Research And Implementation Of Software Static Detection Tool Based On LLVM-Clang

The initial detection of software code has been based on artificial detection, But with the increasing scale of software, the code is becoming more and more complex, using artificial detection becomes more and more difficult,using artificial detection software has been impossible. However, with the development of software testing technology, a lot of companies have developed a variety of code testing tools, which are divided into two categories: dynamic detection technology and static detection technology. Static detection technology compared to the dynamic detection technology, without the need for actual execution of the program source code, instead, the static analysis of the software source code is carried out to find out the defects in the software code,it's fast analysis, without manual intervention,full coverage of the code and a high degree of automation, without relying on the compiler and compile the program execution environment and other characteristics, The most important is to be able to detect defects in the early stages of the software development. In this paper, the detection tool for the common defects in the process of writing code, through the static detection technology research,design and implementation of a static testing tools. The main work of this paper is as follows:1 .By learning ”Cpp Core Guidelines","Effective C++","C++ Prime" and other famous literary work,learning how to write efficient C++ code and the use of the new C++11/14/17 grammar effectively, These coding techniques are summed up into three types of detection rules with common defects.2.According to the three kinds of detection rules and the abstract syntax tree generated by the LLVM-Clang compiler (AST), the implementation of the static analysis has two kinds of methods of using AST to design, one is analysis and call detection rules required for detection in the syntax tree node directly, the other is the constructor call graph and each function to map the inline analysis in the syntax tree , then each function's control flow graph (CFG) will be transformed into the path sensitive explosion map and detected by the detection rules in this explosion graph nodes increase.3.On the basic of the static analysis of these two methods, we can construct and implement the rules of the detection of the defects into three types of code, which are not using the efficient code defects, not using the new grammar defects, common code defects. A total of 23 detection rules has been implemented, and can easily expand the new detection rules.4.Using a larger C++ proect to do the test, and compare with the open source static testing tool CppCheck from the false alarm rate, detection accuracy and speed. The comparison results show that both the false alarm rate and the detection speed are not lost in the open source static detection tool, and the CppCheck has no detection rules of C++ new and old grammar.This paper studies the software static detection tool with low false alarm rate, high detection accuracy and speed, easy to use and easy to expand the characteristics of the current static detection tool to solve the problem of high price, high false positives, the use of configuration cumbersome and difficult to expand .