| As with the keeping prosper of software development,more and more security problems are exposed at the same time.High quality software system is the key to guarantee the operation of the system in stable.Software testing is an important way to ensure the quality of software.As an important part of software testing,static code detection technology can detect potential defects without executing code,and has the advantages of early and fast detection.It has been more and more attention.This paper studies how to extract information from abstract syntax tree for static code detection,and completes a development of static code detection tool based on abstract syntax tree.First,source code is transformed into an abstract syntax tree by using Clang compiler tool,analysis the difference bwtween defects and normal code,record key information to distinguish the differences such as context information,program structure information and data flow information or control flow information,and then use these key information to construct detection rule based on the GJB safety regulations and PVS defeact library,after it,calling rules to travel the tree and recording code fragments and false information of source code which is in violation of the rules,and finally generate a test report.In this paper,we propose a scheme based on abstract syntax tree to mine defects.Users can extend rule sets based on this framework for second development,which enriches the ability of code defect detection.In this paper,seven open source projects on GitHub were tested,and the experiment found that each software had defect vulnerabilities in varying degrees.The experimental results verify the effectiveness of the tool and expose the current coding problems in most of the software. |
PDF Full Text Request