| The reliability of software systems attracts more and more attention of people, such as spacecraft systems, automotive and some industrial control systems. Software safety analysis is an important means to ensure software reliability. Static analysis technique has been widespread concern for it can find security vulnerabilities in code without execute the code. And it plays an important role in the software safety analysis. With the expanding of software scale, the way of artificial walkthrough become unpractical. A credible tool for automated static analysis has very high value and prospects.Syntax tree as the basis for code analysis is the starting point of code testing.The program can be matched to access code information by building a syntax tree.In this paper, a method of construction of the syntax tree model based on C++ source code detection system is issued by referring to design principle of the compiling system. A syntax tree model based on relational storage schema is proposed. First, through in-depth analysis of C++ grammar composition and Lexical analysis and syntax analysis of C++ grammar, a syntax tree of legal C++ program "super set"is builded by using Lex and Yacc tools.The syntax tree generated by this way can be transformed into intermediate data storage model which is more suitable for application in a static test operations.A C++syntax tree module running in the windows environment has been developed with Visual Studio 2008 development platform and the Lex and Yacc tools. It provides Multi-layer analysis include lexical analysis, syntax analysis, shallow semantic parsing and deep-seated semantic analysis. Moreover, it supports multiple file parsing, which can find out security vulnerabilities distribute among associated files.The module can identify all the source code of the standard C++ syntax as the basis for the follow-up information extractioin on C++ source source code. Through the test and analysis, the coverage and accuracy of the module is verified. |
PDF Full Text Request