Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (6): 35-43.doi: 10.11896/jsjkx.240300195

• Computer Software • Previous Articles     Next Articles

Flow-sensitive Coding Style Checking for C/C++ Programs

HU Mengze1,2,3, MA Xutong1,3, ZHANG Hao1,3, ZHANG Jian1,3   

  1. 1 State Key Laboratory of Computer Science,Institute of Software,Chinese Academy of Science,Beijing 100190,China
    2 Hangzhou Institute for Advanced Study,UCAS,Hangzhou 310012,China
    3 University of Chinese Academy of Sciences,Beijing 100049,China
  • Received:2024-03-31 Revised:2024-08-17 Online:2025-06-15 Published:2025-06-11
  • About author:HU Mengze,born in 1999,postgradua-te,is a student member of CCF(No.Q7307G).His main research interests include static analysis of C/C++ programs and so on.
    ZHANG Jian,born in 1969,Ph.D,professor,Ph.D supervisor.His main research interests include software engineering and automated reasoning.
  • Supported by:
    National Natural Science Foundation of China(62132020).

PDF (PC)

207

Abstract: C/C++ programming languages are applied in numerous critical software systems,and there is an extremely high demand for standardization and clarity of semantics during development.To prevent potential security issues arising from improper use of C/C++ languages,aC/C++ Language Programming Security Subset(referred to as GJB8114) was proposed domestically.Given the abundance of rules within the standard,it's inevitable that programmers may deviate from these norms,thereby necessitating automated rule detection tools to identify such non-compliant coding practices.However,existing rule checking tools do not provide comprehensive checks against the standards,especially for rules that require understanding of the program's context,leading to high false positive rates or even a lack of support for certain checks.This paper categorizes the rules in GJB8114 and defines what constitutes a complex rule.Through evaluating the Testbed tool's capability to inspect complex rules within GJB8114,it identifies that current tools lack thorough flow-sensitive analysis and are unable to perform cross-file global analysis.To address these issues,this study adops a flow-sensitive analysis method combined with syntax tree matching and a cross-file global analysis approach.Based on this,the CruletFS tool is developed.Experimental results demonstrate that CruletFS performs better in checking complex rules compared to common rule checking tools,such as Cppcheck and Testbed.In analyzing large-scale projects,CruletFS also outperforms Cppcheck in terms of time and memory overhead.

Key words: C/C++ coding style check, Flow-sensitive static analysis, Cross-file code check

CLC Number: 

  • TP311
[1]TIOBE Index [EB/OL].https://www.tiobe.com/tiobe-in-dex/.
[2]Top Programming Language 2024 [EB/OL].https://elevatex.de/blog/it-insights/programming-languages-ranking-2024.
[3]safe subset of C language for space armament software [S].Commission of Science,Technology and Industry for National Defense,2005.
[4]Safe subset of C/C++language programming:GJB8114-2013 [S].General Armaments Department of the People's Liberation Army,2013.
[5]Liverpool Data Research Associates.LDRA Testbed-static and dynamic code analysis[EB/OL].http://ldra.com/aerospace-defence/products/ldra-testbed-tbvision/.
[6]GAO Q,MA S,SHAO S,et al.CoBOT:static C/C++ bug detection in the presence of incomplete code [C]//Proceedings of the 26th Conference on Program Comprehension.2018:385-388.
[7]Shanghai Nayi Technology Co.,Ltd.[EB/OL].https://naive-systems.com/
[8]MA X,YAN J,LI Y,et al.SPrinter:a static checker for finding smart pointer errors in C++ programs[C]//2019 34th IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2019:1122-1125.
[9]MA X,YAN J,ZHANG H,et al.Detecting Memory Errors in Python Native Code by Tracking Object Lifecycle with Reference Count[C]//2023 38th IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2023:1429-1440.
[10]WANG X F,ZHAO K J,TIAN Z W.Research on Key Technologies of Data Flow Analysis [J].Computer Science,2005,32(12):91-93.
[11]SCHUBERT P D,LEER R,HERMANN B,et al.Into theWoods:Experiences from Building a Dataflow Analysis Framework for C/C++ [C]//2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation(SCAM).IEEE,2021:18-23.
[12]YE S,SUI Y,XUE J.Region-based selective flow-sensitivepointer analysis[C]//International Static Analysis Symposium.Cham:Springer,2014:319-336.
[13]SUI Y,YE D,XUE J.Detecting memory leaks statically with full-sparse value-flow analysis[J].IEEE Transactions on Software Engineering,2014,40(2):107-122.
[14]BALDONI R,COPPA E,D'ELIA D C,et al.A survey of symbolic execution techniques [J].ACM Computing Surveys,2018,51(3):1-39.
[15]ZHANG J,ZHANG C,XUAN J F,et al.Recent Progress in Program Analysis[J].Journal of Software,2019,30(1):80-109.
[16]FATIMA A,BIBI S,HANIF R.Comparative study on staticcode analysis tools for C/C++[C]//2018 15th International Bhurban Conference on Applied Sciences and Technology(IBCAST).IEEE,2018:465-469.
[17]Cppcheck-a tool for static C/C++ code analysis [EB/OL].(2023).https://cppcheck.net.
[18]PEREIRA J D,VIEIRA M.On the use of open-source C/C++ static analysis tools in large projects[C]//2020 16th European Dependable Computing Conference(EDCC).IEEE,2020:97-102.
[19]KAUR A,NAYYAR R.A comparative study of static codeanalysis tools for vulnerability detectionin C/C++ and Java source code [J].Procedia Computer Science,2020,171:2023-2029.
[20]LLVM Team.Clang static analyzer[EB/OL].https://clang.llvm.org/docs/ClangStaticAnalyzer.html.
[21]Astrée runtime error analyzer [EB/OL].https://www.absint.com/astree/index.htm.
[22]BLANCHET B,COUSOT P,COUSOT R,et al.A static analyzer for large safety-critical software [C]//Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation.2003:196-207.
[23]MINÉ A,DELMAS D.Towards an industrial use of sound static analysis for the verification of concurrent embedded avionics software [C]//2015 International Conference on Embedded Software(EMSOFT).IEEE,2015:65-74.
[24]YANG L.The Optimization and Improvement of Software Testing for C Programs [D].Beijing:University of Chinese Academy of Sciences,2018
[25]WANG W.C/C++ Language Programming Safety StandardCompliance Check [D].Beijing:University of Chinese Academy of Sciences,2022
[26]LLVM Team.Libtooling [EB/OL].https://clang.llvm.org/docs/LibTooling.html.
[27]LLVM Team.Introduction to the clang ast [EB/OL].https://clang.llvm.org/docs/IntroductionToTheClangAST.html.
[28]Fallahi.awesome-cpp[EB/OL].https://github.com/fffaraz/awesome-cpp.
[29]LLVM Team.ASTMatch [EB/OL].https://clang.llvm.org/docs/LibASTMatchersReference.html
[30]BLACK P E.Juliet 1.3 test suite:Changes from 1.2 [M].US Department of Commerce,National Institute of Standards and Technology, 2018.
[31]ZHANG H,LUO J,HU M,et al.Detecting Exception Handling Bugs in C++ Programs[C]//2023 IEEE/ACM 45th International Conference on Software Engineering(ICSE).IEEE,2023:1084-1095.
[32]MA X,YAN J,WANG W,et al.Detecting memory-related bugs by tracking heap memory management of C++ smart pointers[C]//2021 36th IEEE/ACM International Conference on Automated Software Engineering(ASE).IEEE,2021:880-891.
[1] LIANG Binghao, ZHANG Chuangang, YUAN Mingming. Large Model Driven AI Application Service Platform [J]. Computer Science, 2025, 52(6A): 240900022-4.
[2] SHI Zhuopeng, KONG Xiangmin, WEI Jiahong, SONG Xiaofan. Self-matching Method of Virtual Terminals of Intelligent Stations Based on K-nearest Neighbor Weighting Algorithm [J]. Computer Science, 2025, 52(6A): 240600039-6.
[3] MENG Xiangfu, LI Zihan, SHI Jiasheng, GUO Jianwei, ZHAO Liang, GUO Sicong, WANG Peizhuang. Factor Query Language-Basic Language of Factor Database [J]. Computer Science, 2025, 52(6A): 240600027-8.
[4] TENG Minjun, SUN Tengzhong, LI Yanchen, CHEN Yuan, SONG Mofei. Internet Application User Profiling Analysis Based on Selection State Space Graph Neural Network [J]. Computer Science, 2025, 52(6A): 240900060-8.
[5] LIANG Zheheng, WU Yuewen, LI Yongjian , ZHANG Xiaolu , SHEN Guiquan, SU Lingang, LIU Junle. Resource Preference-sensitive Cloud Configuration Recommendation Method for Big DataApplications [J]. Computer Science, 2025, 52(6A): 240800114-9.
[6] XUE Wenyao, WANG Yichen, REN Qingwei. Safety-Critical Software Testing Modeling Method Based on MARTE and STAMP [J]. Computer Science, 2025, 52(6A): 240500080-10.
[7] SHI Heyuan, CHEN Shijun, ZHANG Qiang, SHEN Yuheng, JIANG Yu, SHI Ronghua. Configuration-guided Directed Kernel Fuzzing for Real-time Linux [J]. Computer Science, 2025, 52(6A): 240400161-8.
[8] WANG Panlong, WANG Lei, YING Jinrui, LIU Bowen, GAO Zhiyong. CNFED:An Error Detection Tool for Floating-point Expressions Based on Condition Number [J]. Computer Science, 2025, 52(6A): 240800070-8.
[9] ZHANG Xuming, SHI Yaqing, HUANG Song, WANG Xingya, HU Jinchang, LU Jiangtao. Survey of Open-source Software Component Vulnerability Detection and Automatic RepairTechnology [J]. Computer Science, 2025, 52(6): 1-20.
[10] ZHANG Ce, SUN Zhichao, JI Kexing, WANG Jinyong, WANG Yubin. Modeling Mechanism and Review of Imperfect Debugging Reliability Model Related to the Total Number of Faults in Software [J]. Computer Science, 2025, 52(6): 21-34.
[11] QIAO Yu, XU Tao, ZHANG Ya, WEN Fengpeng, LI Qiangwei. Graph Neural Network Defect Prediction Method Combined with Developer Dependencies [J]. Computer Science, 2025, 52(6): 52-57.
[12] WANG Chenyuan, ZHANG Yanmei, YUAN Guan. Class Integration Test Order Generation Approach Fused with Deep Reinforcement Learning andGraph Convolutional Neural Network [J]. Computer Science, 2025, 52(6): 58-65.
[13] WEI Youyuan, SONG Jianhua, ZHANG Yan. Survey of Binary Code Similarity Detection Method [J]. Computer Science, 2025, 52(6): 365-380.
[14] YE Jueyu, LUN Zhanqun, YUE Qiaoli, LI Hongtao, ZHANG Haikuo, QIANG Jishen. Study on DApp Resource Naming and Addressing Technology [J]. Computer Science, 2025, 52(5): 299-306.
[15] WANG Pu, GAO Zhanyun, WANG Zhenfei, SONG Zheli. BDBFT:A Consensus Protocol Based on Reputation Prediction Model for IoT Scenario [J]. Computer Science, 2025, 52(5): 366-374.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.