Research On Method Of C/C++ Code Static Detection Based On Rules

The reliability of software systems attracts more and more attention of people, especially in the occasion with high security requirements, such as spacecraft systems, automotive and some industrial control systems. Software safety analysis is an important means to ensure software reliability. Static analysis technique has been widespread concern for it can find security vulnerabilities in code without execute the code. And it plays an important role in the software safety analysis. With the expanding of software scale, the way of artificial walkthrough become unpractical. A credible tool for automated static analysis has very high value and prospects.First of all, this paper describes the technology of software testing and its development, and focuses on static analysis method and its tools. Then, static detection based on safety rules is introduced. And it indicates that the traditional method, which extractes static information from the AST (Abstract Syntax Tree) generated by GCC, need to deal with a large volume of redundant information. Moreover, this method reduces the accuracy and efficiency of information extraction. A syntax tree model based on relational storage schema is proposed in this paper, which effectively reduces the redundancy. In addition, an intermediate storage model with well extensibility based on XML is disigned. Syntax tree model is finally converted to XML format which is more suitable for static detection.Based on the method mentioned above, an automatic static detection system named CIS (Code Inspection System) is designed and implemented, which supports all the rules described in "GJB5369-2005 safe subset of C language for space armament software" and has well extensibility. CIS provides Multi-layer analysis include lexical analysis, syntax analysis, shallow semantic parsing and deep-seated semantic analysis, which can detect security vulnerabilities in reliable way. CIS also reduces the requirements on the users, and there is no need to add comments in the source program. Moreover, CIS supports multiple file parsing, which can find out security vulnerabilities distribute among associated files.