CN114047913A - Counter-example-guided sparse spatial flow model detection method and system - Google Patents
Counter-example-guided sparse spatial flow model detection method and system Download PDFInfo
- Publication number
- CN114047913A CN114047913A CN202111316310.0A CN202111316310A CN114047913A CN 114047913 A CN114047913 A CN 114047913A CN 202111316310 A CN202111316310 A CN 202111316310A CN 114047913 A CN114047913 A CN 114047913A
- Authority
- CN
- China
- Prior art keywords
- counter
- model
- program
- path
- sparse
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 84
- 238000004458 analytical method Methods 0.000 claims abstract description 39
- 238000012795 verification Methods 0.000 claims abstract description 35
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 24
- 230000006870 function Effects 0.000 claims description 39
- 238000012545 processing Methods 0.000 claims description 13
- 238000007670 refining Methods 0.000 claims description 6
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 238000000034 method Methods 0.000 abstract description 44
- 230000008859 change Effects 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 21
- 238000003860 storage Methods 0.000 description 14
- 230000008569 process Effects 0.000 description 10
- 238000004590 computer program Methods 0.000 description 9
- 238000010276 construction Methods 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 4
- 230000035945 sensitivity Effects 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 101150088727 CEX1 gene Proteins 0.000 description 2
- GVGLGOZIDCSQPN-PVHGPHFFSA-N Heroin Chemical compound O([C@H]1[C@H](C=C[C@H]23)OC(C)=O)C4=C5[C@@]12CCN(C)[C@@H]3CC5=CC=C4OC(C)=O GVGLGOZIDCSQPN-PVHGPHFFSA-N 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004880 explosion Methods 0.000 description 2
- WLKVBNIHWHTLAI-XNJYKOPJSA-N gazer Chemical compound N=1C=NC=2N(C3C(C(O)C(CO)O3)O)C=NC=2C=1NC\C=C(/C)COC(C(C1OC2C(C(OC3C(C(O)C(O)C(CO)O3)OC3C(C(O)C(O)C(CO)O3)O)C(CO)O2)O)O)OC(CO)C1OC1OCC(O)C(O)C1O WLKVBNIHWHTLAI-XNJYKOPJSA-N 0.000 description 2
- LHDGISWXLILHQA-UHFFFAOYSA-N gazer Natural products CC(=C/CNc1ncnc2c1ncn2C3OC(CO)C(O)C3O)COC4OC(CO)C(OC5OC(CO)C(O)C5O)C(OC6OC(CO)C(OC7OC(CO)C(O)C(O)C7OC8OC(CO)C(O)C(O)C8O)C6O)C4O LHDGISWXLILHQA-UHFFFAOYSA-N 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000013522 software testing Methods 0.000 description 2
- 230000007704 transition Effects 0.000 description 2
- 101100439211 Caenorhabditis elegans cex-2 gene Proteins 0.000 description 1
- 241000764238 Isis Species 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000006698 induction Effects 0.000 description 1
- 238000012067 mathematical method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000010206 sensitivity analysis Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/35—Creation or generation of source code model driven
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a counter-example-guided sparse spatial flow model detection method and a counter-example-guided sparse spatial flow model detection system, wherein C program codes to be verified are compiled into LLVM intermediate codes; constructing a sparse spatial flow model of a program to be verified; carrying out variable abstraction on the model, and detecting whether a counter-example exists in the abstract model by a model detection algorithm for executing explicit value analysis; carrying out feasibility verification on the counterexample, and judging whether the counterexample path is effective in the original model; performing model detection again through interpolation-based abstract refinement of a counter-example information guide model and a path, context and field sensitive strong updating refinement model; and judging whether the program violates the security attribute according to the existence of the weak update on the counter example path and the counter example path. The method can accurately and efficiently analyze the state change of the C language program software on the symbol level and the address space level by realizing the counter-example guided sparse spatial flow model detection method, and realize safe formal verification.
Description
Technical Field
The invention belongs to the technical field of software formal verification, and particularly relates to a method and a system for detecting a counter-example-guided sparse spatial flow model.
Background
Ensuring the correctness of software is the most critical but very difficult task in the software system of today, and is one of the core factors for ensuring the intrinsic safety of the software system. Manually detecting software is error prone and costly. Therefore, many methods including software analysis, test, etc. are proposed to improve the accuracy and safety of software. The methods are widely applied to a series of software engineering fields of verifying application software, communication and safety protocols, equipment drivers, system kernels, equipment firmware and the like, and become main methods for ensuring software safety. By designing a sparse spatial flow model detection method guided by counterexample, the method has important significance for improving the correctness of software and strengthening the safety of the software.
Formal verification of software programs is always a hot problem in the field of software security, and provides core guarantee for software security by proving the correctness of software program semantic logic by means of a mathematical method. Researchers examine formal verification problems of software from different angles, and representative work comprises the realization of software correctness verification by using technologies such as explicit state model detection, induction verification, predicate abstraction, sparse value flow analysis, counter example guidance and the like. Most of the existing methods focus on the research of the program variable symbol level, and less formalized work is realized aiming at a programming language (such as C language) with a lower layer and more complex semantic characteristics. If the actual program contains memory operations such as pointers and the like or complex data structures, the existing method cannot or wrongly sense the state change of a variable symbol level caused by the state change on the memory space address, so that a false detection result is generated, unnecessary analysis overhead is brought, and the validity of verification cannot be guaranteed. On the other hand, since there is a huge calculation overhead in accurately calculating the object pointed to by the pointer, the accuracy is sacrificed by the insensitive pointer analysis to improve the analysis efficiency.
Therefore, in order to solve the formal verification problem of software programs, it is necessary to design an accurate method capable of comprehensively analyzing the state changes of programming language programs (such as C language programs) with complex semantic characteristics at the symbol level and the address space level, effectively balancing the detection precision and efficiency, and realizing the safe formal verification.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a method and a system for detecting a sparse spatial flow model guided by an inverse example, aiming at the defects in the prior art, and by implementing the method for detecting a sparse spatial flow model guided by an inverse example, the method and the system can accurately perform formal verification of the security attribute of C language program software, and provide a security technical guarantee for the C language program software.
The invention adopts the following technical scheme:
a counter-example guided sparse spatial flow model detection method comprises
S1, compiling the C program code to be verified into an LLVM intermediate code;
s2, converting the LLVM intermediate code into a sparse space flow model of the program to be verified;
s3, performing variable abstraction on the sparse spatial flow model, and executing a model detection algorithm of explicit value analysis to detect whether counter-examples exist in the sparse spatial flow model subjected to abstract processing;
s4, carrying out feasibility verification on the existing counterexample, and judging whether the counterexample path is effective in the original model; and guiding the original model to carry out model detection again through counter-example information based on the abstract refinement of interpolation and the strong updating refinement model sensitive to the path, the context and the field, and judging whether the program violates the security attribute through whether weak updating exists on the counter-example path and the counter-example path.
Specifically, the step of converting the LLVM intermediate code into the sparse spatial stream model of the program to be verified specifically includes:
control flow automaton to extract LLVM code
Acquiring pointing information through an Andersen pointer analysis algorithm insensitive to flow and context, describing an uncertain pointing relation by using weak update functions mu (a) and a ═ χ (a), describing a def-use chain containing all top-level and address-token pointer variables in the form of an interprocess memory SSA, and for an instruction load p, mu (a) represents that each variable a pointed by the pointer p can be indirectly accessed in the instruction; the function a χ (a) represents the definition and use of the variable a; for store p ═&i, a ═ x (a) denotes each pointed to by the pointer pThe variable a is redefined and used to obtain a sparse value flow graph
By combining control flow automata
And sparse value flow graph
Constructing sparse spatial flow models
Further, a control flow automaton
The following were used:
sparse value flow graph
The following were used:
sparse spatial flow model
The following were used:
wherein L is a set of program locations; l0Is the initial program position; e is a control flow edge set; s is a set of all operation statements in the program; n representing defined or used nodes for pointer variablesGathering; ε represents the set of all possible def-use chains for the pointer variable.
Specifically, the variable abstraction of the sparse spatial stream model is as follows:
calculating the precision pi of a variable assignment statement in the sparse space flow model by a precision function pi from the empty abstract precision, and calculating the dominant value abstraction of the statement according to a variable v tracked by the precision pi; converting the imaged state s into an abstract state according to precision
Variable abstraction of the sparse spatial flow model is achieved.
Further, the image state s is:
s∶=cs@l
wherein cs:
expressing that an integer value is assigned to a program variable, and L belongs to L as a program position; abstract state
Comprises the following steps:
specifically, the feasibility verification of the existing counter example specifically comprises the following steps:
defining a path as a sequence p comprising a series of operation statements and program location pairs, and upon finding a path p to a violation detection property
Error position of
And then, analyzing the effectiveness of the counter example path in the original model under the condition of full precision, and refining the precision when the constraint sequence is not satisfied.
Further, the refining of the precision specifically includes:
calculating a first node of which rho causes that the constraint sequence cannot be satisfied, and calculating an interpolation sequence I by using a function SeqInterpolant; after obtaining the interpolation sequence I, corresponding program position l is obtainedkIota interpolation ofkThe program variables used are refined to lkAs a starting point, the backperformance function is in the spatial stream model at the same time in precision for all positions along the path ρ back
Finding interpolated iotakVariables used in program position lkBackward def-use chain, will lkPointer variables pointed by the variables are added into the precision of the corresponding positions, and the precision is iteratively refined from two aspects of value space and address space for model abstraction.
Specifically, the constraint rules of the strongly updated refined model include an ADDR rule, a COPY rule, a PHI rule, a GEP rule, a STORE rule, a LOAD rule, an SU/WU rule, a CALL rule, a RET rule and a COMPO rule.
Specifically, traversing the value flow information in the spatial flow model backward along the counter-example path, judging whether weak update exists on the path, if so, updating pointer pointing information in the model through a counter-example guided path sensitive strong update constraint rule, and performing model detection again to gradually realize the analysis of the program symbol level and the address space level; and if the weak update does not exist on the counterexample path, indicating that the program has counterexamples violating the security attribute, interrupting the model detection, and reporting the discovered counterexamples.
Another technical solution of the present invention is a counter-example guided sparse spatial flow model detection system, including:
the compiling module is used for compiling the C program code to be verified into an LLVM intermediate code;
the conversion module is used for converting the LLVM intermediate code into a sparse space flow model of the program to be verified;
the abstract module is used for carrying out variable abstraction on the sparse spatial flow model and executing a model detection algorithm of dominant value analysis to detect whether counter examples exist in the sparse spatial flow model subjected to abstract processing;
the detection module is used for carrying out feasibility verification on the existing counterexample and judging whether the counterexample path is effective in the original model; and guiding the original model to carry out model detection again through counter-example information based on the abstract refinement of interpolation and the strong updating refinement model sensitive to the path, the context and the field, and judging whether the program violates the security attribute through whether weak updating exists on the counter-example path and the counter-example path.
Compared with the prior art, the invention has at least the following beneficial effects:
the invention discloses a counter-example-guided sparse spatial flow model detection method, which comprises the steps of constructing a formal model of a C language program to be verified, carrying out variable abstraction on the model, detecting whether counter examples exist in the abstract model, and guiding abstract refinement and strong updating of the model by using counter example information, so that analysis of a program symbol level and an address space level is realized, and the safety of the program is verified.
Further, the LLVM intermediate code is converted into a sparse space flow model of the program to be verified, a formal model is provided for rear-end model detection, and control flow information of the LLVM code, namely the control flow automaton, is extracted
The method comprises the steps of obtaining pointing information through an Andersen pointer analysis algorithm which is insensitive to flow and context, describing uncertain pointing relationships by utilizing two weak update functions, describing a def-use chain containing all top-level and address-token pointer variables in the form of inter-process memory SSA, and for an instruction load p, mu (a) represents that each variable a (such as i and j) pointed by the pointer p can be indirectly accessed in the instruction&use). For store p ═&i, a χ (a) indicates that each variable a pointed to by the pointer p may be redefined and used. Further obtaining a sparse value flow graph
By combining control flow automata
And sparse value flow graph
Constructing sparse spatial flow models
Further, a control flow automaton is generated
To describe the state transition process expressed in code. Generating sparse value flow graphs
To describe the pointing relationship of the pointer. Generating sparse spatial flow models
To provide a model for formal verification of security attributes.
Furthermore, variable abstraction is carried out on the sparse spatial flow model to realize abstraction refinement based on precision.
Further, having an image state s and an abstract state
Setting of two states.
Further, the feasibility of the existing counter example is verified to determine whether the wrong pointing information exists and whether the precision needs to be refined.
Further, the precision of the symbol variables and the pointing information is refined to remove false pointing relationships. Calculating a first node of which rho causes that the constraint sequence cannot be satisfied, and calculating an interpolation sequence I by using a function SeqInterpolant; after obtaining the interpolation sequence I, corresponding program position l is obtainedkIota interpolation ofkThe program variables used are refined to lkAs a starting point, the same applies to the accuracy of all positions along the path ρ to the backTime function BackReahability in space flow model
Finding the interpolated value lkVariables used in program position lkBackward def-use chain, will lkPointer variables pointed by the variables are added into the precision of the corresponding positions, and the precision is iteratively refined from two aspects of value space and address space for model abstraction.
Further, a constraint rule of a strong updating refinement model is set to realize backward reachability analysis on the path.
Furthermore, traversing the value flow information in the space flow model backwards along the counter-example path, and judging whether a weak update setting exists on the path so as to judge whether the counter-example violating the security attribute exists in the program. If weak update exists on the counterexample path, updating pointer pointing information in the model through a path sensitive strong update constraint rule guided by the counterexample, and performing model detection again to gradually realize the analysis of the program symbol level and the address space level; and if the weak update does not exist on the counterexample path, indicating that the program has counterexamples violating the security attribute, interrupting the model detection, and reporting the discovered counterexamples.
In summary, the invention can accurately perform formal verification of the security attribute of the C language program software by implementing the counter-example guided sparse spatial flow model detection method, thereby providing a security technical guarantee for the C language program software.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
FIG. 1 is a schematic diagram of a method for sparse spatial stream model detection guided by a reverse example of the present invention.
Fig. 2 is a schematic diagram of a spatial flow diagram construction of a program C in the embodiment of the present invention.
FIG. 3 is a pseudo code diagram of a precision refinement algorithm for constrained difference values sensitive to pointing information according to an embodiment of the present invention.
FIG. 4 is a diagram illustrating counter-example guided path, context, and field-sensitive strong update constraint rules according to an embodiment of the present invention.
FIG. 5 is a schematic diagram of pseudo code of a counter-example-guided abstract refinement and strong update model detection algorithm according to an embodiment of the present invention.
Fig. 6 is a schematic diagram of an anti-example detection result of the anti-example guided sparse spatial flow model in the embodiment of the present invention.
FIG. 7 is a schematic diagram of performance analysis of a counter-example-guided sparse spatial flow model detection system in an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be understood that the terms "comprises" and/or "comprising" indicate the presence of the stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
Various structural schematics according to the disclosed embodiments of the invention are shown in the drawings. The figures are not drawn to scale, wherein certain details are exaggerated and possibly omitted for clarity of presentation. The shapes of various regions, layers and their relative sizes and positional relationships shown in the drawings are merely exemplary, and deviations may occur in practice due to manufacturing tolerances or technical limitations, and a person skilled in the art may additionally design regions/layers having different shapes, sizes, relative positions, according to actual needs.
The invention provides a counter-example-guided sparse spatial flow model detection method, which comprises the steps of constructing a formal model of a C language program to be verified, and performing variable abstraction on the model; then, whether counterexamples exist in the abstract model is detected, and abstract refinement and strong updating of the model are guided through counterexample information, so that analysis of a program symbol level and an address space level is gradually realized, and the safety of the program is verified; the invention can accurately and efficiently analyze the state change of C language program software on the symbol level and the address space level by realizing the counter-example guided sparse space flow model detection method, thereby realizing safe formal verification.
Referring to fig. 1, the method for detecting a sparse spatial stream model through counterexample guidance according to the present invention adopts a C program reference library with various complex syntax semantic characteristics as an implementation object, so as to ensure the universality of the method of the present invention, and includes the following specific steps:
s1, compiling the C program code to be verified into an LLVM intermediate code;
to generate LLVM intermediate code, the present example employs an LLVM (6.0.0) framework. With the framework, C program codes are compiled into LLVM intermediate codes, namely LLVM IR, and the LLVM intermediate codes are used for the construction process of the sparse spatial flow model.
LLVM intermediate code is a partially static single-valued language, i.e., a language in the form of SSA. Two types of variables are included: top-level and address-token. the top-level variable is explicitly placed in an SSA form by using a standard SSA construction algorithm, namely the type of variable is assigned once in the life cycle of the variable, and the pointer variable of the top-level has a determined pointing relationship; while the address-token variable is not in the form of SSA, and needs to be indirectly accessed through the top-level variable by using two instructions, namely load and store, and the pointer variable of the address-token usually has an uncertain pointing relationship.
S2, constructing a sparse spatial flow model of the program to be verified;
the present invention divides the pointer analysis into sensitive pointer analysis and insensitive pointer analysis according to the characteristics of the pointer analysis algorithm. Sensitive pointer analysis comprises path sensitive, control flow sensitive, context sensitive and field sensitive pointer analysis, and the method can calculate accurate pointing relationships, but as the code scale is enlarged, the calculation complexity is exponentially increased, and the method is used for strongly updating and removing false pointing relationships. Insensitive pointer analysis comprises pointer analysis based on implication constraint (also called Anderson) or combination constraint (also called Steensgaard), the method improves the calculation speed, but the analysis precision cannot be guaranteed, and the method is used for constructing a sparse space flow model of a program in linear time.
The sparse spatial flow model of the program to be verified is composed of a control flow automaton and a sparse value flow graph, and a spatial flow graph construction schematic diagram of the program C is shown in FIG. 2. The space flow model accurately describes the state transition process expressed by codes by using a control flow automaton and describes the change process of the memory address state by using a sparse value flow graph mode.
The invention constructs a sparse spatial flow model as follows:
wherein,
representing a spatial flow graph;
representing a control flow automaton;
representing a sparse value flow graph, L being a set of program locations representing a program counter; l0E, taking L as an initial program position, namely an entrance position of the program;
to control flow edge sets, operations performed to migrate from one program location to another are represented; s is a set of all operation statements in the program, wherein the set of all program variables is V;
a set of defining nodes or using nodes representing pointer variables;
representing the set of all possible def-use chains for pointer variables.
Based on the construction form of the space flow model, the LLVM intermediate code is converted into a sparse space flow model
The specific mode is as follows:
extracting control flow information of LLVM code, i.e. control flow automata
Acquiring pointing information through an Andersen pointer analysis algorithm insensitive to flow and context, describing uncertain pointing relation and acquiring pointing information by using two weak update functions mu (a) and a ═ x (a), and describing def-use chain containing all top-level and address-token pointer variables in the form of inter-process memory SSA to obtain a sparse value flow graph
The μ (a) function is used to indicate the use (use) of the variable a, and the function a ═ χ (a) is used to indicate the definition and use (def) of the variable a&use)。
Since the call context may also cause an indeterminate point relationship to exist at the function call, the present invention represents the pointer parameter in the function call by using the two weakly updated functions, wherein a χ (a) is used to represent that each variable a pointed to by the pointer parameter variable p may be redefined and used by the function when the function call enters, and μ (a) represents that a may be used when the function call returns;
by combining control flow automata
And sparse value flow graph
Constructing sparse spatial flow models
S3, performing variable abstraction on the sparse spatial flow model, executing a model detection algorithm of explicit value analysis to detect whether an abstract model has a counter-example, if the abstract model does not have the counter-example, indicating that the program is safe to the attribute, and stopping detection;
in-process spatial flow model
When abstract, the data is divided into an image state s and an abstract state
Two states, with the description of state s as:
s∶=cs@l (4)
wherein cs:
meaning that a program variable is assigned an integer value, eL is a program position.
Abstract state
The description of (A) is as follows:
wherein, as:
t represents an unknown value, such as assigned by an uninitialized variable, or an external function call; and |, denotes no value, i.e. a contradictory variable assignment.
Precision pi defines a set of program variables to be analyzed and tracked, and the form of the precision function pi is expressed as:
Π:L→2v (6)
wherein L represents a program position, 2vRepresenting a set of variable assignments.
Based on the model abstract construction form, the concrete mode of carrying out variable abstraction and detection based on the dominant value on the sparse spatial flow model is as follows:
at the beginning of the detection, the precision is initialized to null (
) I.e., for each L ∈ L, all variables are not tracked;
calculating sparse spatial flow model by precision function pi
The variable assigns the precision pi of the statement, and then the dominant value abstraction of the statement is calculated according to the variable v tracked by the precision pi;
converting the imaged state s into an abstract state according to precision
Realizing the abstraction of the model; all in oneAt this time, a model detection algorithm that performs explicit value analysis detects whether there is a counter-example in the abstract model that violates the security property.
And S4, carrying out feasibility verification on the counterexample, and judging whether the counterexample path is effective in the original model.
S401, if the counter example path is effective in the original model, the counter example information is used for guiding the model to abstract and thin based on interpolation, model detection is carried out again, and therefore analysis of a program symbol level and an address space level is gradually achieved;
defining a path as a sequence p of pairs of operation statements and program positions is as follows:
ρ:<(op1@l1),…,(opn@ln)>
wherein, γρ=<op1,…,opn>The constraint sequence of the path, op, typically contains a number of operation statements.
The specific way of feasibility verification of the counter example is as follows:
when a path p is found that can reach violation detection property
Error position of
When, i.e., a counterexample CEX, the feasibility verification is first at full precision: (
) Analyzing the effectiveness of the counter example rho in the original model by utilizing an SMT technology, and judging whether a constraint sequence can be met;
if not, the accuracy may be not fine enough or there may be misdirected information due to weak updates, requiring refinement of the accuracy.
Given formula
And formula
And is
Is not satisfiable, formula
And formula
The kreger interpolation of (a) is described as a formula that satisfies the following constraint:
1)
is effective, i.e. that
Unsatisfiable;
2)
namely, it is
Unsatisfiable;
3) iota contains only the formula
And
common symbols, and symbols of the theory itself.
The above definition extends to an ordered sequence of formulas
And is
Obtaining a series of interpolated iota by utilizing the interpolation method0,…,ιn:
1)
The method is effective;
2)
3)
4)ιicontaining only the formula
And
common symbols, and symbols of the theory itself.
The pseudo code schematic diagram of the precision refining algorithm of the constraint difference value sensitive to the pointing information adopted by the counter-example guided model refining in the embodiment of the invention is shown in FIG. 3.
Based on the above kreger interpolation, the specific way of executing the precision refinement algorithm of the information sensitive constraint difference value of the invention is as follows:
when an infeasible error path rho is given, firstly calculating a first node of which rho causes that a constraint sequence is unsatisfiable, and calculating an interpolation sequence I by using a function SeqInterpolant;
after obtaining the interpolation sequence I, corresponding program position l is obtainedkIota interpolation ofkThe program variables used are refined to lkAs a starting point, the backperformance function is in the spatial stream model at the same time in precision for all positions along the path ρ back
Finding interpolated iotakVariables used in program position lkBackward def-use chain, and iotakPointer variables to which the variables are pointed are added to the precision of corresponding positions, and the pointer variables can be used for model abstractionThe precision is iteratively refined in terms of both value space and address space.
S402, if the counterexample path is invalid in the original model, detecting whether weak update exists on the counterexample path;
referring to fig. 4, ten strong update constraint rules are proposed in the embodiment of the present invention, which specifically include:
ADDR rules, COPY rules, PHI rules, GEP rules, STORE rules, LOAD rules, SU/WU rules, CALL rules, RET rules, and COMPO rules.
Ten strong update constraint rules are formally described as 10 constraint expressions shown below:
1) ADDR rule:
the memory address of o [ rho, c, n '] declared at the node n' is reversely acquired through the def-use chain of o to define the pointing relationship of p:
2) COPY rule:
for the instruction of the top-level variable, the determined def-use chain can be used for acquiring a pointing set:
3) PHI rule:
for instructions of top-level variables, a pointing set can be acquired by using a determined def-use chain, since PHI is related to path conditions, it needs to be judged whether n' and n ″ belong to p
Thereby, path sensitivity is achieved:
4) GEP rule:
a field sensitivity analysis in field access is implemented that constructs an object for the field from the index of GetElementPtr as the pointing object of the field pointer:
5) the STORE rule:
introducing a plurality of indirect def-use chains into the address-token variable, wherein the current false def-use chains need to be calculated and removed in the updating process, and the correctness of the pointing relationship is ensured:
6) LOAD rule:
and indirectly pointing to the relation set from the address-token variable, and assigning the value to the top-level variable for use. Due to the existence of multiple STORE operations, the pointing relationship obtained by the top-level variable has a false def-use chain:
7) SU/WU rules:
for strong and weak update operations in STORE ρ, c, n: × p ═ in three cases, the strong update operation kill (p [ ρ, c, n) is performed]): when the pointer p points to an object of a path and context dependent singleton (pcSingletons)
When it is necessary to cut
Removing the original content of n' in o, and updating the new content of n; when the p-pointing set is empty, cut
To avoid null pointers; and in other cases, weak updating is carried out. The direction information for processing the address-token variable in the LOAD and STORE rules can be obtained through the SU/WU rules:
8) CALL rule:
for analyzing function calls between processes, constraints consistent with COPY are used. When CALL represents function CALL, a variable v' is directly or indirectly transferred from a caller to a callee through parameter transfer, as a variable v:
9) RET rule:
for analyzing function calls between processes, constraints consistent with COPY are used. When RET represents function return, the variable v' is directly or indirectly returned to the caller from the callee, and the original variable v is updated:
10) COMPO rule:
for expressing the transitivity of def-use chains:
based on the strong updating constraint rule, if the counterexample path is effective in the original model, the strong updating of counterexample guidance is carried out.
S4021, if weak update exists on the counter-example path, guiding strong update of the path, context and field sensitivity through counter-example information, updating a detailed model, and performing model detection again to gradually realize analysis of a program symbol level and an address space level;
the specific way in which the present invention performs counter-example-directed strong updates is as follows:
firstly, traversing the median flow information of the spatial flow model backwards along a counter-example path, and judging whether weak update exists on the path;
if the pointer variable exists in the pointer variable, the pointer variable is subjected to the strong updating operation, and the pointer variable is subjected to the strong updating operation.
Wherein, the path sensitive strong updating is realized by recording and analyzing a counter example path; the field-sensitive strong updating is realized by using multi-level index information in a GetElementPtr instruction in LLVM IR as an index of a field; context sensitive strong updates are achieved by utilizing a context stack.
S4022, if the counter path does not have the weak update, indicating that the program has the counter violating the security attribute, interrupting the model detection, and reporting the found counter.
And S5, detecting a counter example guide model.
The analyzed states and the reachable relations between them are recorded in tree form by means of abstract reachability graphs (abstract reachability graphs), two intermediate variables are used to record information during the analysis: collection
The system is used for recording all reachable abstract states under the current precision; collection
The pseudo code of the counter example guided model detection algorithm designed in the embodiment of the invention is shown in FIG. 5. The method comprises the following specific steps:
s501, setting the current precision pi to be null precision pi0(i.e., no variables are recorded), and readed and waitlist are initialized (lines 1-2);
s502, performing dominant value analysis moduleThe type detection algorithm extracts an unanalyzed state b from waitlist, finds out an inheritor that b can reach under precision pi (namely, the branch condition can be satisfied after pi abstraction), and abstracts the inheritor, wherein if a new state is not analyzed, the inheritor is merged into reached and waitlist; if the new state has violation property
Indicating that a counterexample path is found, and exiting the current loop (lines 4-12);
s503, judging whether the waitlist has a residual unanalyzed state, if not, indicating that the program is correct for the attribute. Thus, detection is stopped (22 rows);
s504, if waitlist is not empty, constructing an abstract counterexample path rho from the abstract reachable graphaAnd according to rhoaBy using the function isfesable, the path p is judgedaWhether the original model is valid (lines 13-15);
s505, if rhoaInvalid, indicating that the current path is not feasible. The algorithm uses a precision refinement algorithm (Refine) pointing to information-sensitive constrained differences to update the precision pi (16 lines);
s506, if rhoaEffectively, traversing the model backward along the path
Determining rhoaIf there is a weak update, then the constraint rule pair shown in Table 1 is used
Performing path sensitivity strong updating, removing pointing information brought by weak updating, then updating tracking variables brought by pointing relationships in precision, and removing variable assignment abstract states caused by wrong pointing information (lines 17-19);
s507, if rhoaEffective, and ρaIf there is no weak update, then the surface that the path is valid in both value space and address space, indicating that the program has a violation of the property
The model detection is interrupted and the found counterexample is reported (line 20);
after the precision is updated in steps S508, S505 and S506, the refined pi is updated in read and waitlist, and the model detection is performed again in step S502 (line 21).
The invention uses the empty precision in the first model detection, which mainly considers two reasons:
on one hand, whether the state of attribute violation possibly exists in the program can be quickly detected by using the simplest abstract model, so that invalid calculation analysis is avoided, such as pointer operation does not exist on a counter example path;
on the other hand, the initial spatial stream model uses insensitive pointer analysis, so that a lot of false pointing information exists, and wrong judgment is introduced to model detection;
then, if weak update exists on the detected path, after strong update, correct path-sensitive pointing information is provided for model detection;
if there is no weak update, it indicates that the direction information on the path is correct, and the detected path is considered valid.
In another embodiment of the present invention, a counter-example-guided sparse spatial stream model detection system is provided, which can be used to implement the counter-example-guided sparse spatial stream model detection method described above, and specifically, the counter-example-guided sparse spatial stream model detection system includes a compiling module, a converting module, an abstracting module, and a detecting module.
The compiling module is used for compiling the C program code to be verified into an LLVM intermediate code;
the conversion module is used for converting the LLVM intermediate code into a sparse space flow model of the program to be verified;
the abstract module is used for carrying out variable abstraction on the sparse spatial flow model and executing a model detection algorithm of dominant value analysis to detect whether counter examples exist in the sparse spatial flow model subjected to abstract processing;
the detection module is used for carrying out feasibility verification on the existing counterexample and judging whether the counterexample path is effective in the original model; and guiding the original model to carry out model detection again through counter-example information based on the abstract refinement of interpolation and the strong updating refinement model sensitive to the path, the context and the field, and judging whether the program violates the security attribute through whether weak updating exists on the counter-example path and the counter-example path. .
In yet another embodiment of the present invention, a terminal device is provided that includes a processor and a memory for storing a computer program comprising program instructions, the processor being configured to execute the program instructions stored by the computer storage medium. The Processor may be a Central Processing Unit (CPU), or may be other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable gate array (FPGA) or other Programmable logic device, a discrete gate or transistor logic device, a discrete hardware component, etc., which is a computing core and a control core of the terminal, and is adapted to implement one or more instructions, and is specifically adapted to load and execute one or more instructions to implement a corresponding method flow or a corresponding function; the processor provided by the embodiment of the invention can be used for the operation of a counter-example-guided sparse spatial flow model detection method, and comprises the following steps:
compiling the C program code to be verified into an LLVM intermediate code; converting the LLVM intermediate code into a sparse space flow model of the program to be verified; carrying out variable abstraction on the sparse spatial flow model, and executing a model detection algorithm of explicit value analysis to detect whether counter-examples exist in the sparse spatial flow model subjected to abstract processing; carrying out feasibility verification on the existing counterexample, and judging whether the counterexample path is effective in the original model; and guiding the original model to carry out model detection again through counter-example information based on the abstract refinement of interpolation and the strong updating refinement model sensitive to the path, the context and the field, and judging whether the program violates the security attribute through whether weak updating exists on the counter-example path and the counter-example path.
In still another embodiment of the present invention, the present invention further provides a storage medium, specifically a computer-readable storage medium (Memory), which is a Memory device in a terminal device and is used for storing programs and data. It is understood that the computer readable storage medium herein may include a built-in storage medium in the terminal device, and may also include an extended storage medium supported by the terminal device. The computer-readable storage medium provides a storage space storing an operating system of the terminal. Also, one or more instructions, which may be one or more computer programs (including program code), are stored in the memory space and are adapted to be loaded and executed by the processor. It should be noted that the computer-readable storage medium may be a high-speed RAM memory, or may be a non-volatile memory (non-volatile memory), such as at least one disk memory.
One or more instructions stored in a computer-readable storage medium may be loaded and executed by a processor to implement the corresponding steps of the method for sparse spatial flow model detection with counter-example guidance in the above embodiments; one or more instructions in the computer-readable storage medium are loaded by the processor and perform the steps of:
compiling the C program code to be verified into an LLVM intermediate code; converting the LLVM intermediate code into a sparse space flow model of the program to be verified; carrying out variable abstraction on the sparse spatial flow model, and executing a model detection algorithm of explicit value analysis to detect whether counter-examples exist in the sparse spatial flow model subjected to abstract processing; carrying out feasibility verification on the existing counterexample, and judging whether the counterexample path is effective in the original model; and guiding the original model to carry out model detection again through counter-example information based on the abstract refinement of interpolation and the strong updating refinement model sensitive to the path, the context and the field, and judging whether the program violates the security attribute through whether weak updating exists on the counter-example path and the counter-example path.
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The method has the following effects:
in the embodiment of the invention, the sparse spatial stream model detection of counterexample guidance is carried out on the C program reference library with various complex syntactic semantic characteristics. Fig. 6 is a schematic diagram of a sparse spatial flow model counter-example detection process in the present invention, which only tracks variables necessary for refuting invalid counter-example paths, so as to suppress the problem of state space explosion caused by excessive program variables and values thereof, and make verification more concise and efficient, wherein the counter-examples CEX1 and CEX2 detect false counter-examples in the process. Wherein CEX1 is theta1∧θ2∧θ3∧θ5CEX2 is
Referring to fig. 7, the present invention further analyzes the performance of the counter-example guided sparse spatial flow model detection system; the method comprises the following specific steps:
FIG. 7(a) is a comparison of the verification efficiency of the present invention and six mainstream software detection tools (GT, CPA-V, CPA-VP, CPA-KVP, Gazer, SMACK) for different C program reference libraries, and the verification efficiency of the present invention and six mainstream software detection tools (GT, CPA-V, CPA-VP, CPA-KVP, Gazer, SMACK) for different C program reference libraries was tested.
FIG. 7(b) is a schematic diagram of CDF comparison between the present invention and six mainstream software testing tools, which respectively test the CDF of the present invention and six mainstream software testing tools.
Fig. 7(c) is a schematic diagram of comparing the correctness of the present invention and six mainstream software detection tools in six aspects of an array (array), a function call (call), a global variable (global), a loop (loop), a path (path), and a structure (struct), and respectively tests the correctness of the present invention and six mainstream software detection tools in six aspects of an array (array), a function call (call), a global variable (global), a loop (loop), a path (path), and a structure (struct).
Therefore, under the counter-example-guided sparse spatial flow model detection method, the method can more accurately analyze the state changes of the C language program software on the symbol level and the address space level compared with the existing method, can effectively balance the detection precision and efficiency, has more accurate verification capability and faster verification efficiency, and realizes safe formal verification.
In summary, the counter-example-guided sparse spatial flow model detection method and system of the present invention implement the description of program behavior at the symbol level and the address space level, and provide accurate and comprehensive information for formal verification of the program; the problem of explosion of the state space caused by excessive program variables and values thereof can be solved, so that the verification is more concise and efficient; efficient counterexample feasibility verification can be realized; the model precision can be iteratively refined from two aspects of value space and address space, and the completeness of precision refinement is ensured; the pointing relationship of the pointer can be accurately and efficiently determined, the false pointing relationship is removed, and safety guarantee is provided.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above-mentioned contents are only for illustrating the technical idea of the present invention, and the protection scope of the present invention is not limited thereby, and any modification made on the basis of the technical idea of the present invention falls within the protection scope of the claims of the present invention.
Claims (10)
1. A counter-example-guided sparse spatial flow model detection method is characterized by comprising
S1, compiling the C program code to be verified into an LLVM intermediate code;
s2, converting the LLVM intermediate code into a sparse space flow model of the program to be verified;
s3, performing variable abstraction on the sparse spatial flow model, and executing a model detection algorithm of explicit value analysis to detect whether counter-examples exist in the sparse spatial flow model subjected to abstract processing;
s4, carrying out feasibility verification on the existing counterexample, and judging whether the counterexample path is effective in the original model; and guiding the original model to carry out model detection again through counter-example information based on the abstract refinement of interpolation and the strong updating refinement model sensitive to the path, the context and the field, and judging whether the program violates the security attribute through whether weak updating exists on the counter-example path and the counter-example path.
2. A counter-example-guided sparse spatial flow model detection method according to claim 1, wherein converting LLVM intermediate code into a sparse spatial flow model of a program to be verified is specifically:
control flow automaton to extract LLVM code
Acquiring pointing information through an Andersen pointer analysis algorithm insensitive to flow and context, describing an uncertain pointing relation by using weak update functions mu (a) and a ═ χ (a), describing a def-use chain containing all top-level and address-token pointer variables in the form of an interprocess memory SSA, and for an instruction load p, mu (a) represents that each variable a pointed by the pointer p can be indirectly accessed in the instruction; the function a χ (a) represents the definition and use of the variable a; for store p ═&i, a ═ χ (a) indicates that each variable a pointed to by the pointer p is redefined and used, resulting in a sparse value flow graph
By combining control flow automata
And sparse value flow graph
Constructing sparse spatial flow models
3. An anti-example guided sparse spatial flow model detection method according to claim 2, characterized by controlling flow automaton
The following were used:
sparse value flow graph
The following were used:
sparse spatial flow model
The following were used:
wherein L is a set of program locations; l0Is the initial program position; e is a control flow edge set; s is a set of all operation statements in the program; n represents a defined node or a set of using nodes of the pointer variable; ε represents the set of all possible def-use chains for the pointer variable.
4. A counter-example-guided sparse spatial flow model detection method according to claim 1, wherein performing variable abstraction on the sparse spatial flow model specifically comprises:
calculating the precision pi of a variable assignment statement in the sparse space flow model by a precision function pi from the empty abstract precision, and calculating the dominant value abstraction of the statement according to a variable v tracked by the precision pi; converting the imaged state s into an abstract state according to precision
Variable abstraction of the sparse spatial flow model is achieved.
5. A counter-example-guided sparse spatial flow model detection method according to claim 4, characterized by the appearance state s being:
s:=cs@l
wherein cs:
expressing that an integer value is assigned to a program variable, and L belongs to L as a program position;
abstract state
Comprises the following steps:
wherein, as:
t represents an unknown value; and |, indicates no value.
6. An anti-instance guided sparse spatial flow model detection method according to claim 1, wherein the feasibility verification of the existing anti-instance is specifically:
defining a path as a sequence p consisting of a series of operation statements and program location pairs, detecting when a path p arrives at a violationProperties of
Error position of
And then, analyzing the effectiveness of the counter example path in the original model under the condition of full precision, and refining the precision when the constraint sequence is not satisfied.
7. A counter-example-guided sparse spatial flow model detection method according to claim 6, wherein the refining of the precision is specifically:
calculating a first node of which rho causes that the constraint sequence cannot be satisfied, and calculating an interpolation sequence I by using a function SeqInterpolant; after obtaining the interpolated sequence I, corresponding program position lkInterpolation of lkThe program variables used are refined to lkAs a starting point, the backperformance function is in the spatial stream model at the same time in precision for all positions along the path ρ back
Finding the interpolated value lkVariables used in program position lkBackward def-use chain, will lkPointer variables pointed by the variables are added into the precision of the corresponding positions, and the precision is iteratively refined from two aspects of value space and address space for model abstraction.
8. A counter-example-guided sparse spatial stream model detection method according to claim 1, wherein the constraint rules of the strongly updated refined model comprise an ADDR rule, a COPY rule, a PHI rule, a GEP rule, a STORE rule, a LOAD rule, an SU/WU rule, a CALL rule, a RET rule and a COMPO rule.
9. The counter-example-guided sparse spatial flow model detection method according to claim 1, wherein backward traversing the median flow information of the spatial flow model along the counter-example path, determining whether there is a weak update on the path, if there is a weak update on the counter-example path, updating the pointer direction information in the model by the counter-example-guided path-sensitive strong update constraint rule, and performing model detection again, thereby gradually implementing the analysis of the program symbol level and the address space level; and if the weak update does not exist on the counterexample path, indicating that the program has counterexamples violating the security attribute, interrupting the model detection, and reporting the discovered counterexamples.
10. A counter-example guided sparse spatial flow model detection system, comprising:
the compiling module is used for compiling the C program code to be verified into an LLVM intermediate code;
the conversion module is used for converting the LLVM intermediate code into a sparse space flow model of the program to be verified;
the abstract module is used for carrying out variable abstraction on the sparse spatial flow model and executing a model detection algorithm of dominant value analysis to detect whether counter examples exist in the sparse spatial flow model subjected to abstract processing;
the detection module is used for carrying out feasibility verification on the existing counterexample and judging whether the counterexample path is effective in the original model; and guiding the original model to carry out model detection again through counter-example information based on the abstract refinement of interpolation and the strong updating refinement model sensitive to the path, the context and the field, and judging whether the program violates the security attribute through whether weak updating exists on the counter-example path and the counter-example path.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111316310.0A CN114047913A (en) | 2021-11-08 | 2021-11-08 | Counter-example-guided sparse spatial flow model detection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111316310.0A CN114047913A (en) | 2021-11-08 | 2021-11-08 | Counter-example-guided sparse spatial flow model detection method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114047913A true CN114047913A (en) | 2022-02-15 |
Family
ID=80207849
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111316310.0A Pending CN114047913A (en) | 2021-11-08 | 2021-11-08 | Counter-example-guided sparse spatial flow model detection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114047913A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116932416A (en) * | 2023-09-15 | 2023-10-24 | 北京华云安信息技术有限公司 | Fuzzy test method, device, equipment and storage medium based on sensitive function |
-
2021
- 2021-11-08 CN CN202111316310.0A patent/CN114047913A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116932416A (en) * | 2023-09-15 | 2023-10-24 | 北京华云安信息技术有限公司 | Fuzzy test method, device, equipment and storage medium based on sensitive function |
| CN116932416B (en) * | 2023-09-15 | 2023-12-22 | 北京华云安信息技术有限公司 | Fuzzy test method, device, equipment and storage medium based on sensitive function |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109426722B (en) | SQL injection defect detection method, system, equipment and storage medium | |
| Tan et al. | Making k-object-sensitive pointer analysis more precise with still k-limiting | |
| Kanewala et al. | Predicting metamorphic relations for testing scientific software: a machine learning approach using graph kernels | |
| US8732669B2 (en) | Efficient model checking technique for finding software defects | |
| US8359583B2 (en) | Methods for selectively pruning false paths in graphs that use high-precision state information | |
| Chen et al. | Understanding metric-based detectable smells in Python software: A comparative study | |
| CN111104335B (en) | C language defect detection method and device based on multi-level analysis | |
| US9690946B2 (en) | Security analysis using relational abstraction of data structures | |
| US10409706B2 (en) | Automated test generation for structural coverage for temporal logic falsification of cyber-physical systems | |
| Esparza et al. | Parameterized verification of asynchronous shared-memory systems | |
| Walkinshaw et al. | Automated comparison of state-based software models in terms of their language and structure | |
| CN109388573B (en) | Error detection method and system during running of interrupt-driven program without false alarm | |
| Etessami et al. | Model checking of recursive probabilistic systems | |
| KR101979329B1 (en) | Method and apparatus for tracking security vulnerable input data of executable binaries thereof | |
| CN102508766B (en) | Static analysis method of errors during operation of aerospace embedded C language software | |
| CN114047913A (en) | Counter-example-guided sparse spatial flow model detection method and system | |
| CN101894072B (en) | Method for detecting abnormal termination during model detection | |
| Al-Sabbagh et al. | Selective regression testing based on big data: comparing feature extraction techniques | |
| Ngo et al. | Ranking warnings of static analysis tools using representation learning | |
| Wang et al. | Invariant based fault localization by analyzing error propagation | |
| Mathur et al. | Towards an object-oriented complexity metric at the runtime boundary based on decision points in code | |
| Saifullah et al. | Exploring type inference techniques of dynamically typed languages | |
| Alzahrani | Measuring class cohesion based on client similarities between method pairs: An improved approach that supports refactoring | |
| CN112581140B (en) | Intelligent contract verification method and computer storage medium | |
| Kozlov et al. | Exploratory analysis of the relations between code cloning and open source software quality |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |