很多静态代码分析的方法都以控制流图作为基础,本文采用一种加入上下文的基于约束的分析技术k-CFA并使用不动点算法求出约束集的最小解并生成控制流图,比0-CFA,加入数据流的约束分析更精确地约减不可达分支,生成较少冗余的控制流图。以本文生成的控制流图作为静态代码分析方法的基础,可以提高静态代码分析的效率,降低误报率。%As a basis for a lot of static code analysis methods to control flow graph, this paper adopts a adding context analysis technique based on k-CFA constraints and uses the fixed point algorithm to calculate the minimum set of constraints and generates a control flow graph. This method is better than 0-CFA, adding constraint stream data analysis, which is more accurate reduction unreachable branches, generating less redundant control flow graph. The control flow graph generated in this article as the basis of the static code analysis methods to improve the efficiency of static code analysis can be improved to reduce the rate of false positives.
展开▼
