Blackspot: Using Tensor Decompositions to Guide Inspection of Source Code

In this paper we introduce Blackspot, an extension to R-Check SCA that uses unsupervised machine learning based on tensor decompositions to organize and highlight sections of source code for more systematic inspection. Using markers identified by R-Check SCA’s Pitchfork rule language, multidimensional decompositions are used to cluster code so as to group similar structures for accelerated manual inspection and, when seeded with examples of known weaknesses, to prioritize code fragments for rigorous review based on similarity derived from latent features. We show how multidimensional analysis provides a precision advantage over matrix SVD-based approaches and enables both accelerated compliance testing and more directed discovery of potentially critical software weaknesses. Utilizing high-performance tensor decomposition techniques provided by Reservoir’s ENSIGN Tensor Toolbox, Blackspot scales to millions of lines of code, making it practical for application to complex, large-scale cyber-physical systems. Using an open SCA radio waveform as a first example, we illustrate how Blackspot can be applied to guide inspection for SCA compliance testing and weakness discovery in the software radio domain.