首页    期刊浏览 2024年11月27日 星期三
登录注册

文章基本信息

  • 标题:Clang and Coccinelle: Synergising program analysis tools for CERT C Secure Coding Standard certification
  • 本地全文:下载
  • 作者:Mads Chr. Olesen ; Rene Rydhof Hansen ; Julia L. Lawall
  • 期刊名称:Electronic Communications of the EASST
  • 电子版ISSN:1863-2122
  • 出版年度:2010
  • 卷号:33
  • 语种:English
  • 出版社:European Association of Software Science and Technology (EASST)
  • 摘要:Writing correct C programs is well-known to be hard, not least due to the many language features intrinsic to C. Writing secure C programs is even harder and, at times, seemingly impossible. To improve on this situation the US CERT has developed and published a set of coding standards, the “CERT C Secure Coding Standard”, that (in the current version) enumerates 118 rules and 182 recommendations with the aim of making C programs (more) secure. The large number of rules and recommendations makes automated tool support essential for certifying that a given system is in compliance with the standard. In this paper we report on ongoing work on integrating two state of the art analysis tools, Clang and Coccinelle, into a combined tool well suited for analysing and certifying C programs according to, e.g., the CERT C Secure Coding standard or the MISRA (the Motor Industry Software Reliability Assocation) C standard. We further argue that such a tool must be highly adaptable and customisable to each software project as well as to the certification rules required by a given standard. Clang is the C frontend for the LLVM compiler/virtual machine project which includes a comprehensive set of static analyses and code checkers. Coccinelle is a program transformation tool and bug-finder developed originally for the Linux kernel, but has been successfully used to find bugs in other Open Source projects such as WINE and OpenSSL.
国家哲学社会科学文献中心版权所有