CN117724979A - Detection method, equipment and medium of real-time operating system - Google Patents
Detection method, equipment and medium of real-time operating system Download PDFInfo
- Publication number
- CN117724979A CN117724979A CN202311797511.6A CN202311797511A CN117724979A CN 117724979 A CN117724979 A CN 117724979A CN 202311797511 A CN202311797511 A CN 202311797511A CN 117724979 A CN117724979 A CN 117724979A
- Authority
- CN
- China
- Prior art keywords
- memory
- operating system
- time operating
- real
- write
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 38
- 230000015654 memory Effects 0.000 claims abstract description 290
- 238000000034 method Methods 0.000 claims abstract description 59
- 238000004088 simulation Methods 0.000 claims abstract description 48
- 238000012544 monitoring process Methods 0.000 claims abstract description 16
- 230000006870 function Effects 0.000 claims description 150
- 230000003068 static effect Effects 0.000 claims description 48
- 235000015170 shellfish Nutrition 0.000 claims description 8
- 238000012360 testing method Methods 0.000 abstract description 21
- 230000007547 defect Effects 0.000 abstract description 5
- 230000005856 abnormality Effects 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000013522 software testing Methods 0.000 abstract description 3
- 238000004458 analytical method Methods 0.000 description 6
- 238000004590 computer program Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 230000006399 behavior Effects 0.000 description 5
- 238000011084 recovery Methods 0.000 description 5
- 238000004043 dyeing Methods 0.000 description 4
- 238000011076 safety test Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000009191 jumping Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000010998 test method Methods 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 230000001680 brushing effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000003086 colorant Substances 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The application relates to the technical field of system testing, in particular to a detection method, equipment and medium of a real-time operating system, which aim to solve the problems that a plurality of defects exist in testing based on real hardware equipment and the existing simulation test lacks memory monitoring and abnormality detection logic. For this purpose, the present application provides for creating a simulator of the target real-time operating system; and performing simulation operation on the firmware of the target real-time operating system based on the simulator so as to detect the memory operation of the target real-time operating system. The setting can test the real-time operating system based on the simulation running method, and the simulation running method realizes perfect memory error detection technology, thereby providing convenience for software testing.
Description
Technical Field
The application relates to the technical field of system testing, and particularly provides a detection method, detection equipment and detection media of a real-time operating system.
Background
In various devices of the internet of things, such as intelligent automobiles, robots, intelligent transportation systems and the like, a large number of real-time operating systems are operated to cope with various functional tasks with high requirements on real-time performance. At present, a large number of Internet of things devices are connected to the Internet due to the requirement of convenient operation, so that a large number of real-time operating systems carried on the Internet are exposed to a complex network environment, so that the Internet of things devices can be accessed from outside, but the safety of the Internet of things devices is not effectively tested, and various safety events are frequently generated.
At present, the safety test for the Internet of things equipment is mainly applicable to two methods, one is based on the real hardware equipment for testing, but the method has a plurality of defects: 1. the test difficulty is high, and the hardware state must be debugged before the safety test so that the safety test can work completely and normally. 2. The difficulty of debugging the real equipment is high, for example, the real-time running state of the program and the state when errors occur cannot be captured in real time. 3. The test is inefficient and has a greater impact on hardware life. In order to save cost, the performance of the Internet of things equipment can only meet the functional requirement, so that the operation efficiency is low in the test process, and the hardware is greatly damaged by frequent test brushing. Based on this, more and more manufacturers of the internet of things adopt a second method, namely a test method based on simulation. However, the current test method based on simulation has certain defects: unlike a typical desktop level operating system, a real-time operating system (e.g., freeRTOS, safeRTOS) often does not have enough sophisticated memory monitoring and anomaly detection logic, which results in an inability to rely on system or hardware functionality to effectively detect vulnerabilities such as memory anomalies during dynamic testing, which also reduces the effectiveness of the test.
Accordingly, there is a need in the art for a new method of detecting a real-time operating system to solve the above-mentioned problems.
Disclosure of Invention
The application aims to solve the technical problems that the test based on the real hardware equipment has a plurality of defects and the existing simulation test lacks memory monitoring and abnormality detection logic.
To achieve the above object, in a first aspect, the present application provides a method for detecting a real-time operating system, the method comprising the steps of:
creating a simulator of the target real-time operating system;
and performing simulation operation on the target real-time operating system firmware based on the simulator so as to detect the memory operation of the target real-time operating system.
In an optional technical solution of the above method for detecting a real-time operating system, the step of performing a simulation operation on the firmware of the target real-time operating system includes:
acquiring static characteristics of the target real-time operating system firmware;
and performing simulation operation on the target real-time operating system firmware based on the static characteristics.
In an optional technical solution of the foregoing method for detecting a real-time operating system, the memory of the target real-time operating system includes a heap memory, and the step of "obtaining the static feature of the firmware of the target real-time operating system" includes:
acquiring an address of a heap memory allocation function;
the step of performing simulation running on the target real-time operating system firmware based on the static characteristic comprises the following steps:
acquiring the initial size of a heap memory, and monitoring the heap memory allocation function based on the address of the heap memory allocation function to increase 2n on the basis of the initial size of the heap memory; increasing n on the basis of a heap memory space address created by the heap memory allocation function;
performing memory read-write monitoring on the memory spaces with n front and back sizes of the allocated heap memory to judge whether the target real-time operating system has memory read-write out-of-limit or not
In an optional technical solution of the foregoing method for detecting a real-time operating system, the memory of the target real-time operating system includes a global variable memory, and the step of "obtaining the static feature of the firmware of the target real-time operating system" includes:
acquiring address information of the global variable memory, an address of a memory read-write function and a read-write length of the memory read-write function, and acquiring an operation range of the memory read-write function based on the address of the memory read-write function and the read-write length of the memory read-write function;
the step of performing simulation running on the target real-time operating system firmware based on the static characteristic comprises the following steps:
and monitoring the memory read-write function based on the address information of the global variable memory and the operation range of the memory read-write function so as to judge whether the target real-time operating system has memory read-write out-of-range.
In an optional technical solution of the foregoing detection method of a real-time operating system, the step of "obtaining an address of a memory read-write function" includes:
and acquiring addresses of the memory read-write functions based on the symbol table and/or static characteristics of the memory copying shellfish functions.
In an optional technical solution of the above method for detecting a real-time operating system, the method further includes:
acquiring dynamic operation characteristics of the target real-time operating system;
and performing simulation operation on the target real-time operating system firmware based on the static characteristic and the dynamic operation characteristic.
In an optional technical solution of the foregoing method for detecting a real-time operating system, the memory of the target real-time operating system includes a stack variable memory, and the step of "obtaining the static feature and the dynamic running feature" includes:
acquiring addresses of memory read-write functions and acquiring the space size of a function stack based on binary file symbol information and/or execution of stack lifting operation; acquiring the memory size of a stack variable based on the binary file symbol information and/or the execution of the writing operation;
the step of "performing simulated running on the target real-time operating system firmware based on the static feature and the dynamic running feature" includes:
and when the memory read-write function is executed, monitoring the memory read-write function based on the size of the function stack space, the size of the stack variable memory and the address of the memory read-write function so as to judge whether the target real-time operating system has memory read-write out-of-limit.
In an optional technical solution of the foregoing detection method of a real-time operating system, the step of "obtaining an address of a memory read-write function" includes:
and acquiring the address of the memory read-write function based on at least one of a symbol table, static characteristics of the memory copy shellfish function and dynamic operation characteristics of the target real-time operating system.
In a second aspect, the present application also provides a computer room apparatus comprising a processor and a storage device adapted to store a plurality of program code adapted to be loaded and run by the processor to perform the method of detecting a real-time operating system as described in any one of the preceding claims.
In a third aspect, the present application also provides a computer readable storage medium having stored therein a plurality of program codes adapted to be loaded and executed by a processor to perform the method of detecting a real-time operating system as described in any one of the above.
Those skilled in the art will appreciate that in the technical solution of the present application, a simulator of a target real-time operating system is created; and performing simulation operation on the firmware of the target real-time operating system based on the simulator so as to detect the memory operation of the target real-time operating system. The setting can test the real-time operating system based on the simulation running method, and the simulation running method realizes perfect memory error detection technology, thereby providing convenience for software testing.
Further, obtaining the address of the memory read-write function includes: based on the symbol table and/or static characteristics of the memory copying shellfish function, obtaining addresses of memory read-write functions; or, based on at least one of the symbol table, the static characteristic of the memory copy shellfish function and the dynamic operation characteristic of the target real-time operating system, the address of the memory read-write function is obtained. The memory read-write function can be prevented from being connected in an internal mode during compiling, so that the situation that whether the memory read-write function is called or not cannot be judged, and the detection capability of memory out-of-range read-write is enhanced.
Drawings
The disclosure of the present application will become more readily understood with reference to the accompanying drawings. As will be readily appreciated by those skilled in the art: these drawings are for illustrative purposes only and are not intended to limit the scope of the present application. Moreover, like numerals in the figures are used to designate like parts, wherein:
FIG. 1 is a flow chart illustrating the main steps of a method for detecting a real-time operating system according to one embodiment of the present application;
FIG. 2 is a flowchart illustrating the main steps of performing a simulation run of the target real-time operating system firmware according to one embodiment of the present application;
FIG. 3 is a flowchart illustrating the main steps of performing a simulation run of the target real-time operating system firmware according to another embodiment of the present application;
FIG. 4 is a flow chart of a simulator for memory detection according to one embodiment of the present application;
fig. 5 is a main structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
Some embodiments of the present application are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are merely for explaining the technical principles of the present application, and are not intended to limit the scope of the present application.
In the description of the present application, a "module," "processor" may include hardware, software, or a combination of both. A module may comprise hardware circuitry, various suitable sensors, communication ports, memory, or software components, such as program code, or a combination of software and hardware. The processor may be a central processor, a microprocessor, an image processor, a digital signal processor, or any other suitable processor. The processor has data and/or signal processing functions. The processor may be implemented in software, hardware, or a combination of both. Non-transitory computer readable storage media include any suitable medium that can store program code, such as magnetic disks, hard disks, optical disks, flash memory, read-only memory, random access memory, and the like. The term "a and/or B" means all possible combinations of a and B, such as a alone, B alone or a and B. The term "at least one A or B" or "at least one of A and B" has a meaning similar to "A and/or B" and may include A alone, B alone or A and B. The singular forms "a", "an" and "the" include plural referents.
As described in the background section, the present application provides a method for detecting a real-time operating system, which aims at the problems that there are many defects in testing based on real hardware devices and existing simulation tests lack memory monitoring and abnormality detection logic.
Referring to fig. 1, fig. 1 is a schematic flow chart of main steps of a method for detecting a real-time operating system according to an embodiment of the present application. As shown in fig. 1, the detection method of the real-time operating system of the present application includes the following steps:
step S101: a simulator of the target real-time operating system is created.
Specifically, the target real-time operating system firmware is analyzed, a corresponding architecture instruction translator is selected, the states of each register are initialized, and the target real-time operating system firmware is loaded into the simulation memory according to a corresponding executable file format, so that a simulator of the target real-time operating system is created to realize the CPU simulation execution of the target real-time operating system firmware.
Step S102: and performing simulation operation on the firmware of the target real-time operating system based on the simulator so as to detect the memory operation of the target real-time operating system.
Specifically, based on the simulator to simulate the firmware of the target real-time operating system, the setting can monitor various memory operations such as memory access behaviors, variable use behaviors and the like of the target real-time operating system independently of hardware under the condition of simulating based on a CPU, and timely and correctly report software memory errors, so that the testing cost can be reduced, and the workload of testing integration can be reduced.
Based on the steps S101 to S102, the present application creates a simulator of the target real-time operating system; and performing simulation operation on the firmware of the target real-time operating system based on the simulator so as to detect the memory operation of the target real-time operating system. The setting can test the real-time operating system based on the simulation running method, and the simulation running method realizes perfect memory error detection technology, thereby providing convenience for software testing.
Next, step S102 will be further described.
Referring to FIG. 2, FIG. 2 is a flowchart illustrating the main steps of performing a simulation run of the target real-time operating system firmware according to one embodiment of the present application. As shown in fig. 2, in some embodiments, performing a simulation run on the target real-time operating system firmware includes the steps of:
step S201: and acquiring static characteristics of the target real-time operating system firmware.
Step S202: and simulating and running the target real-time operating system firmware based on the static characteristics.
Specifically, before the target real-time operating system firmware is simulated, the static characteristics of the target real-time operating system firmware are acquired, so that the target real-time operating system firmware is simulated based on the static characteristics.
In some embodiments, the memory of the target real-time operating system comprises heap memory, and the obtaining the static feature of the target real-time operating system firmware comprises: acquiring an address of a heap memory allocation function;
the simulation running of the target real-time operating system firmware based on the static characteristics comprises the following steps:
step S301: the initial size of the heap memory is obtained, and the heap memory allocation function is monitored based on the address of the heap memory allocation function so as to increase by 2n on the basis of the initial size of the heap memory.
Step S302: and increasing n on the basis of the heap memory space address created by the heap memory allocation function.
Step S303: and performing memory read-write monitoring on the memory spaces with the n sizes before and after the allocated heap memory to judge whether the target real-time operating system has memory read-write out-of-range.
In particular, heap memory is typically managed by a heap manager, which is capable of providing pairs of paired memory allocation and release function interfaces. And acquiring addresses of a heap memory allocation function and a release function when acquiring static characteristics of the target real-time operating system firmware. When the firmware of the target real-time operating system is simulated to run based on static characteristics, the heap memory allocation and release process is dynamically controlled to obtain the actual size of the heap memory and the starting address of an area which can be used by the target real-time operating system when the heap memory runs. I.e., modifying the values of the parameter registers (register architecture dependent) of the respective memory application functions (e.g., malloc) at the time of memory allocation such that the actual allocated heap memory size increases by 2n (n is equal to the minimum unit aligned by the target architecture heap manager) based on the initial heap memory size; and adding n on the basis of the heap memory space address created by the heap memory allocation function to acquire the starting address of a region which can be used by the target real-time operating system when the heap memory runs, so that n bytes of space are reserved before and after the heap memory. And when the memory is released, the parameters of the release function (such as free) are modified, and the transferred memory pointer to be released is moved up by n bytes so as to ensure the correct operation of the heap manager.
And performing memory read-write monitoring on the memory spaces with the n sizes before and after the allocated heap memory to judge whether the target real-time operating system has memory read-write out-of-range. Namely, through a memory read-write hook (hook) mechanism provided by CPU simulation, the read-write hook is carried out on the space of n bytes before and after the heap memory returned by the heap memory allocation function. When the memories are read and written, the problem of out-of-range reading and writing is indicated. In addition, when the memory is released, the memory with the read-write hook is unhooked, so that the subsequent memory is normally allocated again.
In some embodiments, the memory of the target real-time operating system comprises a global variable memory, and the obtaining the static feature of the target real-time operating system firmware comprises the steps of:
step S401: and acquiring address information of the global variable memory, an address of a memory read-write function and a read-write length of the memory read-write function.
Step S402: and acquiring the operation range of the memory read-write function based on the address of the memory read-write function and the read-write length of the memory read-write function.
Simulating operation of the target real-time operating system firmware based on the static features comprises:
and monitoring the memory read-write function based on the address information of the global variable memory and the operation range of the memory read-write function so as to judge whether the target real-time operating system has memory read-write out-of-range.
Specifically, in the simulation of the firmware of the target real-time operating system, the memory distribution address of the target real-time operating system does not change with the running of the program. The obtaining of the address information of the global variable memory is to obtain the symbol table information of the target executable file, and the obtaining of the address information of the global variable memory is based on the analysis of the symbol table information of the target executable file. Further, the obtained address information of the global variable memory can be added to the global variable analysis list.
And monitoring the memory read-write function based on the address information of the global variable memory and the operation range of the memory read-write function so as to judge whether the target real-time operating system has memory read-write out-of-range. The memory read-write function is monitored in the simulated running of the target real-time operating system, and if the operation range of the memory read-write function spans the addresses of at least two global variable memories in the global variable analysis list, the out-of-range read-write behavior of the memory read-write function is indicated.
In some embodiments, obtaining the address of the memory read-write function includes: and acquiring addresses of the memory read-write functions based on the symbol table and/or static characteristics of the memory copy shellfish functions.
Specifically, when the memory of the target real-time operating system is a heap memory or a global variable memory, firstly determining the address of each memory read-write function through a symbol table; if the memory read-write function is compiled and optimized and then directly connected in an inline way to be part of assembly codes of the calling function, static characteristics of the memory copy function are further analyzed to obtain addresses of the memory read-write function. I.e., the memory copy function (memcpy) will typically be optimized as three sequences of statements: reading the memory, writing the memory, judging and jumping back to the read memory; marking the identified inline assembly code segment as a memory read-write function and extracting a read-write register value and an operation range.
Referring to FIG. 3, FIG. 3 is a flowchart illustrating the main steps of performing a simulation run of the target real-time operating system firmware according to another embodiment of the present application. As shown in FIG. 3, in some embodiments, performing the simulated running of the target real-time operating system firmware further comprises the steps of:
step S501: and acquiring dynamic operation characteristics of the target real-time operating system.
Step S502: and performing simulation operation on the target real-time operating system firmware based on the static characteristic and the dynamic operation characteristic.
Specifically, before the target real-time operating system firmware is simulated, the static characteristics of the target real-time operating system firmware and the dynamic operation characteristics of the target real-time operating system are acquired, so that the target real-time operating system firmware is simulated based on the static characteristics and the dynamic operation characteristics.
In some embodiments, the memory of the target real-time operating system comprises a stack variable memory, and the obtaining the static feature and the dynamic running feature comprises the steps of:
step S601: and acquiring addresses of the memory read-write functions and acquiring the size of a function stack space based on binary file symbol information and/or execution of a stack lifting operation.
Step S602: the stack variable memory size is obtained based on binary file symbol information and/or execution of the write operation.
Simulating operation of the target real-time operating system firmware based on the static feature and the dynamic operation feature comprises:
when the memory read-write function is executed, the memory read-write function is monitored based on the size of the function stack space, the size of the stack variable memory and the address of the memory read-write function so as to judge whether the target real-time operating system has memory read-write out-of-limit.
Specifically, binary file symbol information is acquired; when the binary file symbol information contains the space size of the function stack, acquiring the space size of the function stack based on the binary file symbol information; when the binary file symbol information does not contain the space size of the function stack, executing stack lifting operation on the function entry point according to the compilers of all the architectures so as to acquire the space size of the function stack.
When the binary file provides enough sign information, extracting the stack variable memory size of each function from the sign information of the binary file; marking each stack variable memory as different colors when entering a function; and when the binary file does not provide enough sign information, acquiring the memory size of the stack variable based on the dynamic running characteristic of the target real-time operating system. I.e., when the function is initialized or assigned for the first time in each stack variable, continuous writing operation is performed on the stack variable memory. Therefore, when the dynamic execution enters each function, each writing operation to the stack variable memory is recorded, the size of the stack variable memory is obtained based on the writing operation to the stack variable memory, and the continuous writing memories are marked as the same color.
When the memory read-write function is executed, the memory read-write function is monitored based on the size of the function stack space, the size of the stack variable memory and the address of the memory read-write function so as to judge whether the target real-time operating system has memory read-write out-of-limit. When executing the memory read-write function, judging whether the address of the memory read-write function is a stack address; if the address of the memory read-write function is a stack address, acquiring the space range in the stack of the memory read-write function; judging whether the spatial range in the stack of the memory read-write function is positioned in the color of the same stack variable memory, if not, indicating that the out-of-range read-write operation occurs. The setting can enable the detection method to not only comprise common error detection of the heap memory and the global variable memory, but also comprise a stack variable memory size analysis method, the method can provide detection capability for stack variable memory error detection of a real-time operating system lacking sign information, and can accurately judge the size of the stack variable memory under the condition of lacking stack variable sign information of a source file, thereby accurately judging whether stack overflow read-write behaviors occur.
Further, when the memory read-write function is executed, the dyeing record of the stack variable memory needs to be deleted so as to avoid false alarm. Because the memory read-write function exit point has the conditions of non-uniqueness or direct jump, and the like, the memory read-write function exit point is difficult to confirm. Therefore, when the dyeing record of the stack variable memory is deleted, hooks are added to the function entry points extracted by static analysis in advance, and when a program is executed to the hooks, the dyeing record of the old stack memory covered by the function stack is deleted, so that the purpose of clearing the dyeing record of the returned function stack memory is achieved.
Illustratively, performing a stack lifting operation on a function entry point by a compiler according to each architecture to obtain a function stack space size may be: the stack lifting operation for the TriCore architecture can be sub a10, #0x20; the stack lifting operation for the ARMv7a architecture can be sub sp, #0x7c; the stack lifting operation for the MIPS architecture can be adiu sp, # -0x28; the stack-up operation may be addi sp, sp, -0x28 for RISC-V architecture. The above-mentioned setting manner that the compiler according to each architecture performs the stack lifting operation on the function entry point is merely illustrative, and may be selected according to actual needs in practical applications.
In some embodiments, obtaining the address of the memory read-write function includes: and acquiring the address of the memory read-write function based on at least one of a symbol table, static characteristics of the memory copy shellfish function and dynamic operation characteristics of the target real-time operating system.
Specifically, when the memory of the target real-time operating system is a stack variable memory, firstly determining the address of each memory read-write function through a symbol table; if the memory read-write function is compiled and optimized and then directly connected in an inline way to be part of assembly codes of the calling function, static characteristics of the memory copy function are further analyzed to obtain addresses of the memory read-write function. I.e., the memory copy function (memcpy) will typically be optimized as three sequences of statements: reading the memory, writing the memory, judging and jumping back to the read memory; marking the identified inline assembly code segment as a memory read-write function and extracting a read-write register value and an operation range.
Further, if the static characteristics of the memory copy function are not enough for recovery, the address of the memory read-write function is obtained based on the dynamic operation characteristics of the target real-time operating system. For example, a loop section in program execution is recorded, and then whether a loop counter and continuous memory read-write behaviors or other obvious function characteristics exist or not is judged; and judging and recovering according to whether the dynamic characteristics are matched with the read-write function. The configuration can identify the optimized memory read-write function under the condition of lacking the symbol information, and can provide source code level information for memory error detection, so that the test effect of the memory error detection scheme is more sensitive.
It should be noted that, although the foregoing embodiments describe the steps in a specific sequential order, it should be understood by those skilled in the art that, in order to achieve the effects of the present application, different steps need not be performed in such an order, and may be performed simultaneously (in parallel) or in other orders, and these variations are within the scope of protection of the present application. Meanwhile, all the above embodiments may be combined to form an optional embodiment of the present application, which is not described in detail herein.
Further, the application also provides a simulator of the real-time operating system.
The target real-time operating system in the embodiment of the application may be a vehicle remote wake-up system, and the simulator of the real-time operating system at this time mainly includes a host operating system, a real-time operating system simulation module based on CPU simulation, a memory read-write function recovery and stack variable identification module, a stack memory error detection module, a global variable memory error detection module, and a stack variable memory error detection module.
Specifically, the host operating system is the operating system on the host (typically a server or a legacy PC) running the hardware simulator; the real-time operating system simulation module based on CPU simulation is configured to simulate virtual hardware by taking a target architecture real-time operating system firmware as input, simulate a CPU architecture different from a physical machine in an instruction translation mode, simulate and execute interrupt and trap instructions encountered in the instruction translation process, and enable a dispatcher to enter a corresponding processing flow; the memory read-write function recovery and stack variable identification module is configured to position and recover the memory read-write function by utilizing static and dynamic characteristics and identify the size of the stack variable memory; the heap memory error detection module is configured to detect heap-related memory operations in the firmware simulation execution process, and timely and accurately report detected memory errors; the global variable memory error detection module is configured to detect global variable related memory operation in the firmware simulation execution process and timely and accurately report the detected memory error; the stack variable memory error detection module is configured to detect the stack variable related memory operation in the firmware simulation execution process, and timely and accurately report the detected memory error.
Referring to fig. 4, fig. 4 is a flow chart of a simulator for performing memory detection according to an embodiment of the present application. As shown in fig. 4, in some embodiments, the memory read-write function recovery and stack variable identification module first uses static features to recover part of the memory read-write function, extract the size of the memory of each function stack variable, the global variable size and the position information; and then using a real-time operating system simulation module based on CPU simulation to dynamically simulate and operate the target real-time operating system firmware, extracting a memory read-write function of a dynamic operation feature recovery part and analyzing the size of a variable memory of each function stack.
In some embodiments, the inputs to the global variable memory error detection module are a global variable list and a memory read-write function list. The module monitors the memory read-write function, when the simulator executes the memory read-write function, detects whether the read/write memory range containing the parameters of the global variable is in the same global variable memory, and if not, reports overflow.
In some embodiments, the heap memory error detection module utilizes a memory read-write hooking mechanism provided by CPU simulation to modify the memory allocation and release function, and when the memory is allocated, the value of the parameter register (related to the register architecture) is modified so that the size of the heap memory actually allocated is slightly larger than the value required by the program, so that the heap memory can be monitored before and after the original memory, and once the read-write operation is found, out-of-range read-write is reported. And when the memory is released, the parameters of the release function are corrected, so that the correctness of the heap manager is ensured.
In some embodiments, the stack variable memory error detection module monitors the related memory read-write function according to the stack variable memory size obtained by static and dynamic analysis, and reports overflow read-write of the variables in the stack once the memory read-write function is found to write across the stack variables.
It will be appreciated by those skilled in the art that the present application may implement all or part of the above-described methods according to the above-described embodiments, or may be implemented by means of a computer program for instructing relevant hardware, where the computer program may be stored in a computer readable storage medium, and the computer program may implement the steps of the above-described embodiments of the method when executed by a processor. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable storage medium may include: any entity or device, medium, usb disk, removable hard disk, magnetic disk, optical disk, computer memory, read-only memory, random access memory, electrical carrier wave signals, telecommunications signals, software distribution media, and the like capable of carrying the computer program code. It should be noted that the computer readable storage medium may include content that is subject to appropriate increases and decreases as required by jurisdictions and by jurisdictions in which such computer readable storage medium does not include electrical carrier signals and telecommunications signals.
Further, the application also provides computer equipment.
Referring to fig. 5, fig. 5 is a schematic diagram of the main structure of a computer device according to an embodiment of the present application. As shown in fig. 5, the computer apparatus in the embodiment of the present application mainly includes a storage device 11 and a processor 12, the storage device 11 may be configured to store a program for executing the detection method of the real-time operating system of the above-described method embodiment, and the processor 12 may be configured to execute the program in the storage device, including, but not limited to, the program for executing the detection method of the real-time operating system of the above-described method embodiment. For convenience of explanation, only those portions relevant to the embodiments of the present application are shown, and specific technical details are not disclosed, refer to the method portions of the embodiments of the present application.
The computer device in the embodiments of the present application may be a control apparatus device formed by including various electronic devices. In some possible implementations, the computer apparatus may include a plurality of storage devices 11 and a plurality of processors 12. The program for executing the method for detecting the real-time operating system in the method embodiment may be divided into a plurality of sub-programs, and each sub-program may be loaded and executed by the processor to execute different steps of the method for detecting the real-time operating system in the method embodiment. Specifically, each of the sub-programs may be stored in a different storage device 11, and each of the processors 12 may be configured to execute the programs in one or more storage devices 11 to jointly implement the method for detecting a real-time operating system of the above method embodiment, that is, each of the processors 12 performs different steps of the method for detecting a real-time operating system of the above method embodiment, to jointly implement the method for detecting a real-time operating system of the above method embodiment.
The plurality of processors 12 may be processors disposed on the same device, for example, the computer device may be a high-performance device composed of a plurality of processors, and the plurality of processors 12 may be processors configured on the high-performance device. Further, the plurality of processors 12 may be processors disposed on different devices, for example, the computer device may be a server cluster, and the plurality of processors 12 may be processors on different servers in the server cluster.
Further, the present application also provides a computer-readable storage medium. In one embodiment of a computer readable storage medium according to the present application, the computer readable storage medium may be configured to store a program for performing the method of detecting a real-time operating system of the above-described method embodiment, where the program may be loaded and executed by a processor to implement the method of detecting a real-time operating system as described above. For convenience of explanation, only those portions relevant to the embodiments of the present application are shown, and specific technical details are not disclosed, refer to the method portions of the embodiments of the present application. The computer readable storage medium may be a storage device including various electronic devices, and optionally, in embodiments of the present application, the computer readable storage medium is a non-transitory computer readable storage medium.
Further, it should be understood that, since the respective modules are merely set to illustrate the functional units of the apparatus of the present application, the physical devices corresponding to the modules may be the processor itself, or a part of software in the processor, a part of hardware, or a part of a combination of software and hardware. Accordingly, the number of individual modules in the figures is merely illustrative.
Those skilled in the art will appreciate that the various modules in the apparatus may be adaptively split or combined. Such splitting or combining of specific modules does not lead to a deviation of the technical solution from the principles of the present application, and therefore, the technical solution after splitting or combining will fall within the protection scope of the present application.
Thus far, the technical solution of the present application has been described in connection with the preferred embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of protection of the present application is not limited to these specific embodiments. Equivalent modifications and substitutions for related technical features may be made by those skilled in the art without departing from the principles of the present application, and such modifications and substitutions will be within the scope of the present application.
Claims (10)
1. A method for detecting a real-time operating system, the method comprising the steps of:
creating a simulator of the target real-time operating system;
and performing simulation operation on the target real-time operating system firmware based on the simulator so as to detect the memory operation of the target real-time operating system.
2. The method for detecting a real-time operating system according to claim 1, wherein the step of "performing a simulation run on the target real-time operating system firmware" includes:
acquiring static characteristics of the target real-time operating system firmware;
and performing simulation operation on the target real-time operating system firmware based on the static characteristics.
3. The method for detecting a real-time operating system according to claim 2, wherein the memory of the target real-time operating system includes heap memory, and the step of "obtaining static features of firmware of the target real-time operating system" includes:
acquiring an address of a heap memory allocation function;
the step of performing simulation running on the target real-time operating system firmware based on the static characteristic comprises the following steps:
acquiring the initial size of a heap memory, and monitoring the heap memory allocation function based on the address of the heap memory allocation function to increase 2n on the basis of the initial size of the heap memory; increasing n on the basis of a heap memory space address created by the heap memory allocation function;
and performing memory read-write monitoring on the memory spaces with the n front and back sizes of the allocated heap memory to judge whether the target real-time operating system has memory read-write out-of-limit.
4. The method for detecting a real-time operating system according to claim 2, wherein the memory of the target real-time operating system includes a global variable memory, and the step of "obtaining static features of the firmware of the target real-time operating system" includes:
acquiring address information of the global variable memory, an address of a memory read-write function and a read-write length of the memory read-write function, and acquiring an operation range of the memory read-write function based on the address of the memory read-write function and the read-write length of the memory read-write function;
the step of performing simulation running on the target real-time operating system firmware based on the static characteristic comprises the following steps:
and monitoring the memory read-write function based on the address information of the global variable memory and the operation range of the memory read-write function so as to judge whether the target real-time operating system has memory read-write out-of-range.
5. The method for detecting a real-time operating system according to any one of claims 3 to 4, wherein the step of "obtaining the address of the memory read-write function" includes:
and acquiring addresses of the memory read-write functions based on the symbol table and/or static characteristics of the memory copying shellfish functions.
6. The method for detecting a real-time operating system according to claim 2, further comprising:
acquiring dynamic operation characteristics of the target real-time operating system;
and performing simulation operation on the target real-time operating system firmware based on the static characteristic and the dynamic operation characteristic.
7. The method according to claim 6, wherein the memory of the target real-time operating system includes a stack variable memory, and the step of acquiring the static feature and the dynamic running feature includes:
acquiring addresses of memory read-write functions and acquiring the space size of a function stack based on binary file symbol information and/or execution of stack lifting operation; acquiring the memory size of a stack variable based on the binary file symbol information and/or the execution of the writing operation;
the step of "performing simulated running on the target real-time operating system firmware based on the static feature and the dynamic running feature" includes:
and when the memory read-write function is executed, monitoring the memory read-write function based on the size of the function stack space, the size of the stack variable memory and the address of the memory read-write function so as to judge whether the target real-time operating system has memory read-write out-of-limit.
8. The method for detecting a real-time operating system according to claim 7, wherein the step of "obtaining the address of the memory read-write function" includes:
and acquiring the address of the memory read-write function based on at least one of a symbol table, static characteristics of the memory copy shellfish function and dynamic operation characteristics of the target real-time operating system.
9. A computer device comprising a processor and storage means, said storage means being adapted to store a plurality of program code, characterized in that said program code is adapted to be loaded and run by said processor to perform the method of detection of a real-time operating system according to any one of claims 1 to 8.
10. A computer readable storage medium having stored therein a plurality of program codes, characterized in that the program codes are adapted to be loaded and run by a processor to perform the detection method of a real-time operating system according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311797511.6A CN117724979A (en) | 2023-12-22 | 2023-12-22 | Detection method, equipment and medium of real-time operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311797511.6A CN117724979A (en) | 2023-12-22 | 2023-12-22 | Detection method, equipment and medium of real-time operating system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117724979A true CN117724979A (en) | 2024-03-19 |
Family
ID=90199723
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311797511.6A Pending CN117724979A (en) | 2023-12-22 | 2023-12-22 | Detection method, equipment and medium of real-time operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117724979A (en) |
-
2023
- 2023-12-22 CN CN202311797511.6A patent/CN117724979A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8813037B2 (en) | Debugging a high performance computing program | |
| CN109583200B (en) | Program abnormity analysis method based on dynamic taint propagation | |
| EP2587379B1 (en) | System test apparatus | |
| US20120266248A1 (en) | Pinpointing security vulnerabilities in computer software applications | |
| US20080270840A1 (en) | Device and method for testing embedded software using emulator | |
| CN109471697B (en) | Method, device and storage medium for monitoring system call in virtual machine | |
| CN110046479B (en) | Link library file anti-debugging method and device based on android operating system | |
| CN100440163C (en) | Method and system for analysis processing of computer program | |
| US20080276129A1 (en) | Software tracing | |
| US10599558B1 (en) | System and method for identifying inputs to trigger software bugs | |
| KR101325954B1 (en) | Method of auto-executing android applications using code-analysis and view analysis, and computer-readable recording medium with android application auto-executing program for the same | |
| JP2010238228A (en) | Method and device for dynamically analyzing program | |
| CN110580226A (en) | object code coverage rate testing method, system and medium for operating system level program | |
| JP2021082256A (en) | Memory analysis method and device based on dynamic stain analysis | |
| CN112925524A (en) | Method and device for detecting unsafe direct memory access in driver | |
| US20070283330A1 (en) | Method and System for Performing Thread-Specific Display of Breakpoints | |
| CN114386045A (en) | Web application program vulnerability detection method and device and storage medium | |
| US9009671B2 (en) | Crash notification between debuggers | |
| CN111931191A (en) | Dynamic detection method and system for binary software stack overflow leakage hole of Linux platform | |
| CN115422091B (en) | Firmware debugging method and device, electronic equipment and storage medium | |
| CN111783094A (en) | Data analysis method and device, server and readable storage medium | |
| Ren et al. | A dynamic taint analysis framework based on entity equipment | |
| CN117724979A (en) | Detection method, equipment and medium of real-time operating system | |
| US20220335135A1 (en) | Vulnerability analysis and reporting for embedded systems | |
| Höller et al. | Evaluation of diverse compiling for software-fault detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |