MIET Develops Tool to Enhance Programmers' Efficiency

MIET scientists developed a new tool to simplify programmers' work, capable of detecting dangerous code fragments that accidentally end up in a new program before its launch. The results were published in the proceedings of the "2025 International Russian Smart Industry Conference (SmartIndustryCon)".

During the coding process, IT specialists sometimes make mistakes, leaving unnecessary or even dangerous instructions in the code. This is especially common among programming students who create many programs requiring verification. Undesirable fragments can reduce the program's overall performance as well as pose a threat to the computer. Manually searching for such "backdoors" is a lengthy and labor-intensive process.

Scientists at MIET have developed an analyzer tool that automates this task and works like a "smart corrector" for programs. It checks the code without running it (a method called “static analysis”) and identifies potentially problematic sections.

It is also based on lexical analysis, where the program is first broken down into minimal meaningful units, much like text is divided into words. The system then builds a parse tree, essentially a structural diagram of the code, and uses special algorithms to search this diagram for suspicious instructions.

"Existing analyzers more often look for hypothetical vulnerabilities rather than the malicious code itself and frequently make mistakes. We taught the system to distinguish a real threat from merely a suspicious fragment by assigning each code section its own 'maliciousness coefficient.' The development demonstrated an effectiveness level of 96 percent," explained Evgeny Portnov, Professor at the Institute of System and Software Engineering and Information Technology.

According to him, the analyzer allows for verification at an expert level. It finds not only overtly dangerous commands but also simply inefficient fragments that reduce performance, helping to make any program better.

Although some of the tool's functions overlap with security tasks, it is not an antivirus in the traditional sense. The tool is intended for a wide range of users familiar with programming: from students wanting to check their work to professional developers seeking to optimize code before launch.

This material was prepared as part of the "Infobez: Superheroes Guarding Your Data" project with the support of a grant from the Russian Ministry of Science and Higher Education within the framework of the Decade of Science and Technology.

Source: https://ria.ru/20251016/nauka-2048406492.html