【作者】 邓凡；

【导师】 刘坚；

【作者基本信息】 西安电子科技大学 ， 计算机软件与理论， 2009， 硕士

【摘要】 本文研究和讨论的软件安全检查工具可以在程序的编译阶段对其进行安全分析,尽可能全面地检查出程序存在的安全漏洞,从而避免这些漏洞在程序的运行阶段造成更严重的问题。软件安全检查工具由前端和后端两个部分组成。本文首先讨论了该工具前端中建立符号表和生成抽象语法树的作用和意义；其次认真分析、研究了分析器自动生成工具ANTLR提供的语法分析规则；在此基础上采用语法制导翻译的方法,通过在语法分析规则的产生式中添加语义动作和标记,实现了符号表的建立和抽象语法树的生成。论文所做的工作充分利用了ANTLR提供的自动生成机制,提高了前端的可靠性和可扩充性,并为后端的构建奠定了良好的基础。本文最后分析了与内存资源相关的安全漏洞的表现形式,论述了软件安全检查工具前端对这些安全漏洞的检查方法,实践证明该工具前端能够满足对所述安全漏洞检查的需要。更多还原

【Abstract】 The software safety checking tool studied and discussed in this paper is capable of checking the safety of a program when it is compiled and inspecting safety holes that might exist in the analyzed program as comprehensively as possible, thereby keeping the program from more serious issues when it is executed.The software safety checking tool is composed of a front end and a back end. First of all, this paper discusses the function and significance of building symbol tables and creating abstract syntax trees in the front end of the software safety checking tool. Secondly, the syntax analyzing rules provided by the analyzer automatic production tool ANTLR are studied thoroughly. Based on this, symbol tables are built and abstract syntax trees are created by appending semantic actions and tags in the productions of the syntax analyzing rules with the method of syntax-directed translation. This method fully makes use of the automatic production mechanism provided by ANTLR, thus could enhance the reliability and extendibility of the front end and lay a good foundation for the construction of the back end.Finally, the manifestations of safety holes related to memory resources are analyzed and studied. The front end of this tool is capable of checking these holes by appending semantic actions in the syntax analyzing rules provided by ANTLR and symbol table modules according to some well-designed algorithms. It is practically proved that the front end of this tool can satisfy the need of checking the safety holes above mentioned.更多还原