Based On The Static Analysis Of Code Security Flaw Detection System

Due to the rapid development of economy and science, computer technology is becoming more and more popular, and software become more and more important for people’s daily life. It brought great convenience to people’s lives, and play an indispensable role in promoting economic and social move forward. However, along with the expanding range of computer software applications, there are a lot of serious security problems caused by the software structure of which become more and more complex. It made people’s work worse. Therefore, how to detect these issues existing in the software early and accurately is a hot issue in computer field. Now, there are two ways to detect problems in the code of software:dynamic detect and static detect. Compare with the dynamic detect, static detect does not need to run the code, it can find the potential problems in the code through analysis the whole source code. Such methods have many advantages such as efficient and it can analysis all the path in the project. However, the existing static detection tools also have some problems. Such as a high false negative rate and false alarm rate, which cause the slow development of these tools in commercial applications.This dissertation summarizes the research state of the issues at home and abroad, does some comprehensive analysis of the problem’s characteristics about the buffer overflows, memory leaks, null pointer reference. On the basis of the existing detection technology, the paper designs a series of algorithms about testing code safety and realizes a static detection system based on the data flow. In order to solving the difficulty about detecting problems-determine context execution environment, the system uses some knowledge in the field of mathematics, such as interval arithmetic and recursive solving. Above all, the system also designs some methods, such as:store the property of the variables and the property of the memory referred by the variables separately, generate abstract of functions and so on, which can simplify the complexity of the detection of the problems and improve the accuracy of the system.Finally, the dissertation gives some tests about the problems occurred in the project including buffer overflows, memory leaks, null pointer reference, and the results of these tests verify that the system can find the problems in the project more accurately.