CAJ | 학술논문

针对符号转换错误引起缓冲区溢出的这类缺陷提出了一种面向二进制程序整型符号转换缺陷检测方法。以二进制插桩框架为基础，利用类型推断方法识别整型变量的符号类型信息，得到内存相关库函数中为冲突类型的参数的集合，并将其作为潜在的整型符号转换缺陷候选集。在中间代码层面插入检测代码做运行时检测，最终确定真正的整型符号转换缺陷。原型系统Sconvcheck的实验结果表明：该方法可以有效地检测出程序中的整型符号转换缺陷，并准确地定位错误发生的位置，而且误报率较低。
침대부호전환착오인기완충구일출적저류결함제출료일충면향이진제정서정형부호전환결함검측방법。이이진제삽장광가위기출，이용류형추단방법식별정형변량적부호류형신식，득도내존상관고함수중위충돌류형적삼수적집합，병장기작위잠재적정형부호전환결함후선집。재중간대마층면삽입검측대마주운행시검측，최종학정진정적정형부호전환결함。원형계통Sconvcheck적실험결과표명：해방법가이유효지검측출정서중적정형부호전환결함，병준학지정위착오발생적위치，이차오보솔교저。
For the integer sign conversion faults, which result in buffer overflow vulnerabilities, an approach to detect inte-ger sign conversion faults in binary programs dynamically is presented. Type inference method, based on a framework for binary instrumentation, is used to identify the sign information of integer variables. Then, a set of parameters are obtained, which have a conflict type in memory-related library functions, and are taken as candidate set of potential integer sign con-version faults. The test is run after inserting detection code on the level of intermediate representation to determine the real integer sign conversion faults. The experimental results on Sconvcheck show that this method can effectively detect integer sign conversion faults in binary programs and accurately locate the position the faults have occurred with a lower rate of false positives.