expression type annotation for three programming languages: C, C++ and C#. This support has been done through the addition of a new Resolver Rule to the Resolver stage, allowing for the generalization of languages. We also compare the complexity of writing vulnerability detection queries with or without access to type information.

Subject Classification

ACM Subject Classification
  • Theory of computation → Grammars and context-free languages
  • Software and its engineering → Compilers
  • Static Application Security Testing
  • Type Annotation
  • C
  • C++
  • C#


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Acunetix. What is integer overflow? https://www.acunetix.com/blog/web-security-zone/what-is-integer-overflow. Accessed on May 26, 2023.
  2. Motor Industry Software Reliability Association. MISRA-C: 2012: Guidelines for the Use of the C Language in Critical Systems. HORIBA MIRA, 2019. Google Scholar
  3. Juan Caballero and Zhiqiang Lin. Type inference on executables. ACM Comput. Surv., 48(4), May 2016. URL: https://doi.org/10.1145/2896499.
  4. Mingzhe Hu, Yu Zhang, Wenchao Huang, and Yan Xiong. Static type inference for foreign functions of python. In 2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE), pages 423-433, 2021. URL: https://doi.org/10.1109/ISSRE52982.2021.00051.
  5. Leandro T. C. Melo, Rodrigo G. Ribeiro, Breno C. F. Guimarães, and Fernando Magno Quintão Pereira. Type inference for c: Applications to the static analysis of incomplete programs. ACM Trans. Program. Lang. Syst., 42(3), November 2020. URL: https://doi.org/10.1145/3421472.
  6. MITRE. Cwe top 25 list (2022). https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html. Accessed on May 26, 2023.
  7. David Alexander Molnar and David Wagner. Catchconv: Symbolic execution and run-time type inference for integer conversion errors. Technical Report UCB/EECS-2007-23, University of California at Berkeley, February 2007. Google Scholar
  8. Nicholas Nethercote and Julian Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. SIGPLAN Not., 42(6):89-100, June 2007. URL: https://doi.org/10.1145/1273442.1250746.
  9. Flemming Nielson, Hanne Riis Nielson, and Chris Hankin. Principles of Program Analysis. Springer Berlin Heidelberg, 1999. URL: https://doi.org/10.1007/978-3-662-03811-6.
  10. Terence Parr. The Definitive ANTLR Reference: Building Domain-Specific Languages. The Pragmatic Bookshelf, Raleigh, 2007. Google Scholar
  11. The LLVM Project. LLVM compiler infrastructure and tools. https://llvm.org/, accessed 2023.
  12. Stuart M. Shieber. Constraint-Based Grammar Formalisms: Parsing and Type Inference for Natural and Computer Languages. MIT Press, Cambridge, MA, USA, 1992. Google Scholar
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail