CN104331370A - Stack security detection method and system - Google Patents
Stack security detection method and system Download PDFInfo
- Publication number
- CN104331370A CN104331370A CN201410696490.3A CN201410696490A CN104331370A CN 104331370 A CN104331370 A CN 104331370A CN 201410696490 A CN201410696490 A CN 201410696490A CN 104331370 A CN104331370 A CN 104331370A
- Authority
- CN
- China
- Prior art keywords
- function
- executable file
- loop
- call
- stack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention provides a stack security detection method and system. The stack security detection method comprises the following steps: loading an executable file; obtaining a function call tree of the executable file by using an inlet function of the executable file as a starting point and judging whether a function loop call exists or not; and when the function loop call exists in the function call tree of the executable file, identifying that the function loop call exists in the executable file. The stack security detection system comprises an executable file loading module used for loading the executable file to be analyzed, and a function call analyzing module connected with the executable file loading module and used for obtaining the function call tree of the executable tree by using the inlet function of the executable file as the starting point and judging whether the function loop call exists in the function call tree of the executable file and identifying that the function loop call exists in the executable file when the function loop call exists in the function call tree of the executable file. The technical scheme of the invention is used for positioning analysis of a problem of system task stack overflow.
Description
Technical field
The present invention relates to a kind of field of computer technology, particularly relate to a kind of stack safety detection method and system.
Background technology
In computer science, ' call stack ' (Call Stack) is the class stack for storage subroutine information, another name execution stack (execution stack), control stack (control stack), run time stack (run-time stack) and machine stack (machine stack), also frequent referred to as " stack " (" the stack ") in English.The maintenance of call stack is to the normal operation important in inhibiting of most software, but general higher level lanquage all can be hidden its details and automatically safeguard.
In embedded system, the stack space of each task is very little, is easy to produce task stack overflow and causes system reset, the stability of influential system in system operation.In system operation, the stack overflow of a task is caused by two reasons usually: one to be that the function level called crosses the stack space of function application that is dark or that call too large.Two is function call loops, as recursive call.Above two reasons cause system reset more common with second reason, therefore all can avoid directly or indirectly function recursive call in the performance history of embedded system as far as possible.
Given this, in order to determine or avoid function call loop to cause stack overflow problem, how function call loop detection is carried out to the image file of system loads operation and become those skilled in the art's problem demanding prompt solution.
Summary of the invention
The shortcoming of prior art in view of the above, the object of the present invention is to provide a kind of stack safety detection method and system, runs that image file outcome function calls loop and the stack overflow that causes is difficult to the problem of locating for solving in prior art.
For achieving the above object and other relevant objects, the invention provides a kind of stack safety detection method, described stack safety detection method comprises: load executable file; With the function call tree of the entrance function of described executable file described executable file for starting point obtains, and judge whether that existence function loop calls; In the function call tree of described executable file, there is described function loop when calling, identify described executable file existence function loop and call.
Alternatively, the specific implementation of the function call tree of the described executable file of described acquisition comprises: with the entrance function of described executable file for starting point, all subfunctions that the function obtained in described executable file by dis-assembling analytical approach recurrence is called, to obtain function call tree.
Alternatively, the machine language one_to_one corresponding of described dis-assembling analytical approach and described executable file.
Alternatively, described judge whether that existence function loop calls be implemented as: whether the subfunction node that in detection function call-tree, each function calls occurred to the operating path of described function at described executable file entrance function, if occurred, for existence function loop calls.
Alternatively, described executable file comprises the image file in embedded system.
The present invention also provides a kind of stack safety detecting system, and described stack safety detecting system comprises: executable file load-on module, for loading executable file to be analyzed; Function call analysis module, is connected with described executable file load-on module, for the function call tree of the entrance function of described executable file described executable file for starting point obtains, and judges in described function call tree, whether existence function calls loop; In the function call tree of described executable file, there is described function loop when calling, identify described executable file existence function loop and call.
Alternatively, described function call analysis module comprises dis-assembling unit, all subfunctions that described dis-assembling unit calls for the function obtaining described executable file; Describedly call analytic function obtains described executable file function call tree by described dis-assembling unit.
Alternatively, the machine language one_to_one corresponding of described dis-assembling unit and described executable file.
Alternatively, described judge whether that existence function loop calls be implemented as: whether the subfunction node that in detection function call-tree, each function calls occurred to the operating path of described function at described executable file entrance function, if occurred, for existence function loop calls.
Alternatively, described executable file comprises the image file in embedded system.
As mentioned above, a kind of stack safety detection method of the present invention and system, there is following beneficial effect: by a kind of simple and technical scheme that is that easily realize, use the loaded image file of dis-assembling means analysis system, detect the loop point of invocation existed in task, for the positioning analysis of the use of system task stack or task stack overflow problem provides effective data, the location of relevant issues can be accelerated.
Accompanying drawing explanation
Fig. 1 is shown as the method schematic diagram of an embodiment of a kind of stack safety detection method of the present invention.
Fig. 2 is shown as the method step schematic diagram of an embodiment of a kind of stack safety detection method of the present invention.
Fig. 3 is shown as the method step schematic diagram of an embodiment of a kind of stack safety detection method of the present invention.
Fig. 4 is shown as the method step schematic diagram of an embodiment of a kind of stack safety detection method of the present invention.
Fig. 5 is shown as the method step schematic diagram of an embodiment of a kind of stack safety detection method of the present invention.
Fig. 6 is shown as the module diagram of an embodiment of a kind of stack safety detecting system of the present invention.
Element numbers explanation
1 stack safety detecting system
11 executable file load-on modules
12 function call analysis modules
S1 ~ S3 step
Embodiment
Below by way of specific instantiation, embodiments of the present invention are described, those skilled in the art the content disclosed by this instructions can understand other advantages of the present invention and effect easily.The present invention can also be implemented or be applied by embodiments different in addition, and the every details in this instructions also can based on different viewpoints and application, carries out various modification or change not deviating under spirit of the present invention.
It should be noted that, the diagram provided in the present embodiment only illustrates basic conception of the present invention in a schematic way, then only the assembly relevant with the present invention is shown in graphic but not component count, shape and size when implementing according to reality is drawn, it is actual when implementing, and the kenel of each assembly, quantity and ratio can be a kind of change arbitrarily, and its assembly layout kenel also may be more complicated.
The invention provides a kind of stack safety detection method.In one embodiment, as shown in Figure 1, described stack safety detection method comprises:
Step S1, loads executable file.In one embodiment, described executable file is the image file in embedded system.
Step S2, with the function call tree of the entrance function of described executable file described executable file for starting point obtains, and judges whether that existence function loop calls.The specific implementation of the function call tree of the described executable file of described acquisition comprises: with the entrance function of described executable file for starting point, all subfunctions that the function obtained in described executable file by dis-assembling analytical approach recurrence is called, to obtain function call tree.Particularly, the machine language one_to_one corresponding of described dis-assembling analytical approach and described executable file.In one embodiment, described dis-assembling analytical approach has multiple, and respectively from the machine language one_to_one corresponding of different described executable files, the machine language according to the executable file loaded uses different dis-assembling analytical approachs.Described judge whether that existence function loop calls be implemented as: whether the subfunction node that in detection function call-tree, each function calls occurred to the operating path of described function at described executable file entrance function, if occurred, for existence function loop calls.
, in the function call tree of described executable file, there is described function loop when calling, identify described executable file existence function loop and call in step S3.In one embodiment, described stack safety detection method, in described function call tree forming process, judges whether that existence function loop calls, if existed, then terminates the acquisition of described function call tree, identifies described executable file existence function loop and call.
In one embodiment, assuming that the source code of described executable file as shown in Figure 2, the source code of described executable file is sample.c.Each in sample.c exist two function call loops, as follows: one is direct recursive call: task_entry->f_1 ()->f_1 (); Two is that indirect recursion is called: task_entry->f_2 ()->f_3 ()->f_4 ()->f_2 ().Described sample.c is compiled link system and can loads in image file vxWorks.gz, and task_entry is the entrance function of task.This method loads image file vxWorks.gz and with task entrance function (task_entry) for starting point, carries out dis-assembling analysis to the code segment that can load image file (vxWorks.gz).The result obtained after analysis as shown in Figure 3, as can see from Figure 3, by knowing that task_entry have invoked subfunction f_1, f_2, memcmp, memset to the dis-assembling analysis of vxWorks.gz document code section.Same method carries out dis-assembling analysis to f_1, f_2, memcmp, memset respectively, obtains the subfunction that these functions call equally, finally obtains the function call tree of task as shown in Figure 4.Whether detect to the function call tree in Fig. 4 the subfunction node that each function calls to occur to the operating path of this function at task entrance function, if occurred, be there is recursive call, namely existence function loop calls.Testing result as shown in Figure 5, there are two in function call tree and call loop: one is function call path (task_entry->f_1->f_1), last function node (f_1) can calling on path (task_entry->f_1) of one deck find thereon, then think that loop (recursive call) is called in existence.Two is function call path (task_entry->f_2->f_3-GreatT. GreaT.GTf_4->f_2), last function node (f_2) can calling on path (task_entry->f_2->f_3-GreatT. GreaT.GTf_4) of one deck find thereon, then think that loop is called in existence.At this moment just can identify described executable file existence function loop to call.
The present invention also provides a kind of stack safety detecting system.In one embodiment, as shown in Figure 6, described stack safety detecting system 1 comprises executable file load-on module 11 sum functions and calls analysis module 12.Wherein:
Executable file load-on module 11 is for loading executable file to be analyzed.In one embodiment, described executable file comprises the image file in embedded system.
Function call analysis module 12 is connected with described executable file load-on module 11, for with the function call tree of the entrance function of described executable file described executable file for starting point obtains, and judge in described function call tree, whether existence function calls loop; In the function call tree of described executable file, there is described function loop when calling, identify described executable file existence function loop and call.Described judge whether that existence function loop calls be implemented as: whether the subfunction node that in detection function call-tree, each function calls occurred to the operating path of described function at described executable file entrance function, if occurred, for existence function loop calls.In one embodiment, described function call analysis module 12 comprises dis-assembling unit, all subfunctions that described dis-assembling unit calls for the function obtaining described executable file; Describedly call analytic function obtains described executable file function call tree by described dis-assembling unit.The machine language one_to_one corresponding of described dis-assembling unit and described executable file.Described dis-assembling analytical approach can have multiple, and respectively from the machine language one_to_one corresponding of different described executable files, the machine language according to the executable file loaded uses different dis-assembling analytical approachs.
In one embodiment, obtain in the process of described function call tree at the described analysis module 12 that calls, judge whether that existence function loop calls, if existed, then terminate the acquisition of described function call tree, identify described executable file existence function loop and call.
In sum, a kind of stack safety detection method of the present invention and system, there is following beneficial effect: by a kind of simple and technical scheme that is that easily realize, use the loaded image file of dis-assembling means analysis system, detect the loop point of invocation existed in task, for the positioning analysis of the use of system task stack or task stack overflow problem provides effective data, the location of relevant issues can be accelerated.So the present invention effectively overcomes various shortcoming of the prior art and tool high industrial utilization.
Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not for limiting the present invention.Any person skilled in the art scholar all without prejudice under spirit of the present invention and category, can modify above-described embodiment or changes.Therefore, such as have in art usually know the knowledgeable do not depart from complete under disclosed spirit and technological thought all equivalence modify or change, must be contained by claim of the present invention.
Claims (10)
1. a stack safety detection method, is characterized in that, described stack safety detection method comprises:
Load executable file;
With the function call tree of the entrance function of described executable file described executable file for starting point obtains, and judge whether that existence function loop calls;
In the function call tree of described executable file, there is described function loop when calling, identify described executable file existence function loop and call.
2. stack safety detection method according to claim 1, it is characterized in that: the specific implementation of the function call tree of the described executable file of described acquisition comprises: with the entrance function of described executable file for starting point, all subfunctions that the function obtained in described executable file by dis-assembling analytical approach recurrence is called, to obtain function call tree.
3. stack safety detection method according to claim 2, is characterized in that: the machine language one_to_one corresponding of described dis-assembling analytical approach and described executable file.
4. stack safety detection method according to claim 1, it is characterized in that: described in judge whether that existence function loop calls be implemented as: detect the subfunction node that each function in described function call tree calls and whether occurred to the operating path of described function at described executable file entrance function, if occurred, for existence function loop calls.
5. stack safety detection method according to claim 1, is characterized in that: described executable file comprises the image file in embedded system.
6. a stack safety detecting system, is characterized in that: described stack safety detecting system comprises:
Executable file load-on module, for loading executable file to be analyzed;
Function call analysis module, is connected with described executable file load-on module, for the function call tree of the entrance function of described executable file described executable file for starting point obtains, and judges in described function call tree, whether existence function calls loop; In the function call tree of described executable file, there is described function loop when calling, identify described executable file existence function loop and call.
7. stack safety detecting system according to claim 6, is characterized in that: described function call analysis module comprises dis-assembling unit, all subfunctions that described dis-assembling unit calls for the function obtaining described executable file; Describedly call analytic function obtains described executable file function call tree by described dis-assembling unit.
8. stack safety detecting system according to claim 7, is characterized in that: the machine language one_to_one corresponding of described dis-assembling unit and described executable file.
9. stack safety detecting system according to claim 6, it is characterized in that: described in judge whether that existence function loop calls be implemented as: whether the subfunction node that in detection function call-tree, each function calls occurred to the operating path of described function at described executable file entrance function, if occurred, for existence function loop calls.
10. stack safety detecting system according to claim 6, is characterized in that: described executable file comprises the image file in embedded system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410696490.3A CN104331370A (en) | 2014-11-26 | 2014-11-26 | Stack security detection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410696490.3A CN104331370A (en) | 2014-11-26 | 2014-11-26 | Stack security detection method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104331370A true CN104331370A (en) | 2015-02-04 |
Family
ID=52406102
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410696490.3A Pending CN104331370A (en) | 2014-11-26 | 2014-11-26 | Stack security detection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104331370A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106547606A (en) * | 2016-10-25 | 2017-03-29 | 交控科技股份有限公司 | Storehouse self checking method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090307660A1 (en) * | 2008-10-14 | 2009-12-10 | Edss, Inc. | Ticc-paradigm to build verified parallel software for multi-core chips |
| CN103902356A (en) * | 2012-12-26 | 2014-07-02 | 上海斐讯数据通信技术有限公司 | Semaphore deadlock detection method |
-
2014
- 2014-11-26 CN CN201410696490.3A patent/CN104331370A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090307660A1 (en) * | 2008-10-14 | 2009-12-10 | Edss, Inc. | Ticc-paradigm to build verified parallel software for multi-core chips |
| CN103902356A (en) * | 2012-12-26 | 2014-07-02 | 上海斐讯数据通信技术有限公司 | Semaphore deadlock detection method |
Non-Patent Citations (1)
| Title |
|---|
| 计卫星等: ""多线程程序堆栈深度分析与计算方法"", 《中国科技论文在线WWW.PAPER.EDU.CN/HTML/RELEASEPAPER/2011/10/214/》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106547606A (en) * | 2016-10-25 | 2017-03-29 | 交控科技股份有限公司 | Storehouse self checking method and device |
| CN106547606B (en) * | 2016-10-25 | 2019-07-02 | 交控科技股份有限公司 | Storehouse self checking method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103389939B (en) | A kind of detection method for the controlled distribution leak of heap and system | |
| JP7517585B2 (en) | Analytical function providing device, analytical function providing program, and analytical function providing method | |
| US8572579B2 (en) | Break on next called function or method in java debugger agent | |
| CN110457211B (en) | Script performance test method, device and equipment and computer storage medium | |
| CN104899147A (en) | Code static analysis method oriented to security check | |
| US20080028378A1 (en) | Utilizing prior usage data for software build optimization | |
| US20230028595A1 (en) | Analysis function imparting device, analysis function imparting method, and analysis function imparting program | |
| CN106997316B (en) | System and method for detecting abnormal increase of memory | |
| CN108984416B (en) | Method for evaluating dependency conflict danger level in Maven environment | |
| US20130179867A1 (en) | Program Code Analysis System | |
| CN103019942A (en) | Method and system for automatically testing applications to be tested based on android system | |
| CN108509795B (en) | Method, device and storage medium for monitoring E L F file call system function | |
| CN111027054A (en) | Method and system for judging running of application program in multi-open environment based on android system | |
| CN103019900B (en) | The testing result display packing of terminal capabilities and device | |
| EP2972880B1 (en) | Kernel functionality checker | |
| US8418151B2 (en) | Date and time simulation for time-sensitive applications | |
| US8291389B2 (en) | Automatically detecting non-modifying transforms when profiling source code | |
| CN104331370A (en) | Stack security detection method and system | |
| CN110764745B (en) | Variable transmission and collection method, device and computer readable storage medium | |
| CN116483888A (en) | Program evaluation method and device, electronic equipment and computer readable storage medium | |
| US8819625B2 (en) | Sharable development environment bookmarks for functional/data flow | |
| US9710360B2 (en) | Optimizing error parsing in an integrated development environment | |
| KR102403351B1 (en) | Method for generating vulnerability identification code of binary, and apparatus implementing the same method | |
| US20170286072A1 (en) | Custom class library generation method and apparatus | |
| US9792202B2 (en) | Identifying a configuration element value as a potential cause of a testing operation failure |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150204 |