CN114510722B - Static detection method and detection system for incremental code - Google Patents
Static detection method and detection system for incremental code Download PDFInfo
- Publication number
- CN114510722B CN114510722B CN202210147761.4A CN202210147761A CN114510722B CN 114510722 B CN114510722 B CN 114510722B CN 202210147761 A CN202210147761 A CN 202210147761A CN 114510722 B CN114510722 B CN 114510722B
- Authority
- CN
- China
- Prior art keywords
- code
- static detection
- incremental
- graph
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 153
- 230000003068 static effect Effects 0.000 title claims abstract description 129
- 238000004458 analytical method Methods 0.000 claims abstract description 112
- 230000006870 function Effects 0.000 claims abstract description 109
- 238000000034 method Methods 0.000 claims abstract description 41
- 230000001419 dependent effect Effects 0.000 claims description 17
- 238000012360 testing method Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 11
- 238000010276 construction Methods 0.000 claims description 8
- 230000007547 defect Effects 0.000 claims description 8
- 230000008859 change Effects 0.000 claims description 7
- 230000009467 reduction Effects 0.000 claims description 6
- 230000000694 effects Effects 0.000 claims description 4
- 238000004422 calculation algorithm Methods 0.000 claims description 3
- 230000002194 synthesizing effect Effects 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 18
- 238000005206 flow analysis Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 11
- 101150059273 PTR1 gene Proteins 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 101100235787 Schizosaccharomyces pombe (strain 972 / ATCC 24843) pim1 gene Proteins 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 101150114015 ptr-2 gene Proteins 0.000 description 4
- 238000004088 simulation Methods 0.000 description 4
- 238000012546 transfer Methods 0.000 description 4
- 230000000903 blocking effect Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000003672 processing method Methods 0.000 description 3
- 101100215778 Neurospora crassa (strain ATCC 24698 / 74-OR23-1A / CBS 708.71 / DSM 1257 / FGSC 987) ptr-1 gene Proteins 0.000 description 1
- 101100445488 Neurospora crassa (strain ATCC 24698 / 74-OR23-1A / CBS 708.71 / DSM 1257 / FGSC 987) ptr-2 gene Proteins 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000007667 floating Methods 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 238000013522 software testing Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Debugging And Monitoring (AREA)
- Stored Programmes (AREA)
Abstract
The invention relates to the technical field of computer science, in particular to a static detection method and a static detection system for an incremental code. The static detection method specifically comprises the following steps: identifying the incremental part of the code to be detected, constructing an abstract syntax tree, synthesizing a function call graph of the code to be detected, constructing a value dependency graph of the incremental part and a value dependency graph of the code to be detected, and carrying out vulnerability detection on the value dependency graph of the code to be detected to obtain a static detection result of the incremental code; further comprising the steps of: and performing static analysis on the original code and combining the static detection results of the original code and the incremental code to obtain a static detection result of the code to be detected. The invention solves the problems that the static detection method in the prior art has poor precision and is easy to miss report or misinformation, and the full detection period after code updating is long, the resource consumption is large and the economy is poor, and has the following advantages: the method has the characteristics of greatly reducing analysis time and memory, along with high efficiency, low cost and high precision.
Description
Technical Field
The present invention relates to the field of computer science technologies, and in particular, to a static detection method, a detection system, an electronic device, and a storage medium for an incremental code.
Background
The detection technology of the program code usually uses a program operation dynamic detection method, namely a new program is tested and operated, and technical problems are found and solved in the process, so that the detection period is long, the requirement on test practical cases is high, and comprehensive detection is difficult to complete in a limited time; the static analysis technology is a code analysis method which only uses source code information, does not need compiling and running, finds problems existing in the code through an automatic examination process and evaluates the quality of the code, can effectively verify indexes such as normalization, reliability, maintainability and the like of the code, reduces the cost of software testing and shortens the testing period. The static code analysis technology can realize full code coverage, detect codes which are rarely executed in actual operation and eliminate potential safety hazards in program operation; compared with manual testing, the method covers more feasible paths of the program, and the detection result is more comprehensive; because no code needs to be run, careless mistakes can not be generated due to the dependence on a compiling environment, and the method is suitable for small software and large software of a subsystem with a plurality of different application scenes; the detection is efficient, a large number of bugs can be found in a short time, and the time cost is low.
The inventor of the present invention found that: the precision and the accuracy of the existing static detection method are to be further improved, and the existing static detection method has multiple concurrency behaviors, so that false alarm and false alarm are easy to occur; furthermore, the existing static detection methods all involve the detection of a certain fixed code, and for the code of the upgrade iteration, all code detection needs to be performed again, and a large amount of manpower and material resources need to be consumed again, so that a static detection method for the incremental code is urgently needed in the market to replace the full detection of the updated fixed code or program in the prior art.
Disclosure of Invention
In order to solve the problems in the prior art, the invention selects and only carries out code analysis on the increment parts which are newly added, deleted and updated in the codes to be detected after the change and the contents related to the increment parts. The problem that when the code is updated, the time and resource cost for carrying out complete code analysis again are too high and the method is not suitable for scenes such as agile development and the like is solved, and the code incremental analysis can only analyze partial codes in the engineering, so that the analysis scale can be effectively reduced, and the cost of static analysis is reduced.
Furthermore, in the code increment analysis method, the difference of program semantics can not be identified by the methods of syntax analysis and control flow analysis, so that many false reports and false reports can be caused; in order to solve the problems, the dependency relationship among various statements is disclosed by combining data streams, so that the relationship between the program bug point and the call point is clearly displayed.
Furthermore, the invention uses a cross-function program vulnerability detection technology based on value dependence analysis, and the technology uses a deduplication analysis and blocking parallel processing method to establish a sparse value dependence graph, so that the dependence of flow sensitive program analysis on a control flow graph is separated, the analysis time and the memory are greatly reduced, and meanwhile, the logic judgment path is reduced, and further the multi-concurrency contradiction, the false alarm probability and the false alarm probability are reduced.
Furthermore, a value dependency graph is constructed by combining fixed value use in control flow analysis and data flow analysis and calling relationship analysis, the connection line between a point and a point is used for expressing the fixed value use relationship of a variable, each value dependency sub-graph expresses the life cycle of a certain variable before the value of the variable is changed, and the transfer relationship between key data can be comprehensively and accurately constructed. The value dependence analysis technology integrates the advantages of the existing symbol execution technology, the abstract interpretation technology and the value flow graph analysis technology, the cross-function processing is more accurate, the efficiency balance is more flexible, the inaccessible path in the program is removed through simulation execution calculation, and the cross-function vulnerability detection is more accurate.
The invention provides a static detection method of an incremental code, which aims at an original code and a code to be detected after any change and comprises the following steps:
identifying an incremental portion and a non-incremental portion of a code to be tested;
constructing an abstract syntax tree for a code to be tested;
constructing a function call graph of the code to be tested according to the abstract syntax tree;
constructing a value dependence graph of the code to be tested according to the function call graph of the code to be tested;
and obtaining a static detection result of the incremental code according to the value dependency graph of the code to be detected.
Preferably, the method for identifying the incremental portion of the code to be tested comprises comparing the program or command; the compare program or command includes a diff command in Git.
Preferably, the static detection method further comprises the steps of: and performing static analysis on the original code to serve as an initial static detection result.
Preferably, the static detection method further comprises the steps of: and combining the initial static detection result and the static detection result of the incremental code to obtain the static detection result of the code to be detected.
Preferably, the method for constructing the function call graph of the code to be tested comprises the following steps:
and taking a syntax structure defined in the abstract syntax tree as a structural relationship basis, and combining the syntax structure with a function call graph of an increment part and the information of the initial static detection result to construct a function call graph of the code to be detected.
Preferably, the function call graph of the incremental part is derived from the abstract syntax tree; and the information of the initial static detection result comprises the information of the node and the edge of the original code.
Preferably, the method for constructing the value dependency graph of the code to be tested includes: respectively constructing an incremental part value dependency graph and a non-incremental part value dependency graph; and connecting the incremental partial value dependency graph and the non-incremental partial value dependency graph.
Preferably, the incremental part and the non-incremental part are connected by using a call chain relation in a function call graph of the code to be detected and combining nodes and edges in the initial static detection result.
Preferably, the method for constructing the non-increment partial value dependency graph comprises the following steps: and obtaining an increment-free partial value dependency graph from the initial static detection result.
Preferably, the incremental partial value dependency graph is generated by a value dependency graph generation method, which includes the following steps:
performing non-guard value dependence analysis;
performing guard value dependence analysis;
refinement value dependent analysis.
Preferably, the non-guard value dependent analysis comprises a model effect analysis across functions.
Preferably, the guard-value-dependent analysis includes constructing an arrival condition between a first defined point and a second defined point of a value-dependent graph.
Preferably, the method for constructing the arrival condition includes: selecting a specific edge of the incremental value dependency graph, traversing from the first definition point to the second definition point on the function call graph of the code to be detected to calculate a final constraint value, and further calculating a condition from the first definition point to the second definition point by using an analysis algorithm.
Preferably, the refined value-dependent analysis comprises performing a refined construction of a value-dependent graph, constant propagation and constant folding, reduction analysis of new dependencies, and reduction analysis for loops.
Preferably, the construction method of the static detection result of the incremental code comprises:
and carrying out vulnerability detection on the set of the connected branches by using the set of the connected branches containing the increment part in the value dependency graph of the code to be detected to obtain the static detection result of the increment code.
Preferably, the method for detecting the vulnerability of the set of connected branches includes:
establishing a defect mode constraint based on the prior knowledge;
performing interval analysis on the initial static detection result, and establishing a program slice;
and detecting the program slices in one-to-one correspondence with the known defect modes to determine whether a bug exists in the program.
Preferably, the abstract syntax tree provides function information of function 1, function 2, function 3, function 4, main, head _ functions and evil _ functions and corresponds to the original code.
The static detection system of the incremental code uses the static detection method, and comprises the following steps:
an increment detection module: identifying an incremental portion and a non-incremental portion of the code under test;
the code grammar relation building module to be tested: constructing an abstract syntax tree for the code to be tested;
the function call graph generation module: constructing a function call graph of the code to be tested according to the abstract syntax tree;
a value dependency graph generation module: constructing a value dependency graph of the code to be tested according to the function call graph of the code to be tested;
an incremental code analysis module: and obtaining a static detection result of the incremental code according to the value dependency graph of the code to be detected.
Preferably, the static detection system further includes a to-be-detected code analysis module: and combining the initial static detection result and the static detection result of the incremental code to obtain a static detection result of the code to be detected.
Preferably, the static detection system further comprises an initial analysis module: performing static analysis on the original code, wherein the analysis result is used as an initial static detection result;
the invention also discloses an electronic device, which comprises a processor, a memory and a computer program which is stored on the memory and can run on the processor, wherein the implementation method of the computer program is the static detection method.
The invention also discloses a storage medium for storing a computer program on a computer readable storage medium, and the implementation method of the computer program is the static detection method.
Advantageous effects
In order to solve the problems in the prior art, the invention provides a static detection method and a static detection device for incremental codes, and solves the problems that the static detection method in the prior art is poor in precision and easy to miss or report, and the full detection period after the codes are updated is long, the resource consumption is large, and the economy is poor. The invention has the following characteristics:
1. and selecting an increment part which is newly added, deleted and updated in the code to be detected after the change and content related to the increment part to carry out code analysis. The problem that when the code is updated, the time and resource cost for carrying out complete code analysis again are too high and the method is not suitable for scenes such as agile development and the like is solved, and the code incremental analysis can only analyze partial codes in the engineering, so that the analysis scale can be effectively reduced, and the cost of static analysis is reduced;
2. by combining the data flow, the dependency relationship between various statements is disclosed, so that the relationship between the program bug point and the call point is clearly shown, the probability avoids the problem that the syntax analysis and control flow analysis methods in the conventional technology cannot identify the difference in program semantics, and simultaneously reduces the logic judgment path, thereby reducing the multi-concurrency contradiction and possibly causing many false reports and false reports;
3. a sparse value dependency graph is established by using a deduplication analysis and blocking parallel processing method, dependence of flow sensitive program analysis on a control flow graph is eliminated, and analysis time and memory are greatly reduced;
4. the method is characterized in that a value dependency graph is constructed by combining fixed value use and calling relation analysis in control flow analysis and data flow analysis, connecting lines between points are used for expressing fixed value use relations of variables, each value dependency subgraph expresses a life cycle from a certain variable to the point before the value of the certain variable is changed, the transfer relation between key data can be comprehensively and accurately constructed, cross-function processing is more accurate, efficiency balancing is more flexible, inaccessible paths in a program are removed through simulation execution calculation, and cross-function vulnerability detection is more accurate.
Drawings
One or more embodiments are illustrated by way of example in the accompanying drawings, which correspond to the figures in which like reference numerals refer to similar elements and which are not to scale unless otherwise specified.
FIG. 1 is a flow chart of a method for static detection of incremental code;
fig. 2 is a diagram of an original code demo.c file in an initial analysis module;
FIG. 3 is a diagram of an original code headers.h file in an initial analysis module;
FIG. 4 is a diagram of an original code headers.c file in an initial analysis module;
FIG. 5 is a diagram of a code to be tested demo2.C file in an increment detection module;
fig. 6 is a diagram of code headers.h files to be detected in the incremental detection module;
FIG. 7 is a diagram of code headers.c files to be tested in an incremental check module;
FIG. 8 is a diagram of the call function evil _ headers.h file in the incremental detection module;
FIG. 9 is a diagram of the call function evil _ headers.c file in the incremental detection module;
fig. 10 is a diagram of diff parts in the demo.c file detected in the increment detection module;
FIG. 11 is a diagram of diff portions of an evil _ headers.h file detected in the increment detection module;
FIG. 12 is a diagram of diff portions of an evil _ headers.c file detected in the increment detection module;
fig. 13 is a function call graph of the function call graph generation module file demo2. C;
FIG. 14 is a function call graph of the function call graph generation module file evil _ headers.c;
FIG. 15 is a function call graph of a function call graph generation module file headers.c;
fig. 16 is a sub-graph example of a code value dependency graph to be detected in the value dependency graph generation module.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be described in detail below. It should be apparent that the described embodiments are only some embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the examples given herein without any inventive step, are within the scope of the present invention.
As shown in fig. 1, the present embodiment discloses a static detection method for an incremental code, which includes the following steps for an original code and a code to be detected after any change:
identifying an incremental portion and a non-incremental portion of the code under test;
constructing an abstract syntax tree for the code to be detected;
constructing a function call graph of the code to be tested according to the abstract syntax tree;
constructing a value dependence graph of the code to be tested according to the function call graph of the code to be tested;
and obtaining a static detection result of the incremental code according to the value dependency graph of the code to be detected.
The static detection method further comprises the following steps: and performing static analysis on the original code to serve as an initial static detection result.
Some optional embodiments, further comprising an initial analysis: and carrying out static analysis on the original code, wherein the analysis result is used as an initial static detection result.
Some optional embodiments, further comprising analysis of the code under test: and combining the initial static detection result and the static detection result of the incremental code to obtain a static detection result of the code to be detected.
And combining the initial static detection result and the static detection result of the incremental code to obtain the static detection result of the code to be detected.
As shown in fig. 2 to fig. 4, the present embodiment discloses that a piece of original code includes: demo.c, heads.h and heads.c files. The demo. C file declares and initializes pointers ptr1 and ptr2 first, and declares variable num but has no value assigned. The heads _ function, function 1, function 2, function 3, and function 4 are then called, respectively. Wherein the headers _ function is secure; the func1 function releases the pointer ptr1, and the func2 function releases the pointer ptr1 again, so that a Double Free vulnerability is caused; func3 is secure and func4 directly uses the uninitialized variable num, resulting in an uninitialized use hole. Therefore, the code before modification has two bugs, which are located in the demo.c file, i.e. a Double Free bug of ptr1 and an uninitialized use bug of num, and these information will be detected statically and stored in a persistent manner (e.g. database, json).
As shown in fig. 5 to 9, the embodiment discloses a section of changed codes to be tested, which includes: the headers.h and headers.c files still do not have vulnerabilities; the method comprises the steps that (1) heads _ function, function 1, function 2, function 3 and function 4 functions are called in main functions of demo2.C files respectively, wherein the heads _ function is safe; releasing the pointer ptr1 by the func1 function, and repairing a Double Free vulnerability in the previous version by the func2 function; the func3 function calls the evil _ function, and a null pointer dereference vulnerability is generated in the function by a pointer ptr 2; func4 directly uses the uninitialized variable num, resulting in an uninitialized use hole. Therefore, the modified code has two vulnerabilities, namely a null pointer dereference vulnerability of ptr2 and an uninitialized use vulnerability of num.
As shown in fig. 10-12: in the embodiment, only the increment parts of the codes to be detected, which are newly added, deleted and updated after the change, and the contents related to the increment parts are selected to be subjected to code analysis. The problem that when the code is updated, the time and resource cost for carrying out complete code analysis again are too high and the method is not suitable for scenes such as agile development and the like is solved, and the code incremental analysis can only analyze partial codes in the engineering, so that the analysis scale can be effectively reduced, and the cost of static analysis is reduced.
Furthermore, in the code increment analysis method, the difference of program semantics can not be identified by the methods of syntax analysis and control flow analysis, so that many false reports and false reports can be caused; in order to solve the problems, the dependency relationship among various statements is disclosed by combining data streams, so that the relationship between the program bug point and the call point is clearly displayed.
Furthermore, the invention uses a cross-function program vulnerability detection technology based on value dependence analysis, and the technology uses a deduplication analysis and blocking parallel processing method to establish a sparse value dependence graph, so that the dependence of flow sensitive program analysis on a control flow graph is separated, the analysis time and the memory are greatly reduced, and meanwhile, the logic judgment path is reduced, and further the multi-concurrency contradiction, the false alarm probability and the false alarm probability are reduced.
Furthermore, a value dependency graph is constructed by combining fixed value use in control flow analysis and data flow analysis and calling relationship analysis, the connection line between a point and a point is used for expressing the fixed value use relationship of a variable, each value dependency graph expresses the life cycle of a variable before the value of the variable is changed, and the transfer relationship between key data can be comprehensively and accurately constructed. The value dependence analysis technology integrates the advantages of the existing symbol execution technology, abstract interpretation technology and value flow graph analysis technology, the cross-function processing is more accurate, the efficiency balance is more flexible, the inaccessible path in the program is removed through simulation execution calculation, and the cross-function vulnerability detection is more accurate.
In some optional embodiments, a sparse value dependency graph is established by using a method of diff command deduplication analysis and partial block parallel processing in Git, only a part of increment is identified as a necessary parameter, dependence of flow sensitive program analysis on a control flow graph is separated, and analysis time and memory are greatly reduced. Furthermore, the incremental part which is added, deleted and updated in the code to be detected after the change and the content related to the incremental part are selected to be subjected to code analysis. The problem that the time and resource cost for carrying out complete code analysis again is too high and is not suitable for scenes such as agile development and the like when the codes are updated is solved, and the code increment analysis can only analyze partial codes in the engineering, so that the analysis scale can be effectively reduced, and the cost of static analysis is reduced.
Some optional embodiments construct an abstract syntax tree, and when the incremental part calls a function, and the function corresponds to a plurality of files, which function to be called specifically cannot be determined simply by means of a function name and the like, and through the abstract syntax tree, the unmodified function called by the incremental part can be accurately corresponded to the function in the original code. Because building an abstract syntax tree for a file is much simpler than building a value dependency graph, and building an abstract syntax tree for a complete project can better identify functions.
In this embodiment, the abstract syntax tree may provide function information of function 1, function 2, function 3, function 4, main, head _ functions, and evil _ function, wherein the abstract syntax tree may correspond to a project before modification except for the evil _ function. For the delta section, func2 and evil _ function do not call user functions, and func3 calls the evil _ function in the evil _ headers.c file. Using this information, it may help generate a function call graph for the code under test.
As shown in fig. 13-15: the method for constructing the function call graph of the code to be detected is formed by combining the abstract syntax tree, the function call graph of the incremental part and the information of the initial static detection result; combining the information in the abstract syntax tree, the function call graph of the incremental part and the node and side information in the information of the initial static detection result to generate a function call graph of the code to be detected; the incremental partial value dependency graph is generated through a function call graph of the code to be tested; the value dependence graph of the code to be tested is shown in fig. 15: the method is formed by connecting an initial static detection result, a call chain in a function call graph of the code to be detected and a value dependence graph of a non-increment part function in a non-increment part value dependence graph. By combining the data flow, the dependency relationship between various statements is disclosed, so that the relationship between the program bug point and the call point is clearly displayed, the probability avoids the problem that the syntax analysis and control flow analysis methods in the conventional technology cannot identify the difference in program semantics, and simultaneously, the logic judgment path is reduced, so that the multi-concurrency contradiction is reduced, and many false reports and false reports can be possibly caused.
Furthermore, a value dependency graph is constructed by combining fixed value use and calling relationship analysis in control flow analysis and data flow analysis, a connecting line between a using point and a point expresses the fixed value use relationship of a variable, each value dependency sub-graph expresses a life cycle before the value of a certain variable is changed, the transfer relationship between key data can be comprehensively and accurately constructed, cross-function processing is more accurate, efficiency balancing is more flexible, an unreachable path in a program is removed through simulation execution calculation, and cross-function vulnerability detection is more accurate, specifically: respectively constructing an incremental part value dependency graph and a non-incremental part value dependency graph; connecting the incremental partial value dependency graph and the non-incremental partial value dependency graph; connecting the incremental part and the non-incremental part by using a call chain relation in a function call graph of the code to be detected and combining nodes and edges in the initial static detection result; while the non-incremental partial value dependency graph is derived from the initial static detection result.
Some optional embodiments find a set of connected branches with an increment portion in a value dependence graph of a code to be tested, and analyze the vulnerability in the increment portion by analyzing the connected branches with the increment. Specifically, as shown in fig. 16, there is no bug in the func2 function of the increment part, which indicates that the present increment code has corrected the Double Free bug of the pointer ptr 1; and a null pointer dereferencing hole of a pointer ptr2 exists in the func3 function of the increment part, which indicates that a new null pointer dereferencing hole is introduced. Combining the incremental analysis result with the analysis result of the project before modification, the analysis result of the whole project after modification can be obtained: the null pointer of pointer ptr2 dereferences the vulnerability and the uninitialized exploit vulnerability of variable num.
In some optional embodiments, the method for constructing the static detection result of the incremental code comprises: using a set of connected branches including an increment part in the value dependency graph of the code to be detected to perform vulnerability detection on the set of connected branches to obtain a static detection result of the increment code, wherein the method for performing vulnerability detection on the set of connected branches comprises the following steps:
establishing a defect mode constraint based on the prior knowledge;
performing interval analysis on the initial static detection result, and establishing a program slice;
and detecting the program slices in one-to-one correspondence with the known defect modes to determine whether a bug exists in the program.
In some alternative embodiments, the incremental partial value dependency graph is generated by a method for generating a value dependency graph, including:
performing non-guard value dependence analysis, wherein the aim is to establish the dependence relation between variable definition and use, and alias conditions may exist in the process of cross-function calling of the same variable;
performing guard value dependence analysis;
refinement value dependent analysis.
Some optional embodiments, the non-guard value dependent analysis comprises a model effect analysis across functions; screening different function characteristic variables and characteristic points, further constructing an analysis model by combining the characteristic variables and the characteristic points with the value dependence relationship among the functions, and establishing the dependence relationship between variable definition and use by using the function model.
Some optional embodiments, the guard-value-dependent analysis comprises constructing an arrival condition between a first defined point and a second defined point of a value-dependent graph. The method is realized by the following steps: selecting a specific edge of the incremental part value dependency graph, traversing from the first definition point to the second definition point on the function call graph of the code to be detected to calculate a final constraint value, and further calculating a condition from the first definition point to the second definition point by using an analysis algorithm.
Some optional embodiments, the refined value dependent analysis comprises performing a refined construction of a value dependent graph; and compared with the original value dependence analysis, constant propagation and constant folding, reduction analysis on new dependence relation and reduction analysis on circulation are added.
In some optional embodiments, the method for detecting vulnerabilities in the set includes:
establishing a defect mode constraint based on the prior knowledge; for example, a string equality problem, an equality judgment error, a floating point number precision problem, & and & distinguishing, not closing all opened resources, an empty string and null, a release lock problem, a synchronized problem, a file resource problem, etc.;
performing interval analysis on the initial static detection result, and establishing a program slice; the modularized detection is facilitated, the detection efficiency is improved, and the problem of resource occupation is reduced;
and detecting the program slices in one-to-one correspondence with the known defect modes, and determining whether a bug exists in the program to avoid missing detection.
In some optional embodiments, the initial static detection result and the static detection result of the incremental code are combined and compared to obtain a static detection result of the code to be detected.
The invention also discloses a static detection system of the incremental code, which uses the static detection method and comprises the following steps:
an increment detection module: identifying an incremental portion and a non-incremental portion of the code under test;
the grammar relation construction module of the code to be tested: constructing an abstract syntax tree for the code to be tested;
the function call graph generation module: constructing a function call graph of the code to be tested according to the abstract syntax tree;
the value dependency graph generation module: constructing a value dependence graph of the code to be tested according to the function call graph of the code to be tested;
an incremental code analysis module: and obtaining a static detection result of the incremental code according to the value dependency graph of the code to be detected.
Some optional embodiments, further comprising an initial analysis module: and performing static analysis on the original code, wherein the analysis result is used as an initial static detection result.
Some optional embodiments further include a code under test analysis module: and combining the initial static detection result and the static detection result of the incremental code to obtain a static detection result of the code to be detected.
The invention also discloses an electronic device, which comprises a processor, a memory and a computer program which is stored on the memory and can run on the processor, wherein the implementation method of the computer program is the static detection method.
The invention also discloses a storage medium for storing a computer program on a computer readable storage medium, and the implementation method of the computer program is the static detection method.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific examples for carrying out the invention, and that various changes in form and details may be made therein without departing from the spirit and scope of the invention in practice.
Claims (20)
1. The static detection method of the incremental code is characterized by comprising the following steps aiming at an original code and a code to be detected after any change:
identifying an incremental portion and a non-incremental portion of the code to be tested;
constructing an abstract syntax tree for a code to be tested;
constructing a function call graph of the code to be detected according to the abstract syntax tree, wherein the method for constructing the function call graph of the code to be detected comprises the steps of taking a syntax structure defined in the abstract syntax tree as a structural relationship basis, and constructing the function call graph of the code to be detected by combining the syntax structure with the function call graph of the incremental part and the information of the initial static detection result;
constructing a value dependence graph of the code to be tested according to the function call graph of the code to be tested, wherein the construction method of the value dependence graph of the code to be tested comprises the steps of respectively constructing an increment part value dependence graph and a non-increment part value dependence graph, and connecting the increment part value dependence graph and the non-increment part value dependence graph;
and obtaining a static detection result of the incremental code according to the value dependency graph of the code to be detected.
2. The static detection method of claim 1, wherein identifying the incremental portion of the code under test comprises comparing a program or command; the compare program or command comprises a diff command in Git.
3. The static detection method according to claim 1, further comprising the steps of: and performing static analysis on the original code as an initial static detection result.
4. The static detection method according to claim 3, further comprising the steps of: and combining the initial static detection result and the static detection result of the incremental code to obtain the static detection result of the code to be detected.
5. The static detection method of claim 4, wherein the function call graph of the delta portion is derived from the abstract syntax tree; and the information of the initial static detection result comprises the information of the node and the edge of the original code.
6. The static detection method of claim 5, wherein the incremental portion and the non-incremental portion are connected by combining nodes and edges in the initial static detection result with a call chain relationship in a function call graph of the code to be detected.
7. The static detection method according to claim 6, wherein the non-increment partial value dependency graph is constructed by: and obtaining an increment-free partial value dependency graph from the initial static detection result.
8. The static detection method according to claim 7, wherein the incremental partial value dependency graph is generated by a value dependency graph generation method, comprising the steps of:
performing non-guard value dependence analysis;
analyzing guard value dependence;
refinement value dependent analysis.
9. The static detection method of claim 8, wherein the non-guard value dependent analysis comprises a cross-function model effect analysis.
10. The static detection method of claim 9, wherein the guard-value dependent analysis comprises constructing an arrival condition between a first defined point and a second defined point of a value dependency graph.
11. The static detection method according to claim 10, wherein the arrival condition is constructed by a method comprising: selecting a specific edge of the incremental value dependency graph, traversing from the first definition point to the second definition point on the function call graph of the code to be detected to calculate a final constraint value, and further calculating a condition from the first definition point to the second definition point by using an analysis algorithm.
12. The static detection method of claim 11, wherein the refined value-dependent analysis comprises performing a refined construction of a value-dependent graph, constant propagation and constant folding, reduction analysis of new dependencies, and reduction analysis for loops.
13. The static detection method of claim 12, wherein the static detection result of the incremental code is constructed by:
and carrying out vulnerability detection on the set of the connected branches by using the set of the connected branches containing the increment part in the value dependency graph of the code to be detected to obtain a static detection result of the increment code.
14. The static detection method according to claim 13, wherein the method for detecting the vulnerability of the set of connected branches comprises:
establishing a defect mode constraint based on the prior knowledge;
performing interval analysis on the initial static detection result, and establishing a program slice;
and detecting the program slices in one-to-one correspondence with the known defect modes to determine whether a bug exists in the program.
15. The static detection method of claim 14, wherein the abstract syntax tree provides function information of function 1, function 2, function 3, function 4, main, head _ functions, and evil _ functions and corresponds to original code.
16. A static detection system for incremental codes, characterized in that it uses the static detection method of any one of claims 1 to 15, comprising:
an increment detection module: identifying an incremental portion and a non-incremental portion of the code under test;
the grammar relation construction module of the code to be tested: constructing an abstract syntax tree for the code to be tested;
the function call graph generation module: constructing a function call graph of the code to be detected according to the abstract syntax tree, wherein the method for constructing the function call graph of the code to be detected is that a syntax structure defined in the abstract syntax tree is used as a structural relationship basis, and the function call graph of the code to be detected is constructed by combining the syntax structure with the function call graph of the incremental part and the information of the initial static detection result;
a value dependency graph generation module: and constructing a value dependence graph of the code to be tested according to the function call graph of the code to be tested, wherein the construction method of the value dependence graph of the code to be tested comprises the following steps: respectively constructing an incremental part value dependency graph and a non-incremental part value dependency graph, and connecting the incremental part value dependency graph and the non-incremental part value dependency graph;
an incremental code analysis module: and obtaining a static detection result of the incremental code according to the value dependency graph of the code to be detected.
17. The static detection system of claim 16, further comprising a code under test analysis module: and combining the initial static detection result and the static detection result of the incremental code to obtain a static detection result of the code to be detected.
18. The static detection system of claim 17, further comprising an initial analysis module: and carrying out static analysis on the original code, wherein the analysis result is used as an initial static detection result.
19. Electronic device, characterized in that it comprises a processor, a memory and a computer program stored on said memory and executable on said processor, said computer program implementing the method of static detection according to any one of claims 1 to 15.
20. A storage medium for storing thereon a computer program for implementing the static detection method according to any one of claims 1 to 15.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210147761.4A CN114510722B (en) | 2022-02-17 | 2022-02-17 | Static detection method and detection system for incremental code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210147761.4A CN114510722B (en) | 2022-02-17 | 2022-02-17 | Static detection method and detection system for incremental code |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114510722A CN114510722A (en) | 2022-05-17 |
| CN114510722B true CN114510722B (en) | 2023-01-06 |
Family
ID=81551878
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210147761.4A Active CN114510722B (en) | 2022-02-17 | 2022-02-17 | Static detection method and detection system for incremental code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114510722B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115237748B (en) * | 2022-06-01 | 2023-07-04 | 北京邮电大学 | Symbol execution method based on feedback incremental driving |
| CN115080985B (en) * | 2022-07-27 | 2022-11-11 | 北京北大软件工程股份有限公司 | Large-scale code static analysis method and system based on block division |
| CN117349187A (en) * | 2023-12-05 | 2024-01-05 | 北京北大软件工程股份有限公司 | Model persistence-based interactive vulnerability analysis method and system |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109446066A (en) * | 2018-09-20 | 2019-03-08 | 北京大学 | The static detection method and system of unreachable code in C/C++ program |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102231134A (en) * | 2011-07-29 | 2011-11-02 | 哈尔滨工业大学 | Method for detecting redundant code defects based on static analysis |
| CN109426723B (en) * | 2017-09-01 | 2020-12-22 | 深圳市源伞新科技有限公司 | Detection method, system, equipment and storage medium using released memory |
| CN109002712B (en) * | 2018-06-22 | 2020-11-03 | 北京大学 | Pollution data analysis method and system based on value dependency graph and electronic equipment |
| CN113722721B (en) * | 2021-11-03 | 2022-03-11 | 北京鸿渐科技有限公司 | Value dependency graph-based source library mode Java security vulnerability detection method |
-
2022
- 2022-02-17 CN CN202210147761.4A patent/CN114510722B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109446066A (en) * | 2018-09-20 | 2019-03-08 | 北京大学 | The static detection method and system of unreachable code in C/C++ program |
Non-Patent Citations (1)
| Title |
|---|
| 大规模源代码增量式资源泄漏检测方法;高志伟等;《软件学报》;20180515(第05期);第1244-1257页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114510722A (en) | 2022-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114510722B (en) | Static detection method and detection system for incremental code | |
| CN109426723B (en) | Detection method, system, equipment and storage medium using released memory | |
| US8312440B2 (en) | Method, computer program product, and hardware product for providing program individuality analysis for source code programs | |
| US9317408B2 (en) | System and method for systematic error injection in generated code | |
| US10606570B2 (en) | Representing software with an abstract code graph | |
| US20200019494A1 (en) | Method and apparatus for performing test by using test case | |
| US20140229922A1 (en) | Efficient model checking technique for finding software defects | |
| US9329980B2 (en) | Security alerting using n-gram analysis of program execution data | |
| US9152731B2 (en) | Detecting a broken point in a web application automatic test case | |
| Ding et al. | Towards the use of the readily available tests from the release pipeline as performance tests: Are we there yet? | |
| Kirbas et al. | The relationship between evolutionary coupling and defects in large industrial software | |
| Johannes et al. | A large-scale empirical study of code smells in JavaScript projects | |
| US9274925B2 (en) | Programmable symbolic execution based dynamic checker | |
| US20130179867A1 (en) | Program Code Analysis System | |
| US8898649B2 (en) | Application program analysis method, analysis system and recording medium for identifying a contributing factor for an invalid operation of an application program | |
| Zhao et al. | Towards an understanding of change types in bug fixing code | |
| CN108984416B (en) | Method for evaluating dependency conflict danger level in Maven environment | |
| CN111428247B (en) | Method for improving computer leak library | |
| CN112560043A (en) | Vulnerability similarity measurement method based on context semantics | |
| JP2014021982A (en) | Iterative generation of symbolic test drivers for object-oriented languages | |
| CN112948828A (en) | Binary program malicious code detection method, terminal device and storage medium | |
| US7624304B2 (en) | Defect detection for integers | |
| CN115659335A (en) | Block chain intelligent contract vulnerability detection method and device based on mixed fuzzy test | |
| CN116578980A (en) | Code analysis method and device based on neural network and electronic equipment | |
| US10761962B1 (en) | Automated software program repair |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| OL01 | Intention to license declared | ||
| OL01 | Intention to license declared |