CN-122019332-A - Multi-source static analysis tool chain collaborative coding detection method based on problem library

Abstract

The invention provides a multi-source static analysis tool chain collaborative coding detection method based on a problem library, which is characterized in that the problem library, a problem source code library, a rule library and a strategy module are mutually independent and collaborative, so that maintenance and expansion are facilitated, a dynamic updating mechanism is provided, the problem library, the problem source code library and the rule library support dynamic inclusion and review, a new technology and a new defect mode are adapted, and an integration process is seamlessly integrated with a CI/CD process, so that automatic detection is realized. The problems of low collaborative efficiency, multiple detection blind areas and large resource consumption of the multi-source static analysis tool are solved, and early, accurate and efficient detection and prevention of coding defects are realized. The method improves the defect detection rate and early detection capability, reduces repeated alarms, improves analysis efficiency, covers defects, reduces failure occurrence rate and forms a continuously improved quality closed loop.

Inventors

• LIU CHUNYE
• HAN QIANG
• ZHOU HUA
• LI LI
• CHEN PENG
• Zhuge

Assignees

• 中国科学院微小卫星创新研究院
• 上海微小卫星工程中心

Dates

Publication Date

20260512

Application Date

20251209

Claims (2)

1. 1. The multi-source static analysis tool chain collaborative coding detection method based on the problem library is characterized by comprising the following specific steps of: Step one, constructing a software coding typical problem library, namely collecting, classifying and standardizing real code defect cases through a normalized collection and dynamic inclusion mechanism; and step two, based on the problem library in the step one, a typical problem source code library is established and used as an input database of a subsequent tool capacity comparison test. Step three, tool capacity comparison experiments, namely transversely evaluating the detection rate, false alarm rate and efficiency of each static analysis tool based on the problem source code library in the step two; Developing a special detection rule aiming at a detection blind area of the static analysis tool to form a special rule base and loading the special rule base to the static analysis tool; step five, formulating a tool chain collaborative detection strategy, namely defining the scanning range, the execution sequence and the result merging rule of each static analysis tool; And step six, integrating and continuously improving the custom rules in the step four to the CI/CD flow, and establishing a problem base dynamic updating mechanism.
2. 2. The method of claim 1, wherein the special detection rule in the fourth step includes a state machine jump defect and an unsigned subtraction protection.

Description

Multi-source static analysis tool chain collaborative coding detection method based on problem library Technical Field The invention relates to the field of aerospace software testing, in particular to a multi-source static analysis tool chain collaborative coding detection method based on a problem library, which is suitable for detecting and preventing coding defects of high-reliability software, and is particularly suitable for the fields with extremely high requirements on code quality, such as aerospace, military industry, embedded systems and the like. Background The tool 'chimney' stands up that the rule bases of all static analysis tools (such as LDRA Testbed, coverity and the like) are overlapped, so that repeated alarms are caused, the report is redundant, and the screening workload of engineers is large. The detection blind area exists that the general rule base cannot cover the specific defects under the specific service scene and architecture. And the resource input and output are not matched, so that the time and labor are consumed in the full tool chain scanning mode, and the input-output ratio is low. Disclosure of Invention Aiming at the problems existing in the prior art, the invention provides a multi-source static analysis tool chain collaborative coding detection method based on a problem library, which solves the problems of low collaborative efficiency, more detection blind areas and large resource consumption of multi-source static analysis tools and realizes early, accurate and efficient detection and prevention of coding defects. The method improves the defect detection rate and early detection capability, reduces repeated alarms, improves analysis efficiency, covers defects, reduces failure occurrence rate and forms a continuously improved quality closed loop. The technical scheme of the invention is that the multi-source static analysis tool chain collaborative coding detection method based on the problem library comprises the following specific steps: Step one, constructing a software coding typical problem library, namely collecting, classifying and standardizing real code defect cases through a normalized collection and dynamic inclusion mechanism; and step two, based on the problem library in the step one, a typical problem source code library is established and used as an input database of a subsequent tool capacity comparison test. Step three, tool capacity comparison experiments, namely transversely evaluating the detection rate, false alarm rate and efficiency of each static analysis tool based on the problem source code library in the step two; Developing a special detection rule aiming at a detection blind area of the static analysis tool to form a special rule base and loading the special rule base to the static analysis tool; step five, formulating a tool chain collaborative detection strategy, namely defining the scanning range, the execution sequence and the result merging rule of each static analysis tool; And step six, integrating and continuously improving the custom rules in the step four to the CI/CD flow, and establishing a problem base dynamic updating mechanism. Furthermore, the special detection rule in the fourth step includes a state machine jump defect and an unsigned number subtraction protection. The invention has the beneficial effects of providing a multi-source static analysis tool chain collaborative coding detection method based on a problem library, The structure has the advantages that: 1. The problem library, the problem source code library, the rule library and the strategy module are mutually independent and cooperatively work, so that the maintenance and the expansion are convenient; 2. The dynamic updating mechanism comprises a problem library, a problem source code library and a rule library, which support dynamic inclusion and review and adapt to new technologies and new defect modes; 3. And the integrated process is seamlessly integrated with the CI/CD process, so that automatic detection is realized. The function has the advantages that: 1. The defect detection rate is improved by more than 60 percent; 2. The static analysis working time was reduced by about 40%; 3. The transition from 'post zeroing' to 'pre-prevention' is realized. Drawings FIG. 1 is a flow chart of a multi-source static analysis tool chain collaborative code detection method based on an issue library. Detailed Description The invention is further described below with reference to the accompanying drawings. As shown in FIG. 1, the method for detecting the collaborative coding of the multi-source static analysis tool chain based on the problem library comprises the following specific steps: Step one, constructing a software coding typical problem library, namely collecting, classifying and standardizing real code defect cases through a normalized collection and dynamic inclusion mechanism; and step two, based on the problem library in the step one, a typical problem sou