摘要
通过静态检测发现源程序中的潜在缺陷,可以帮助程序员在软件发布之前发现并修补程序缺陷,提高软件的安全性。提出一种通过静态分析CIL代码来检测C#程序代码缺陷的方法。采用改进的深度优先搜索算法遍历目标程序的控制流程图,结合历史状态缓存机制,能够大幅度提高检测效率;另外,为便于实施别名分析,还提出一种基于内存区域的变量表示方法。基于所述分析方法,开发了一个C#源代码缺陷静态检测系统,并对实际开源项目进行了检测。实验结果表明,本系统能够高效、准确地检测C#程序中常见类型的缺陷。
Finding potential defects by statically detecting source code can help programmers find and fix the defects be- fore the software is released, and thus can improve the security of the software. This paper provided a CIL static analy- sis method to detect defects in C# programs. We adopted an improved depth-first search algorithm to traverse the con- trol flow graph of the target program,and combining with the strategy of caching history states, the performance of the detection can be greatly improved. In addition, to be convenient for alias analysis, we proposed a method based on Mem- ory Region to represent variables. Based on the analysis method described in this paper, we developed a system for de- tecting defects in C# programs. We applied the system on real C# projects,and the detecting result shows that it can detect common kinds of defects in C# programs efficiently and accurately.
出处
《计算机科学》
CSCD
北大核心
2014年第1期220-224,共5页
Computer Science
基金
国家自然科学基金项目(61170240
61070192)
核高基重大专项(2012ZX01039-004)资助
关键词
静态分析
缺陷检测
别名分析
CIL
C#
Static analysis, Defect detection, Alias analysis, CIL, C #