点击次数：

论文类型：期刊论文

发表时间：2012-01-01

发表刊物：International Journal of Advancements in Computing Technology

收录刊物：Scopus

卷号：4

期号：21

页面范围：337-345

ISSN号：20058039

摘要：Software vulnerabilities that easily occur due to the flexible grammar and loose compile environment of C++ language, have disadvantages to safety of software. An automatic static analysis method based on various rules in safe subset "MISRA C++ 2008" is proposed, with the features that code parsing logic and defect detecting logic are separated. A relational syntax tree and an intermediate XML model are constructed to parse code and store code information such as statements and identifiers in a structured way. XQuery expressions are employed to represent rules in safe subset, and locate code defects by matching corresponding nodes of the intermediate XML model. Experiments show that code defects violating safety rules can be detected effectively by the prototype system based on the method with low false positive rate and low false negative rate.