中国科学院研究生院学报
中國科學院研究生院學報
중국과학원연구생원학보
JOURNAL OF THE GRADUATE SCHOOL OF THE CHINESE ACADEMY OF SCIENCES
2010年
1期
117-126
,共10页
软件缺陷检测%静态分析%符号执行%循环分析%递推链扩展代数
軟件缺陷檢測%靜態分析%符號執行%循環分析%遞推鏈擴展代數
연건결함검측%정태분석%부호집행%순배분석%체추련확전대수
software defect detection%static analysis%symbolic execution%loop analysis%CR# algebra
提出一种内存访问越界检测方法,以克服现有方法遇到的多重循环难题.先识别疑似缺陷点及其依赖区域,再实施多重循环的递推链分析,并推断缺陷触发可能性和路径指导信患,从而实现基于符号执行的缺陷定向检测,最终查出越界缺陷及其触发路径与程序输入.已实现原型工具,检测了多个开源软件,找到了真实的代码缺陷.实验结果表明,该方法既避免了盲目路径遍历,又保持了路径敏感和位级跟踪的检测精度,提高了缺陷检测效率和准确度.
提齣一種內存訪問越界檢測方法,以剋服現有方法遇到的多重循環難題.先識彆疑似缺陷點及其依賴區域,再實施多重循環的遞推鏈分析,併推斷缺陷觸髮可能性和路徑指導信患,從而實現基于符號執行的缺陷定嚮檢測,最終查齣越界缺陷及其觸髮路徑與程序輸入.已實現原型工具,檢測瞭多箇開源軟件,找到瞭真實的代碼缺陷.實驗結果錶明,該方法既避免瞭盲目路徑遍歷,又保持瞭路徑敏感和位級跟蹤的檢測精度,提高瞭缺陷檢測效率和準確度.
제출일충내존방문월계검측방법,이극복현유방법우도적다중순배난제.선식별의사결함점급기의뢰구역,재실시다중순배적체추련분석,병추단결함촉발가능성화로경지도신환,종이실현기우부호집행적결함정향검측,최종사출월계결함급기촉발로경여정서수입.이실현원형공구,검측료다개개원연건,조도료진실적대마결함.실험결과표명,해방법기피면료맹목로경편력,우보지료로경민감화위급근종적검측정도,제고료결함검측효솔화준학도.
A detection method for memory overrun is presented to overcome multi-loop problems: ( 1 ) identifies suspicious defects and their dependent regions; (2)analyzes multi-loops by CR# algebra; (3)infers probability of triggering defect and path guide information; (4 ) detects defects based on symbolic execution; and (5) finds defects, trigger paths, and program input. A prototype tool has been implemented, and it found real defects in several open source softwares. The results show that the new method can avoid blind path traversal while preserving path-sensitive and bit-level detection precision, and improve efficiency and veracity of defect detection.
