CN106681851A - Defect report missing analysis and solving method of code-level memory in program - Google Patents
Defect report missing analysis and solving method of code-level memory in program Download PDFInfo
- Publication number
- CN106681851A CN106681851A CN201611119345.4A CN201611119345A CN106681851A CN 106681851 A CN106681851 A CN 106681851A CN 201611119345 A CN201611119345 A CN 201611119345A CN 106681851 A CN106681851 A CN 106681851A
- Authority
- CN
- China
- Prior art keywords
- level memory
- memory
- code level
- related defects
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0706—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
- G06F11/073—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in a memory management context, e.g. virtual memory or cache management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/08—Error detection or correction by redundancy in data representation, e.g. by using checking codes
- G06F11/10—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
- G06F11/1008—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices
- G06F11/1012—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices using codes or arrangements adapted for a specific type of error
- G06F11/104—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices using codes or arrangements adapted for a specific type of error using arithmetic codes, i.e. codes which are preserved during operation, e.g. modulo 9 or 11 check
Abstract
The invention discloses a solution of defect report missing of a code-level memory in a program. The method can achieve detection of all code-level memory defects in programs and comprises the steps that (A) code-level memory defect modes are fully summarized; (B) a storage state of a memory object is comprehensively described, an abstract domain is adopted to express values of expressions, an abstract memory model is adopted to describe various relevance of the expressions; (C) reliable data flow analysis is performed, and an upper approximate value of each memory object value on each program point and various possible relations of the expressions are analyzed and obtained; (D) code-level memory detect detecting objects are completely identified; (E) according to rules of the summarized code-level memory defect modes and data flow analysis results, whether each code-level memory detect detecting object violates correct semantic rules for memory reading and writing or not is accurately detected. By the adoption of the defect report missing analysis and solving method of code-level memories in programs, sufficiency of the detection on the code-level memory defects in the programs can be achieved.
Description
Technical field
The present invention relates to software Static Analysis Technology, more particularly to the defects detection based on static analysis.
Background technology
Static analysis is a type of method for testing software, its objective is whether observe pre- by static analysis software
Fixed requirement, is the important ring for ensureing software quality.Static analysis is also referred to as static test, not tested soft of actual motion
Part, but by scanning source program, therefrom finding out to cause textural anomaly, the control throat floater and data flow anomaly etc. of mistake
Situation.
Defects detection is a class Static Analysis Technology, do not meet grammer or semantic requirements with static can detecting in program
Defect.Wherein code level Memory-related Defects are the defects that a class runs counter to semanteme normal to memory read-write, do not meet predetermined internal memory
Read-write requires that common code level Memory-related Defects have:Null pointer dereference, illegal calculating, buffer overflow, Array Bound, variable
No initializtion use, RAM leakage, resource leakage etc..
The detection of code level Memory-related Defects is depended on to be analyzed to Program Semantics, by detecting the storage shape in each program point
Whether state meets correct memory read-write semantic requirements is judged.But because the complexity of program, static analysis can only be obtained
The approximate result of storage state in program point, its result can not be both reliable and complete, wherein insecure result
Can cause to fail to report;And not comprehensive and the inaccurate of decision criteria of code level Memory-related Defects detection object identification also results in
Fail to report.
The content of the invention
In view of this, present invention is primarily targeted at analysis first causes the factor that code level Memory-related Defects are failed to report, and
Factor for failing to report proposes corresponding solution.
Defects detection is carried out based on defect mode may cause the factor that code level Memory-related Defects are failed to report to have:
1st, undefined corresponding code level Memory-related Defects pattern.All possible code level Memory-related Defects are not considered comprehensively.
2nd, the identification of code level Memory-related Defects detection object is not comprehensive.Although defining corresponding code level Memory-related Defects mould
Formula, but the situation that such code level Memory-related Defects occurs is not considered comprehensively.
3rd, the storage state description to variable is not comprehensive.The generation of code level Memory-related Defects is the storage state of variable mostly
Or the requirement for having run counter to that normal semantic or secure memory is accessed is accessed, and various incidence relations between variable, are there are, if right
Association description between the storage state and variable of variable not comprehensively, necessarily caused to analyze the variable storage state that obtains
Reliability can neither be met and can not meet completeness, it is impossible to which meeting reliability is necessarily caused some code level Memory-related Defects to leak
Report.
4th, data-flow analysis is unreliable.Because the complexity of program, most of data-flow analysis are difficult to ensure that reliability.Journey
The complexity of sequence is mainly manifested in:There is various associations, complicated control structure, function call between variable.These complex characteristics
To cause to be difficult to reliably analyze the variable storage state in each program point.
5th, code level Memory-related Defects decision rule is incorrect.Code level internal memory of the result based on data-flow analysis to identification
Defects detection object detected, probably due to the factor such as sentence side effect cause to obtain detect in program point to deposit
Storage state, causes correctly to determine whether to generate code level Memory-related Defects.
For the above-mentioned factor for causing code level Memory-related Defects to be failed to report, the present invention is proposed has targetedly solution
To realize that the zero of code level Memory-related Defects fails to report, what specific technical scheme was realized in:
1st, a kind of code level Memory-related Defects fail to report analysis and solution, it is characterised in that the solution includes following
Several steps:
All kinds of code level Memory-related Defects in A, summary program, and summarize the defect mode of correlation;
B, the storage that memory object is described using abstract memory model, and using the value of abstract field expression;
C, reliable data-flow analysis, obtain the upper approximate of each memory object value in each program point;
D, the result based on defect mode rule and data-flow analysis, abundant cognizance code level Memory-related Defects detection object;
E, the result based on defect mode rule and data-flow analysis, accurately judge code level Memory-related Defects detection object
Whether it is defect.
2nd, code level Memory-related Defects according to claim 1 fail to report analysis and solution, it is characterised in that described
All kinds of code level Memory-related Defects in summary program in step A, and it is as follows to summarize the detailed process of the defect mode of correlation:
A1, in program it is various run counter to semanteme situation conclude, be summarized as various defect modes;
A2, conclusion collect every kind of defect mode and may cause the factor of code level Memory-related Defects;
A3, the encapsulation that defect mode is carried out canonical form, so that subsequent defective detection is used.
3rd, code level Memory-related Defects according to claim 1 fail to report analysis and solution, it is characterised in that described
The abstract memory model of application in step B describes the storage of memory object, and the tool of the value using abstract field expression
Body process is as follows:
B1, a kind of abstract memory model is proposed, all kinds memory object that can occur in description program and expression
Various associations between formula;
B2, the value that scalar expression is described using abstract field;
4th, code level Memory-related Defects according to claim 1 fail to report analysis and solution, it is characterised in that described
Reliable data-flow analysis in step C, obtains the upper approximate detailed process of each memory object value in each program point
It is as follows:
C1, application stream are sensitive, the analysis strategy of the data flow iteration that domain is sensitive, the list with each function as data-flow analysis
Unit is analyzed;
C2, symbolization function summary realize the interprocedural analysis of context-sensitive;
5th, reliable data-flow analysis according to claim 4, obtains each memory object in each program point and takes
What is be worth is upper approximate, it is characterised in that the symbolization function summary in step C2 realizes the interprocedual of context-sensitive
The detailed process of analysis is as follows:
C2.1, each function is carried out after data-flow analysis, generate symbolization function summary;
C2.2, the symbolization function summary for each function call, obtaining called function, and according to upper at point of invocation
Hereafter environment carries out the instantiation of symbolization function summary;
6th, code level Memory-related Defects according to claim 1 fail to report analysis and solution, it is characterised in that described
The result of the and data-flow analysis regular based on defect mode in step D, abundant cognizance code level Memory-related Defects detection object
Detailed process is as follows:
D1, the grammar property having when being presented based on various code level Memory-related Defects, are known according to pretreated program
Do not go out initial detecting object;
D2, according to the result of data-flow analysis, analyze the inspection of each initial detecting object corresponding code level Memory-related Defects
Survey object and test point;
7th, code level Memory-related Defects according to claim 1 fail to report analysis and solution, it is characterised in that described
The result of the and data-flow analysis regular based on defect mode in step E, accurately judges code level Memory-related Defects detection object
Be whether defect detailed process it is as follows:
E1, for code level Memory-related Defects test point, the detection of code level Memory-related Defects is obtained based on data-flow analysis result
The storage state of object;
E2, based on code level Memory-related Defects pattern, whether judge the storage state of the code level Memory-related Defects detection object
Meet such code level Memory-related Defects pattern.
Code level Memory-related Defects provided by the present invention fail to report analysis and solution, with advantages below:
Application code level Memory-related Defects detection method, can eliminate failing to report for code level Memory-related Defects, and the present invention can be protected
The principle of the adequacy of card code level Memory-related Defects detection is:
1st, the adequacy that code level Memory-related Defects pattern is summarized.Code level Memory-related Defects pattern is sufficiently summarized, concludes total
Bear the possibility situation of various possible code level Memory-related Defects and their appearance in program.
2nd, the description of expression formula storage state is comprehensive.Comprehensively description expression formula storage state, is described using abstract field
The value of expression formula, using the various associations between memory model expression.
3rd, the reliability of data-flow analysis.Analysis obtains the upper approximate of each memory object value in each program point, with
And the various possible association between expression formula.
4th, the completeness of code level Memory-related Defects detection object identification.Based on the pretreatment to tested program and data flow
The result of analysis, according to the code level Memory-related Defects pattern rules summarized, identifies that whole code level Memory-related Defects detections are right
As.
5th, the accuracy of code level Memory-related Defects examination criteria.According to summarize code level Memory-related Defects pattern rules and
The result of data-flow analysis, accurately detects whether each code level Memory-related Defects detection object has been run counter to memory read-write
Correct semantic rule.
Description of the drawings
Fig. 1, code level Memory-related Defects testing process schematic diagram
Fig. 2, reliable data-flow analysis schematic diagram
Fig. 3, the process schematic that the data-flow analysis that stream is sensitive, domain is sensitive is carried out to each function
Fig. 4, code level Memory-related Defects detection object identification schematic diagram
Fig. 5, code level Memory-related Defects detection object judge schematic diagram
Specific embodiment
The method of this patent carries out carrying out pretreatment to tested program first when code level Memory-related Defects are detected, obtains abstract
The intermediate representation of the programs such as syntax tree, symbol table, definition-use chain, controlling stream graph;Being then based on controlling stream graph is carried out reliably
Data-flow analysis, obtains the storage state of the memory object in each program point with the description of abstract internal memory mould;Data are based on again
The result of flow point analysis and the rule of code level Memory-related Defects pattern, fully identify code level Memory-related Defects detection object;Finally,
Result based on data-flow analysis and the rule of code level Memory-related Defects pattern, accurately judge that the code level internal memory for identifying lacks
Whether sunken detection object is defect.
The above, only presently preferred embodiments of the present invention is not intended to limit protection scope of the present invention.
Fig. 1 is the code level Memory-related Defects testing process schematic diagram of the present invention, and the method comprises the steps:
Step A, pretreatment is carried out to tested program, obtain abstract syntax tree, symbol table, definition-use chain, controlling stream graph
Deng intermediate representation;
Step B, reliable data-flow analysis, obtain the upper approximate of each memory object value in each program point;
Step C, the result based on defect mode rule and data-flow analysis, abundant cognizance code level Memory-related Defects detection are right
As;
Step D, the result based on defect mode rule and data-flow analysis, accurately judge the detection of code level Memory-related Defects
Whether object is defect.
The process of the reliable data-flow analysis of wherein affiliated step B is as shown in Fig. 2 specifically divide following steps:
B.1, to each function step carries out flowing the sensitive data-flow analysis in sensitive, domain, obtains the function each program point
In the storage that upper each memory object describe by abstract internal memory mould approximately;
Step result B.2, based on the function data flow point analysis, generates the symbolization function summary of the letter book;
B.1, wherein affiliated step carries out flowing process such as Fig. 3 institutes of the sensitive data-flow analysis in sensitive, domain to each function
Show, specifically divide following steps:
Step B.1.1, take a controlling stream graph node as pending node,
If step B.1.2, the controlling stream graph node have function call, go to step B.1.3, otherwise, go to step B.1.5;
Step B.1.3, obtain the symbolization function summary of called function, the context environmental based on point of invocation is to symbol
Changing function summary carries out instantiation;
Function of the step B.1.4, after Case-based Reasoning is made a summary to data flow renewal is carried out at point of invocation;
B.1.5, to the migration operation of the node step is processed.
The process of the abundant cognizance code level Memory-related Defects detection object of wherein affiliated step C is as shown in figure 4, concrete point following
Step:
The grammar property that C.1, when being presented based on various code level Memory-related Defects step is had, according to pretreated journey
Sequence identifies initial code level Memory-related Defects detection object;
Step C.2, according to the result of data-flow analysis, analyze the corresponding code level internal memory of each initial detecting object lack
Sunken detection object and test point;
Wherein affiliated step D accurately judges that whether code level Memory-related Defects detection object is process such as Fig. 5 institutes of defect
Show, specifically divide following steps:
Step D.1, for code level Memory-related Defects test point, code level Memory-related Defects are obtained based on data-flow analysis result
The storage state of detection object;
Step D.2, based on code level Memory-related Defects pattern, judge the storage state of the code level Memory-related Defects detection object
Whether such code level Memory-related Defects pattern is met.
Claims (7)
1. a kind of code level Memory-related Defects fail to report analysis and solution, it is characterised in that the solution includes following
Step:
All kinds of code level Memory-related Defects in A, summary program, and summarize the defect mode of correlation;
B, the storage that memory object is described using abstract memory model, and using the value of abstract field expression;
C, reliable data-flow analysis, obtain the upper approximate of each memory object value in each program point;
D, the result based on defect mode rule and data-flow analysis, abundant cognizance code level Memory-related Defects detection object;
Whether E, the result based on defect mode rule and data-flow analysis, accurately judge code level Memory-related Defects detection object
It is defect.
2. code level Memory-related Defects according to claim 1 fail to report analysis and solution, it is characterised in that the step
All kinds of code level Memory-related Defects in summary program in A, and it is as follows to summarize the detailed process of the defect mode of correlation:
A1, the various normal semantic situations of memory read-write of running counter in program are concluded, be summarized as various defect modes;
A2, conclusion collect every kind of defect mode and may cause the factor of code level Memory-related Defects;
A3, the encapsulation that defect mode is carried out canonical form, so that subsequent defective detection is used.
3. code level Memory-related Defects according to claim 1 fail to report analysis and solution, it is characterised in that the step
The abstract memory model of application in B describes the storage of memory object, and the concrete mistake of the value using abstract field expression
Journey is as follows:
B1, a kind of abstract memory model is proposed, between all kinds memory object that can occur in description program and expression formula
Various associations;
B2, the value that scalar expression is described using abstract field.
4. code level Memory-related Defects according to claim 1 fail to report analysis and solution, it is characterised in that the step
Reliable data-flow analysis in C, the upper approximate detailed process for obtaining each memory object value in each program point are as follows:
C1, application stream are sensitive, the analysis strategy of the data flow iteration that domain is sensitive, and the unit with each function as data-flow analysis enters
Row analysis;
C2, symbolization function summary realize the interprocedural analysis of context-sensitive.
5. reliable data-flow analysis according to claim 4, obtains each memory object value in each program point
It is upper approximate, it is characterised in that the symbolization function summary in step C2 realizes the interprocedural analysis of context-sensitive
Detailed process it is as follows:
C2.1, each function is carried out after data-flow analysis, generate symbolization function summary;
C2.2, the symbolization function summary for each function call, obtaining called function, and according to the context at point of invocation
Environment carries out the instantiation of symbolization function summary.
6. code level Memory-related Defects according to claim 1 fail to report analysis and solution, it is characterised in that the step
In D based on defect mode rule and the result of data-flow analysis, abundant cognizance code level Memory-related Defects detection object it is concrete
Process is as follows:
D1, the grammar property having when being presented based on various code level Memory-related Defects, are gone out according to pretreated procedure identification
Initial detecting object;
D2, according to the result of data-flow analysis, analyze the detection of each initial detecting object corresponding code level Memory-related Defects right
As and test point.
7. code level Memory-related Defects according to claim 1 fail to report analysis and solution, it is characterised in that the step
Whether the result of the and data-flow analysis regular based on defect mode in E, accurately judge code level Memory-related Defects detection object
Be defect detailed process it is as follows:
E1, for code level Memory-related Defects test point, code level Memory-related Defects detection object is obtained based on data-flow analysis result
Storage state;
E2, based on code level Memory-related Defects pattern, judge whether the storage state of the code level Memory-related Defects detection object meets
Such code level Memory-related Defects pattern.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611119345.4A CN106681851A (en) | 2016-12-08 | 2016-12-08 | Defect report missing analysis and solving method of code-level memory in program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611119345.4A CN106681851A (en) | 2016-12-08 | 2016-12-08 | Defect report missing analysis and solving method of code-level memory in program |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106681851A true CN106681851A (en) | 2017-05-17 |
Family
ID=58867981
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611119345.4A Pending CN106681851A (en) | 2016-12-08 | 2016-12-08 | Defect report missing analysis and solving method of code-level memory in program |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106681851A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107193742A (en) * | 2017-05-23 | 2017-09-22 | 电子科技大学 | A kind of symbolism function digest algorithm of path-sensitive based on state |
CN109857641A (en) * | 2018-12-29 | 2019-06-07 | 北京奇安信科技有限公司 | The method and device of defects detection is carried out to program source file |
CN110175123A (en) * | 2019-05-22 | 2019-08-27 | 中国石油大学(华东) | One kind being based on the Event correlation recognition methods of character expression static defect |
CN115237748A (en) * | 2022-06-01 | 2022-10-25 | 北京邮电大学 | Symbol execution method based on feedback increment driving |
-
2016
- 2016-12-08 CN CN201611119345.4A patent/CN106681851A/en active Pending
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107193742A (en) * | 2017-05-23 | 2017-09-22 | 电子科技大学 | A kind of symbolism function digest algorithm of path-sensitive based on state |
CN109857641A (en) * | 2018-12-29 | 2019-06-07 | 北京奇安信科技有限公司 | The method and device of defects detection is carried out to program source file |
CN110175123A (en) * | 2019-05-22 | 2019-08-27 | 中国石油大学(华东) | One kind being based on the Event correlation recognition methods of character expression static defect |
CN115237748A (en) * | 2022-06-01 | 2022-10-25 | 北京邮电大学 | Symbol execution method based on feedback increment driving |
CN115237748B (en) * | 2022-06-01 | 2023-07-04 | 北京邮电大学 | Symbol execution method based on feedback incremental driving |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Jin et al. | Automated behavioral regression testing | |
CN105678169B (en) | A kind of binary program bug excavation method and system | |
Arusoaie et al. | A comparison of open-source static analysis tools for vulnerability detection in c/c++ code | |
Fast et al. | Designing better fitness functions for automated program repair | |
US7844955B2 (en) | Performance computer program testing after source code modification using execution conditions | |
CN106681851A (en) | Defect report missing analysis and solving method of code-level memory in program | |
Blazytko et al. | {AURORA}: Statistical crash analysis for automated root cause explanation | |
CN104536883B (en) | A kind of static defect detection method and its system | |
US20080244536A1 (en) | Evaluating static analysis results using code instrumentation | |
Chen et al. | Understanding metric-based detectable smells in Python software: A comparative study | |
JP2010538401A (en) | Method for test suite reduction by system call coverage criteria | |
EP2975527A2 (en) | A method for tracing computer software | |
CN103218296A (en) | Method of fully detecting null pointer reference defects | |
Li et al. | Deeplv: Suggesting log levels using ordinal based neural networks | |
CN106354630A (en) | Software defect detecting method based on dynamic symbolic execution | |
Haller et al. | Mempick: High-level data structure detection in c/c++ binaries | |
Aghamohammadi et al. | Statement frequency coverage: a code coverage criterion for assessing test suite effectiveness | |
CN112925524A (en) | Method and device for detecting unsafe direct memory access in driver | |
CN115659335A (en) | Block chain intelligent contract vulnerability detection method and device based on mixed fuzzy test | |
Zhu et al. | How to kill them all: an exploratory study on the impact of code observability on mutation testing | |
Ahmad et al. | FLAG: Finding Line Anomalies (in code) with Generative AI | |
Satapathy et al. | Usage of machine learning in software testing | |
Kim et al. | Automated bug neighborhood analysis for identifying incomplete bug fixes | |
CN113836023B (en) | Compiler security testing method based on architecture cross check | |
Wang et al. | Invariant based fault localization by analyzing error propagation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170517 |