由於C語言在執行上的高效率、功能豐富、擴展性高、可移植性等優點,從被開發出來直至今2018年,其熱門程度一直與JAVA並駕齊驅,在軟體評價公司Tiobe程式語言排行榜中維持前兩名[1]。但是C語言本身的設計缺陷,卻也可能使得電腦當機、軟體崩潰,甚至是輕易的被駭客惡意入侵。這些漏洞包含了緩衝區溢位、格式化字串等等。 為了減少C語言漏洞對應用程式和作業系統的傷害,我們利用靜態分析工具來協助工程師去偵測原始碼中的漏洞。當被檢查的程式碼中使用了我們認為可能會造成系統危害的函式或變數時,編譯器會顯示相關的警告訊息,以便工程師能依據該訊息的提示,來得知原始碼中是否有漏洞的危險。 本篇論文開發出基於Clang之靜態分析工具來協助工程師檢查原始碼,利用檢查後輸出的警告提示,來讓程式執行的過程中擁有更高的安全性。 Due to the high efficiency, rich functions, high scalability, and portability of the C language, it has been developed since its inception in 2018, and its popularity has been keeping pace with JAVA, in the software evaluation company Tiobe programming language list. Maintain the top two [1]. However, the design flaws of the C language itself may cause the computer to crash, the software to crash, or even be easily maliciously invaded by hackers. These vulnerabilities include buffer overflows, formatted strings, and more.To reduce the harm of C language vulnerabilities to applications and operating systems, we use static analysis tools to assist engineers in detecting vulnerabilities in source code. When the function or variable that we think may cause system harm is used in the code being checked, the compiler will display a warning message so that the engineer can know whether there is a loophole in the source code according to the prompt of the message. Danger.This paper develops a static analysis tool based on Clang to assist engineers in checking the source code and using the warning prompts output after the check to make the program more secure during execution.