| 一种多重循环程序内存访问越界检测方法 |
| |
| 作者姓名: | 王嘉捷 蒋凡 张涛 |
| |
| 作者单位: | 1. 中国科学技术大学计算机科学技术系,合肥 230027;;
2. 中国信息安全测评中心,北京 100085 |
| |
| 摘 要: | 提出一种内存访问越界检测方法,以克服现有方法遇到的多重循环难题. 先识别疑似缺陷点及其依赖区域,再实施多重循环的递推链分析,并推断缺陷触发可能性和路径指导信息,从而实现基于符号执行的缺陷定向检测,最终查出越界缺陷及其触发路径与程序输入. 已实现原型工具,检测了多个开源软件,找到了真实的代码缺陷. 实验结果表明,该方法既避免了盲目路径遍历,又保持了路径敏感和位级跟踪的检测精度,提高了缺陷检测效率和准确度.
|
| 关 键 词: | 软件缺陷检测 静态分析 符号执行 循环分析 递推链扩展代数 |
| 收稿时间: | 2009-03-31 |
| 修稿时间: | 2009-06-09 |
Detection method for memory overrun in multi-loop programs |
| |
| Authors: | WANG Jia-Jie JIANG Fan ZHANG Tao |
| |
| Institution: | 1. Department of Computer Science, University of Science and Technology of China, Hefei 230027, China;
2. China Information Technology Security Evaluation Center, Beijing 100085, China |
| |
| Abstract: | A detection method for memory overrun is presented to overcome multi-loop problems: (1)identifies suspicious defects and their dependent regions; (2)analyzes multi-loops by CR# algebra; (3)infers probability of triggering defect and path guide information; (4)detects defects based on symbolic execution; and (5)finds defects, trigger paths, and program input. A prototype tool has been implemented, and it found real defects in several open source softwares. The results show that the new method can avoid blind path traversal while preserving path-sensitive and bit-level detection precision, and improve efficiency and veracity of defect detection. |
| |
| Keywords: | software defect detection static analysis symbolic execution loop analysis CR# algebra |
| 本文献已被 CNKI 等数据库收录! |
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |
|
