C语言源代码静态检测工具设计与实现毕业论文.docVIP

C语言源代码静态检测工具设计与实现 学 院 计算机学院 专 业 班 级 学 号 姓 名 指导教师 负责教师 沈阳航空2014年6月摘 要 关键词：C源代码；静态代码分析 Development of C language source code static analysis tool Abstract With the development of the information society, the problem of Internet insecurity is becoming more and more serious. Many of these problems are due to the flaw of the software itself and therefore cause huge economic losses. On one hand, it is because of the programmer’s negligence on software producing, and on the other hand, it is also because the relative languages dose not provide a complete security mechanism. Among many languages, C language is believed as the most vulnerable one to be attacked. As a result, the code safety check seems very important. However, because the modern software engineering is becoming more and more complicated, the traditional check methods can not meet the requirement in accuracy and efficiency, so the static code analysis emerge as the times require. This paper will first investigate the current situation and main trend of the static code analysis at home and abroad. And then put forward our ideas and design objectives. Discusses in detail about the system requirements analysis, preliminary design, detailed design and implementation, system testing and other related processes, integrating open source static detection tools Splint and Flawfinder through the use of the Python language, implement static security check code and generate analytic charts and other functions. Keywords: Safety testing; C source code; static code analysis 目 录 1 绪论 6 1.1 研究背景 6 1.2 设计目标 7 1.2.1 主要内容 7 1.2.2 设计要求 7 1.3 国内外现状 7 1.3.1 模型检验 8 1.3.2 携带源代码 8 1.3.3 词法扫描 8 1.3.4 简单语义分析 8 1.4 软件代码风险介绍与原理 9 1.4.1 内存访问错 9 1.4.2 缓冲区溢出 10 1.4.3 竞争条件 11 1.4.4 随机数滥用 12 1.4.5 异常处理 12 1.4.6 空指针引用 12 1.5 技术简介 13 1.5.1 Python语言简介 13 1.5.2 PyQt图形类库简介 13 1.5.3 SQLite数据库简介 13 2 需求分析 15 2.1 用户需求 15 2.2 系统需求 15 2.2.1 实现代码静态安全分析需求 15 2.2.2 代码检查工具基本控制需求 15 2.2.3 待检测代码列表管理需求 16 2.2.4 检测代码工具参数设置需求 16 2.