c语言如歌输出空字符,沈阳航空航天大学毕业设计（论文）.doc

沈阳航空航天大学毕业设计(论文)

C语言源代码静态检测工具设计与实现

学 院计算机学院专 业计算机科学与技术班 级学 号15姓 名 指导教师 负责教师

沈阳航空航天大学

2014年6月摘 要

随着信息社会的发展，网络的不安全问题越来越严重，其中许多安全问题都是由于软件本身存在安全漏洞所引起的，并且造成了巨大的经济损失。一方面是程序员编程上的疏忽，一方面也是相关语言没有提供完整的安全机制。在众多的语言中，C语言也被认为是最容易遭到攻击的语言。所以代码的安全检查就变得极其重要。但是由于现代软件工程越来越复杂，致使传统的检查方法在准确度和效率上都不能满足要求，所以代码的静态安全检测应运而生。

本文将首先调研并介绍国内外的关于静态安全检测的研究现状以及代码安全检测技术的主要趋势，然后提出我们的构想与设计目标，详细论述了系统的需求分析、概要设计、详细设计与实现、系统测试等相关过程，通过使用Python语言整合开源的静态检测工具Splint和Flawfinder，实现代码的静态安全检查以及生成分析图表等功能。

关键词：安全检测；C源代码；静态代码分析

Development of C language source code static analysis tool

Abstract

With the development of the information society, the problem of Internet insecurity is becoming more and more serious. Many of these problems are due to the flaw of the software itself and therefore cause huge economic losses.

On one hand, it is because of the programmer’s negligence on software producing, and on the other hand, it is also because the relative languages dose not provide a complete security mechanism. Among many languages, C language is believed as the most vulnerable one to be attacked. As a result, the code safety check seems very important. However, because the modern software engineering is becoming more and more complicated, the traditional check methods can not meet the requirement in accuracy and efficiency, so the static code analysis emerge as the times require.

This paper will first investigate the current situation and main trend of the static code analysis at home and abroad. And then put forward our ideas and design objectives. Discusses in detail about the system requirements analysis, preliminary design, detailed design and implementation, system testing and other related processes, integrating open source static detection tools Splint and Flawfinder through the use of the Python language, implement static security check code and generate analytic charts and other functions.

Keywords: Safety testing; C source code; static code analysis

目 录

1 绪论6

1.1 研究背景6

1.2 设计目标7