A study on the usage of unsafe functions in gcc compared to mobile software systems

Melissa M. Sarnowski, Derrek Larson, Saleh M. Alnaeli, Mohamed K. Sarrab

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)


A case study is presented that empirically analyzes the use of known unsafe functions in gcc, a well-known general purpose software system, along with their distribution over a 5-year period from, 2012 through 2016. The 5-year history of gcc studied is comprised of a total of over 26 million lines of code. gcc was statically analyzed with the use of srcML and a tool created by one of the authors. A count of each unsafe function type present in each year of the system was recorded, along with a count of safe replacement functions, and their distributions analyzed. The results were compared to findings from a previous study on networking and mobile systems. The results show free, strcmp, strlen, and memcpy to be the most prevalent unsafe functions used among the years of gcc studied. This information can help developers by showing where they should direct their attention when refactoring their system to improve security, and thereby improve the system's robustness, reliability, and overall quality. By focusing on the most prevalent unsafe functions, developers can plan their refactoring process to be more effective. The fact that unsafe functions are still being used despite there being safer alternatives shows a need for new security standards, better education about security and security issues, and supervision of programmers to ensure they follow those standards.

Original languageEnglish
Title of host publication2017 IEEE International Conference on Electro Information Technology, EIT 2017
PublisherIEEE Computer Society
Number of pages5
ISBN (Electronic)9781509047673
Publication statusPublished - Sep 27 2017
Externally publishedYes
Event2017 IEEE International Conference on Electro Information Technology, EIT 2017 - Lincoln, United States
Duration: May 14 2017May 17 2017

Publication series

NameIEEE International Conference on Electro Information Technology
ISSN (Print)2154-0357
ISSN (Electronic)2154-0373


Conference2017 IEEE International Conference on Electro Information Technology, EIT 2017
Country/TerritoryUnited States


  • evolution
  • history
  • safe replacements
  • static analysis
  • unsafe functions
  • vulnerable code

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems
  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Cite this