CN106919501A - Static Analysis Method and instrument based on defect mode - Google Patents

Static Analysis Method and instrument based on defect mode Download PDF

Info

Publication number
CN106919501A
CN106919501A CN201510994119.XA CN201510994119A CN106919501A CN 106919501 A CN106919501 A CN 106919501A CN 201510994119 A CN201510994119 A CN 201510994119A CN 106919501 A CN106919501 A CN 106919501A
Authority
CN
China
Prior art keywords
analysis
defect mode
defect
file
program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510994119.XA
Other languages
Chinese (zh)
Inventor
刘磊
何沁洁
孙渊博
常青
穆森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING AEROSPACE AIWEI ELECTRONIC TECHNOLOGY Co Ltd
Beijing Institute of Computer Technology and Application
Original Assignee
BEIJING AEROSPACE AIWEI ELECTRONIC TECHNOLOGY Co Ltd
Beijing Institute of Computer Technology and Application
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING AEROSPACE AIWEI ELECTRONIC TECHNOLOGY Co Ltd, Beijing Institute of Computer Technology and Application filed Critical BEIJING AEROSPACE AIWEI ELECTRONIC TECHNOLOGY Co Ltd
Priority to CN201510994119.XA priority Critical patent/CN106919501A/en
Publication of CN106919501A publication Critical patent/CN106919501A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites

Abstract

The invention discloses a kind of Program Static Analysis Method and kit for based on defect mode, including:The defect mode of preedit program;Traversal file, the file of analysis needed for finding;Source program is progressively scanned, code of the removal without analysis;Defect analysis are carried out, calls the defect mode to be matched with the program after removal code, if the match is successful, illustrate that this document has the defect.The beneficial effects of the present invention are a kind of Static Analysis Method and instrument based on defect mode of the invention, it is possible to achieve the compliance check of application system make guidance to the preparation before migration, and the autonomous controllable migration to application system is estimated and instructs.

Description

Static Analysis Method and instrument based on defect mode
Technical field
The present invention relates to source code analysis field, more particularly to a kind of Static Analysis Method and instrument based on defect mode.
Background technology
Currently, China's hardware/software infrastructure, including processor, operating system, even crucial application software (such as database, application server), depend on foreign technology mostly." prism door " event shows deeply:Software and hardware basic platform is not autonomous, and security protection system just performs practically no function.It is requirement that the response Military Commission of the CPC Central Committee proposes " carry forward vigorously autonomous controllable Information System configuration, break away from information technology situation under one's control ", a series of policy documents of national successively issue strongly advance domestic autonomy-oriented construction application.
Autonomous controllable platform is using domestic Godson, chip architecture of soaring, acceptance of the bid kylin operating system of the operation based on Linux.Due to there is larger difference under bottom operation instruction, hardware environment and system development environment and autonomous controllable platform under Wintel environment.Such as the difference of bottom operation instruction between windows platform and Linux platform, Intel chips and domestic Godson, the difference of chip architecture of soaring, the types of applications system based on Windows IDEs originally developed in government, each enterprises and institutions, there are problems that with Linux platform development environment, cause original application software directly to be run in autonomous controllable server and autonomous controllable terminal.
In the migration for carrying out autonomous controlled application software is transformed or reconstructs work, the achievement of the informatization for having been formed can not all be abandoned due to autonomous controllable, and if because it is autonomous it is controllable cause the significantly retrogressing of the level of IT application to be also unacceptable user, it is therefore desirable to the various information software that having corresponding means can be based on being developed under Wintel environment complete smoothly migration transformation or quickly reconstruction in autonomous controllable platform.
Therefore in the urgent need to a kind of source code appraisal procedure, the feasibility of autonomous controllable platform migration is carried out for rapid evaluation software systems, and guidance is made to the preparation before migration, and realize the compliance check of application system, complete to the autonomous controllable migration assessment of application system and the work such as instruct.
The content of the invention
A kind of Program Static Analysis method based on defect mode of the present invention, including:The defect mode of preedit program;Traversal file, the file of analysis needed for finding;Source program is progressively scanned, code of the removal without analysis;Defect analysis are carried out, calls the defect mode to be matched with the program after removal code, if the match is successful, illustrate that this document has the defect.
One embodiment of the Program Static Analysis method based on defect mode of the invention, wherein, file is traveled through, the file of analysis needed for finding, including:Catalogue where by reading the source program that user specifies, obtains All Files under the catalogue, is traveled through, and the problem types analyzed as needed is filtered to file.
One embodiment of the Program Static Analysis method based on defect mode of the invention, wherein, to source program progressively scan the information for obtaining includes class name, affiliated bag, quotes bag, data member and its affiliated type, member method and its number of parameters, parameter type and return value.
One embodiment of the Program Static Analysis method based on defect mode of the invention, wherein, the defect mode is stored in database, carries out file type, the defect type analyzed as needed before defect analysis, is read from database.
One embodiment of the Program Static Analysis method based on defect mode of the invention, wherein, after obtaining the result for calling the defect mode to be matched with the program after the removal code, according to defect mode, for each defect mode, collect the defect mode file that the match is successful, the defect mode number of times that the match is successful and its place line number in each file.
A kind of static analysis tools based on defect mode of the present invention, wherein, including:Analysis engine and knowledge schema DBM;The knowledge schema DBM is used for the defect mode of storage program;The analysis engine is used to travel through file, the file of analysis needed for finding;Source program is progressively scanned, code of the removal without analysis;And from the knowledge schema DBM call the defect mode and with removal code after program matched.
The beneficial effects of the present invention are the present invention a kind of Static Analysis Method and instrument based on defect mode, it is possible to achieve the compliance check of application system make guidance to the preparation before migration, and the autonomous controllable migration to application system is estimated and instructs.
Brief description of the drawings
Fig. 1 show the module map of static analysis tools of the present invention based on defect mode;
Fig. 2 show the workflow diagram of static analysis tools of the present invention based on defect mode.
Specific embodiment
To make the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, specific embodiment of the invention is described in further detail.
Fig. 1 show the module map of static analysis tools of the present invention based on defect mode, as shown in figure 1, analysis tool 2 includes:Analysis engine 3 and knowledge schema DBM 5.
With reference to Fig. 1, knowledge schema DBM 5 is used to store defect mode.File type, the defect type analyzed as needed are needed before carrying out defect analysis, is read from database.After defect mode is loaded successfully, defect mode data model can be stored as, for defect analysis.
Analysis engine 3 is used for catalogue where by reading the source program that user specifies, and obtains All Files under the catalogue.Travel through all of file and file under the catalogue, the problem types analyzed as needed is filtered to file, such as defect of analysis Java language and sql like language needs concern to extend the source files of program of entitled " .java ", analysis JavaScript language needs concern to extend the source files of program of entitled " .js ", while needing to skip third-party library file.The document base information of all concerns is collected, the data model of fileinfo is formed.Analysis engine 3 is additionally operable to being progressively scanned to source program, and removal has been filtered out and annotated with the single file of " // " beginning herein without the code of analysis;The multirow block for being started with "/* " and being ended up with " */" is annotated;With the declarative statement that "@" starts;Independent rows of bracket, including round bracket " () ", bracket " [] " and braces " { } ", and null.Meanwhile, analyze source code.For " .java " file, analysis obtains the essential information of java class, including class name, affiliated bag, reference bag, data member and its affiliated type, member method and its number of parameters, parameter type and return value.Finally source code by analysis and relevant information are stored in file model, defect analysis are later used to.Analysis engine 3 carries out defect analysis according to file model and defect mode data model.File model is traveled through first, for each file model, travels through defect mode data model, the source code file content of file model is matched with the defective form of the definition in defect mode data model, Model Matching is carried out, if the match is successful, illustrates that this document has the defect.Finally, defect match information is stored as data model.And based on data model, generate analysis result.Analysis result is distinguished according to defect mode, for each defect mode, collects the defect mode file that the match is successful, the defect mode number of times that the match is successful and its place line number in each file.For each defect mode, can also list and targetedly solve suggestion, user can carry out the modification of source code according to suggestion is solved.
Present invention also offers a kind of Static Analysis Method based on defect mode, it is Java language and JavaScript language to be mainly used in analysis source program language.
It is other that defect mode is divided into three major types:The defect mode of the defect mode of Java language, the defect mode of JavaScript language and sql like language.
The defect mode of Java language can be subdivided into system and call defect mode, newly-built array/container object defect mode, object-instantiated defect mode.It refers to that system related script or executable program are have invoked in java applet that wherein system calls defect mode, due to autonomous controllable platform operating system of the operation based on Linux, original script called on windows or executable program can not run in autonomous controllable platform.Newly-built array/container object defect mode, object-instantiated defect mode are related to the rubbish machine for automatically recovering system of Java, Java rubbish machine for automatically recovering systems JVM operational efficiency is influenceed in autonomous controllable platform, it is proposed that reclaim manually.
The defect mode of JavaScript language can be subdivided into method call defect mode, ActiveX defect modes, dialog box and open defect mode, page jump defect mode, page elements acquisition defect mode.Wherein method call defect mode refers to some JavaScript methods, such as innerText, in IE can normal work, but there is no IE browser on the linux system of autonomous controllable platform, it is necessary to compatible Firefox browser;ActiveX defect modes refer under IE, it is possible to use ActiveX control;Under Firefox, it is impossible to use.ActiveX control technology is only limitted to windows platform, it is necessary to be based on NPAPI or QtBrowserPlugin, and Firefox plug-in units are developed again.The related defect mode of JavaScript language is exactly to solve the problems, such as Firefox browser compatibility.
Sql like language defect mode refers to then built-in function defect mode.Original application system in windows platform developments has used the databases such as SQL Server, MySQL, Oracle.Autonomous controllable platform needs to run Domestic Database, such as up to dream database and magic database.Although two class databases all support the SQL statement of standard, there is larger difference on built-in function, the purpose of sql like language defect mode is to solve the problems, such as that database built-in function is incompatible.
Include the present invention relates to a kind of Static Analysis Method based on defect mode:
Obtain source program
Catalogue where by reading the source program that user specifies, obtains All Files under the catalogue.Travel through all of file and file under the catalogue, the problem types analyzed as needed is filtered to file, such as defect of analysis Java language and sql like language needs concern to extend the source files of program of entitled " .java ", analysis JavaScript language needs concern to extend the source files of program of entitled " .js ", while needing to skip third-party library file.The document base information of all concerns is collected, the data model of fileinfo is formed.
Analysis source program
Source program is progressively scanned, removal has been filtered out and annotated with the single file of " // " beginning herein without the code of analysis;The multirow block for being started with "/* " and being ended up with " */" is annotated;With the declarative statement that "@" starts;Independent rows of bracket, including round bracket " () ", bracket " [] " and braces " { } ", and null.
Meanwhile, analyze source code.For " .java " file, analysis obtains the essential information of java class, including class name, affiliated bag, reference bag, data member and its affiliated type, member method and its number of parameters, parameter type and return value.Finally source code by analysis and relevant information are stored in file model, defect analysis are later used to.
Defect mode is loaded
By defect mode storage in database.File type, the defect type analyzed as needed are needed before carrying out defect analysis, is read from database.After defect mode is loaded successfully, defect mode data model can be stored as, for defect analysis.
Defect analysis
The defect mode data model of file model and step 3 generation based on step 2 generation, carries out defect analysis.File model is traveled through first, for each file model, travels through defect mode data model, the source code file content of file model is matched with the defective form of the definition in defect mode data model, Model Matching is carried out, if the match is successful, illustrates that this document has the defect.Finally, defect match information is stored as data model.
Generation analysis result
Based on the data model of step 4 generation, analysis result is generated.Analysis result is distinguished according to defect mode, for each defect mode, collects the defect mode file that the match is successful, the defect mode number of times that the match is successful and its place line number in each file.For each defect mode, can also list and targetedly solve suggestion, user can carry out the modification of source code according to suggestion is solved.
In order to explore efficiently easy-to-use extended mode, so as to reduce the learning cost of user, the Defect Search ability of quick enhancing instrument, the present invention proposes an aacode defect Static Analysis Method for supporting semi-automatic extension, and the method has the characteristics that:
Defect mode storehouse for autonomous controllable platform is formd according to migration experience.The problem and solution run into transition process based on former application system, induction and conclusion out a set of migration experience storehouse, and form the defect mode storehouse for being applied to autonomous controllable platform application system code static analysis, the storehouse contains the required defect mode description used when carrying out static analysis to application system source code, and summarizes the solution of suggestion for each defect mode and solve required workload.
There is provided " semi-automation extension " mechanism in defect mode storehouse.There is provided some different types of " defect mode description templates ".User can select appropriate template quickly to increase defect mode according to their needs.User selects template and inserts necessary information, and generation meets " the defect mode description " of call format, is then added in defect mode storehouse.The semi-automatic extension mechanism in defect mode storehouse makes user from hand-coding code, it is not required that spend too many energy to learn certain language for description defect mode.
The beneficial effects of the present invention are the method can realize the compliance check of application system, and guidance is made to the preparation before migration, and the autonomous controllable migration to application system is estimated and instructs.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, on the premise of the technology of the present invention principle is not departed from; some improvement and deformation can also be made, these are improved and deformation also should be regarded as protection scope of the present invention.

Claims (6)

1. a kind of Program Static Analysis method based on defect mode, including:
The defect mode of preedit program;
Traversal file, the file of analysis needed for finding;
Source program is progressively scanned, code of the removal without analysis;
Defect analysis are carried out, call the defect mode to be matched with the program after removal code, If the match is successful, illustrate that this document has the defect.
2. the Program Static Analysis method of defect mode is based on as claimed in claim 1, its It is characterised by, travels through file, the file of analysis needed for finding, including:
Catalogue where by reading the source program that user specifies, obtains All Files under the catalogue, Traveled through, the problem types analyzed as needed is filtered to file.
3. the Program Static Analysis method of defect mode is based on as claimed in claim 1, its It is characterised by, to source program progressively scan the information for obtaining includes class name, affiliated bag, draws With bag, data member and its affiliated type, member method and its number of parameters, parameter type with Return value.
4. the Program Static Analysis method of defect mode is based on as claimed in claim 1, its It is characterised by, the defect mode is stored in database, before carrying out defect analysis as needed The file type of analysis, defect type, read from database.
5. the Program Static Analysis method of defect mode is based on as claimed in claim 1, its It is characterised by, obtains the knot for calling the defect mode to be matched with the program after the removal code After fruit, according to defect mode, for each defect mode, the match is successful to collect the defect mode File, the defect mode number of times that the match is successful and its place line number in each file.
6. a kind of static analysis tools based on defect mode, it is characterised in that including:Point Analysis engine and knowledge schema DBM;
The knowledge schema DBM is used for the defect mode of storage program;
The analysis engine is used to travel through file, the file of analysis needed for finding;Source program is carried out Progressive scan, code of the removal without analysis;And called from the knowledge schema DBM The defect mode is simultaneously matched with the program after removal code.
CN201510994119.XA 2015-12-25 2015-12-25 Static Analysis Method and instrument based on defect mode Pending CN106919501A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510994119.XA CN106919501A (en) 2015-12-25 2015-12-25 Static Analysis Method and instrument based on defect mode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510994119.XA CN106919501A (en) 2015-12-25 2015-12-25 Static Analysis Method and instrument based on defect mode

Publications (1)

Publication Number Publication Date
CN106919501A true CN106919501A (en) 2017-07-04

Family

ID=59455554

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510994119.XA Pending CN106919501A (en) 2015-12-25 2015-12-25 Static Analysis Method and instrument based on defect mode

Country Status (1)

Country Link
CN (1) CN106919501A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109582567A (en) * 2018-11-07 2019-04-05 深圳竹云科技有限公司 A kind of software defect mode research method based on static analysis
CN109977014A (en) * 2019-03-22 2019-07-05 泰康保险集团股份有限公司 Code error recognition methods, device, equipment and storage medium based on block chain
CN111966578A (en) * 2020-07-12 2020-11-20 复旦大学 Automatic evaluation method for android compatibility defect repair effect

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7787474B2 (en) * 2002-09-12 2010-08-31 International Business Machines Corporation Method and apparatus for deep packet processing
CN102231134A (en) * 2011-07-29 2011-11-02 哈尔滨工业大学 Method for detecting redundant code defects based on static analysis
CN103914372A (en) * 2012-12-31 2014-07-09 北京启明星辰信息技术股份有限公司 Program slicing based parallelization method and device of code defect static detection
CN105068925A (en) * 2015-07-29 2015-11-18 北京理工大学 Software security flaw discovering system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7787474B2 (en) * 2002-09-12 2010-08-31 International Business Machines Corporation Method and apparatus for deep packet processing
CN102231134A (en) * 2011-07-29 2011-11-02 哈尔滨工业大学 Method for detecting redundant code defects based on static analysis
CN103914372A (en) * 2012-12-31 2014-07-09 北京启明星辰信息技术股份有限公司 Program slicing based parallelization method and device of code defect static detection
CN105068925A (en) * 2015-07-29 2015-11-18 北京理工大学 Software security flaw discovering system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109582567A (en) * 2018-11-07 2019-04-05 深圳竹云科技有限公司 A kind of software defect mode research method based on static analysis
CN109977014A (en) * 2019-03-22 2019-07-05 泰康保险集团股份有限公司 Code error recognition methods, device, equipment and storage medium based on block chain
CN111966578A (en) * 2020-07-12 2020-11-20 复旦大学 Automatic evaluation method for android compatibility defect repair effect

Similar Documents

Publication Publication Date Title
CN104252410B (en) The method and apparatus that a kind of control in the page is tested
US8954936B2 (en) Enhancing functional tests coverage using traceability and static analysis
CN107220274B (en) Visual data interface market realization method
CN106919501A (en) Static Analysis Method and instrument based on defect mode
CN109657675B (en) Image annotation method and device, computer equipment and readable storage medium
CN105808417A (en) Automated testing method and proxy server
CN104461901A (en) Method and system for automatically generating test case
CN106294134A (en) The collapse localization method of code and device
CN105677306A (en) Automation script compiling method and device
CN103425572A (en) Code analyzing method and system
CN105760290A (en) Problem positioning method based on web front-end testing as well as related device and system
AU2015202463B2 (en) Capturing specific information based on field information associated with a document class
CN111008322A (en) Method and system for automatically identifying effective data acquisition module
CN109147883A (en) Original document mapping, management method and its system applied to clinical testing data
CN104899042A (en) Embedded machine vision inspection program development method and system
CN106919374B (en) Script generation method and device
CN105243020B (en) A kind of automated testing method suitable for wide-area distribution type real-time data base
CN103927212A (en) Method and device for automatically analyzing source file information
CN105786787A (en) Efficient PDF report form testing method based on Java
CN103186551B (en) Exception analysis method and analogue system based on web application platform
CN110674083A (en) Workflow migration method, device, equipment and computer readable storage medium
CN110807007A (en) Target detection model training method, device and system and storage medium
CN104750604A (en) Generating method and device for browser compatibility test case
CN111159262A (en) Automatic driving simulation data processing method and device
CN105740141B (en) A kind of automated detection method and its device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170704