CN106919501A - Static Analysis Method and instrument based on defect mode - Google Patents
Static Analysis Method and instrument based on defect mode Download PDFInfo
- Publication number
- CN106919501A CN106919501A CN201510994119.XA CN201510994119A CN106919501A CN 106919501 A CN106919501 A CN 106919501A CN 201510994119 A CN201510994119 A CN 201510994119A CN 106919501 A CN106919501 A CN 106919501A
- Authority
- CN
- China
- Prior art keywords
- defect mode
- defect
- analysis
- program
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a kind of Program Static Analysis Method and kit for based on defect mode, including:The defect mode of preedit program;Traversal file, the file of analysis needed for finding;Source program is progressively scanned, code of the removal without analysis;Defect analysis are carried out, calls the defect mode to be matched with the program after removal code, if the match is successful, illustrate that this document has the defect.The beneficial effects of the present invention are a kind of Static Analysis Method and instrument based on defect mode of the invention, it is possible to achieve the compliance check of application system make guidance to the preparation before migration, and the autonomous controllable migration to application system is estimated and instructs.
Description
Technical field
The present invention relates to source code analysis field, more particularly to a kind of Static Analysis Method and instrument based on defect mode.
Background technology
Currently, China's hardware/software infrastructure, including processor, operating system, even crucial application software (such as database, application server), depend on foreign technology mostly." prism door " event shows deeply:Software and hardware basic platform is not autonomous, and security protection system just performs practically no function.It is requirement that the response Military Commission of the CPC Central Committee proposes " carry forward vigorously autonomous controllable Information System configuration, break away from information technology situation under one's control ", a series of policy documents of national successively issue strongly advance domestic autonomy-oriented construction application.
Autonomous controllable platform is using domestic Godson, chip architecture of soaring, acceptance of the bid kylin operating system of the operation based on Linux.Due to there is larger difference under bottom operation instruction, hardware environment and system development environment and autonomous controllable platform under Wintel environment.Such as the difference of bottom operation instruction between windows platform and Linux platform, Intel chips and domestic Godson, the difference of chip architecture of soaring, the types of applications system based on Windows IDEs originally developed in government, each enterprises and institutions, there are problems that with Linux platform development environment, cause original application software directly to be run in autonomous controllable server and autonomous controllable terminal.
In the migration for carrying out autonomous controlled application software is transformed or reconstructs work, the achievement of the informatization for having been formed can not all be abandoned due to autonomous controllable, and if because it is autonomous it is controllable cause the significantly retrogressing of the level of IT application to be also unacceptable user, it is therefore desirable to the various information software that having corresponding means can be based on being developed under Wintel environment complete smoothly migration transformation or quickly reconstruction in autonomous controllable platform.
Therefore in the urgent need to a kind of source code appraisal procedure, the feasibility of autonomous controllable platform migration is carried out for rapid evaluation software systems, and guidance is made to the preparation before migration, and realize the compliance check of application system, complete to the autonomous controllable migration assessment of application system and the work such as instruct.
The content of the invention
A kind of Program Static Analysis method based on defect mode of the present invention, including:The defect mode of preedit program;Traversal file, the file of analysis needed for finding;Source program is progressively scanned, code of the removal without analysis;Defect analysis are carried out, calls the defect mode to be matched with the program after removal code, if the match is successful, illustrate that this document has the defect.
One embodiment of the Program Static Analysis method based on defect mode of the invention, wherein, file is traveled through, the file of analysis needed for finding, including:Catalogue where by reading the source program that user specifies, obtains All Files under the catalogue, is traveled through, and the problem types analyzed as needed is filtered to file.
One embodiment of the Program Static Analysis method based on defect mode of the invention, wherein, to source program progressively scan the information for obtaining includes class name, affiliated bag, quotes bag, data member and its affiliated type, member method and its number of parameters, parameter type and return value.
One embodiment of the Program Static Analysis method based on defect mode of the invention, wherein, the defect mode is stored in database, carries out file type, the defect type analyzed as needed before defect analysis, is read from database.
One embodiment of the Program Static Analysis method based on defect mode of the invention, wherein, after obtaining the result for calling the defect mode to be matched with the program after the removal code, according to defect mode, for each defect mode, collect the defect mode file that the match is successful, the defect mode number of times that the match is successful and its place line number in each file.
A kind of static analysis tools based on defect mode of the present invention, wherein, including:Analysis engine and knowledge schema DBM;The knowledge schema DBM is used for the defect mode of storage program;The analysis engine is used to travel through file, the file of analysis needed for finding;Source program is progressively scanned, code of the removal without analysis;And from the knowledge schema DBM call the defect mode and with removal code after program matched.
The beneficial effects of the present invention are the present invention a kind of Static Analysis Method and instrument based on defect mode, it is possible to achieve the compliance check of application system make guidance to the preparation before migration, and the autonomous controllable migration to application system is estimated and instructs.
Brief description of the drawings
Fig. 1 show the module map of static analysis tools of the present invention based on defect mode;
Fig. 2 show the workflow diagram of static analysis tools of the present invention based on defect mode.
Specific embodiment
To make the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, specific embodiment of the invention is described in further detail.
Fig. 1 show the module map of static analysis tools of the present invention based on defect mode, as shown in figure 1, analysis tool 2 includes:Analysis engine 3 and knowledge schema DBM 5.
With reference to Fig. 1, knowledge schema DBM 5 is used to store defect mode.File type, the defect type analyzed as needed are needed before carrying out defect analysis, is read from database.After defect mode is loaded successfully, defect mode data model can be stored as, for defect analysis.
Analysis engine 3 is used for catalogue where by reading the source program that user specifies, and obtains All Files under the catalogue.Travel through all of file and file under the catalogue, the problem types analyzed as needed is filtered to file, such as defect of analysis Java language and sql like language needs concern to extend the source files of program of entitled " .java ", analysis JavaScript language needs concern to extend the source files of program of entitled " .js ", while needing to skip third-party library file.The document base information of all concerns is collected, the data model of fileinfo is formed.Analysis engine 3 is additionally operable to being progressively scanned to source program, and removal has been filtered out and annotated with the single file of " // " beginning herein without the code of analysis;The multirow block for being started with "/* " and being ended up with " */" is annotated;With the declarative statement that "@" starts;Independent rows of bracket, including round bracket " () ", bracket " [] " and braces " { } ", and null.Meanwhile, analyze source code.For " .java " file, analysis obtains the essential information of java class, including class name, affiliated bag, reference bag, data member and its affiliated type, member method and its number of parameters, parameter type and return value.Finally source code by analysis and relevant information are stored in file model, defect analysis are later used to.Analysis engine 3 carries out defect analysis according to file model and defect mode data model.File model is traveled through first, for each file model, travels through defect mode data model, the source code file content of file model is matched with the defective form of the definition in defect mode data model, Model Matching is carried out, if the match is successful, illustrates that this document has the defect.Finally, defect match information is stored as data model.And based on data model, generate analysis result.Analysis result is distinguished according to defect mode, for each defect mode, collects the defect mode file that the match is successful, the defect mode number of times that the match is successful and its place line number in each file.For each defect mode, can also list and targetedly solve suggestion, user can carry out the modification of source code according to suggestion is solved.
Present invention also offers a kind of Static Analysis Method based on defect mode, it is Java language and JavaScript language to be mainly used in analysis source program language.
It is other that defect mode is divided into three major types:The defect mode of the defect mode of Java language, the defect mode of JavaScript language and sql like language.
The defect mode of Java language can be subdivided into system and call defect mode, newly-built array/container object defect mode, object-instantiated defect mode.It refers to that system related script or executable program are have invoked in java applet that wherein system calls defect mode, due to autonomous controllable platform operating system of the operation based on Linux, original script called on windows or executable program can not run in autonomous controllable platform.Newly-built array/container object defect mode, object-instantiated defect mode are related to the rubbish machine for automatically recovering system of Java, Java rubbish machine for automatically recovering systems JVM operational efficiency is influenceed in autonomous controllable platform, it is proposed that reclaim manually.
The defect mode of JavaScript language can be subdivided into method call defect mode, ActiveX defect modes, dialog box and open defect mode, page jump defect mode, page elements acquisition defect mode.Wherein method call defect mode refers to some JavaScript methods, such as innerText, in IE can normal work, but there is no IE browser on the linux system of autonomous controllable platform, it is necessary to compatible Firefox browser;ActiveX defect modes refer under IE, it is possible to use ActiveX control;Under Firefox, it is impossible to use.ActiveX control technology is only limitted to windows platform, it is necessary to be based on NPAPI or QtBrowserPlugin, and Firefox plug-in units are developed again.The related defect mode of JavaScript language is exactly to solve the problems, such as Firefox browser compatibility.
Sql like language defect mode refers to then built-in function defect mode.Original application system in windows platform developments has used the databases such as SQL Server, MySQL, Oracle.Autonomous controllable platform needs to run Domestic Database, such as up to dream database and magic database.Although two class databases all support the SQL statement of standard, there is larger difference on built-in function, the purpose of sql like language defect mode is to solve the problems, such as that database built-in function is incompatible.
Include the present invention relates to a kind of Static Analysis Method based on defect mode:
Obtain source program
Catalogue where by reading the source program that user specifies, obtains All Files under the catalogue.Travel through all of file and file under the catalogue, the problem types analyzed as needed is filtered to file, such as defect of analysis Java language and sql like language needs concern to extend the source files of program of entitled " .java ", analysis JavaScript language needs concern to extend the source files of program of entitled " .js ", while needing to skip third-party library file.The document base information of all concerns is collected, the data model of fileinfo is formed.
Analysis source program
Source program is progressively scanned, removal has been filtered out and annotated with the single file of " // " beginning herein without the code of analysis;The multirow block for being started with "/* " and being ended up with " */" is annotated;With the declarative statement that "@" starts;Independent rows of bracket, including round bracket " () ", bracket " [] " and braces " { } ", and null.
Meanwhile, analyze source code.For " .java " file, analysis obtains the essential information of java class, including class name, affiliated bag, reference bag, data member and its affiliated type, member method and its number of parameters, parameter type and return value.Finally source code by analysis and relevant information are stored in file model, defect analysis are later used to.
Defect mode is loaded
By defect mode storage in database.File type, the defect type analyzed as needed are needed before carrying out defect analysis, is read from database.After defect mode is loaded successfully, defect mode data model can be stored as, for defect analysis.
Defect analysis
The defect mode data model of file model and step 3 generation based on step 2 generation, carries out defect analysis.File model is traveled through first, for each file model, travels through defect mode data model, the source code file content of file model is matched with the defective form of the definition in defect mode data model, Model Matching is carried out, if the match is successful, illustrates that this document has the defect.Finally, defect match information is stored as data model.
Generation analysis result
Based on the data model of step 4 generation, analysis result is generated.Analysis result is distinguished according to defect mode, for each defect mode, collects the defect mode file that the match is successful, the defect mode number of times that the match is successful and its place line number in each file.For each defect mode, can also list and targetedly solve suggestion, user can carry out the modification of source code according to suggestion is solved.
In order to explore efficiently easy-to-use extended mode, so as to reduce the learning cost of user, the Defect Search ability of quick enhancing instrument, the present invention proposes an aacode defect Static Analysis Method for supporting semi-automatic extension, and the method has the characteristics that:
Defect mode storehouse for autonomous controllable platform is formd according to migration experience.The problem and solution run into transition process based on former application system, induction and conclusion out a set of migration experience storehouse, and form the defect mode storehouse for being applied to autonomous controllable platform application system code static analysis, the storehouse contains the required defect mode description used when carrying out static analysis to application system source code, and summarizes the solution of suggestion for each defect mode and solve required workload.
There is provided " semi-automation extension " mechanism in defect mode storehouse.There is provided some different types of " defect mode description templates ".User can select appropriate template quickly to increase defect mode according to their needs.User selects template and inserts necessary information, and generation meets " the defect mode description " of call format, is then added in defect mode storehouse.The semi-automatic extension mechanism in defect mode storehouse makes user from hand-coding code, it is not required that spend too many energy to learn certain language for description defect mode.
The beneficial effects of the present invention are the method can realize the compliance check of application system, and guidance is made to the preparation before migration, and the autonomous controllable migration to application system is estimated and instructs.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, on the premise of the technology of the present invention principle is not departed from; some improvement and deformation can also be made, these are improved and deformation also should be regarded as protection scope of the present invention.
Claims (6)
1. a kind of Program Static Analysis method based on defect mode, including:
The defect mode of preedit program;
Traversal file, the file of analysis needed for finding;
Source program is progressively scanned, code of the removal without analysis;
Defect analysis are carried out, call the defect mode to be matched with the program after removal code,
If the match is successful, illustrate that this document has the defect.
2. the Program Static Analysis method of defect mode is based on as claimed in claim 1, its
It is characterised by, travels through file, the file of analysis needed for finding, including:
Catalogue where by reading the source program that user specifies, obtains All Files under the catalogue,
Traveled through, the problem types analyzed as needed is filtered to file.
3. the Program Static Analysis method of defect mode is based on as claimed in claim 1, its
It is characterised by, to source program progressively scan the information for obtaining includes class name, affiliated bag, draws
With bag, data member and its affiliated type, member method and its number of parameters, parameter type with
Return value.
4. the Program Static Analysis method of defect mode is based on as claimed in claim 1, its
It is characterised by, the defect mode is stored in database, before carrying out defect analysis as needed
The file type of analysis, defect type, read from database.
5. the Program Static Analysis method of defect mode is based on as claimed in claim 1, its
It is characterised by, obtains the knot for calling the defect mode to be matched with the program after the removal code
After fruit, according to defect mode, for each defect mode, the match is successful to collect the defect mode
File, the defect mode number of times that the match is successful and its place line number in each file.
6. a kind of static analysis tools based on defect mode, it is characterised in that including:Point
Analysis engine and knowledge schema DBM;
The knowledge schema DBM is used for the defect mode of storage program;
The analysis engine is used to travel through file, the file of analysis needed for finding;Source program is carried out
Progressive scan, code of the removal without analysis;And called from the knowledge schema DBM
The defect mode is simultaneously matched with the program after removal code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510994119.XA CN106919501A (en) | 2015-12-25 | 2015-12-25 | Static Analysis Method and instrument based on defect mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510994119.XA CN106919501A (en) | 2015-12-25 | 2015-12-25 | Static Analysis Method and instrument based on defect mode |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106919501A true CN106919501A (en) | 2017-07-04 |
Family
ID=59455554
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510994119.XA Pending CN106919501A (en) | 2015-12-25 | 2015-12-25 | Static Analysis Method and instrument based on defect mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106919501A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109582567A (en) * | 2018-11-07 | 2019-04-05 | 深圳竹云科技有限公司 | A kind of software defect mode research method based on static analysis |
| CN109918294A (en) * | 2019-01-29 | 2019-06-21 | 刘建鹏 | A kind of autonomous controllability detection method of mixed source software and system |
| CN109977014A (en) * | 2019-03-22 | 2019-07-05 | 泰康保险集团股份有限公司 | Code error recognition methods, device, equipment and storage medium based on block chain |
| CN111966578A (en) * | 2020-07-12 | 2020-11-20 | 复旦大学 | Automatic evaluation method for android compatibility defect repair effect |
| CN116009960A (en) * | 2023-02-14 | 2023-04-25 | 花瓣云科技有限公司 | Target micro-service migration method, system and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7787474B2 (en) * | 2002-09-12 | 2010-08-31 | International Business Machines Corporation | Method and apparatus for deep packet processing |
| CN102231134A (en) * | 2011-07-29 | 2011-11-02 | 哈尔滨工业大学 | Method for detecting redundant code defects based on static analysis |
| CN103914372A (en) * | 2012-12-31 | 2014-07-09 | 北京启明星辰信息技术股份有限公司 | Program slicing based parallelization method and device of code defect static detection |
| CN105068925A (en) * | 2015-07-29 | 2015-11-18 | 北京理工大学 | Software security flaw discovering system |
-
2015
- 2015-12-25 CN CN201510994119.XA patent/CN106919501A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7787474B2 (en) * | 2002-09-12 | 2010-08-31 | International Business Machines Corporation | Method and apparatus for deep packet processing |
| CN102231134A (en) * | 2011-07-29 | 2011-11-02 | 哈尔滨工业大学 | Method for detecting redundant code defects based on static analysis |
| CN103914372A (en) * | 2012-12-31 | 2014-07-09 | 北京启明星辰信息技术股份有限公司 | Program slicing based parallelization method and device of code defect static detection |
| CN105068925A (en) * | 2015-07-29 | 2015-11-18 | 北京理工大学 | Software security flaw discovering system |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109582567A (en) * | 2018-11-07 | 2019-04-05 | 深圳竹云科技有限公司 | A kind of software defect mode research method based on static analysis |
| CN109918294A (en) * | 2019-01-29 | 2019-06-21 | 刘建鹏 | A kind of autonomous controllability detection method of mixed source software and system |
| CN109918294B (en) * | 2019-01-29 | 2022-06-07 | 刘建鹏 | Method and system for detecting autonomous controllability of mixed source software |
| CN109977014A (en) * | 2019-03-22 | 2019-07-05 | 泰康保险集团股份有限公司 | Code error recognition methods, device, equipment and storage medium based on block chain |
| CN111966578A (en) * | 2020-07-12 | 2020-11-20 | 复旦大学 | Automatic evaluation method for android compatibility defect repair effect |
| CN116009960A (en) * | 2023-02-14 | 2023-04-25 | 花瓣云科技有限公司 | Target micro-service migration method, system and electronic equipment |
| CN116009960B (en) * | 2023-02-14 | 2024-01-23 | 花瓣云科技有限公司 | Target micro-service migration method, system and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106919501A (en) | Static Analysis Method and instrument based on defect mode | |
| WO2020233330A1 (en) | Batch testing method, apparatus, and computer-readable storage medium | |
| US8972938B2 (en) | Determining functional design/requirements coverage of a computer code | |
| CN105843609A (en) | MVC frame based on Spring and MyBatis | |
| CN109657675B (en) | Image annotation method and device, computer equipment and readable storage medium | |
| DE102021133809A1 (en) | METHOD AND DEVICE FOR AUTOMATIC DETECTION OF SOFTWARE ERRORS | |
| CN105760290A (en) | Problem positioning method based on web front-end testing as well as related device and system | |
| CN105677306A (en) | Automation script compiling method and device | |
| CN109147883A (en) | Original document mapping, management method and its system applied to clinical testing data | |
| CN104461901A (en) | Method and system for automatically generating test case | |
| CN112560411A (en) | Intelligent personnel information input method and system | |
| CN111061733B (en) | Data processing method, device, electronic equipment and computer readable storage medium | |
| CN102043720A (en) | Method and device for generating test data automatically by utilizing structured query language (SQL) sentences | |
| CN106446064A (en) | Data conversion method and device | |
| CN113568604B (en) | Method and device for updating wind control strategy and computer readable storage medium | |
| AU2015202463A1 (en) | Capturing specific information based on field information associated with a document class | |
| CN104899042A (en) | Embedded machine vision inspection program development method and system | |
| CN109508204B (en) | Front-end code quality detection method and device | |
| CN109616215B (en) | Medical data extraction method, device, storage medium and electronic equipment | |
| CN104750604A (en) | Generating method and device for browser compatibility test case | |
| CN106250390A (en) | A kind of substep automatically generates the method and device of sql like language | |
| CN110716859A (en) | Method for automatically pushing test cases for modified codes and related device | |
| CN114238048B (en) | Automatic testing method and system for Web front-end performance | |
| CN113435168B (en) | Automatic editing method, system, terminal and medium for glue pattern | |
| US20160055168A1 (en) | Method and apparatus for scanning files |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170704 |
|
| WD01 | Invention patent application deemed withdrawn after publication |