Abstract: The software defect mode is the model extracted according to the rules, and the summary of the defects that causes errors or improper running results due to some of the same reasons. Checking the defects by using defect patterns matching technology to the code is more efficient and accurate. We optimize the matching method based on the existing defect modes and methods. We can detect the overflow caused by misusing of increment and decrement through code replacement, and the inconformity of data type through the new regular expression matching statement. We make a check test with Cppcheck, and the experimental results verify the feasibility of the method.

Key words: Defect mode, Defect matching, Static analysis, code replacement, regular expression matching

摘要： 软件缺陷模式是基于一定的规则所提取出的，对导致软件运行中出现错误或不正常运行结果的缺陷的归纳总结。使用静态分析方法直接对代码进行缺陷模式匹配，可以更高效更准确的找到软件中存在的缺陷。现有的缺陷模式和匹配方法，仍然存在一定的不足，包括不能有效检测由于自增自减使用不当导致的溢出，以及逻辑语句中的数据类型不一致问题。对此本文提出一种代码替换的匹配方法以及一种新的正则表达式匹配语句，以提高缺陷匹配检测的准确性。通过设置一组可控的对照试验，与Cppcheck静态检测工具进行比较测试，证明了方法的可行性。

关键词: 缺陷模式, 缺陷匹配, 静态分析, 代码替换, 正则表达式