电子学报
電子學報
전자학보
ACTA ELECTRONICA SINICA
2014年
9期
1744-1752
,共9页
空指针引用%内存模型%静态分析%函数摘要%缺陷检测
空指針引用%內存模型%靜態分析%函數摘要%缺陷檢測
공지침인용%내존모형%정태분석%함수적요%결함검측
null pointer dereference%memory model%static analysis%function summary%defect detection
为了实现对C程序中空指针引用的充分检测,本文提出了一种基于区域内存模型的空指针引用缺陷检测方法。首先,提出了基于区域的符号化三值逻辑(Region-based Symbolic Three-Valued Logic ,RSTVL ),RSTVL能够描述C程序运行时内存中数据结构的形态信息与变量的存储状态,以及可寻址表达式间的各种关系;其次,给出了基于抽象语法树与函数识别被引用指针方法;最后,结合基于RSTVL的数据流分析结果,将对被引用指针的检测转换为对相应区域的检测,给出了空指针引用缺陷检测的方法,通过函数实现过程间的空指针引用缺陷检测。对比实验结果表明,本文方法在保证一定检测准确率的前提下,能够极大的减少空指针引用缺陷的漏报。
為瞭實現對C程序中空指針引用的充分檢測,本文提齣瞭一種基于區域內存模型的空指針引用缺陷檢測方法。首先,提齣瞭基于區域的符號化三值邏輯(Region-based Symbolic Three-Valued Logic ,RSTVL ),RSTVL能夠描述C程序運行時內存中數據結構的形態信息與變量的存儲狀態,以及可尋阯錶達式間的各種關繫;其次,給齣瞭基于抽象語法樹與函數識彆被引用指針方法;最後,結閤基于RSTVL的數據流分析結果,將對被引用指針的檢測轉換為對相應區域的檢測,給齣瞭空指針引用缺陷檢測的方法,通過函數實現過程間的空指針引用缺陷檢測。對比實驗結果錶明,本文方法在保證一定檢測準確率的前提下,能夠極大的減少空指針引用缺陷的漏報。
위료실현대C정서중공지침인용적충분검측,본문제출료일충기우구역내존모형적공지침인용결함검측방법。수선,제출료기우구역적부호화삼치라집(Region-based Symbolic Three-Valued Logic ,RSTVL ),RSTVL능구묘술C정서운행시내존중수거결구적형태신식여변량적존저상태,이급가심지표체식간적각충관계;기차,급출료기우추상어법수여함수식별피인용지침방법;최후,결합기우RSTVL적수거류분석결과,장대피인용지침적검측전환위대상응구역적검측,급출료공지침인용결함검측적방법,통과함수실현과정간적공지침인용결함검측。대비실험결과표명,본문방법재보증일정검측준학솔적전제하,능구겁대적감소공지침인용결함적루보。
In order to fully detect null pointer dereference for C procedures ,this paper introduces a method based on region-based memory model .Firstly ,region-based symbolic three-valued logic (RSTVL ) is proposed ,which can describe shape of data structures ,all kinds of memory states and relations of addressable expressions .Then ,an approach to fully recognizing pointer deref-erences based on abstract syntax tree and procedure summary is introduced .Furthermore ,this paper introduces a null pointer derefer-ence detection method ,which translates pointer dereference detection into region detection applying the result of data flow analysis based on RSTVL ,and detects interprocedural null pointer dereference based on procedure summary .Experiment results show that compared with DTSC-STVL and Klocwork9 ,the proposed method could dramatically reduce null pointer dereference false negative on the precondition of guarantee the detection precision .
