Research On Control Flow Extraction Model And Software Reliability Evaluation Application

The safety-critical software becomes an important role, however, due to complexity of itself and its environment, software failure is difficult to be completely avoided. Therefore code security analysis technology becomes more concerned in recent years. Code security analysis technology is an important way to find software defects, however, the source file code information is complex and difficult to obtain, and the C language is more flexible, bringing more challenges for C code security analysis. It is more significant and valuable to research on code information access and solutions of high false positives and to improve system scalability.Firstly, A highly scalable control flow extraction model is proposed in this paper, using the source code for lexical, syntax analysis to obtain control flow and convert it into extraction model. The defect pattern matching method is used to analyze the control flow extraction model. Based on extraction model, control flow information is extracted. Then control flow slice and pruning are used to get local control flow and to track the use of pointers. By this way, control flow and data flow analysis capabilities are enhanced and weakness of defect pattern matching method based on safe subset is also offset. The accuracy of the code static analysis is improved and the ability to explore the safety defects is also enhanced. Then, based on the results, code security evaluation method is introduced in this paper. D-S evidence theory and expert rating method are combined to build credibility evaluation indicator tree, and credible confidence inference algorithm is designed to obtain the security evaluation results. Finally, it is shown that how the control flow extraction model can be extended to the field of multi-threaded code detection to solve data race.Security_Analyzer tool based on the safe subset is designed and implemented with parser generator and vs2008. The safe subset analysis and the variable data flow analysis are used to find software defects, it is shown by experimental results that this method has nice defect detection capabilities.