Static analysis-based checking method of safety rules of C language

An inspection method and static analysis technology, applied in computer security devices, instruments, electrical digital data processing, etc., to achieve the effect of making up for the lack of security

Inactive Publication Date: 2011-04-13
北京神舟航天软件技术股份有限公司
View PDF3 Cites 34 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there are many hidden dangers that may lead to vulnerabilities in C language. In some key applic

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Static analysis-based checking method of safety rules of C language
  • Static analysis-based checking method of safety rules of C language
  • Static analysis-based checking method of safety rules of C language

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] The invention provides a method for checking security rules in C language based on static analysis, comprising the following steps:

[0020] 1) Check the type of C language, avoid the occurrence of forced type conversion, and prohibit the declaration of general pointer type;

[0021] 2) It is stipulated that global variables and local variables cannot have the same name, and the formal parameters of global variables and functions cannot have the same name;

[0022] 3) Limit the loop variable of the control flow statement;

[0023] 4) Strengthen the declaration and definition of C language;

[0024] 5) Analyze the lexical, grammatical, and semantics of the source code to find out where the source code does not meet the above requirements.

[0025] Details are given below.

[0026] The present invention proposes the concept of safe C language guidelines, with the purpose of standardizing C language programming and helping C programmers develop good C language programmi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a static analysis-based checking method of safety rules of C language, which comprises the following steps: 1) checking the type of the C language to avoid the occurrence of compulsory type conversion and prohibiting the declaration of the type of a generic pointer; 2) stipulating that a global variable and a local variable can not be in homonymy, and the global variable and a formal parameter of a function can not be in tautonomy; 3) limiting a cyclic variable of a control flow statement; 4) strengthening the declaration and the definition of the C language; and 5) carrying out analysis of accidence, grammar and semanteme on source codes, and finding out places which do not meet the stipulation from the source codes. The method has the advantages of being capable of finding out possible loopholes on programming of the C language under the premise that the codes do not need to be executed and effectively making up for the deficiency of insufficient safety of the C language in soft engineering.

Description

technical field [0001] The invention relates to a method for checking security rules of C language based on static analysis, and belongs to the technical field of static code analysis. Background technique [0002] While the C language provides programmers with simplicity and flexibility, it also brings us many side effects that are easy to cause loopholes. Through static code analysis, we can detect a variety of codes that easily lead to program vulnerabilities without executing the code. Such static analysis tools have been produced since the 1980s. At present, commercial tools such as PC-Lint, Coverity Prevent, and LDRA Testbed are widely used in the software development process, and open source tools such as Splint are constantly evolving and improving. Static code analysis tools greatly improve the efficiency of code checking in software engineering and reduce the workload of manual code review. These analysis tools currently on the market, some of which are very pow...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/22G06F21/55
Inventor 程胜于鹏珊崔小磊陆麒
Owner 北京神舟航天软件技术股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap