由於C語言在執行上的高效率、功能豐富、可移植等優點,從被開發出來一直到2017年,其熱門程度一直維持在軟體評價網站Tiobe[1]排行榜的前2名。但是C語言本身既有的漏洞,卻可能讓這些軟體崩潰、當機,甚至輕易被駭客入侵。包含緩衝區溢位、記憶體流失、格式化字串等漏洞皆是由於C語言本身設計缺陷所造成。為了減少C語言漏洞對作業系統和應用程式的傷害,我們利用組合語言標記(annotation)來協助工程師偵測原始碼中的漏洞。標記可以用來標示程式元素如函式、變數等,當程式碼使用或呼叫被標示的程式元素時,編譯器會顯示該程式元素的相關訊息,工程師便可依據該訊息提示知道原始碼中是否有漏洞的危險。因此本篇論文設計安全性標記來協助工程師檢查原始碼,自行選擇要檢查的參數並傳入我們設計的函式,利用檢查後輸出的訊息,便能使程式執行的過程有更高的安全性。 C programming has been a popular programming language because of its high efficiency, feature-rich, portable, and so on. Because of the popularity in C, a flaw in it may cause amount of software and operating systems to crash. Thus, we design security annotations written in assembly language to reduce damage on design flaws. Annotations can be used on functions, variables, and any object in source code, and so on. Compiler will show information about these objects when they are used, and programmers know vulnerabilities in their source code according to annotations. Programmers can choose any variable to be checked as they like, and pass it as an argument to functions designed in this paper. Programs will execute safer when annotations printed on the screen annotate problems in their source code.