Computer Science

Computer Science ›› 2014, Vol. 41 ›› Issue (1): 220-224.

Previous Articles     Next Articles

CIL Static Analysis Method for C# Program Defect Detection

BIAN Pan,LIANG Bin and SHI Wen-chang   

  • Online:2018-11-14 Published:2018-11-14

PDF (PC)

421

Abstract: Finding potential defects by statically detecting source code can help programmers find and fix the defects before the software is released,and thus can improve the security of the software.This paper provided a CIL static analysis method to detect defects in C# programs.We adopted an improved depth-first search algorithm to traverse the control flow graph of the target program,and combining with the strategy of caching history states,the performance of the detection can be greatly improved.In addition,to be convenient for alias analysis,we proposed a method based on Memory Region to represent variables.Based on the analysis method described in this paper,we developed a system for detecting defects in C# programs.We applied the system on real C# projects,and the detecting result shows that it can detect common kinds of defects in C# programs efficiently and accurately.

Key words: Static analysis,Defect detection,Alias analysis,CIL,C#

[1] Aho A V,Lam M S,Ravi S,et al.Compilers:principles,techniques,and tools(2nd Edition)[M].Addison-Wesley Professional,2007
[2] BlogEngine.http://www.dotnetblogengine.net/
[3] Brian C,Jacob W.Secure programming with static analysis[M].Addison-Wesley Professional,2007
[4] Alain D.Interprocedural may-alias analysis for pointers:beyond k-limiting [C]∥Proceedings on PLDI.1994:230-241
[5] Seth H,Benjamin C,Xie Yi-chen,et al.A system and language for building system-specific,static analyses [C]∥Proceedings on PLDI.2002:69-82
[6] Heine D L,Lam M S.A practical flow-sensitive and context-sensitive C and C++memory leak detector [C]∥Proceedings on PLDI.2003:168-181
[7] 梁彬,候看看,石文昌,等.一种基于安全状态跟踪检查的漏洞静态检测方法研究与实施 [J].计算机学报,2009,32(5):899-909
[8] Mono.http://www.mono-project.com/Main_Page
[9] SourceGrid.http://sourcegrid.codeplex.com/
[10] 夏一民,罗军,张民选.基于静态分析的安全漏洞检测技术研究[J].计算机科学,2006,33(10):279-282
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.