CN105117336A - Method for processing control dependence employing dynamic marking - Google Patents

Method for processing control dependence employing dynamic marking Download PDF

Info

Publication number
CN105117336A
CN105117336A CN201510530933.6A CN201510530933A CN105117336A CN 105117336 A CN105117336 A CN 105117336A CN 201510530933 A CN201510530933 A CN 201510530933A CN 105117336 A CN105117336 A CN 105117336A
Authority
CN
China
Prior art keywords
program
dynamic
valgrind
pollution
dependence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510530933.6A
Other languages
Chinese (zh)
Other versions
CN105117336B (en
Inventor
马恒太
王雪飞
杨克
李小凤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Software of CAS
Original Assignee
Institute of Software of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Software of CAS filed Critical Institute of Software of CAS
Priority to CN201510530933.6A priority Critical patent/CN105117336B/en
Publication of CN105117336A publication Critical patent/CN105117336A/en
Application granted granted Critical
Publication of CN105117336B publication Critical patent/CN105117336B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Debugging And Monitoring (AREA)

Abstract

The invention relates to a method for processing control dependence employing dynamic marking. A critical step for realizing a dynamic stain analysis process is to realize an instrumentation operation on a binary program through a valgrind frame. According to the method, a method for processing a particular type of control dependence problem is firstly provided through analyzing the characteristics of a valgrind intermediate language and a dynamic running track of the binary program; a corresponding pollution propagation rule is made; the pollution propagation rule aiming at the control dependence problem is applied to the dynamic stain analysis process to recognize and spread implicit information; the pollution absence phenomenon is relieved; a condition jump tree of a tested program is finally established by a dynamic stain analysis method; and a test case aiming at each path is generated, so that the path coverage rate on the tested program is improved.

Description

A kind of method that dynamically labeled processing controls relies on
Technical field
The present invention relates to a kind of method that dynamically labeled processing controls relies on, belong to soft project and information security field.
Background technology
Dynamic stain analytical technology was proposed by professor DorothyE.Denning early than 1976, referred to that data markers program obtained from outside is stain, then observed the propagation of stain in program process, thus obtained the information such as the information flow in program.It is a kind ofly determine instruction and instruction in software code, the effective means of relation between instruction and data, be widely used in the analysis and research of the software security such as malware analysis, attack code detection.
Dynamic stain analytical technology effectively can follow the trail of input data at the operating track of program.By outer input data is labeled as stain, the propagation trace of record stain data, can obtain the branch information of binary program inside according to propagation trajectories.Combined symbol execution technique simultaneously, can obtain the conditional jump tree of whole program according to the branch information in program, and by calculating the test case that can travel through every paths.
The process of dynamic stain analysis mainly comprises pollution source mark, the appointment of pollution spread rule and tainting and calculates three aspects.Namely pollution source mark goes the origin of pushing up monitored data, and all data from un-trusted channel all should to be marked as " contaminated ".Pollution spread rule is the semanteme according to programmed instruction sum functions, the inference rule for stain data processing that the feature in conjunction with stain source data customizes.Tainting calculating is then on the basis of work in front two, in conjunction with the dynamic process information of Dynamic Execution monitoring, launches the analysis to stain data handling procedure, determines the relation wherein between instruction and instruction, instruction and data.
In dynamic stain analysis, the propagation of data comprises data dependence propagation and controls to rely on propagation.Data dependence dissemination process is got up very simple, if having contamination data in source operand, so corresponding target operand also should be marked as stain data.Control to rely on and propagate relative complex a lot, will cause polluting disappearance if can not process, the data causing some to be labeled are not labeled, and lose a lot of information.In order to processing controls Dependence Problem, conventional method carries out control flow analysis to program exactly.First the controlling stream graph of generator program, then generates Dominator tree and rear Dominator tree, judges which data is determined by controlled condition, thus these data are also labeled as stain data.But this Measures compare is applicable to the static analysis for source code, then needs dis-assembling for binary program, the process of dis-assembling may lose important information again.Then there is a lot of difficulty in the dynamically labeled method for binary program, is all that the one performed in all branch condition is selected during program each run, only can not judge the situation of another paths of branch condition place according to this execution.
Summary of the invention
The technology of the present invention is dealt with problems: overcome the deficiencies in the prior art, a kind of method that dynamically labeled processing controls relies on is provided, process mainly for the control Dependence Problem in dynamic stain analysis, binary program is being carried out in the process of dynamic stain analysis, Dynamic Recognition controls the contamination data that Dependence Problem causes, marked and propagate, the impact of pollution abatement disappearance, improves the path coverage of test.
Technical solution of the present invention: the method for this dynamic process control Dependence Problem in dynamic contamination analysis process, comprises following two aspects:
(1) dynamic contamination analysis is carried out to program, utilize Valgrind framework to carry out pitching pile operation to tested binary program, using outside input file as pollution source, follow the tracks of tainting path, the Dynamic Execution track of final acquisition program.The feature of program Dynamic Execution track analyzed Valgrind intermediate language VEXIR and obtain, formulates accordingly for the pollution spread rule controlling Dependence Problem.
(2) in the process of dynamic contamination analysis, pollution spread rule is implemented.When carrying out dynamic contamination analysis to tested program, the branch information on collection procedure Dynamic Execution track, extracts constraint condition set, utilizes solver to solve the value whether having and satisfy condition at every turn, if existed, can generate new sub-test case.Constantly repeat this process, the conditional jump tree that the program that finally constructs is complete, the corresponding paths of each test case, by inputting all paths of different test case final test binary programs.
Described by Valgrind framework realize the pitching pile of binary program has been operated time, it can be divided into fundamental block one by one by Valgrind, each process fundamental block, first current basic block is translated into intermediate language VEX, then specific Valgrind instrument is passed to, complete pitching pile operation, the intermediate language that pitching pile is good the most at last recompilates into machine code.
The described feature by analyzing Valgrind intermediate language VEXIR and program Dynamic Execution track, the process formulated accordingly for the pollution spread rule controlling Dependence Problem is as follows:
(1) by analyzing the feature of VEXIR and program Dynamic Execution track, definition controls the flag attribute formula relying on correlated variables.
(2) according to the difference of father's use-case and sub-use-case role, according to flag attribute formulating propagation rule.
Constructing and adding the information obtaining controlling the relevant variable of dependence according to pollution spread rule in the process of the conditional jump of traversal program tree.Reach introductory path to every paths negate, now routing information is not only from data dependence, also contains the information controlling to rely on, can obtain more complete pollution spread information, thus the programming jump tree that structure is more complete.
Described at every turn dynamic contamination analysis is carried out to tested program after, the branch information on collection procedure Dynamic Execution track, utilizes solver to solve the value whether having and satisfy condition, constantly repeats this process, the conditional jump tree that the program that finally constructs is complete.The information that the control obtained according to pollution spread rule relies on relevant variable to be added in this process, construct more complete programming jump tree.
The present invention's advantage is compared with prior art:
(1) intermediate language of analyzing and processing is VEXIR, and it is based on static single form (SSA), and ensure that eachly is had unique definition by the variable used, make routine analyzer Dynamic Execution track and the process that lays down a regulation simpler.
(2) processing controls Dependence Problem in the process of stain analysis, does not need to carry out to binary program the controlling stream graph that dis-assembling carrys out construction procedures entirety, realizes convenient.
(3) can the Dependence Problem of processing controls dynamically, in the process that the conditional jump of construction procedures is set, improve stain data message gradually, alleviate the impact of stain disappearance, improve the path coverage of tested program.
Accompanying drawing explanation
Fig. 1 is that dynamic process of the present invention controls Dependence Problem method flow diagram;
Fig. 2 is that assembly instruction and corresponding VEXIR illustrate;
Fig. 3 is the citing of VEXIR redirect code;
Fig. 4 is source code citing and process flow diagram thereof;
Fig. 5 is the conditional jump tree that source code is corresponding;
Fig. 6 is the generative process of conditional jump tree;
Fig. 7 is the generative process that band pollutes the conditional jump tree of label.
Embodiment
Below in conjunction with Figure of description, the specific embodiment of the present invention is described in detail.
What Fig. 1 showed is the process flow diagram that dynamic process controls Dependence Problem method in dynamic stain is analyzed, and we describe in detail for two main aspects below.
(1) dynamic contamination analysis is carried out to program, utilize Valgrind framework to carry out pitching pile operation to tested binary program, using outside input file as pollution source, follow the tracks of tainting path, the Dynamic Execution track of final acquisition program.Then analyze the feature of Valgrind intermediate language VEXIR and program Dynamic Execution track, formulate accordingly for the pollution spread rule controlling Dependence Problem.
Use Valgrind framework to realize operating the pitching pile of binary program, thus realize the process of dynamic stain analysis.When processing tested program, it can be divided into fundamental block one by one by Valgrind, each process fundamental block.First current basic block is translated into intermediate language VEX, then pass to specific Valgrind instrument, complete pitching pile operation, the intermediate language that pitching pile is good the most at last recompilates into machine code.
First, structure and the feature of Valgrind intermediate language VEXIR is introduced.VEXIR is a kind of intermediate language of architecture neutral, and form compares the language used as compiler.The unit of Valgrind process is fundamental block.A fundamental block is a single entrance, the sequence of list or multiple exit.The corresponding VEXIR statement that Fig. 2 is an assembly instruction and translates into, implication be respectively the value of save register eax to t3, that the value of save register ebx is added to t2, t3 and t2 and be saved in t1, be finally saved in register eax.The present invention can find out, when executable code translates into intermediate code, every bar statement is all the operation to register, internal memory and temporary variable.VEXIR has SSA characteristic.SSA represents Static Single Assignment, and it represents that each variable only can be assigned once, and each variable defines before the use, and therefore data-flow analysis and optimized algorithm can be simpler.In source program, the incoherent several times of same variable are used, the use to different variable can be transformed in SSA form, therefore can eliminate much unnecessary dependence.
Then, the feature of routine analyzer Dynamic Execution track of the present invention.Dynamic stain analysis is a kind of technology of dynamic tracing program running orbit, after its feature is every secondary program end of run, what obtained by pitching pile analysis is running orbit in this implementation, it is a certain paths in procedure condition redirect tree, the present invention can only find take-off point from this paths, but but can not obtain the information of another branch.As shown in Figure 3, after the instruction of 0x4004cc7 address, address executes, the instruction at executive address 0x4004cc9 place is speeded up.The present invention can only know to there is a take-off point after first day order fulfillment, and when satisfying condition, program can jump to address 0x4004d26 and performs.Between two program blocks, there is a jump instruction, the branch's judgement in the corresponding binary program of this jump instruction, function call and returning etc. understands the position of generating program redirect.Analyze by dynamic stain the Dynamic Execution track that the present invention can obtain program, thus record the relevant track of stain data, extract branch information and analyze.
In the process of following the tracks of binary program execution, also have and a bit should cause attention of the present invention.By scale-of-two pitching pile technology, record of the present invention be the track that program is run, and the process of Dynamic Execution, in scale-of-two rank, the present invention is it is seen that the process that performs of procedure order, and can't see any while semantically and circulate, call function also the information such as to return.When performing the code in Fig. 4, when following the tracks of binary program, according to different inputs, the present invention obtains the conditional jump tree of program as shown in Figure 5, and a kind of binary tree structure.The value of variable a is jointly determined by the value condition of a in branch x<20 and x>=20 Liang Ge branch, in like manner, the value of variable b is jointly determined by the value condition of b in branch y<20 and y>=20 Liang Ge branch.That is, whether some variablees and Rule of judgment variable exist control dependence, need to judge the value condition in Liang Ge branch.Suppose that variable a value is in the two branches respectively a1, a2, so the flag attribute f (a) of a is defined as follows.If a is only present in a branch, the present invention then can not judge whether a has control dependence with Rule of judgment variable.Whether variable and Rule of judgment variable exist control dependence, need to judge the value condition in Liang Ge branch.Suppose that variable a value is in the two branches respectively a1, a2, so the flag attribute f (a) of a is defined as follows.If a is only present in a branch, the present invention then can not judge whether a has control dependence with Rule of judgment variable.
f ( a ) = t r u e a 1 &NotEqual; a 2 f a l s e a 1 = a 2
(2) in the process of dynamic contamination analysis, pollution spread rule is implemented.Often perform and carry out once dynamically contamination analysis to tested program, the branch information on collection procedure Dynamic Execution track, extracts constraint condition set, utilizes solver to solve the value whether having and satisfy condition, if existed, can generate new sub-test case.Constantly repeat this process, the conditional jump tree that the program that finally constructs is complete, the corresponding paths of each test case, by inputting all paths of different test case final test binary programs.
The feature of track when running by analyzing dynamic tracing program, the present invention obtains defining with the flag attribute controlling to rely on related variable.In the process of carrying out dynamic contamination analysis, the present invention needs to formulate concrete pollution spread rule for this situation.In the process of formation condition redirect tree, it is all the path being obtained corresponding sub-use-case process by the path computing of father's use-case process.Implementation of test cases the process traveling through respective paths is exactly the process that dynamic stain is analyzed.Test case as pollution source, is followed the tracks of pollution source travel path in a program by the present invention.When Design pollution propagation rule except considering that data dependence also will add the consideration controlling to rely on.
For each test case, it has two roles: father's use-case and sub-use-case.
Operation as father's use-case: (a) from the initial treatment degree of depth, each degree of depth preserve likely have with stain data the variables collection controlling dependence, and pass to correlator use-case.When () generates sub-use-case b, the variables collection owing to controlling dependence mark is passed to sub-use-case.
Operation as sub-use-case: (a) carries out pollution mark according to the variables collection inheriting the needs mark come from father's use-case to relevant variable data.B () is inherited may pollute variables collection from father's use-case, simultaneously preserve institute in respective depth and likely have with stain data the variables collection controlling dependence, the variable pollution flag attribute that two set define according to front carries out judging whether mark as contamination data and propagate.
After carrying out dynamic contamination analysis to tested program, the branch information on collection procedure Dynamic Execution track, utilizes solver to solve the value whether having and satisfy condition, constantly repeats this process at every turn, the conditional jump tree that the program that finally constructs is complete.To add in this process, construct more complete programming jump tree.
Fig. 6 shows the process for source code formation condition redirect tree in Fig. 4.The present invention is abstracted into one tree whole program operational scheme, and the skip instruction in program is as the node of tree.First input seed test case (initial depth is 1), suppose that x, y value read all is less than 20, namely the execution route of program is 1-3-7.In execution 1-3-7 path, carry out dynamic stain analysis, collect the value that then constraint condition judge whether by STP solver to satisfy condition.New test case is obtained by calculating x>20y<20 the present invention, execution route is 1-2-5, calculate x<20, y>20, the value obtaining x, y generates new test case, execution route is 1-3-6, and the initial depth of these two sub-test cases is 2 and 3 respectively.In like manner, obtain path 1-2-4 by after path 1-2-5 (initial depth is 2) negate, initial depth is 3.The programming jump tree finally obtained as shown in Figure 6, is now do not consider to control to rely on variable.
In the process that dynamic stain is analyzed, implement pollution spread rule, and in the process of construction procedures redirect tree, consider that the control obtained according to pollution spread rule relies on the information of relevant variable, the conditional jump finally obtained tree as shown in Figure 7.Specifically introduce whole process below.Initial use-case t0 execution route is 1-3-7, as father's use-case, preserves respectively may have with stain data the variables collection C1={a=20} and C2={b=20} that control dependence in the degree of depth 1 and 2.Generate sub-use-case t1 (initDepth=2) according to this father's use-case, t2 (initDepth=3) is execution route 1-2-5 and 1-3-6 respectively, C1 and C2 passed to them respectively simultaneously.
The C1 that t1 passes over as sub-use-case succession t0.In the process running t1, corresponding set C1'={a=10} is generated when the degree of depth is 1 (initDeptht1-1), find that the assignment of a in two set is different according to polluting flag attribute formula, then mark a and be stain data and propagate downwards.Then, t1 generates sub-use-case t3 (initdepth=2) as father's use-case, execution route 1-2-4.T3 inherits pollution label { tx, ta}, simultaneously new with the generate rule controlling to rely on according to data dependence pollution label { ty, the tb} of t1.
T2 inherits t0 as sub-use-case and goes out to pass the C2 come.In the process running t2, generating corresponding set C2'={b=10} when the degree of depth is 2 (initDeptht1-1), finding that the assignment of b in two set is different according to polluting flag attribute formula, then marking b is stain data, polluting label is { tx, ty, tb}.We are drawn as all take-off points the node in tree, mark the pollution tag set at each Nodes simultaneously, and the programming jump that the consideration finally obtained controls to rely on correlated variables is set as shown in Figure 7.
Non-elaborated part of the present invention belongs to the known technology of those skilled in the art.
The above; be only the embodiment in the present invention; but protection scope of the present invention is not limited thereto; any people being familiar with this technology is in the technical scope disclosed by the present invention; the conversion or replacement expected can be understood; all should be encompassed in and of the present inventionly comprise within scope, therefore, protection scope of the present invention should be as the criterion with the protection domain of claims.
There is provided above embodiment to be only used to describe object of the present invention, and do not really want to limit the scope of the invention.Scope of the present invention is defined by the following claims.Do not depart from spirit of the present invention and principle and the various equivalent substitutions and modifications made, all should contain within the scope of the present invention.

Claims (4)

1. a method for dynamically labeled processing controls dependence, is characterized in that:
(1) dynamic contamination analysis is carried out to program, Valgrind framework is utilized to carry out pitching pile operation to tested binary program, using outside input file as pollution source, follow the tracks of tainting path, the Dynamic Execution track of final acquisition program, the feature of program Dynamic Execution track analyzed Valgrind intermediate language VEXIR and obtain, formulates accordingly for the pollution spread rule controlling Dependence Problem;
(2) in the process of dynamic contamination analysis, enforcement pollution spread rule, when dynamic contamination analysis being carried out to tested program at every turn, branch information on collection procedure Dynamic Execution track, extract constraint condition set, utilize solver to solve the value whether having and satisfy condition, if existed, new sub-test case can be generated; Constantly repeat this process, the conditional jump tree that the program that finally constructs is complete, the corresponding paths of each test case, by inputting all paths of different test case final test binary programs.
2. the method for dynamically labeled processing controls dependence according to claim 1, it is characterized in that: described by Valgrind framework realize the pitching pile of binary program has been operated time, it can be divided into fundamental block one by one by Valgrind, each process fundamental block, first current basic block is translated into intermediate language VEX, then pass to specific Valgrind instrument, complete pitching pile operation, the intermediate language that pitching pile is good the most at last recompilates into machine code.
3. the method for dynamically labeled processing controls dependence according to claim 1, it is characterized in that: the described feature by analyzing Valgrind intermediate language VEXIR and program Dynamic Execution track, the process formulated accordingly for the pollution spread rule controlling Dependence Problem is as follows:
(1) by analyzing the feature of VEXIR and program Dynamic Execution track, definition controls the flag attribute formula relying on correlated variables;
(2) according to the difference of father's use-case and sub-use-case role, according to flag attribute formulating propagation rule.
4. the method for dynamically labeled processing controls dependence according to claim 1, it is characterized in that: described at every turn dynamic contamination analysis is carried out to tested program after, branch information on collection procedure Dynamic Execution track, solver is utilized to solve the value whether having and satisfy condition, constantly repeat this process, the conditional jump tree that the program that finally constructs is complete; The information that the control obtained according to pollution spread rule relies on relevant variable to be added in this process, construct more complete programming jump tree.
CN201510530933.6A 2015-08-26 2015-08-26 A kind of method that dynamically labeled processing control relies on Active CN105117336B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510530933.6A CN105117336B (en) 2015-08-26 2015-08-26 A kind of method that dynamically labeled processing control relies on

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510530933.6A CN105117336B (en) 2015-08-26 2015-08-26 A kind of method that dynamically labeled processing control relies on

Publications (2)

Publication Number Publication Date
CN105117336A true CN105117336A (en) 2015-12-02
CN105117336B CN105117336B (en) 2018-11-16

Family

ID=54665334

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510530933.6A Active CN105117336B (en) 2015-08-26 2015-08-26 A kind of method that dynamically labeled processing control relies on

Country Status (1)

Country Link
CN (1) CN105117336B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105955877A (en) * 2016-04-19 2016-09-21 西安交通大学 Taint analysis method for dynamic parallel program based on symbolic computation
CN107153605A (en) * 2016-03-02 2017-09-12 阿里巴巴集团控股有限公司 The generation method and device of test sample
CN109002712A (en) * 2018-06-22 2018-12-14 北京大学 A kind of Contaminated Data Analysis method, system and electronic equipment based on value dependency graph
CN110059000A (en) * 2019-03-15 2019-07-26 深圳壹账通智能科技有限公司 Chat drama test control method, device, computer equipment and storage medium
CN112650638A (en) * 2020-10-23 2021-04-13 华芯安信(北京)科技有限公司 Hardware security vulnerability detection method based on gate-level pollution label tracking model
CN114036072A (en) * 2022-01-06 2022-02-11 湖南泛联新安信息科技有限公司 Method and system supporting automatic detection of program defects

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101510171A (en) * 2009-03-25 2009-08-19 大连海事大学 Midlet main main class test method for java ME software
US20100095159A1 (en) * 2008-10-14 2010-04-15 Jeong Sung-Won Apparatus and method for automatic testing of software or digital devices

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100095159A1 (en) * 2008-10-14 2010-04-15 Jeong Sung-Won Apparatus and method for automatic testing of software or digital devices
CN101510171A (en) * 2009-03-25 2009-08-19 大连海事大学 Midlet main main class test method for java ME software

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
康凯: "二进制应用程序漏洞挖掘技术研究", 《中国优秀硕士学位论文全文数据库》 *
陆开奎: "基于动态污点分析的漏洞攻击检测技术研究与实现", 《中国优秀硕士学位论文全文数据库》 *
陈厅: "动态程序分析技术在软件安全领域的研究", 《中国博士学位论文全文数据库》 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107153605A (en) * 2016-03-02 2017-09-12 阿里巴巴集团控股有限公司 The generation method and device of test sample
CN107153605B (en) * 2016-03-02 2021-07-06 阿里巴巴集团控股有限公司 Test sample generation method and device
CN105955877A (en) * 2016-04-19 2016-09-21 西安交通大学 Taint analysis method for dynamic parallel program based on symbolic computation
CN105955877B (en) * 2016-04-19 2017-03-29 西安交通大学 A kind of dynamic parallel program stain analysis method based on sign computation
WO2017181628A1 (en) * 2016-04-19 2017-10-26 西安交通大学 Taint analysis method employing symbolic computation and used for dynamic parallel program
CN109002712A (en) * 2018-06-22 2018-12-14 北京大学 A kind of Contaminated Data Analysis method, system and electronic equipment based on value dependency graph
CN109002712B (en) * 2018-06-22 2020-11-03 北京大学 Pollution data analysis method and system based on value dependency graph and electronic equipment
CN110059000A (en) * 2019-03-15 2019-07-26 深圳壹账通智能科技有限公司 Chat drama test control method, device, computer equipment and storage medium
CN112650638A (en) * 2020-10-23 2021-04-13 华芯安信(北京)科技有限公司 Hardware security vulnerability detection method based on gate-level pollution label tracking model
CN114036072A (en) * 2022-01-06 2022-02-11 湖南泛联新安信息科技有限公司 Method and system supporting automatic detection of program defects
CN114036072B (en) * 2022-01-06 2022-04-08 湖南泛联新安信息科技有限公司 Method and system supporting automatic detection of program defects

Also Published As

Publication number Publication date
CN105117336B (en) 2018-11-16

Similar Documents

Publication Publication Date Title
CN105117336A (en) Method for processing control dependence employing dynamic marking
Beyer et al. Boosting k-induction with continuously-refined invariants
KR101981028B1 (en) System for detecting security vulnerability based on binary, method and program thereof
KR101904911B1 (en) Method for Automatically Detecting Security Vulnerability Based on Hybrid Fuzzing, and Apparatus thereof
CN103116540B (en) Dynamic symbol execution method based on global superblock domination graph
CN104008053B (en) A kind of dynamic symbol executive path search method for vulnerability mining
Legay et al. Scalable verification of Markov decision processes
CN101814053A (en) Method for discovering binary code vulnerability based on function model
CN104794401A (en) Static-analysis-assisted symbolic execution vulnerability detection method
CN102163143B (en) A method realizing prediction of value association indirect jump
CN104375942A (en) Binary oriented hybrid fuzzing method
Monniaux et al. Using bounded model checking to focus fixpoint iterations
Liu et al. Binary code analysis
Gupta et al. From tests to proofs
CN100559347C (en) A kind of recognition methods of nested loop structure
Nakhost et al. Action elimination and plan neighborhood graph search: Two algorithms for plan improvement
CN103729295A (en) Method for analyzing taint propagation path
Srivastava et al. Tractability of planning with loops
Huber et al. Combined WCET analysis of bitcode and machine code using control-flow relation graphs
CN102306098A (en) Implicit taint propagation system and scheme thereof
Campbell et al. Linear-time graph algorithms in GP 2
Slaby et al. Compact symbolic execution
Leroy Mechanized semantics for compiler verification
CN106294136A (en) The online test method of concurrent program run duration performance change and system
Saumya et al. Xstressor: Automatic generation of large-scale worst-case test inputs by inferring path conditions

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant