欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2010, Vol. 27 ›› Issue (1): 117-126.DOI: 10.7523/j.issn.2095-6134.2010.1.015

• 论文 • 上一篇    下一篇

一种多重循环程序内存访问越界检测方法

王嘉捷1, 蒋凡1, 张涛2   

  1. 1. 中国科学技术大学计算机科学技术系,合肥 230027;;
    2. 中国信息安全测评中心,北京 100085
  • 收稿日期:2009-03-31 修回日期:2009-06-09 发布日期:2010-01-15
  • 通讯作者: 蒋凡

Detection method for memory overrun in multi-loop programs

WANG Jia-Jie1, JIANG Fan1, ZHANG Tao2   

  1. 1. Department of Computer Science, University of Science and Technology of China, Hefei 230027, China;
    2. China Information Technology Security Evaluation Center, Beijing 100085, China
  • Received:2009-03-31 Revised:2009-06-09 Published:2010-01-15

摘要:

提出一种内存访问越界检测方法,以克服现有方法遇到的多重循环难题. 先识别疑似缺陷点及其依赖区域,再实施多重循环的递推链分析,并推断缺陷触发可能性和路径指导信息,从而实现基于符号执行的缺陷定向检测,最终查出越界缺陷及其触发路径与程序输入. 已实现原型工具,检测了多个开源软件,找到了真实的代码缺陷. 实验结果表明,该方法既避免了盲目路径遍历,又保持了路径敏感和位级跟踪的检测精度,提高了缺陷检测效率和准确度.

关键词: 软件缺陷检测, 静态分析, 符号执行, 循环分析, 递推链扩展代数

Abstract:

A detection method for memory overrun is presented to overcome multi-loop problems: (1)identifies suspicious defects and their dependent regions; (2)analyzes multi-loops by CR# algebra; (3)infers probability of triggering defect and path guide information; (4)detects defects based on symbolic execution; and (5)finds defects, trigger paths, and program input. A prototype tool has been implemented, and it found real defects in several open source softwares. The results show that the new method can avoid blind path traversal while preserving path-sensitive and bit-level detection precision, and improve efficiency and veracity of defect detection.

Key words: software defect detection, static analysis, symbolic execution, loop analysis, CR# algebra

中图分类号: