CN101937389A - Method for acquiring compilation process of detected software packet by code analysis tool - Google Patents
Method for acquiring compilation process of detected software packet by code analysis tool Download PDFInfo
- Publication number
- CN101937389A CN101937389A CN2009102592525A CN200910259252A CN101937389A CN 101937389 A CN101937389 A CN 101937389A CN 2009102592525 A CN2009102592525 A CN 2009102592525A CN 200910259252 A CN200910259252 A CN 200910259252A CN 101937389 A CN101937389 A CN 101937389A
- Authority
- CN
- China
- Prior art keywords
- function
- executable program
- compiler
- compiling
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The invention provides a method for acquiring a compilation process of a detected software packet by a code analysis tool. The method comprises the following operating steps of: (1) realizing a function executing an executable program, namely, compiling the function which executes the executable program and is used for replacing a system; (2) setting environment variables; (3) finding a library file specified by an environment variable by using a compiler; (4) transmitting a compiling command and a parameter to a reloaded function executing the executable program by using the compiler; (5) recoding the compiling command by using the function executing the executable program, namely, acquiring the information of an actual compiling command from the parameter of the function executing the executable program; and (6) calling a system function executing the executable program. The method aims to acquire the order and parameter of the compiling command without disturbing a normal compiling process, aims at different compiling environments and building methods, can complete a compiling process and has the advantages of high automation degree, wide application range and a small number of errors.
Description
Technical field
The present invention relates to a kind of technology that detects defective in software source code, definite says, relates to a kind of software source code defect inspection method that combines with the system under test (SUT) compilation process based on code analysis tool, belongs to the computer information safety technique field.
Background technology
The code defect detection tool needs to obtain the order and the order of this software package normal compilation, thereby can compile and detect this software package when detecting a software package.But existing software package all has different separately translation and compiling environments and construction method, and this has caused very big difficulty to the complete Compilation Method that the code detection instrument obtains software package.
Existing certain methods comprises the environmental variance replacement, manual amendment's project file, and it is not high that these all have automaticity, characteristics such as narrow application range.It is to utilize some constructing system to obtain current compiler by the value of current environment variable when detecting compiler that environmental variance is replaced.By revising environmental variance, can allow constructing system think that testing tool is current compiler, thereby, carry out testing process testing tool substitution compiler directive.The defective of this method is that software is not really made up, compilation process rely on previous compiling as a result the time, compilation process can't completely be carried out.Manual amendment's project file is the command parameter of being correlated with compiling in the project file by revising, and with testing tool substitution compiler directive, reaches testing goal.This method need be carried out different processing at different project files, wastes time and energy, and also makes mistakes easily.
Summary of the invention
The objective of the invention is to not disturb under the condition of normal compilation process, obtain the order and the parameter of compiler directive, not only at different translation and compiling environments and construction method but also can completely carry out compilation process, the automaticity height, applied widely, be difficult for makeing mistakes.
For achieving the above object, the basic design of technical scheme provided by the present invention is as follows:
The invention provides a kind of method that allows code analysis tool obtain detected software package compilation process, its special character is: comprise following operation steps:
(1) realize to carry out the function of executable program, promptly write and be used for the replacement system and carry out the function of executable program;
(2) set;
(3) program compiler finds the library file of environmental variance appointment;
(4) program compiler is passed to compiler directive and parameter the function of heavy duty execution executable program later;
(5) function of carrying out executable program writes down compiler directive, promptly obtains the information of actual compiler directive from the function parameters of carrying out executable program;
(6) calling system is carried out the function of executable program.
The function that to carry out executable program in the described step (1) is compiled into library file.
Described step (2) is described to set and is meant order is set in the environmental variance.
The library file that the library file of the described appointment of described step (3) is compiled into for the function of carrying out executable program.
The step of the function of heavy duty execution executable program is as follows in the described step (4):
(41) compiler directive and the parameter that program compiler is passed into is saved in the journal file of appointment according to the form that the user needs;
(42) utilize the dynamic link library handling function that provides in the system library, find the function of the execution executable program that system provides;
(43) the original directive parameter is passed to the function of the execution executable program of system, called;
(44) result is returned caller.
The function of described execution executable program is exec () function, and the function that described system carries out executable program is the exec of system () built-in function, and described environmental variance is the LD_PRELOAD environmental variance.
Described library file is the libmyexec.so library file.
Described order refers to export LD_PRELOAD=libmyexec.so.
Described exec () function is a family of functions, comprises execv (), execve (), 3 functions of execvp ().
The function of the operation dynamic link library in the described step (42) is meant the dlopen function.
Compared with prior art, the present invention has following beneficial effect:
1, the present invention is that structure to software package carries out integrated method, has solved the problem of obtaining software package compiling order and parameter, makes the code compile testing tool can complete, correctly write down and reproduce all processes that software package compiles.
2, the mode by setting, being used for of allowing compiling system found before finding the C system library that we realize are replaced the dynamic link library of the function of system's executable program.
3, be used in the function of interception system executable program, we have write the function of new execution executable program again, and it at first writes down complete compiler directive parameter, and then calls the function of real system's executable program.So both obtained the order of compiling, and do not influenced the carrying out of normal compilation again, whole process is transparent for the software package that is compiled.
4, intercept and capture compilation process by the mode of the system call that compiling is relevant in the heavily loaded dynamic link library, applied widely, can be suitable for so long as have the platform of dynamic link library mechanism.Promptly the method for calling by interception system is obtained the process of whole compiling, is applicable to that all have dynamic link function operations system platform.The information completely that obtains is not because order can be walked around system call and be carried out by system separately.Transparency height for the tested software bag does not influence original compilation process fully simultaneously.
Description of drawings
Fig. 1: prior art schematic diagram;
Fig. 2: be principle of the invention figure.
Embodiment
Below in conjunction with accompanying drawing, to a kind of main treatment step that allows the method that code analysis tool obtains detected software package compilation process of the present invention:
(1) realizes exec () function, promptly write the function that is used for replacing the exec of system () built-in function; Exec () function is compiled into the libmyexec.so library file;
(2) set; Specifically be that order export LD_PRELOAD=libmyexec.so is set in the LD_PRELOAD environmental variance;
(3) program compiler finds the libmyexec.so library file of LD_PRELOAD environmental variance appointment;
(4) program compiler is passed to heavy duty exec () function later with compiler directive and parameter;
Exec () function is a family of functions, comprises execv (), execve (), and 3 functions of execvp (), the step of 3 functions that heavily loaded exec () function is included is as follows:
(41) compiler directive and the parameter that program compiler is passed into is saved in the log file of appointment according to the form that the user needs;
(42) utilize dynamic link library operation the exec () function that provides in the dlopen storehouse, real system the exec () built-in function that finds system to provide;
(43) the original directive parameter is passed to real system exec () built-in function, called;
(44) result is returned caller.
(5) information of actual compiler directive is promptly obtained in the compiler directive of exec () function record from exec () function parameters;
(6) calling system exec () built-in function.
We have designed the process that the method for calling by interception system is obtained whole compiling according to the principle of operating system execution user command.We are example with Linux, and concrete method for interception is described.This principle is applicable to that also all have dynamic link function operations system platform.
In linux system, user program is carried out new order in the mode of calling system exec () built-in function system call usually.The compiling system of software package also is like this.Program compiler is passed to the exec of system () built-in function with it as parameter after having determined the compiler directive that will carry out.It is exec () function that exec () creates a new process, and the order of appointment in the execution parameter in new process.So exec () function is exactly the function that can see all compiler directives.The information that we need can obtain at exec () function place.
In general exec () is in the standard C routine library, is called in the mode of dynamic link.Can be by the mode of LD_PRELOAD environmental variance be set, the dynamic link library that is used for replacing the exec of system () built-in function that allows compiling system before finding the C system library, find us to realize.Be used in the storehouse of interception system exec () built-in function, we have realized new exec () function again.In the exec () function that we realize, at first write down complete compiler directive parameter, and then call real system exec () built-in function.So both obtain the order of compiling, do not influenced the carrying out of normal compilation again.Whole process is transparent for the software package that is compiled.
Mode by the system call that compiling is relevant in the heavily loaded dynamic link library is intercepted and captured compilation process, and is applied widely, can be suitable for so long as have the platform of dynamic link library mechanism.The information completely that obtains is not because order can be walked around system call and be carried out by system separately.Transparency height for the tested software bag does not influence original compilation process fully simultaneously.
Should be noted that at last: above embodiment is only in order to illustrate that technical scheme of the present invention is not intended to limit, although the present invention is had been described in detail with reference to the foregoing description, those of ordinary skill in the field are to be understood that: still can make amendment or be equal to replacement the specific embodiment of the present invention, and do not break away from any modification of spirit and scope of the invention or be equal to replacement, it all should be encompassed in the middle of the claim scope of the present invention.
Claims (8)
1. method that allows code analysis tool obtain detected software package compilation process is characterized in that: comprise following operation steps:
(1) realize to carry out the function of executable program, promptly write and be used for the replacement system and carry out the function of executable program;
(2) set;
(3) program compiler finds the library file of environmental variance appointment;
(4) program compiler is passed to compiler directive and parameter the function of heavy duty execution executable program later;
(5) function of carrying out executable program writes down compiler directive, promptly obtains the information of actual compiler directive from the function parameters of carrying out executable program;
(6) calling system is carried out the function of executable program.
2. method according to claim 1 is characterized in that, the function that will carry out executable program in the described step (1) is compiled into library file.
3. method according to claim 2 is characterized in that, described step (2) is described to set and be meant order is set in the environmental variance.
4. method according to claim 3 is characterized in that, the library file that the library file of the described appointment of described step (3) is compiled into for the function of carrying out executable program.
5. method according to claim 4 is characterized in that, the step of the function of heavy duty execution executable program is as follows in the described step (4):
(41) compiler directive and the parameter that program compiler is passed into is saved in the journal file of appointment according to the form that the user needs;
(42) utilize the dynamic link library handling function that provides in the system library, find the function of the execution executable program that system provides;
(43) the original directive parameter is passed to the function of the execution executable program of system, called;
(44) result is returned caller.
6. method according to claim 1 is characterized in that, the function of described execution executable program is exec () function, and the function that described system carries out executable program is the exec of system () built-in function, and described environmental variance is the LD-PRELOAD environmental variance.
7. method according to claim 6 is characterized in that, described exec () function is a family of functions, comprises execv (), execve (), 3 functions of execvp ().
8. method according to claim 5 is characterized in that, the function of the operation dynamic link library in the described step (42) is meant the dlopen function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102592525A CN101937389A (en) | 2009-12-17 | 2009-12-17 | Method for acquiring compilation process of detected software packet by code analysis tool |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102592525A CN101937389A (en) | 2009-12-17 | 2009-12-17 | Method for acquiring compilation process of detected software packet by code analysis tool |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101937389A true CN101937389A (en) | 2011-01-05 |
Family
ID=43390729
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009102592525A Pending CN101937389A (en) | 2009-12-17 | 2009-12-17 | Method for acquiring compilation process of detected software packet by code analysis tool |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101937389A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9110737B1 (en) | 2014-05-30 | 2015-08-18 | Semmle Limited | Extracting source code |
| CN106325965A (en) * | 2015-06-24 | 2017-01-11 | 龙芯中科技术有限公司 | Method and device for compiling of operating system |
| US10048960B2 (en) | 2014-12-17 | 2018-08-14 | Semmle Limited | Identifying source code used to build executable files |
| CN111124373A (en) * | 2019-12-26 | 2020-05-08 | 武汉精鸿电子技术有限公司 | Test software development method and device and test equipment |
| US10810007B2 (en) | 2017-12-29 | 2020-10-20 | Microsoft Technology Licensing, Llc | Classifying system-generated code |
-
2009
- 2009-12-17 CN CN2009102592525A patent/CN101937389A/en active Pending
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9110737B1 (en) | 2014-05-30 | 2015-08-18 | Semmle Limited | Extracting source code |
| US9612850B2 (en) | 2014-05-30 | 2017-04-04 | Semmle Limited | Extracting source code |
| US9645804B2 (en) | 2014-05-30 | 2017-05-09 | Semmle Limited | Extracting source code |
| US9946525B2 (en) | 2014-05-30 | 2018-04-17 | Semmle Limited | Extracting source code |
| US10048960B2 (en) | 2014-12-17 | 2018-08-14 | Semmle Limited | Identifying source code used to build executable files |
| CN106325965A (en) * | 2015-06-24 | 2017-01-11 | 龙芯中科技术有限公司 | Method and device for compiling of operating system |
| CN106325965B (en) * | 2015-06-24 | 2019-09-10 | 龙芯中科技术有限公司 | The Compilation Method and device of operating system |
| US10810007B2 (en) | 2017-12-29 | 2020-10-20 | Microsoft Technology Licensing, Llc | Classifying system-generated code |
| CN111124373A (en) * | 2019-12-26 | 2020-05-08 | 武汉精鸿电子技术有限公司 | Test software development method and device and test equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101739339B (en) | Program dynamic dependency relation-based software fault positioning method | |
| CN106503563B (en) | Batch leak detection method based on general framework | |
| CN103577324B (en) | Static detection method for privacy information disclosure in mobile applications | |
| Li et al. | A comparative study on software vulnerability static analysis techniques and tools | |
| CN108073400A (en) | Software automation construction method, server and storage medium | |
| WO2014052655A2 (en) | Policy evaluation based upon dynamic observation, static analysis and code change history | |
| CN104077140A (en) | Automatic compiling method and compiling device for continuous integration | |
| WO2014210177A1 (en) | Prioritization of tests of computer program code | |
| CN104021084A (en) | Method and device for detecting defects of Java source codes | |
| CN102110051A (en) | Static defect detection method of application program slicing technology | |
| CN101937389A (en) | Method for acquiring compilation process of detected software packet by code analysis tool | |
| CN105094939B (en) | A kind of software source file Static Analysis Method realized based on the automatic techniques of compiling of Makefile | |
| CN102567164A (en) | Instruction set batch testing device and method for processor | |
| CN104156311A (en) | Embedded type C language target code level unit testing method based on CPU simulator | |
| CN103823665A (en) | SDK (software development kit) activeness analyzing method, network server and system | |
| CN102521135B (en) | The method of testing of linear system and device | |
| Fu et al. | Resurgence of regression test selection for c++ | |
| KR20140088963A (en) | System and method for testing runtime error | |
| CN107480061B (en) | Automatic regression testing method for constructing change module based on Jenkins CI | |
| US8930765B2 (en) | Systems and methods for feedback driven regression testing | |
| CN115795489B (en) | Software vulnerability static analysis method and device based on hardware-level process tracking | |
| CN111752586A (en) | Method and system for detecting unrepaired bugs of cross-architecture embedded equipment firmware | |
| CN113836023B (en) | Compiler security testing method based on architecture cross check | |
| CN110737590A (en) | off-line debugging method | |
| CN113051582B (en) | Computer software technology development and debugging system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: ZHANG ? Free format text: FORMER OWNER: BEIJING CODETEST INFORMATION TECHNOLOGY CO., LTD. Effective date: 20111107 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20111107 Address after: 100085 Beijing city Haidian District Anning Zhuang three No. 9 Building 1 layer 2 5 unit 208 Applicant after: Zhang Yan Address before: 100085 Beijing City, Haidian District road 25, 1303 small business Qinghe Applicant before: Beijing Codetest Information Technology Co., Ltd. |
|
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110105 |