CN101807157B - Defensive programming method based on function access global variables - Google Patents
Defensive programming method based on function access global variables Download PDFInfo
- Publication number
- CN101807157B CN101807157B CN2010101358769A CN201010135876A CN101807157B CN 101807157 B CN101807157 B CN 101807157B CN 2010101358769 A CN2010101358769 A CN 2010101358769A CN 201010135876 A CN201010135876 A CN 201010135876A CN 101807157 B CN101807157 B CN 101807157B
- Authority
- CN
- China
- Prior art keywords
- global variable
- global
- access
- function
- global variables
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Stored Programmes (AREA)
Abstract
The invention relates to a defensive programming method based on function access global variables, which is characterized by comprising the following steps of: (1) hiding global variable names: enabling the protected declaration of global variables to not appear in a quoted header file, and providing a defined file as a binary file or prescribing that names which are not contained in the declaration of the header file can not be used through programming specification files, thereby realizing the purpose of hiding the global variable names; (2) declaring an access function of the global variables and a data structure of the global variables: declaring the data structure of the global variables and the access function of the global variables in the header file, adding a mutex lock in the data structure of the global variables, and respectively declaring an acquiring function and a modifying function; and (3) defining the access function of the global variables: selecting asserted defense or other existing function defense methods, programming code defense, context access defense and mutex defense in the definition phase of the access function of the global variables. The invention can prevent wrong global variables from being accessed in the programming process, realize global variable access of different rights, and automatically judge the context to shield the access of the task which has no right to access the global variables.
Description
Technical field
The present invention relates to a kind of safety method of computer program, especially a kind of a kind of safety defense method that in the software that the defensive programming requirement is arranged, uses, specifically a kind of defensive programming method based on function access global variables.
Background technology
As everyone knows, defensive programming is a kind of careful, careful programmed method.In order to develop reliable software, need each assembly in the design system so that its as much as possible " protection " oneself.Through clearly in code to imagining mistake inspection, the wrong generation of defence imagination.This effort prevents that (discovering at least) code from producing uncertain result when being called by the behavior of possible errors.Defensive programming can be found problem of smaller as early as possible, rather than waits until when they develop into big disaster and just find.Certainly, defensive programming can not be got rid of all program errors.But problem institute trouble caused will reduce, and is easy to revise.Defensive programming is a kind of defense mechanisms, rather than a kind of form of remedying.Defensive programming method commonly used is at present paid attention to the defence to function body, but in programming, will use global variable inevitably.Ignore the defensive measure when calling global variable if only protected function body, short slab just on defense system, occurred.
Summary of the invention
The objective of the invention is to have ignored the safety problem that global variable causes mostly, design a kind of defensive programming method based on function access global variables to existing defence programmed method.
Technical scheme of the present invention is:
A kind of defensive programming method based on function access global variables is characterized in that it comprises following three aspects: the global variable title is hidden, the statement of global variable access function and global variable data structure, definition global variable access function; Described global variable title is hidden and to be meant the statement that protected global variable in the header file that is cited, do not occur, and defined file provided as binary file or can not be used through the title beyond the statement of programming authority file regulation header file has promptly accomplished hiding of global variable title; The statement of described global variable access function and global variable data structure is meant the data structure of statement global variable in header file and the access function of global variable; And in the global variable data structure, add mutual exclusion lock, will obtain function and separate statement with the modification function; Described definition global variable access function was meant in definition phase of global variable access function selects to assert defence or other existing function defence method, the defence of programming password, access context defence and mutual exclusion defence.
The defence of being adopted during definition global variable access function comprises obtaining of global variable and revises the contextual access control defence of programming cryptoguard defence, global variable and the exclusive reference control defence of global variable.
Beneficial effect of the present invention:
1. through the coherency management of global variable access password and access function, prevented the global variable of access errors in the programming.
2. obtain and revise the access code of global variable through difference, accomplish the global variable access of different rights.
3. can be through contextual access control defence through judging that context shields the task visit of having no right to visit this global variable in multitask system.
4. can guarantee that through exclusive reference control defence this global variable is by the atomicity of access process.
Embodiment
Below in conjunction with embodiment the present invention is further described.
A kind of defensive programming method based on function access global variables; In conjunction with existing defensive programming method software is more comprehensively defendd; It can also be on the defensive to global variable through the defensive programming method that uses function; Concrete steps comprise the defense function of hiding global variable title, encapsulation global variable access function interface and global variable access function, realize as follows respectively:
(1). hide the global variable title; The statement of protected global variable in the header file that is cited, do not occur, and defined file provided as binary file or can not be used through the title beyond the statement of programming authority file regulation header file promptly accomplished hiding of global variable title.
(2). encapsulation global variable access function interface comprises the statement of global variable data structure and access function; Shown in the header file key content; The data structure of statement global variable and the access function of global variable in header file; Suggestion adds mutual exclusion lock in the global variable data structure, suggestion will be obtained function (like global_var_get) and separated statement with modification function (like global_var_set).
(3). the defense function 1 of global variable access function: the programming cryptoguard of obtaining and revise of global variable is defendd; As assert and defend or other existing function defence method, the defence of programming password etc.;
(4). the defense function 2 of global variable access function: the contextual access control defence of global variable;
(5). the defense function 3 of global variable access function: the exclusive reference control defence of global variable.
Below be a concrete software to global variable realization defence:
The header file key content:
typedef?struct
{
BOOL locked; // visit mutual exclusion lock
char?var_char;
int?var_int;
int*var_intp;
……
Global_var_struct; The statement of // global variable data structure
extern?result?global_var_get(int,global_var_struct*);
extern?result?global_var_set(int,global_var_struct);
The defined file key content:
global_val_struct?global_val_real;
result?global_var_get(int?key,global_var_struct*global_varp)
{
[assert ()] // assert and defend or other existing function defence method
If (key!=GLOBAL_VAR_GETKEY) // to this global variable obtain add the programming close
Sign indicating number
{
return(GETKEYERROR)
}
If (context determination failure) // access context is defendd
{
return(CONTEXTERROR)
}
If (global_val_real.locked==TRUE) // mutual exclusion defence
{
return(LOCKED)
}
global_val_real.locked=TRUE
global_varp->var_char=global_val_real.var_char
global_varp->var_int=global_val_real.var_int
global_varp->var_intp=global_val_real.var_intp
……
global_val_real.locked=FALSE
return(OK)
}
result?global_var_set(int?key,global_var_struct?global_var)
{
[assert ()] // assert and defend or other existing function defence method
If (key!=GLOBAL_VAR_GETKEY) // this global variable revised to add programming close
Sign indicating number
{
return(SETKEYERROR)
}
If (context determination failure) // access context is defendd
{
return(CONTEXTERROR)
}
If (global_val_real.locked==TRUE) // mutual exclusion defence
{
return(LOCKED)
}
global_val_real.locked=TRUE
global_var_real.var_char=global_val.var_char
global_var_real.var_int=global_val.var_int
global_var_real.var_intp=global_val.var_intp
……
global_val_real.locked=FALSE
return(OK)
}
The present invention does not relate to all identical with the prior art prior art that maybe can adopt of part and realizes.
Claims (2)
1. defensive programming method based on function access global variables is characterized in that it comprises following three aspects: the global variable title is hidden, and the statement of global variable access function and global variable data structure defines the global variable access function; Described global variable title is hidden and is meant that the statement of protected global variable does not appear in < 1>in the header file that is cited; < 2>defined file is provided with the binary file form or can not be used, accomplish above two steps and promptly accomplished hiding of global variable title through the title beyond the statement of programming authority file regulation header file; The statement of described global variable access function and global variable data structure is meant the data structure of statement global variable in header file and the access function of global variable; And in the global variable data structure, add mutual exclusion lock, will obtain function and separate statement with the modification function; Described definition global variable access function was meant in the definition phase of global variable access function selects to assert that defence, programming password are defendd, access context is defendd and the mutual exclusion defence.
2. the defensive programming method based on function access global variables according to claim 1, the defence of being adopted when it is characterized in that defining the global variable access function comprise obtaining of global variable and revise the contextual access control defence of programming cryptoguard defence, global variable and the exclusive reference control defence of global variable.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101358769A CN101807157B (en) | 2010-03-30 | 2010-03-30 | Defensive programming method based on function access global variables |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101358769A CN101807157B (en) | 2010-03-30 | 2010-03-30 | Defensive programming method based on function access global variables |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101807157A CN101807157A (en) | 2010-08-18 |
| CN101807157B true CN101807157B (en) | 2012-08-29 |
Family
ID=42608963
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010101358769A Active CN101807157B (en) | 2010-03-30 | 2010-03-30 | Defensive programming method based on function access global variables |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101807157B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102841782B (en) * | 2011-06-23 | 2017-08-01 | 腾讯科技(深圳)有限公司 | global variable management method and device |
| CN103049334B (en) | 2012-12-14 | 2015-09-30 | 华为技术有限公司 | A kind of method of task process and virtual machine |
| CN106980544B (en) * | 2017-03-31 | 2020-03-03 | 北京奇艺世纪科技有限公司 | Thread synchronization method and thread synchronization system |
| CN111859312B (en) * | 2020-08-06 | 2022-12-30 | 泉芯集成电路制造(济南)有限公司 | Protection method and device for initial parameter value |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1680921A (en) * | 2004-03-29 | 2005-10-12 | 居里泰尔公司 | Apparatus and method for initializing system global variables by using multiple load/store instructions |
| CN1879067A (en) * | 2003-11-05 | 2006-12-13 | 罗伯特.博世有限公司 | Method and device for adapting functions for controlling operating sequences |
| CN1983191A (en) * | 2005-12-12 | 2007-06-20 | 中兴通讯股份有限公司 | Method for setting up scheduling restricted zone in built-in realtime system by global variable |
| CN101211273A (en) * | 2006-12-25 | 2008-07-02 | 上海科泰世纪科技有限公司 | Method for automatic creation for Singleton mode in component programming |
-
2010
- 2010-03-30 CN CN2010101358769A patent/CN101807157B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1879067A (en) * | 2003-11-05 | 2006-12-13 | 罗伯特.博世有限公司 | Method and device for adapting functions for controlling operating sequences |
| CN1680921A (en) * | 2004-03-29 | 2005-10-12 | 居里泰尔公司 | Apparatus and method for initializing system global variables by using multiple load/store instructions |
| CN1983191A (en) * | 2005-12-12 | 2007-06-20 | 中兴通讯股份有限公司 | Method for setting up scheduling restricted zone in built-in realtime system by global variable |
| CN101211273A (en) * | 2006-12-25 | 2008-07-02 | 上海科泰世纪科技有限公司 | Method for automatic creation for Singleton mode in component programming |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101807157A (en) | 2010-08-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Chen et al. | DeepAttest: An end-to-end attestation framework for deep neural networks | |
| CN101807157B (en) | Defensive programming method based on function access global variables | |
| US8001596B2 (en) | Software protection injection at load time | |
| CN101946232B (en) | Qualification of conditional debug instructions based on address | |
| Dahse et al. | Code reuse attacks in php: Automated pop chain generation | |
| KR20160119140A (en) | Region identifying operation for identifying region of a memory attribute unit corresponding to a target memory address | |
| US20150088476A1 (en) | Integrated Model-Based Safety Analysis | |
| CN105224864A (en) | A kind of progress of work method of randomization and system resisting code reuse attack | |
| US10789178B2 (en) | Method of secure memory addressing | |
| CN110022311B (en) | Attack graph-based automatic generation method for cloud outsourcing service data leakage safety test case | |
| US20110145924A1 (en) | Method for detection and prevention of loading executable files from the current working directory | |
| CN102667712A (en) | System, method and apparatus for simultaneous definition and enforcement of access-control and integrity policies | |
| CN112416556B (en) | Data read-write priority balancing method, system, device and storage medium | |
| CN105608391A (en) | Multi-ELF (Executable and Linkable Format)-file protection method and system | |
| Shan et al. | Mobile agent protection with self-modifying code | |
| US20200342008A1 (en) | System for lightweight objects | |
| US20170329973A1 (en) | System and method for preventing execution of malicious instructions stored in memory and malicious threads within an operating system of a computing device | |
| Muntean et al. | Analyzing control flow integrity with LLVM-CFI | |
| CN114595462A (en) | Data processing method and device | |
| He et al. | Exploiting binary-level code virtualization to protect Android applications against app repackaging | |
| CN105956425A (en) | Android application protection method based on smali code obfuscation | |
| Zeng et al. | Abstract interpretation-based semantic framework for software birthmark | |
| Wang et al. | Supervisory control of software execution for failure avoidance: Experience from the gadara project | |
| Lafortune et al. | Eliminating concurrency bugs in multithreaded software: An approach based on control of petri nets | |
| Guangli et al. | The code obfuscation technology based on class combination |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |