Computer-based system to validate build integrity of software products
US-12373558-B1 · Jul 29, 2025 · US
Generalized intermediate and lower level source code representations for static application security testing
US12596537B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12596537-B2 |
| Application number | US-202318498961-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 31, 2023 |
| Priority date | Oct 31, 2023 |
| Publication date | Apr 7, 2026 |
| Grant date | Apr 7, 2026 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Source code in a programming language is received. The source code is converted to a generalized intermediate level representation not specific to any programming language. The source code is converted from the generalized intermediate level representation to a generalized lower level representation adapted to a dataflow analysis portion of static application security testing (SAST). The generalized lower level representation is also not specific to any programming language.
First claim
Opening claim text (preview).
We claim: 1 . A non-transitory computer-readable data storage medium storing program code executable by a processor to perform processing comprising: receiving source code in a programming language; converting the source code to a generalized intermediate level representation not specific to any programming language; converting the source code from the generalized intermediate level representation to a generalized lower level representation adapted to a dataflow analysis portion of static application security testing (SAST), the generalized lower level representation not specific to any programming language; causing the SAST to be performed on the source code using the generalized intermediate level representation and the generalized lower level representation, by: executing generalized dataflow analysis executable code on the generalized lower level representation of the source code using a lattice product of lattices corresponding to dataflow-oriented static analyses specified by a superlattice for the SAST; and executing generalized structural analysis executable code to perform queries corresponding to structure-oriented static analyses specified by the SAST. 2 . The non-transitory computer-readable data storage medium of claim 1 , wherein the generalized structural analysis executable code is not executable on the generalized lower level representation of the source code, and is not exclusively executable on the generalized intermediate level representation of the source code. 3 . The non-transitory computer-readable data storage medium of claim 1 , wherein the processing further comprises: in response to the SAST identifying a security vulnerability in the source code, performing a remedial action regarding the source code to resolve the security vulnerability. 4 . The non-transitory computer-readable data storage medium of claim 1 , wherein converting the source code to the generalized intermediate level representation comprises: converting the source code directly from the programming language to a programming language-specific intermediate level representation higher than the generalized intermediate level representation; and converting the source code from the programming language-specific intermediate level representation to the generalized intermediate level representation, wherein the programming language-specific intermediate level representation is adapted to a structural analysis portion of the SAST. 5 . The non-transitory computer-readable data storage medium of claim 4 , wherein converting the source code from the programming language-specific intermediate level representation to the generalized intermediate level representation comprises: converting the source code directly from the programming language-specific intermediate level representation to a further intermediate level representation that is not specific to the programming language but is specific to a virtual machine or a runtime engine with which the programming language is compatible; and converting the source code directly from the further intermediate level representation to the generalized intermediate level representation, wherein the further intermediate level representation is adapted to the structural analysis portion of the SAST. 6 . The non-transitory computer-readable data storage medium of claim 4 , wherein converting the source code from the programming language-specific intermediate level representation to the generalized intermediate level representation comprises converting the source code directly from the programming language-specific intermediate level representation to the generalized intermediate level representation. 7 . The non-transitory computer-readable data storage medium of claim 1 , wherein converting the source code from the generalized intermediate level representation to the generalized lower level representation comprises converting the source code directly from the generalized intermediate level representation to the generalized lower level representation. 8 . The non-transitory computer-readable data storage medium of claim 1 , wherein the generalized lower level representation is an untyped representation of the source code. 9 . The non-transitory computer-readable data storage medium of claim 1 , wherein the generalized lower level representation specifies an object in the source code such that a set of fields accessible on the object is not declared in advance of the object in the generalized lower level representation. 10 . The non-transitory computer-readable data storage medium of claim 1 , wherein the generalized lower level representation specifies each of a plurality of functions in the source code such that each function has a single formal parameter and no other inputs or outputs. 11 . The non-transitory computer-readable data storage medium of claim 1 , wherein the generalized intermediate level representation maintains structural control flow statements and structural expressions in the source code, and wherein the generalized lower level representation represents the structural control flow statements as flattened branching statements and the structural expressions as instruction sequences of constants, unary operations, and binary operations. 12 . A computing system comprising: a storage device storing: lower level representation conversion executable program code that directly converts a generalized intermediate level representation of source code to a generalized lower level representation of the source code, neither the generalized intermediate level representation nor the generalized lower level representation being specific to any programming language, the generalized lower level representation adapted to a dataflow analysis portion of static application security testing (SAST); programming language conversion executable program code that converts the source code directly from a programming language of the source code to a programming language-specific intermediate level representation of the source code, the programming language-specific intermediate level representation adapted to a structural analysis portion of the SAST; intermediate level representation conversion executable program code that directly converts the programming language-specific intermediate level representation of the source code to the generalized intermediate level representation of the source code; a processor; and a memory storing program code executable by the processor to: receive the source code in the programming language; execute the programming language conversion executable program code on the source code in the programming language to generate the programming language-specific intermediate level representation of the source code; execute the intermediate level representation conversion executable program code on the programming language-specific intermediate level representation of the source code to generate the generalized intermediate level representation of the source code; and execute the lower level representation conversion executable code on the generalized intermediate level representation of the source code to generate the generalized lower level representation of the source code. 13 . The computing system of claim 12 , wherein the storage device further stores: generalized dataflow analysis executable code that performs lattice evaluation exclusively on the generalized lower level representation using a lattice product of lattices corresponding to dataflow-oriented static analyses specified by a superlattice for the SAST; and generalized structural analysis executable code that
Assignees
Inventors
Classifications
- G06F8/51Primary
Source to source · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12596537B2 cover?
- Source code in a programming language is received. The source code is converted to a generalized intermediate level representation not specific to any programming language. The source code is converted from the generalized intermediate level representation to a generalized lower level representation adapted to a dataflow analysis portion of static application security testing (SAST). The genera…
- Who is the assignee on this patent?
- Micro Focus Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F8/51. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 07 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).