Research On Static Detection Technology For C Language Security Subset

With the rapid development of computer science,computer technology plays an increasingly important role in the fields of aerospace,aviation and unmanned driving.Due to the special requirements of safety and reliability of embedded software in safety critical areas such as aerospace,the development of static detection technology for safe subset in C has been promoted.At present,commercial companies such as Coverity and Checkmarx also provide static detection tools for the safe subset.However,because of the different standards for security subsets,it is difficult for foreign commercial software to adapt to the requirements of China’s aerospace industry.The reserarches of domestic scholars on GJB 5369-2005 "aerospace software safe subset in C" is not comprehensive enough,and do not take into account the global class rules in the detection of documents,so that the detection tool can not comprehensively detect the code.Therefore,the research on the detection of safe subset in C of China’s aerospace model software has become an important research topic.Aiming at this topic,this thesis puts forward a design scheme of static detection tool to support safe subset in C based on the research of GCC compiler front-end preprocessing and lexical analysis.The specific research work of this thesis is as follows:(1)Research on compilation techniques such as lexical analysis based on GCC compiler,and considering GJB 5369-2005 "aerospace software safe subset in C" as a basis,analyze the various rules defined by it;on this basis,with the GCC compiler a system prototype,a specific detection algorithm is designed for each type of rule,and a C-Check static detection tool conforming to the GJB 5369-2005 standard is realized.(2)Study the detection algorithm of the global class rules between files in safe subset.According to the characteristics of the global class rules,a compiler detection scheme suitable for the front end of the GCC compiler is proposed.By collecting global information in various morphological parsing processes instead of the traversal process of the abstract syntax tree,the performance consumption when traversing unnecessary nodes is avoided,and the detection efficiency of the algorithm is improved.The C-Check static detection tool proposed in this thesis is compared with the industry’s mainstream static detection tool Cppcheck.The experimental results show that C-Check can find more security defects of code than Cppcheck under the premise of ensuring high detection accuracy and high detection performance.