基于缺陷知识库的三维CAD源代码智能检测技术  被引量：1

作　　者：吴蕾[1,2] 刘务[1] 黄俊澄 Wu Lei;Liu Wu;Huang Juncheng(China Electronic Product Reliability and Environmental Testing Research Institute,Guangzhou 511370,China;School of Mechanical Engineering,Zhejiang University,Hangzhou 310058,China)

机构地区：[1]工业和信息化部电子第五研究所,广州511370 [2]浙江大学机械工程学院,杭州310058

出　　处：《机电工程技术》2023年第6期102-108,共7页Mechanical & Electrical Engineering Technology

基　　金：国家重点研发计划项目(2020YFB1709000)。

摘　　要：针对三维CAD软件代码成分复杂、逻辑复杂、支撑数据少等特点及问题,提出了面向三维CAD软件的基于缺陷知识库的源代码智能检测技术。首先,提出面向三维CAD软件的代码大数据知识库构建方法,基于开源代码仓库上的三维CAD软件共同开发的特点,将新旧版本的代码爬取进代码知识库形成相同代码位置不同的代码段,汇总形成差异代码文件。其次,差异代码文件一方面在后续三维CAD软件代码检测中发现复用了开源三维CAD软件的旧代码段时可以向开发人员提供修正推荐,另一方面新旧代码都被爬取到代码知识库中后有利于对三维CAD软件的自主研发率的检测。再次,通过流水线的方式有机组合不同粒度和不同分析层次,充分利用不同分析方法的优点,既能够加速代码匹配过程,提高匹配速度,同时能够高精度匹配经过修改的文件,提高三维CAD软件的代码检测的匹配精度。最后,攻克了由多层三维CAD软件代码特征提取技术和代码特征、漏洞相似对齐技术为主组成的三维CAD软件成分分析技术,实现了三维CAD软件的同源漏洞检测,由此可发现源代码中的逻辑问题、内存泄漏、注入攻击潜在缺陷及安全风险,并能进行代码开源率的检测。Aiming at the characteristics and problems of 3D CAD software,such as complex components,complex logic,and less supporting data,a source code intelligent detection technology based on a defect knowledge database is proposed for 3D CAD software.Firstly,a code big data knowledge database modeling method for 3D CAD software is proposed.Based on the characteristics of 3D CAD software co-development on the open source code warehouse,the old and new versions of the code are introduced into the code knowledge database to form the same code location of different code segments,which are summarized to form different code files.Secondly,when the old code segments of open source 3D CAD software are reused in subsequent 3D CAD software code detection,the differential code file can provide correction recommendations to developers;on the other hand,the old and new codes are imported into the code knowledge base,which is conducive to the detection of the independent research and development rate of 3D CAD software.Thirdly,different granularity and different analysis levels are organically combined through the pipeline.The advantages of different analysis methods are fully utilized,which can not only accelerate the code-matching process and improve the matching speed,but also match modified files with high precision,and improve the matching accuracy of three-dimensional CAD software code detection.Finally,the component analysis technology of 3D CAD software is presented,which is mainly composed of multi-layer 3D CAD software code feature extraction technology,code feature,and vulnerability similarity alignment technology.The homologous vulnerability detection of 3D CAD software is realized,so that logic problems,memory leaks,potential defects of injection attacks,and security risks can be found in the source code.And the proposed technology can detect open source code rate.

关 键 词：三维CAD软件 源代码检测 缺陷知识库 智能检测 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]