摘要
C/C++编程语言应用于众多关键领域的软件系统中,在开发时对编程的规范性和语义的明确性有着极高的要求。为了避免不当使用C/C++语言带来潜在的安全问题,国内提出了面向C/C++语言的《C/C++语言编程安全子集》(后简称为GJB8114)。由于标准中规则较多,程序员在开发过程中难免存在不规范的写法,因此实现用自动化的规则检测工具检测相应的编码规则是必要的。而现有的编程规范检查工具对标准的检查并不全面,在针对需要理解程序上下文的规则的检查时,误报率较高甚至不支持检查。对此,将GJB8114中的规则分类并对复杂规则进行定义。通过调研Testbed工具检查GJB8114中的复杂规则的支持程度,总结得到现有工具存在流敏感分析不完善和无法进行跨文件的全局分析这两个问题。采取了结合语法树匹配的流敏感分析方法和跨文件的全局分析方法来解决这些问题。在此基础上,开发得到了CruletFS工具。实验结果表明,与常见的编程规范检查工具Cppcheck,Testbed等相比,CruletFS在检查复杂规则时有更好的效果。在针对规模较大的项目分析时,CruletFS在开销上也优于Cppcheck。这说明相较于已有的方法和策略,所提方法可以在占用开销较低的基础上有效提高复杂规则检查的准确率。
C/C++programming languages are applied in numerous critical software systems,and there is an extremely high demand for standardization and clarity of semantics during development.To prevent potential security issues arising from improper use of C/C++languages,a C/C++Language Programming Security Subset(referred to as GJB8114)was proposed domestically.Given the abundance of rules within the standard,it’s inevitable that programmers may deviate from these norms,thereby necessitating automated rule detection tools to identify such non-compliant coding practices.However,existing rule checking tools do not provide comprehensive checks against the standards,especially for rules that require understanding of the program’s context,leading to high false positive rates or even a lack of support for certain checks.This paper categorizes the rules in GJB8114 and defines what constitutes a complex rule.Through evaluating the Testbed tool’s capability to inspect complex rules within GJB8114,it identifies that current tools lack thorough flow-sensitive analysis and are unable to perform cross-file global analysis.To address these issues,this study adops a flow-sensitive analysis method combined with syntax tree matching and a cross-file global analysis approach.Based on this,the CruletFS tool is developed.Experimental results demonstrate that CruletFS performs better in checking complex rules compared to common rule checking tools,such as Cppcheck and Testbed.In analyzing large-scale projects,CruletFS also outperforms Cppcheck in terms of time and memory overhead.
作者
胡梦泽
马旭桐
张豪
张健
HU Mengze;MA Xutong;ZHANG Hao;ZHANG Jian(State Key Laboratory of Computer Science,Institute of Software,Chinese Academy of Science,Beijing 100190,China;Hangzhou Institute for Advanced Study,UCAS,Hangzhou 310012,China;University of Chinese Academy of Sciences,Beijing 100049,China)
出处
《计算机科学》
北大核心
2025年第6期35-43,共9页
Computer Science
基金
国家自然科学基金(62132020)。
