RU2364929C2 - Generation method of databases for systems of verification of distributed computer complexes software and device for its implementation - Google Patents
Generation method of databases for systems of verification of distributed computer complexes software and device for its implementation Download PDFInfo
- Publication number
- RU2364929C2 RU2364929C2 RU2006130518/09A RU2006130518A RU2364929C2 RU 2364929 C2 RU2364929 C2 RU 2364929C2 RU 2006130518/09 A RU2006130518/09 A RU 2006130518/09A RU 2006130518 A RU2006130518 A RU 2006130518A RU 2364929 C2 RU2364929 C2 RU 2364929C2
- Authority
- RU
- Russia
- Prior art keywords
- software
- source code
- vulnerability
- code
- verification
- Prior art date
Links
Images
Abstract
FIELD: physics; computer facilities.
SUBSTANCE: invention concerns resources of automation of training and scientific researches and can be used in interactive systems in the course of software verification (S/W) of the distributed computer complexes. In the given way and the device complete controllability and observability of the main processes of check of a S/W source code is provided, processes of input and processing of a S/W source code on dependent or independent interface channels are combined. Sites or points of vulnerability of a S/W source code are determined on the basis of conversion of a S/W source code in an internal form which is stored in sort of databases, and points or vulnerability sites of a S/W source code are determined on the basis of automatic compilation and solution of appropriate set of equationses. Thus diagnostics of process of verification of a S/W source code is carried out on the basis of measurement of duration of performance of the main stages (cycles) of search of vulnerability and comparison of the received knowledge to earlier ordered or predicted estimations of a metric of criticality of vulnerability of a S/W source code.
EFFECT: expansion of functionality of processes of S/W verification.
10 cl, 39 dwg
Description
Claims (10)
поле указания на причины переполнения буфера запоминающего устройства ЭВМ - значения исходных переменных, приводящих к возникновению уязвимости исходного кода программного обеспечения;
показатель критичности уязвимости исходного кода программного обеспечения;
поле указания на перечень правил или алгоритмов для устранения уязвимости исходного кода программного обеспечения.8. The method according to any one of claims 1 to 7, characterized in that they generate databases based on the use of reports on detected vulnerabilities in the source code of the software, which contain: a field indicating the location of a possible vulnerability in the source code of the program, including the name of the listing file programs, line number and position number in the line of the program in which the buffer of the computer storage device may overflow, the context of the original program containing the possible overflow or some “neighborhood” of potential socially dangerous point of buffer overflow of computer storage device;
field of indication of the reasons for the buffer overflow of the computer storage device - the values of the source variables that lead to a vulnerability in the source code of the software;
vulnerability criticality indicator of software source code;
field indicating a list of rules or algorithms for eliminating vulnerabilities in software source code.
указание на местоположение возможной уязвимости в исходном коде программы, которое содержит имя файла листинга программы, номер строки и номер позиции в строке программы в котором возможно переполнение буфера запоминающего устройства, контекст исходной программы, содержащий возможное переполнение или некоторую «окрестность» потенциально опасной точки переполнения буфера запоминающего устройства;
указание причины переполнения буфера запоминающего устройства - значения исходных переменных, приводящих к возникновению уязвимости исходного кода программного обеспечения;
показатель или степень критичности обнаруженной уязвимости исходного кода программного обеспечения;
указание на перечень правил или алгоритмов для устранения уязвимости исходного кода программного обеспечения,
АПБ процессорного управления предназначен для обработки сигналов, возникающих на системной шине устройства в процессе работы АПБ лексического и синтаксического анализа/разбора, АПБ преобразования кода, и АПБ анализа кода,
а блок видеоконтроля (БВ) АПБ процессорного управления предназначен для визуализации на экране синтаксической подсветки участков уязвимости ИК ПО в процессе верификации.9. A device for generating databases of software verification systems (software) of distributed computing systems (SVPO RVK), containing a hardware-software unit (АПБ) of lexical and semantic analysis / parsing, АПБ code conversion, АПБ code analysis, АПБ processor control, video adapter, interfaces of hard, flexible and optical disks, serial port interface, network interface and system memory, which are combined by the system bus, while the system memory contains read-only memory property (ROM) and random access memory (RAM / RAM), in the cells of RAM and hard disks place / write operating systems, applications, databases and knowledge bases that contain listings of source programs, a grammar of a programming language (for example, a grammar of a language programming), rules for converting a tree for parsing a listing of a program, a tree for parsing a listing of a program, a table of types of a programming language, annotations of external functions, including their grammar and semantics, code of programs in the language ie internal representations, conditions for the language of the internal representation of the source code, the terms of validating suspicious source code of points, information base, containing a system of constraints in the form of algebraic equations and inequalities, reports on the detection of code vulnerabilities include:
an indication of the location of a possible vulnerability in the source code of the program, which contains the name of the program listing file, line number and position number in the line of the program in which the buffer of the storage device may overflow, the context of the source program containing the possible overflow or some “vicinity” of a potentially dangerous buffer overflow point a storage device;
an indication of the reason for the buffer overflow of the storage device — the values of the source variables that lead to a vulnerability in the source code of the software;
an indicator or severity of the detected software source code vulnerability;
an indication of a list of rules or algorithms to eliminate the vulnerability of the software source code,
APB processor control is designed to process signals that occur on the device’s system bus during operation of the АПБ lexical and syntactic analysis / parsing, АПБ code conversion, and АПБ code analysis,
and the video control unit (BV) of the APB processor control is intended for visualizing on the screen the syntax highlighting of sections of the vulnerability of the IR software during the verification process.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
RU2006130518/09A RU2364929C2 (en) | 2006-08-24 | 2006-08-24 | Generation method of databases for systems of verification of distributed computer complexes software and device for its implementation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
RU2006130518/09A RU2364929C2 (en) | 2006-08-24 | 2006-08-24 | Generation method of databases for systems of verification of distributed computer complexes software and device for its implementation |
Publications (2)
Publication Number | Publication Date |
---|---|
RU2006130518A RU2006130518A (en) | 2008-02-27 |
RU2364929C2 true RU2364929C2 (en) | 2009-08-20 |
Family
ID=39278665
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
RU2006130518/09A RU2364929C2 (en) | 2006-08-24 | 2006-08-24 | Generation method of databases for systems of verification of distributed computer complexes software and device for its implementation |
Country Status (1)
Country | Link |
---|---|
RU (1) | RU2364929C2 (en) |
-
2006
- 2006-08-24 RU RU2006130518/09A patent/RU2364929C2/en not_active IP Right Cessation
Also Published As
Publication number | Publication date |
---|---|
RU2006130518A (en) | 2008-02-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Alur et al. | Model checking of hierarchical state machines | |
US10318595B2 (en) | Analytics based on pipes programming model | |
US9122540B2 (en) | Transformation of computer programs and eliminating errors | |
CN111104335B (en) | C language defect detection method and device based on multi-level analysis | |
CN102662825B (en) | Method for detecting memory leakage of heap operational program | |
CN110688544A (en) | Method, device and storage medium for querying database | |
CN108763064B (en) | Code test generation method and device based on black box function and machine learning | |
Kusano et al. | Thread-modular static analysis for relaxed memory models | |
US10275238B2 (en) | Hybrid program analysis | |
KR102013657B1 (en) | Apparatus for statically analyzing assembly code including assoxiated multi files | |
Boigelot et al. | Counting the solutions of Presburger equations without enumerating them | |
RU2364929C2 (en) | Generation method of databases for systems of verification of distributed computer complexes software and device for its implementation | |
Swain et al. | OpenRace: An open source framework for statically detecting data races | |
RU2373570C2 (en) | Method for software verification in distributed computer complexes and system for its realisation | |
RU2373569C2 (en) | Method for generation of databases and knowledge bases for systems of software verification in distributed computer complexes and device for its realisation | |
Beine | A model-based reference workflow for the development of safety-critical software | |
RU2006130519A (en) | METHOD FOR KNOWLEDGE BASES FOR SYSTEMS FOR VERIFICATION OF SOFTWARE OF DISTRIBUTED COMPUTER COMPLEXES AND DEVICE FOR ITS IMPLEMENTATION | |
Mandal et al. | A static analyzer for Industrial robotic applications | |
CN114691197A (en) | Code analysis method and device, electronic equipment and storage medium | |
CN114138669A (en) | Software automatic testing method based on function level selection symbolized mixed execution | |
CN114968751A (en) | Program debugging method and program debugging device of code-free development platform | |
CN109948346A (en) | A kind of loophole PoC implementation method and device | |
JP2015043140A (en) | Source code generation device | |
CN117555811B (en) | Embedded software analysis method, device and storage medium based on static symbol execution | |
Zhu et al. | False positive elimination in suspected code fault automatic confirmation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
MM4A | The patent is invalid due to non-payment of fees |
Effective date: 20090606 |