节点文献

C++代码缺陷检测系统的研究与设计

Research and Design of a C++ Codes Defect Detection System

【作者】 阎旭

【导师】 周宽久;

【作者基本信息】 大连理工大学 , 计算机技术, 2011, 硕士

【摘要】 随着信息化产业的高速发展,人们对软件系统安全性和可靠性的要求越来越高,软件测试面临着重大挑战。基于静态分析的自动化检测对提高软件质量有着极其重要的意义,它可以在软件开发的各个阶段对程序代码进行检测,有效的提高测试的质量和速度,大幅降低软件测试的成本。本文设计了一个基于XML中间承载模型的缺陷检测模型,该模型通过对程序源代码进行词法语法解析,提取程序代码中有用的状态属性信息,利用XML良好的扩展性和简洁的数据存储特性,将解析出的代码属性信息导入XML中间承载模型中。将安全编程规范中的缺陷规则用缺陷模式来描述,利用Xquery查询语言将缺陷模式转换成对应的Xquery缺陷匹配表达式,通过Xquery缺陷匹配表达式对中间承载模型进行安全检测,查找中间承载模型中与缺陷模式匹配的问题节点,最终,凭借缺陷重定位机制将缺陷精确定位到程序代码中。在此基础上,针对《MISRA C++2008》安全规则集进行了深入分析,设计了一个基于规则的缺陷自动检测系统。该系统能对C/C++语言编写的程序进行全面而准确的安全检测。经大量实际测试表明该系统能有效提高软件系统的安全性和可靠性,具有较高的使用价值。

【Abstract】 With the rapid development of information industry, the awareness of software security and reliability of the system is increasing. As an important means of improving software security and reliability, automated software testing based on static analysis has an extremely important significance for improving software quality, it can detect the program code in all stages of software development, and effectively improve the quality and the speed of software testing, dramatically reduce the development costs.In this paper, a defect detection model based on XML intermediate host model is designed. The source code is interpreted as through the syntax-directed parse of this model; so that useful status attribute information of code are extracted. In view of the advantage of expansibility and data storage, the status attribute information is imported into XML middle host model. An Xquery expression is designed to locate security vulnerabilities matching the vulnerability pattern from the XML intermediate host model with the help of vulnerability pattern. Finally, redirection of software detects is carried out from the XML intermediate pattern to the source file accuratelyAn automatic vulnerability static detection system based on safety rules are designed by an in-depth research on MISRA C++2008.This detection system can give a comprehensive and accurate detection to C/C++language program. As substantial test show, this system can effectively improve security and reliability of software system, the application value in detecting software is very high.

  • 【分类号】TP311.53
  • 【被引频次】1
  • 【下载频次】117
节点文献中: