CN102968367A - Static detection method on basis of embedded software and system thereof - Google Patents
Static detection method on basis of embedded software and system thereof Download PDFInfo
- Publication number
- CN102968367A CN102968367A CN201210309683XA CN201210309683A CN102968367A CN 102968367 A CN102968367 A CN 102968367A CN 201210309683X A CN201210309683X A CN 201210309683XA CN 201210309683 A CN201210309683 A CN 201210309683A CN 102968367 A CN102968367 A CN 102968367A
- Authority
- CN
- China
- Prior art keywords
- rule
- module
- detection
- information
- static detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Stored Programmes (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention provides a static detection method on the basis of embedded software. The method overcomes the defects in an existing static detection technology and is used for carrying out static detection by combining control flow information, data stream information and path alias information. The method adopts a detection executing end module and a client module. A client provides support for editing a graphical rule file, a tester can execute static detection on a source file after completing the work of editing a source file, and the client sends a command to notify a detection execution end to start static detection; the detection execution end receives the detection starting command sent by the client, analyzes the structure of the source file, calls a rule analysis module to analyze the rule file, generates a matching result after processing, carries out packaging by a matching result packaging module and sends a detection result generated by packaging to the client for analysis and display; and the client carries out analysis and mapping on the detection result and the client is updated according to the detection result, so that a developer can visually view the static detection result and visually view the rule breaking condition.
Description
Technical field
The present invention relates to the software detection technical field, particularly relate to a kind of static detection method based on embedded software and system thereof.
Background technology
Development of embedded system is widely used in the system environmentss such as robotization control, military technology, Industry Control, scientific research, medical research, traffic administration, artificial intelligence up till now.In the embedded system, hardware is core, and software is soul, and embedded software is in key position in total system.How under the condition that as far as possible shortens the construction cycle, guarantee the quality, reliability, security of embedded software etc., become a problem that receives much concern.Therefore, the importance of embedded software test becomes increasingly conspicuous.
In the embedded software developing process, the error detection that exists in the code is more late, and then maintenance cost is higher, so, find as soon as possible and solve the mistake that exists in the code, most important to cost of development and the assurance embedded software quality of control embedded software.Static Detection is in the situation of working procedure not, the source code structure is analyzed the discovery latent fault, can find the problem that exists in the source code in the development phase, this is for the control embedded software developing cycle and reduce a numeral man embedded software maintenance cost and have great importance.
Existed at present and also had the instrument that carries out Static Detection for C, have based on order line work, such as Splint, CPPCheck produces more warning message easily, some of them are wrong report information, flood easily normal error message, testing result is difficult for checking.What have is expensive, and such as QAC/C++, PC-Lint, LDRA and PolySpace, for the embedded project of little cost, testing cost is difficult to accept, and is difficult to promote.In addition, existing Static Detection technology is only considered the control stream information in testing process, do not consider data-flow analysis, can't detect some mistake; The path another name is not analyzed, can be produced many wrong report information.Existing free static detecting tool can't intuitively be located in violation of rules and regulations routing information based on order line work, and inconvenient developer makes amendment to the Problem-Error that exists in the source code according to testing result.
Prior art has the following disadvantages on the whole:
1) testing process is only used the control stream information, does not have the collective data stream information, and some mistake can't detect;
2) the path another name is not analyzed, can be produced wrong report information;
3) the execution route that breaks the rules is not located, testing result can not be utilized by other instruments.
Summary of the invention
In order to overcome the deficiencies in the prior art, a technical purpose of the present invention provides a kind of easy to use, the static detection method based on embedded software that can fine realization source file be detected.
In order to overcome the deficiencies in the prior art, another technical purpose of the present invention provides a kind of easy to use, the static detection method based on embedded software that can fine realization source file be detected.
For realizing above-mentioned technical purpose, the technical solution used in the present invention is as follows:
A kind of static detection method based on embedded software may further comprise the steps:
The source file structure is analyzed, generated the step of control stream, traffic flow information;
The step that rule file is resolved;
According to the step of resolving the rule constrain character string structure regular expression that produces;
Step according to regular expression, control stream, traffic flow information executing rule coupling;
If find the coupling clauses and subclauses, then carry out record to violating the statement and the Control flow path that detect rule, encapsulate, with the testing result that encapsulation produces, then analyze demonstration.
Preferably, described executing rule coupling also is included in the more step of new route another name information of rule match process.
Preferably, more new route another name information is specially: according to Dram distribute, Dram discharges and new route another name information more during the pointer variable assign operation.
Preferably, comprise that also detecting the storehouse by default sensitive resource carries out the responsive step that detects to source file.
Preferably, described rule match according to the complexity that detects rule, is carried out the rule detection of respective degrees for to carry out matching operation at GIMPLE figure.
For realizing above-mentioned second technical purpose, the technical solution used in the present invention is as follows:
A kind of Static Detection system based on embedded software comprises:
Be used for needing to the registration of GCC card cage being responsible for the Plugin events of monitoring, the GCC card cage can call the event registration module of predefined call back function after the Plugin events of monitoring produces;
Be responsible for source code is resolved generation control stream, data dependence, the structural information generation module of the information such as GIMPLE figure;
Finish testing based on GIMPLE figure, the rule detection module that combined control stream and data dependence information detect;
Be responsible for rule file is resolved the described rule parsing module of setting up rule chain;
The model string of rule is processed generation regular expression regular expression make up module;
Be responsible for carrying out matching operation at GIMPLE figure, according to the complexity that detects rule, carry out the rule match module of the rule detection of respective degrees;
The path another name is carried out the module of analyzing and processing, Dram distributes, Dram discharges and the pointer variable assign operation all affects the path alias analysis relation, and when testing process ran into the aforesaid operations statement, the path alias analysis module is the path alias analysis module of new route another name information more;
Adopt consolidation form to encapsulate to the Static Detection result, for every matching result, the matching result package module of the path condition information that the detailed in violation of rules and regulations information of encapsulation preservation and violation path are corresponding.
Preferably, also comprise the characteristics of sensitive resource being leaked for embedded software, static detecting tool predefine the preservation storehouse predefine rule base of a series of resource leak detection rules.
Compared with prior art, the invention has the advantages that:
The present invention carries out Static Detection in conjunction with traffic flow information to embedded software by client modules and detection actuating station module, and can analyze false alarm reduction information to the path another name.
Description of drawings
Fig. 1 is the static detecting tool frame diagram;
Fig. 2 is that static detecting tool detects the actuating station frame diagram;
Fig. 3 is that GIPMLE figure makes up process flow diagram;
Fig. 4 is that regular expression makes up process flow diagram;
Fig. 5 is path alias analysis module process flow diagram;
Fig. 6 is path condition information format figure.
Embodiment
The present invention is further detailed explanation below in conjunction with the drawings and specific embodiments.Should be appreciated that specific embodiment described herein only is used for explaining invention, and be not used in the restriction utility model.
The present invention is in order to realize the Static Detection of visual embedded software, client runs in the developing engine JRE environment with the form of Eclipse plug-in unit, adopt JFACE/SWT to carry out the GUI design, provide graphical rule file editor to support, after the tester finishes the source file editing, can carry out Static Detection to source file, client sends order notice detection actuating station and begins Static Detection.Detect actuating station and receive the beginning sense command that client sends, at first the source file structure is analyzed, generate control stream, traffic flow information, the calling rule parsing module is resolved rule file, according to resolving the rule constrain character string structure regular expression that produces.On regular expression, control flow chart, the correct basis that makes up of data flowchart, controller calling rule matching module executing rule coupling, the rule match process is new route another name information more, if find the coupling clauses and subclauses, then carry out record to violating the statement and the Control flow path that detect rule, and encapsulate by the matching result package module, the testing result that encapsulation is produced sends to client and analyzes demonstration for the latter.Client is analyzed, is shone upon testing result, upgrades GUI according to testing result, allows the exploitation personnel can check intuitively the Static Detection result, intuitively checks the rule violation situation, as shown in Figure 1.
The present invention is for the Static Detection in conjunction with traffic flow information and path another name information realization embedded software, detecting actuating station develops with the GCC card format, carry out actual Static Detection work, frame diagram as shown in Figure 2, controller calls the Plugin events Registering modules and finishes the registration of GCC Plugin events, and when the source file structure is analyzed, Plugin events produces, the card cage call back function is finished the generation work of structural information, mainly generates the structural informations such as GIMPLE figure, control flow, data stream.GIMPLE figure is based on fundamental block and each fundamental block adjacent edge makes up, the structural information generation module travels through each fundamental block, every GIMPLE statement in the traversal fundamental block, with the limit between GIMPLE statement information creating figure node and the link node, finally finish GIMPLE figure construction work, make up in detail flow process as shown in Figure 3.On the other hand, controller calling rule parsing module resolution rules file, make up regular expression according to the mode of rule character string, as shown in Figure 4, the rule match module is responsible for carrying out matching operation at GIMPLE figure, simple and easy degree according to rule, call respectively corresponding detection mode and finish actual testing, new route another name information more in the testing process, the path alias analysis module is carried out analyzing and processing to the path another name, Dram distributes, and Dram discharges and the pointer variable assign operation all affects the path alias analysis relation, when testing process runs into the aforesaid operations statement, the path alias analysis module is new route another name information more, if there is matching result, namely there is the execution route of violating the Static Detection rule in path alias analysis module flow process as shown in Figure 5, call the matching result package module and generate the discernible result data of client, read parsing for client, for every matching result, in detail in violation of rules and regulations information and in violation of rules and regulations path condition information corresponding to path are preserved in encapsulation.The path adopts form as shown in Figure 6 to preserve in violation of rules and regulations, can make things convenient for like this other programs to the path signal reconstruct.
Client is that according to the MVC pattern, namely model-view-controller (Model-View-Control) pattern designs, and whole client runs on the Eclipse JRE with the Eclipse card format with the exploitation of Eclipse card format.View layer is responsible for the demonstration of test result data in the MVC pattern.It utilizes Eclipse extension point mechanism, and Eclipse is expanded, and realizes that with the form of Eclipse plug-in unit test result shows, accepts user's control, and the Gimple matching result shows, the functions such as source file editor and coupling mapping.At view layer, the control view is controlled test, as chooses tested project, chooses tested source file, chooses and detects rule file and begin to carry out Static Detection etc.Simultaneously, the control view entrusts controller to finish the file sending function, starts test result mobile phone thread waits acceptance test result data.Test result shows that view then is used for showing test results, as has violated which rule, and the situations such as these rules and user-defined regular warning message violated in which source code language statement.Key-course control sends and receive data, the result data that receives analyzed, and according to analysis result render view layer.In analyzing the mapping render process, need to finish the mapping function of result data GIMPLE statement corresponding GIMPLE node in the corresponding line number of source code view and the GIMPLE match views.Model layer provides client several basic data models, comprises matching result information, and the coupling map information reaches the information of playing up that is used for upgrading view layer.
Claims (7)
1. the static detection method based on embedded software is characterized in that, may further comprise the steps:
The source file structure is analyzed, generated the step of GIMPLE figure, control stream, traffic flow information;
The step that default rule file is resolved;
According to the step of resolving the rule constrain character string structure regular expression that produces;
Step according to regular expression, control stream, traffic flow information executing rule coupling;
If find the coupling clauses and subclauses, then carry out record to violating the statement and the Control flow path that detect rule, encapsulate, with the testing result that encapsulation produces, then analyze demonstration.
2. the static detection method based on embedded software according to claim 1 is characterized in that, in the step of executing rule coupling, also is included in the more step of new route another name information of rule match process.
3. the static detection method based on embedded software according to claim 2 is characterized in that, more new route another name information is specially: when carrying out Dram distribution, Dram release and pointer variable assign operation, more new route is called information.
4. the static detection method based on embedded software according to claim 1 is characterized in that, comprises that also detecting the storehouse by default sensitive resource carries out the responsive step that detects to source file.
5. the static detection method based on embedded software according to claim 1 is characterized in that, described rule match according to the complexity that detects rule, is carried out the rule detection of respective degrees for to carry out matching operation at GIMPLE figure.
6. the Static Detection system based on embedded software is characterized in that, comprising:
Be used for needing to the registration of GCC card cage being responsible for the Plugin events of monitoring, the GCC card cage can call the Plugin events Registering modules of predefined call back function after the Plugin events of monitoring produces;
Be responsible for source code is resolved generation control stream, data dependence, the structural information generation module of the information such as GIMPLE figure;
Finish testing based on GIMPLE figure, the rule detection module that combined control stream and data dependence information detect;
Be responsible for rule file is resolved the described rule parsing module of setting up rule chain;
The model string of rule is processed generation regular expression regular expression make up module;
Be responsible for carrying out matching operation at GIMPLE figure, according to the complexity that detects rule, carry out the rule match module of the rule detection of respective degrees;
The path another name is carried out the module of analyzing and processing, Dram distributes, Dram discharges and the pointer variable assign operation all affects the path alias analysis relation, and when testing process ran into the aforesaid operations statement, the path alias analysis module is the path alias analysis module of new route another name information more;
Adopt consolidation form to encapsulate to the Static Detection result, for every matching result, the matching result package module of the path condition information that the detailed in violation of rules and regulations information of encapsulation preservation and violation path are corresponding.
7. the Static Detection system based on embedded software according to claim 6, it is characterized in that, also comprise the characteristics of sensitive resource being leaked for embedded software, static detecting tool predefine the preservation storehouse predefine rule base of a series of resource leak detection rules.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210309683XA CN102968367A (en) | 2012-08-28 | 2012-08-28 | Static detection method on basis of embedded software and system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210309683XA CN102968367A (en) | 2012-08-28 | 2012-08-28 | Static detection method on basis of embedded software and system thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102968367A true CN102968367A (en) | 2013-03-13 |
Family
ID=47798519
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210309683XA Pending CN102968367A (en) | 2012-08-28 | 2012-08-28 | Static detection method on basis of embedded software and system thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102968367A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105389195A (en) * | 2015-10-27 | 2016-03-09 | 北京理工大学 | Static analysis tool improvement method based on code substitution and regular expression |
| CN106855842A (en) * | 2015-12-08 | 2017-06-16 | 中国航空工业第六八研究所 | A kind of Program Static Analysis method based on regular expression |
| CN107766161A (en) * | 2017-09-29 | 2018-03-06 | 湖北天禾立方智能科技发展有限公司 | MVC frameworks for elevator long-distance monitorng platform |
| CN108133103A (en) * | 2017-12-21 | 2018-06-08 | 大连芯巧电子科技有限公司 | A kind of Electronic Design DFM detecting systems, method and medium |
| CN108874653A (en) * | 2017-05-09 | 2018-11-23 | 腾讯科技(北京)有限公司 | Task test method, test machine, shared server and readable storage medium storing program for executing |
| CN109101427A (en) * | 2018-08-17 | 2018-12-28 | 四川航天系统工程研究所 | A kind of source code level error-detecting method of embedded software |
| CN112346967A (en) * | 2020-10-20 | 2021-02-09 | 四川长虹电器股份有限公司 | Pc-lint cloud service system based on cloud platform, computer equipment and storage medium |
| CN112380122A (en) * | 2020-11-13 | 2021-02-19 | Xc5香港有限公司 | Universal resource static detection method and device, computer equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004145381A (en) * | 2002-10-21 | 2004-05-20 | Hitachi Ltd | Static analysis system for source program |
| CN1877531A (en) * | 2006-06-30 | 2006-12-13 | 浙江大学 | Embedded compiled system scanner accomplishing method |
| CN101017458A (en) * | 2007-03-02 | 2007-08-15 | 北京邮电大学 | Software safety code analyzer based on static analysis of source code and testing method therefor |
-
2012
- 2012-08-28 CN CN201210309683XA patent/CN102968367A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004145381A (en) * | 2002-10-21 | 2004-05-20 | Hitachi Ltd | Static analysis system for source program |
| CN1877531A (en) * | 2006-06-30 | 2006-12-13 | 浙江大学 | Embedded compiled system scanner accomplishing method |
| CN101017458A (en) * | 2007-03-02 | 2007-08-15 | 北京邮电大学 | Software safety code analyzer based on static analysis of source code and testing method therefor |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105389195A (en) * | 2015-10-27 | 2016-03-09 | 北京理工大学 | Static analysis tool improvement method based on code substitution and regular expression |
| CN105389195B (en) * | 2015-10-27 | 2018-08-10 | 北京理工大学 | A kind of static analysis tools improved method replaced based on code with regular expression |
| CN106855842A (en) * | 2015-12-08 | 2017-06-16 | 中国航空工业第六八研究所 | A kind of Program Static Analysis method based on regular expression |
| CN106855842B (en) * | 2015-12-08 | 2020-12-29 | 中国航空工业第六一八研究所 | Program static analysis method based on regular expression |
| CN108874653A (en) * | 2017-05-09 | 2018-11-23 | 腾讯科技(北京)有限公司 | Task test method, test machine, shared server and readable storage medium storing program for executing |
| CN108874653B (en) * | 2017-05-09 | 2023-04-07 | 腾讯科技(北京)有限公司 | Task testing method, tester, shared server and readable storage medium |
| CN107766161A (en) * | 2017-09-29 | 2018-03-06 | 湖北天禾立方智能科技发展有限公司 | MVC frameworks for elevator long-distance monitorng platform |
| CN108133103A (en) * | 2017-12-21 | 2018-06-08 | 大连芯巧电子科技有限公司 | A kind of Electronic Design DFM detecting systems, method and medium |
| CN109101427A (en) * | 2018-08-17 | 2018-12-28 | 四川航天系统工程研究所 | A kind of source code level error-detecting method of embedded software |
| CN112346967A (en) * | 2020-10-20 | 2021-02-09 | 四川长虹电器股份有限公司 | Pc-lint cloud service system based on cloud platform, computer equipment and storage medium |
| CN112380122A (en) * | 2020-11-13 | 2021-02-19 | Xc5香港有限公司 | Universal resource static detection method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102968367A (en) | Static detection method on basis of embedded software and system thereof | |
| Moran et al. | Crashscope: A practical tool for automated testing of android applications | |
| US9535821B1 (en) | Displaying violated coding rules in source code | |
| US8640084B2 (en) | Generating validation test suites | |
| US20200379739A1 (en) | External Code Integrations Within a Computing Environment | |
| US20130091387A1 (en) | Method for Automatically Generating a Trace Data Set for a Software System, a Computer System, and a Computer Program Product | |
| Nguyen et al. | Detection of embedded code smells in dynamic web applications | |
| CN104731566B (en) | Integrated Development Environment test device, method and system | |
| CN103699480A (en) | WEB dynamic security flaw detection method based on JAVA | |
| CN107704393A (en) | Data test method, apparatus and electronic equipment | |
| CN109871312B (en) | Interface testing method, device, equipment and readable storage medium | |
| CN111475390A (en) | Log collection system deployment method, device, equipment and storage medium | |
| WO2020096665A2 (en) | System error detection | |
| CN112241370B (en) | API interface class checking method, system and device | |
| CN110134604A (en) | A kind of unit or interface test method, device and computer equipment without code | |
| CN113590454A (en) | Test method, test device, computer equipment and storage medium | |
| CN104375932B (en) | Method and device for analyzing code coverage rate of Java card | |
| CN102298112B (en) | The method of testing of a kind of PLD and system | |
| US20100251208A1 (en) | Validating Behavioral Diagrams | |
| CN117370203B (en) | Automatic test method, system, electronic equipment and storage medium | |
| US9280627B1 (en) | GUI based verification at multiple abstraction levels | |
| CN105339974B (en) | Analog sensor | |
| CN113010409B (en) | Intelligent contract testing method and device, electronic equipment and storage medium | |
| CN114237625A (en) | Micro-service dependent link static analysis method and system based on syntax analysis tree | |
| CN109308256B (en) | Dynamic analysis method, equipment and storage medium for java program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130313 |