WO2015003555A1 - Error detection method and device for program - Google Patents

Error detection method and device for program Download PDF

Info

Publication number
WO2015003555A1
WO2015003555A1 PCT/CN2014/080696 CN2014080696W WO2015003555A1 WO 2015003555 A1 WO2015003555 A1 WO 2015003555A1 CN 2014080696 W CN2014080696 W CN 2014080696W WO 2015003555 A1 WO2015003555 A1 WO 2015003555A1
Authority
WO
WIPO (PCT)
Prior art keywords
program
value
error
point
analyzed
Prior art date
Application number
PCT/CN2014/080696
Other languages
French (fr)
Chinese (zh)
Inventor
衷璐洁
霍玮
李丰
陈聪明
冯晓兵
张兆庆
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2015003555A1 publication Critical patent/WO2015003555A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • G06F11/3608Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation

Definitions

  • the present invention relates to the field of computer technology, and in particular, to a method and device for detecting errors in a program. Background technique
  • Program error detection methods can be divided into dynamic and static categories. Dynamic methods need to run programs, rely on test cases, and only find errors on the executed path, and the construction of test cases is still an open problem.
  • the static method directly acts on the program source code, can detect all the paths in the program, and does not need test cases, which has better completeness.
  • the traditional flow analysis technology is mainly for compiler optimization, and it is necessary to ensure the correctness of the compiled results, and the results are conservative.
  • the analysis result obtained by the flow analysis cannot meet the accuracy requirement of the detection, and brings a large number of false positives and potential false negatives, thereby affecting the detection accuracy.
  • the embodiment of the invention provides a method and a device for detecting errors of a program, which can improve the efficiency of error detection of the program.
  • a first aspect of the embodiments of the present invention provides a method for detecting an error of a program, including:
  • the program analysis information includes information for reading side effects and/or writing side effects, and the analyzing the program is analyzed to obtain each of the to-be-analyzed programs.
  • Program analysis information of the program point including:
  • the SSA form Determining, by the SSA form, information about read side effects and/or writing side effects of the dereferenced program points in the program to be analyzed, the information of the read side effects being the to-be-analyzed at the dereferenced program point Element information in the program, the information of the write side effect is element information in the program to be analyzed that needs to be written at the dereferenced program point.
  • the program to be analyzed includes the first fixed value Point, the first fixed value point does not call a function, and the error attribute value of each fixed value point in the to-be-analyzed program in the determined error attribute is obtained according to the program analysis information, and specifically includes:
  • the to-be-analyzed program includes the second predetermined a value point, the second fixed value point calling function, the obtaining, according to the program analysis information, an error attribute value of each fixed value point in the to-be-analyzed program under the determined error attribute, specifically:
  • the first error attribute value of the reference input of the called function at the second fixed point is determined as: The error attribute value of the actual parameter variable or the global quantity in the main adjustment function at the second fixed value point; calculating the second error of the fixed value output point corresponding to the called function according to the first error attribute value Attribute value
  • the second error attribute value is used as the error attribute value of the second fixed point.
  • the second error attribute value of the fixed value output point corresponding to the called function specifically includes:
  • the second error attribute value is affected by the first error attribute value of the reference input
  • the second error is calculated according to the relationship between the first error attribute value of the reference input and the called function Attribute value.
  • a second aspect of the embodiments of the present invention provides a program error detecting apparatus, including:
  • a program analysis unit configured to analyze the program to be analyzed to obtain program analysis information of each program point in the program to be analyzed
  • a attribute determining unit configured to determine an error attribute of an error type that detects the program to be analyzed
  • a lattice value calculation and propagation unit configured to acquire, according to the program analysis information obtained by the program analysis unit, an error attribute value of each fixed value point in the to-be-analyzed program, the error attribute lattice value and the attribute lattice determining unit The determined error attribute corresponds to;
  • the error prompting unit is configured to calculate, according to the lattice value, an error attribute value obtained by the propagation unit, and perform an error prompt on the reference point corresponding to the fixed value point of the fault attribute value having a dangerous attribute.
  • the program analysis information includes information for reading a side effect and/or a write side effect
  • the program analyzing unit specifically includes:
  • a characterization unit configured to describe the program to be analyzed as a static single assignment SSA; a side effect information determining unit, configured to determine information of a read side effect and/or a write side effect of the program point dereferenced in the program to be analyzed in the SSA form depicted by the characterization unit, the information of the read side effect being the dereferenced
  • the element information in the program to be analyzed that needs to be read at the program point, and the information of the write side effect is element information in the program to be analyzed that needs to be written at the dereferenced program point.
  • the program to be analyzed includes the first fixed value.
  • Point the first fixed value point does not call a function
  • the lattice value calculation and propagation unit specifically includes: an element set obtaining unit, configured to acquire, in the program analysis information of the program point, the first fixed value point Collection of elements;
  • a first trellis value determining unit configured to determine an error attribute lattice value of the first fixed value point according to the element set of the first fixed value point.
  • the lattice value calculation and propagation unit specifically includes: a reference lattice value determining unit, configured to input a reference of the called function at the second fixed value point
  • the error attribute value is determined as: an error attribute value of an actual parameter or a global quantity in the main adjustment function at the second fixed value point;
  • a second value calculation unit configured to calculate a second error attribute value of the fixed value output point corresponding to the called function according to the first error attribute value
  • the second value calculation unit specifically includes:
  • a summary determining unit configured to determine a summary of the called function, where the summary includes a relationship between a first error attribute value of the reference input and the called function, and the second error attribute Information whose value is affected by the called function;
  • a first calculating unit configured to: if the second error attribute value is not affected by the first error attribute value of the reference input, directly receive the called function according to the second error attribute value The information of the ringing is calculated to obtain the second error attribute value;
  • a second calculating unit configured to: if the second error attribute value is affected by the first error attribute value of the reference input, between the first error attribute value input according to the reference and the called function The relationship is calculated to get the second error attribute value.
  • the error detecting device of the program analyzes the program analysis information obtained by analyzing the analysis program, and obtains the error attribute value of each fixed value point in the program to be analyzed according to the program analysis information, and treats the error in the analysis program.
  • the attribute value has a reference point corresponding to the fixed value point of the dangerous attribute for error prompting. Mainly to convert the detection of program error into the calculation of the error attribute value, simplify the process of error detection, improve the error detection efficiency of the program; and calculate the information according to the program analysis information of the program point when calculating the error attribute value.
  • the error detection device of the program can take into account the various sensitivities of the program to be analyzed, obtain complete information of each program point, and make the obtained error attribute value more accurate, and improve the program to be analyzed. Error detection accuracy.
  • FIG. 1 is a flowchart of a method for detecting errors of a program according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of a program to be analyzed in an embodiment of the present invention.
  • FIG. 3 is a flowchart of another method for detecting errors in a program according to an embodiment of the present invention.
  • FIG. 4 is a flow chart of a method for determining an error attribute value in an embodiment of the present invention.
  • FIG. 5 is a flowchart of another method for determining an error attribute value in an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of determining an error attribute lattice value of a second fixed value point in the embodiment of the present invention
  • FIG. 7 is a schematic diagram of a program to be analyzed in an application embodiment of the present invention
  • FIG. 8 is a schematic structural diagram of an error detecting apparatus of a program according to an embodiment of the present invention
  • FIG. 9 is a schematic structural diagram of an error detecting apparatus of a program according to an embodiment of the present invention
  • FIG. 11 is a schematic structural diagram of an error detecting apparatus of a program according to an embodiment of the present invention.
  • the embodiment of the invention provides a method for detecting errors of a program, which mainly performs error detection on the analysis program by a static method.
  • the method in this embodiment is a method performed by the error detection device of the program, and the flowchart is as shown in FIG. 1 . Show, including:
  • Step 101 Perform analysis on the analysis program to obtain program analysis information of each program point in the program to be analyzed, where one program is called a program point between two lines, and program analysis information of the program point is obtained after analysis.
  • the information related to the program point in the program may include element information of the program to be analyzed, such as an actual variable, a global quantity, a function, or a statement.
  • sensitive analysis can be performed, which can include at least one of the following analysis methods: flow-sensitive program analysis, context-sensitive program analysis, domain-sensitive program analysis, and path-sensitive program analysis.
  • flow-sensitive program analysis will consider the order of the statements in the program, generally calculate the information at each program point; in the domain-sensitive program analysis, will distinguish different domain members in a structure;
  • context-sensitive program analysis it distinguishes the information of the same function at different call points; when performing path-sensitive program analysis, it distinguishes the information of predicate of different branch conditions.
  • the error detecting device of the program can consider a plurality of sensitive program analysis, so as to obtain complete information related to each program point, such as program side reading side effects and/or Or write side-effect information, other element information in the program that affects the program point, and so on.
  • the information for reading side effects refers to other element information in the program that needs to be read at the program point, and can be recorded as ⁇ ( a ) ⁇ xl , x2 ... ...
  • xn ⁇ a is the point of the program
  • the setting parameter, xi (i is a natural number from 1 to n), an element that can be read; the information for writing side effects refers to other element information in the program that needs to be written at the program point, which can be written as X ( a ) ⁇ Yl , y2 ... ... ym ⁇ , where yi is a natural number from 1 to 111) is an element that may be written.
  • the information on the read side effects at program point 7 is: ⁇ ( q ) ⁇ x, y ⁇ , used to indicate that the fixed value parameter q is the value of the read x or y.
  • Step 102 Determine an error attribute of the error type to be detected by the analysis program.
  • the error attribute is a description of the attribute type of the error type of the program.
  • the user can define the error type of the program according to actual needs, such as null pointer reference, unassigned value, memory leak, etc.
  • Each error attribute can include multiple values.
  • the error attribute value such as the error attribute value of the error type referenced by the null pointer, can include: null (NULL), non-null (U ULL ), possibly empty ( MAYNULL ), and so on.
  • the error detecting device of the program may provide an interface for the user to select an error attribute type of the error type, and receive an error attribute of the error type selected by the user.
  • Step 103 Acquire an error attribute value of each fixed value point in the to-be-analyzed program according to the program analysis information obtained in step 101, where the error attribute lattice value corresponds to the error attribute type determined in step 102, where the fixed value point is A type of program point used to set an manipulated variable.
  • the determined error attribute value can comprehensively take into account various factors in the program to be analyzed.
  • the error detecting device of the program can be first according to step 101.
  • the program analysis information obtained is used to determine the value of the actual parameter variable or the global value of the error attribute associated with the fixed point, and then combine the relationship between the actual variable (or global quantity) and the fixed point, and according to the The relationship is calculated between the error attribute values to get the error attribute value of the fixed point.
  • the information on the read side effect of the fixed point 7 is: ⁇ ( q ) ⁇ x, y ⁇ , the actual parameter variables associated with the fixed parameter q are x and y.
  • the value of the fixed point q is X or y, where the error attribute values of X and y can be For NULL, UNNULL, or MAYNULL, the error attribute value of the fixed point q is NULL, UNNULL, or MAYNULL.
  • Step 104 Perform an error prompt on the reference point corresponding to the fixed value point of the fault attribute value in the analysis program with the dangerous attribute.
  • the error attribute values of the plurality of fixed value points are obtained.
  • the attributes of the error attribute values are different.
  • the attribute of NULL is mandatory
  • the attribute of UNNULL is safe
  • the attribute of MAYNULL is dangerous.
  • the error detection device of the program can make an error indication for the other dangerous points corresponding to the fixed value points, such as the reference points, for the dangerous and potentially dangerous error attribute values, and can correspond to the two fixed points of the necessary danger and the possible danger.
  • the error point of the reference point is different, so that the user can re-analyze the analysis program according to the error prompt. Correct the operation.
  • the reference point is the point of the actual parameter or the global quantity referenced by the fixed value operation variable at the specified value point, that is, the use point of the operation variable, which can be used to check whether the fixed value of the operation variable is dangerous.
  • the error detecting device of the program analyzes the analysis program to obtain the program analysis information, and obtains the error attribute value of each fixed value point in the program to be analyzed according to the program analysis information, and treats the analysis program in the analysis program.
  • the error attribute value has a reference point corresponding to the fixed value point of the dangerous attribute for error indication. It mainly converts the detection of program errors into the calculation of the error attribute value, which simplifies the process of error detection, thereby improving the error detection efficiency of the program; and because the calculation error attribute value is based on the program analysis information of the program point.
  • the error detection device of the program can take into account the various sensitivities of the program to be analyzed, obtain complete information of each program point, and make the obtained error attribute value more accurate, and improve the treatment. Analyze the error detection accuracy of the program.
  • the error detecting device of the program may be implemented by performing the following steps in the analysis in the above step 101.
  • the flowchart is as shown in FIG. , including:
  • A1 Characterize the program to be analyzed as a Static Single Assignment (SSA).
  • SSA different values of the same manipulated variable are treated as different variables, which can ensure that each operating variable reference in the program to be analyzed has only a unique variable value, that is, the SSA can represent the basis of the fixed value reference relationship.
  • the manipulated variable q is first fixed, it is treated as ql, the second fixed value is treated as q2, and so on.
  • B 1 Determine the read side effect and/or write side effect information of the dereferenced program point in the SSA form to be analyzed, wherein the dereference can be represented by *p, which is used to take the pointer to the content of the address, and read
  • the side effect information refers to the element information in the program to be analyzed that needs to be read at the dereferenced program point, and the information written by the side point is the element in the program to be analyzed that needs to be written at the program point of the reference program.
  • Information In general, program points with information about writing side effects are call points in the program, and need to be set by calling other called functions as fixed value parameters. Program points with read side effect information are directly referenced in the program. The parameter or global quantity is set as a fixed value parameter. Thus, in determining the side effects of read/write, a context sensitive analysis of a program point is required to analyze other information that affects the context of the program point.
  • the error detecting device of the program may also describe the program to be analyzed in the form of static single assignment as a set of multiple elements, and the set of elements refers to the elements constituting the program to be analyzed.
  • a collection which may include an operation variable set, a function set, an expression set, and a statement set, wherein the expression set includes a direct variable operation, an operation expression, and a function expression, and the statement set includes a branch statement, a jump statement, and an assignment statement. Wait.
  • the program shown in FIG. 2 after the program is depicted as the SSA form, the fixed operations of the 4th line and the 6th line are ql and q2; the program variable is obtained by the program variable ⁇ ql, q2, *q ⁇ ,
  • the error detection device of the program may obtain the value of the error attribute in the step 103, and may be obtained according to the actual situation of the program to be analyzed, and may specifically include the following situations:
  • the program to be analyzed includes a first fixed value point, and the first fixed value point does not call the function.
  • the error detecting device of the program can implement the calculation of the error attribute value according to the following steps:
  • A2 Obtaining a set of elements affecting the first fixed point in the program analysis information of each program point obtained in step 102. Specifically, since the program analysis information of each program point has been obtained in step 101, error detection of the program is performed. The device can find a set of elements in the program analysis information that can affect the first fixed point.
  • the function F relat can be defined to establish an association between the error attribute and the set of elements in the program to be analyzed, that is, Find out which elements in the program to be analyzed are associated with the calculation of the incorrect attribute value of the first fixed point.
  • B2 Determine the error attribute value of the first fixed point according to the set of elements of the first fixed point in the program to be analyzed.
  • the error detecting device of the program may first determine an actual attribute variable or a global quantity of the incorrect attribute value associated with the first fixed point; and then combine the actual variable (or global quantity) with the fixed point The relationship, and thus the error attribute value of the first fixed point is obtained by calculation between the incorrect attribute values.
  • the functions F meet and F n may be defined to perform calculation between the error attribute values; and the lattice value mapping function F ato is defined to determine the program to be analyzed.
  • the error attribute value of the various variables in the variable may be performed when performing this step.
  • the program to be analyzed includes a first fixed value point, and a second fixed value point, wherein the second fixed value point calls a function, and the second fixed value point includes a main adjustment function and a adjusted function.
  • the error detecting device of the program can obtain the error attribute value of the first fixed point according to the above steps A2 to B2, and obtain the error attribute value of the second fixed point according to the following steps:
  • A3 The first error attribute value of the reference input of the called function at the second fixed value (denoted as Use_In) is determined as: The error of the actual parameter or the global quantity in the main adjustment function at the second fixed point Attribute value. It can be written as Map (Actually—In(cs), Use— In ), where Map represents the mapping of the wrong attribute value, cs represents the call point, and Actual—In(cs) represents the function f es called at the call point cs — The actual or global amount of eallee .
  • the error detecting device of the program may obtain an actual parameter variable or a global quantity in the calling function according to the information of the writing side effect at the second fixed value point, thereby obtaining the first error attribute value.
  • B3 Calculate the second error attribute value of the fixed value output point (denoted as Def Out) corresponding to the called function according to the first error attribute value. It can be recorded as intra-compute ( f cs ca n ee , ActualIn_V AL (cs)) , where intra-compute represents the calculation of the error attribute value in the process, Actualln_V AI Xcs) is called at the call point cs
  • the layer function f es the error attribute value of eallee .
  • B31 determining a summary of the called function, and including, in the summary, a relationship between the first error attribute value of the reference input and the called function, specifically, the first error attribute value and each operation variable in the called function
  • the relationship information between the error attribute values; the summary further includes information that the second error attribute value is affected by the called function, and specifically may be the second error attribute value and the error attribute of each operation variable in the called function Relationship information between values.
  • the second error attribute value may be directly calculated according to the information that the second error attribute value is affected by the adjusted function. , that is, the value of the error attribute value of each operation variable in the called function Calculate the second error attribute value.
  • the second error attribute value is affected by the first error attribute value of the reference input, the second error attribute may be calculated according to the relationship between the input first error attribute value and the called function.
  • the lattice value that is, the second error attribute value obtained by referring to the first error attribute value of the output and the error attribute value of each of the other operation variables in the called function.
  • the second error attribute value is used as the error attribute value of the second fixed point corresponding to the main function. Recorded as Map (ActualOut - V AL (cs), Actual - Out (cs)), where ActualOut - V AL (cs) represents the value of the error attribute passed by the calling function at the call point cs, Actual_Out(cs ) indicates that the fixed value output value of the function f es — eallee is called at the call point cs.
  • the error attribute value of the argument variable in the main function is passed to the reference input of the called function called by the main function, and according to the summary point of the digest function of the called function. Partially calculate the error attribute value of the fixed value output point in the called function, or directly calculate the error attribute value of the fixed value output point in the called function according to each relevant operation variable and statement in the called function, and calculate The obtained error attribute value is the error attribute value of the second fixed point corresponding to the main function.
  • the error detecting device of the program may obtain the error attribute value of the second fixed point according to the above steps A3 to C3, and details are not described herein.
  • the error detection method of the program described in the embodiment of the present invention is described below with reference to a specific embodiment.
  • the error type determined in this embodiment is a null pointer reference, and the error attribute value under the error attribute of the error type includes NULL. , U ULL, and MAYNULL, the program to be analyzed is shown in Figure 7, the error detection device of the program can analyze the program to be analyzed as shown in Figure 7 as follows:
  • the program to be analyzed can be described as SSA, wherein the operation variables are ql, q2 and pi to p5, and the information of the read side effect at the program point 7 is analyzed as follows: ⁇ ( q ) ⁇ x , y ⁇ ; Assume that the memory space allocated by the malloc function at program point 16 is mem, then the information of the write side effect at program point 18 is: X ( p4 ) ⁇ a, b ⁇ ; the information of the write side effect at program point 20 is : x ( p5 ) ⁇ NULL, b ⁇ ; The information for the read side effect at program point 21 is: ⁇ ( *p ) ⁇ NULL, a, *mem, b ⁇ , the information for the read side effect at program point 23 is: ⁇ ( *p ) ⁇ NULL, a, *mem, b ⁇ . It can be seen that, in general, the program point with the information for writing side effects is the
  • the error attribute value of the second fixed value included in the program is calculated, as shown in Table 1 below, and the error attribute value of the actual parameter variable of the calling function at the calling point is used as the reference input of the called function boo.
  • the error attribute value, and then the error attribute value of the second fixed point is obtained according to the digest of the input function boo reference.
  • 9 13111 is the value of *9, which is obtained by the intersection or parallel operation of the error attribute values of the operation variables ql and q2, and can be used according to the corresponding program when determining the error attribute value of the actual parameter variable of the main function. Information on the side effects of writing is obtained.
  • the fixed value of the 21st line may have a null pointer reference error.
  • the statement associated with the program point of the 23rd line that is, the statement of the 22nd line, there is no null pointer reference error at the fixed point of the 23rd line, mainly because the program point of the 22nd line is Belongs to the special control flow (that is, the return value when not p), it will update the error attribute value of p to be safe, because when p has an unsafe error attribute value, it will return directly, so the value of the 23rd line A null pointer reference error will not occur at the point.
  • the error attribute value of the program point 10 in the program to be analyzed is dangerous, and the dangerous point can be indicated at the program point 10, and the error attribute value at the program points 16, 20 and 21 may be dangerous,
  • the program point 16 and the reference point 11 corresponding to the program point 20 and the reference point 11 corresponding to the program point 21 can be prompted for danger.
  • the error detection method of the above program is to detect the error type of the null pointer reference, and there are other error types in the actual application, such as the error detection method of the corresponding program such as unassigned or memory leak and the reference of the above null pointer.
  • the error detection method is similar and will not be described here.
  • a memory leak is a memory allocated at a program point, but it is not reclaimed at the end of the program.
  • the embodiment of the present invention further provides a program error detecting device, wherein each unit can perform error detection according to the method in the above embodiment, and the structure of the device is shown in FIG.
  • the program analyzing unit 10 is configured to analyze the program to be analyzed to obtain program analysis information of each program point in the program to be analyzed; the program analysis information refers to the program in the program to be analyzed. Describe the information related to the program point.
  • the attribute determining unit 11 is configured to determine an error attribute of the error type for detecting the program to be analyzed.
  • the value calculation and propagation unit 12 is configured to acquire, according to the program analysis information obtained by the program analysis unit 10, an error attribute value of each fixed value point in the to-be-analyzed program, and the error attribute value and the attribute lattice are determined.
  • the error attribute determined by unit 11 corresponds.
  • the lattice value calculation and propagation unit 12 may first determine the error attribute value of the actual parameter variable or the global quantity associated with the fixed value point according to the program analysis information obtained by the program analysis unit 10, and then combine the actual parameter variable (or the global quantity). ) and the relationship between the fixed point, and the calculation between the error attribute values according to the relationship to obtain the error attribute value of the fixed point.
  • the error prompting unit 13 is configured to calculate, according to the lattice value, an error attribute value obtained by the propagation unit 12, and a reference point corresponding to a fixed value point having a dangerous attribute in the error attribute value in the to-be-analyzed program, for example, a reference Click the error message.
  • the lattice value calculation and propagation unit 12 obtains the error analysis grid value of each fixed value point in the program to be analyzed according to the program analysis information analyzed by the program analysis unit 10 to be analyzed by the program analysis unit, and is provided by the error prompting unit 13 An error message is given at the reference point corresponding to the fixed value point of the error attribute value in the analysis program that has a dangerous attribute. It mainly converts the detection of program errors into the calculation of the error attribute value, which simplifies the process of error detection, can improve the error detection efficiency of the program; and is calculated according to the program analysis information of the program point when calculating the error attribute value.
  • the program analysis unit 10 can take into account various sensitivities of the program to be analyzed, obtain complete information of each program point, and make the obtained error attribute value more accurate, and improve the program to be analyzed. Error detection accuracy.
  • the error detecting device of the program may include the structure shown in FIG. 8, wherein the program analyzing unit 10 may specifically be configured by the characterization unit 110 and the side effect information determining unit 120.
  • the program analyzing unit 10 may specifically be configured by the characterization unit 110 and the side effect information determining unit 120.
  • Part of the program analysis information to obtain the program point is information on side effects and/or side effects of reading, wherein:
  • a characterization unit 110 configured to describe the program to be analyzed as a static single-assignment SSA;
  • the side-effect information determining unit 120 is configured to determine a program point dereferenced in the SSA-formed program to be analyzed by the characterization unit 110 Reading side effects and/or writing side effects, the read side effects
  • the information refers to the element information in the program to be analyzed that needs to be read at the dereferenced program point, and the information of the write side effect is the program to be analyzed that needs to be written at the dereferenced program point. Elemental information in .
  • the trellis calculation and propagation unit 12 determines the error attribute value of each of the fixed points based on the information of the read/write side effects determined by the side effect information determining unit 120.
  • the characterization unit 110 included in the program analysis unit 10 may further describe the program to be analyzed in a static single assignment form as a set of multiple elements, where the set of elements includes an operation variable set, a function set, an expression set, and a statement. Collections, etc.
  • the error detecting device of the program may include a structure as shown in FIG. 8, wherein the first setting value is included if the program to be analyzed includes only the first fixed value. If the function is not called, the trellis calculation and propagation unit 12 can be implemented by the element set obtaining unit 120 and the first trellis determining unit 121; if the program to be analyzed further includes a second fixed point, the second fixed point Calling the function, the lattice value calculation and propagation unit 12 may further include a reference lattice value determining unit 122, a second lattice value calculating unit 123, and an output lattice value determining unit 124, where:
  • the element set obtaining unit 120 is configured to obtain, in the program analysis information of the program point analyzed by the program analyzing unit 10, a set of elements that affect the first fixed point.
  • the first trellis value determining unit 121 is configured to determine an error attribute cell value of the first fixed value point according to the element set of the first fixed value point in the to-be-analyzed program acquired by the element set obtaining unit 120.
  • the error unit 13 can perform an error indication of the program according to the error attribute value of the first fixed point determined by the first value determining unit 121.
  • the first trellis value determining unit 121 may first determine an actual attribute variable or a global quantity error attribute value associated with the first fixed value point; and then combine the actual parameter variable (or global quantity) with the first fixed value point.
  • the relationship between the error attribute values is calculated according to the relationship, and the error attribute value of the first fixed point is obtained by calculation between the incorrect attribute values.
  • a reference lattice value determining unit 122 configured to determine a first error attribute value of the reference input of the called function at the second fixed value point as: an actual parameter variable in the main adjustment function at the second fixed value point or The global attribute's error attribute value.
  • the reference lattice value determining unit 122 may analyze the obtained information of the write side effect at the second fixed value point corresponding to the main key function according to the program analyzing unit 10, and obtain an actual parameter variable or a global quantity in the main tuning function, thereby obtaining the first error. Attribute value.
  • a second trellis value calculation unit 123 configured to use the reference determined by the reference trellis value determining unit 122 Entering a first error attribute value, and calculating a second error attribute value of the fixed value output point corresponding to the called function.
  • the second trellis value calculation unit 123 when calculating the second error attribute value, may be implemented by the digest determination unit 1230, the first calculation unit 1231, and the second calculation unit 1232, where:
  • the summary determining unit 1230 is configured to determine a summary of the called function, and the summary includes a relationship between the first error attribute value of the reference input determined by the reference lattice value determining unit 122 and the called function, specifically And may be the relationship information between the first error attribute value and the error attribute value of each operation variable in the called function; and the second error attribute value is affected by the called function, specifically The relationship between the second error attribute value and the error attribute value of each operation variable in the called function. If the digest determined by the digest determining unit 1230 indicates that the second error attribute value is not affected by the first error attribute value of the reference input, the first calculating unit 1231 may directly receive the value according to the second error attribute value.
  • the information affected by the adjusted function calculates a second error attribute value; if the digest determined by the digest determining unit 1230 indicates that the second error attribute value is affected by the first error attribute value of the reference input, Then, the second calculating unit 1232 calculates and calculates the second error attribute value according to the relationship between the first error attribute value input by the reference and the called function.
  • the above-mentioned digest determining unit 1230 can be obtained in the program analyzing information analyzed by the program analyzing unit 10, and the first calculating unit 1231 can obtain the second by calculating the error attribute value of each operation variable in the called function according to the instruction in the digest.
  • the second attribute unit 1232 may obtain the second error attribute by calculating the first error attribute value of the output and the error attribute value of each of the other operation variables in the called function according to the indication in the digest. value.
  • the output trellis value determining unit 124 is configured to use the second error attribute value calculated by the first calculating unit 1231 or the second calculating unit 1232 in the second trellis calculating unit 123 as the second corresponding to the main function The value of the error attribute of the fixed point.
  • the error unit 13 can perform an error indication of the program according to the second error attribute value determined by the output trellis value determining unit 124.
  • the embodiment of the present invention further provides a program error detecting device, wherein each unit can perform error detection according to the method in the above embodiment, and the structure diagram is as shown in FIG. 11 , including respectively connected to the bus.
  • the memory 20 is used to store data input from the input device 23, and may also store information such as necessary files for processing the data by the processor 21;
  • the input device 23 and the output device 24 are ports for communication of the error detecting device of the program with other devices, It can include devices that are external to the error detection device of the program such as monitors, keyboards, mice, and printers.
  • the processor 21 is configured to analyze the program to be analyzed to obtain program analysis information of each program point in the program to be analyzed; the program analysis information refers to information related to the program point in the program to be analyzed; Determining an error attribute type of the error type detected by the program to be analyzed; and acquiring an error attribute value of each fixed point in the to-be-analyzed program according to the program analysis information; and finally, according to the acquired error attribute value,
  • the error attribute value has a reference point corresponding to the fixed value point of the dangerous attribute for error prompting.
  • the processor 21 determines the error attribute value, first determines the error attribute value of the actual parameter variable or the global quantity related to the fixed value point according to the program analysis information, and then combines the actual parameter variable (or global quantity) with The relationship between the value points, and the calculation between the error attribute values according to the relationship to obtain the error attribute value of the fixed point.
  • the analysis may be performed with sensitivity.
  • the information of the partial program analysis information that is, the side effect of reading and/or the side effect of writing may be obtained according to the following steps, that is, the processor 21 firstly
  • the program to be analyzed is depicted in the form of a static single assignment SSA; then information on the read side effects and/or write side effects of the dereferenced program points in the SSA form is determined, and the information of the read side effects refers to the solution
  • the element information in the program to be analyzed that needs to be read at the referenced program point, and the information of the write side effect is element information in the program to be analyzed that needs to be written at the dereferenced program point.
  • the processor 21 determines the error attribute value of each fixed point based on the determined read/write side effect information. Further, in the process of performing program analysis, the processor 21 may further describe the to-be-analyzed program in a static single-assignment form as a set of multiple elements, where the set of elements includes an operation variable set, a function set, an expression set, and a statement. Collections, etc.
  • the processor 21 when determining the error attribute value, mainly has the following situations: (1) The first program point is included in the to-be-analyzed program, and the function is not called when the first value point is not: the processor 21, Specifically, the method is configured to obtain, in the program analysis information of each program point obtained by the analysis, a set of elements that affect the first fixed point, and according to the obtained first fixed point in the to-be-analyzed program.
  • the set of the determinants determines the value of the error attribute of the first fixed point; specifically, the processor 21 may first determine the value of the actual parameter or the global value of the error attribute associated with the first fixed point; The relationship between the variable (or global quantity) and the fixed point, and the calculation between the error attribute values is performed according to the relationship, so that the error attribute value of the first fixed point is obtained by calculation between the incorrect attribute values.
  • the program to be analyzed includes a first fixed point, and a second fixed point, the second fixed point calling function:
  • the processor 21 is further configured to determine, by using the reference input value of the called function at the second fixed value, a first error attribute value: an actual parameter variable or a global quantity in the main adjustment function at the second fixed value point The error attribute value; calculating a second error attribute value of the fixed value output point corresponding to the called function according to the first error attribute value input by the determined reference; and using the second error attribute value as The error attribute value of the second fixed value point corresponding to the main key function.
  • the processor 21 can perform an error indication of the program according to the second error attribute value.
  • the processor 21 may obtain an actual parameter variable or a global quantity in the main adjustment function according to the information of the write side effect at the second fixed value obtained by the analysis, thereby obtaining the first error attribute value.
  • the processor 21 calculates the second error attribute lattice value, it first determines a summary of the called function, where the summary includes a relationship between the first error attribute value of the reference input and the called function, specifically Is the relationship information between the first error attribute value and the error attribute value of each operation variable in the called function; and the second error attribute value is affected by the called function, specifically The relationship between the second error attribute value and the error attribute value of each operation variable in the called function. If the digest indicates that the second error attribute value is not affected by the first error attribute value of the reference input, the processor 21 may directly receive the information affected by the called function according to the second error attribute value.
  • the processor 21 may obtain a digest in the analyzed program analysis information; and may use an error attribute value of each operation variable in the called function according to an indication related to the fixed value output point of the called function in the digest. Calculating the second error attribute value; or according to the indication of the summary, the first error attribute value output by reference and the error attribute of each of the other operation variables in the called function The calculation of the personality value yields the second error attribute value.
  • the program can be stored in a computer readable storage medium.
  • the storage medium can include: Read only memory (ROM), random access memory (RAM), disk or optical disk, etc.

Abstract

The present invention is applicable to the field of computer technologies. Disclosed are an error detection method and device for a program. The error detection device for a program analyzes a to-be-analyzed program to obtain program analysis information, acquires an error attribute scale value of each constant value point in the to-be-analyzed program according to the program analysis information, and performs error prompt on an invocation point corresponding to a constant value point having an error attribute scale value being the dangerous attribute in the to-be-analyzed program. Error detection for a program is changed into calculation of an error attribute scale value, which simplifies an error detection process, and can improve error detection efficiency of the program. When the program analysis information is obtained, the error detection device for the program can consider multiple sensibilities of the to-be-analyzed program, to obtain entire information of each program point, so that the obtained error attribute scale value is more accurate, and error detection accuracy for the to-be-analyzed program is improved.

Description

一种程序的错误检测方法及设备 本申请要求于 2013年 7月 8日提交中国专利局、 申请号为  Method and device for error detection of a program The application is submitted to the Chinese Patent Office on July 8, 2013, and the application number is
201310284541.7、 发明名称为 "一种程序的错误检测方法及设备" 的中国专 利申请的优先权, 其全部内容通过引用结合在本申请中。 技术领域 201310284541.7, the entire disclosure of which is hereby incorporated by reference in its entirety in its entirety in the the the the the the the the the the Technical field
本发明涉及计算机技术领域, 特别涉及程序的错误检测方法及设备。 背景技术  The present invention relates to the field of computer technology, and in particular, to a method and device for detecting errors in a program. Background technique
程序的错误检测方法通常可分为动态和静态两大类, 其中动态方法需要 运行程序, 依赖于测试用例, 只能发现被执行路径上的错误, 且测试用例的 构建仍然是一个开放问题。 而静态方法直接作用于程序源代码, 可以检测程 序中所有路径, 并且不需要测试用例, 具有更好的完备性。  Program error detection methods can be divided into dynamic and static categories. Dynamic methods need to run programs, rely on test cases, and only find errors on the executed path, and the construction of test cases is still an open problem. The static method directly acts on the program source code, can detect all the paths in the program, and does not need test cases, which has better completeness.
在使用静态分析进行检测的方法和工具中, 又常有流分析、 定理证明、 模型检测等方法。 其中定理证明和模型检测的方法自身的局限导致了这类方 法或工具在可伸缩性方面表现不佳, 例如验证条件的长度会随程序规模呈指 数级增长、 穷举遍历程序状态空间的时空开销很大等等, 而形式化的方法往 往需要用户参与, 要求用户使用事先定义的规约语言对源程序进行标注或性 质描述, 这些标注或性质描述往往难于编写。 而基于编译技术的流分析方法 是潜在的提高软件正确性的有效方法, 编译器不仅能进行程序的翻译和优化, 还会进行最基本的程序正确性检查。 但传统的流分析技术主要面向的是编译 优化, 需要以保障编译结果的正确性为前提, 得到的是保守的分析结果。 但 对于错误的检测而言, 流分析得到的分析结果无法满足检测的精确性需求, 带来大量误报和潜在的漏报, 从而影响检测精度。  In methods and tools for detecting static analysis, methods such as flow analysis, theorem proving, and model detection are often used. The limitations of the theorem proving and the method of model detection lead to the poor performance of such methods or tools. For example, the length of the verification condition will increase exponentially with the size of the program, and the space-time overhead of traversing the program state space exhaustively Very large, etc., and formal methods often require user involvement, requiring users to use a predefined specification language to label or describe the source program. These annotations or property descriptions are often difficult to write. The stream analysis method based on compiler technology is an effective method to improve the correctness of the software. The compiler can not only translate and optimize the program, but also perform the most basic program correctness check. However, the traditional flow analysis technology is mainly for compiler optimization, and it is necessary to ensure the correctness of the compiled results, and the results are conservative. However, for the wrong detection, the analysis result obtained by the flow analysis cannot meet the accuracy requirement of the detection, and brings a large number of false positives and potential false negatives, thereby affecting the detection accuracy.
发明内容 Summary of the invention
本发明实施例提供程序的错误检测方法及设备, 能提高程序的错误检测 的效率。  The embodiment of the invention provides a method and a device for detecting errors of a program, which can improve the efficiency of error detection of the program.
本发明实施例第一方面提供一种程序的错误检测方法, 包括:  A first aspect of the embodiments of the present invention provides a method for detecting an error of a program, including:
对待分析程序进行分析得到所述待分析程序中每个程序点的程序分析信 息; Analyze the analysis program to obtain a program analysis letter for each program point in the program to be analyzed Interest rate
确定对所述待分析程序进行检测的错误类型的错误属性格;  Determining an error attribute type of an error type for detecting the program to be analyzed;
根据所述程序分析信息获取所述待分析程序中各个定值点的错误属性格 值 , 所述错误属性格值与所述确定的错误属性格对应;  Acquiring, according to the program analysis information, an error attribute value of each fixed value point in the program to be analyzed, where the error attribute value corresponds to the determined error attribute;
对所述错误属性格值具有危险属性的定值点对应的引用点进行错误提 示。  The reference point corresponding to the fixed value point with the dangerous attribute value of the error attribute value is incorrectly prompted.
本发明实施例第一方面的第一种可能的实现方式中, 所述程序分析信息 中包括读副作用和 /或写副作用的信息, 所述对待分析程序进行分析得到所述 待分析程序中每个程序点的程序分析信息, 具体包括:  In a first possible implementation manner of the first aspect of the embodiment, the program analysis information includes information for reading side effects and/or writing side effects, and the analyzing the program is analyzed to obtain each of the to-be-analyzed programs. Program analysis information of the program point, including:
将所述待分析程序刻画为静态单赋值 SSA的形式;  Characterizing the program to be analyzed as a static single assignment SSA;
确定所述 S S A形式的待分析程序中解引用的程序点的读副作用和 /或写副 作用的信息, 所述读副作用的信息是指所述解引用的程序点处需要读取的所 述待分析程序中的元素信息, 所述写副作用的信息是所述解引用的程序点处 需要写入的所述待分析程序中的元素信息。  Determining, by the SSA form, information about read side effects and/or writing side effects of the dereferenced program points in the program to be analyzed, the information of the read side effects being the to-be-analyzed at the dereferenced program point Element information in the program, the information of the write side effect is element information in the program to be analyzed that needs to be written at the dereferenced program point.
结合本发明实施例第一方面或第一方面的第一种可能的实现方式, 在本 发明实施例第一方面的第二种可能的实现方式中, 所述待分析程序中包括第 一定值点, 所述第一定值点未调用函数, 所述根据所述程序分析信息获取所 述待分析程序中各个定值点在所述确定的错误属性格下的错误属性格值, 具 体包括:  With reference to the first aspect of the embodiment of the present invention or the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect of the embodiment, the program to be analyzed includes the first fixed value Point, the first fixed value point does not call a function, and the error attribute value of each fixed value point in the to-be-analyzed program in the determined error attribute is obtained according to the program analysis information, and specifically includes:
在所述各个程序点的程序分析信息中获取影响所述第一定值点的元素集 合;  Obtaining a set of elements affecting the first fixed point in the program analysis information of the respective program points;
根据所述第一定值点对应的元素集合确定所述第一定值点的错误属性格 值。  Determining an error attribute lattice value of the first fixed value point according to the set of elements corresponding to the first fixed value point.
结合本发明实施例第一方面或第一方面的第一种可能的实现方式, 在本 发明实施例第一方面的第三种可能的实现方式中, 若所述待分析程序中包括 第二定值点, 所述第二定值点调用函数, 所述根据所述程序分析信息获取所 述待分析程序中各个定值点在所述确定的错误属性格下的错误属性格值, 具 体包括:  With reference to the first aspect of the embodiment of the present invention or the first possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect of the embodiment of the present invention, if the to-be-analyzed program includes the second predetermined a value point, the second fixed value point calling function, the obtaining, according to the program analysis information, an error attribute value of each fixed value point in the to-be-analyzed program under the determined error attribute, specifically:
将所述第二定值点处被调函数的引用输入的第一错误属性格值确定为: 所述第二定值点处主调函数中实参变量或全局量的错误属性格值; 根据所述第一错误属性格值, 计算所述被调函数对应的定值输出点的第 二错误属性格值; The first error attribute value of the reference input of the called function at the second fixed point is determined as: The error attribute value of the actual parameter variable or the global quantity in the main adjustment function at the second fixed value point; calculating the second error of the fixed value output point corresponding to the called function according to the first error attribute value Attribute value
将所述第二错误属性格值作为所述第二定值点的错误属性格值。  The second error attribute value is used as the error attribute value of the second fixed point.
结合本发明实施例第一方面的第三种可能的实现方式, 在本发明实施例 第一方面的第四种可能的实现方式中, 所述根据所述第一错误属性格值, 计 算所述被调函数对应的定值输出点的第二错误属性格值 , 具体包括:  With reference to the third possible implementation manner of the first aspect of the embodiments of the present invention, in a fourth possible implementation manner of the first aspect of the embodiments, The second error attribute value of the fixed value output point corresponding to the called function, specifically includes:
确定所述被调函数的摘要, 所述摘要中包括所述引用输入的第一错误属 性格值与所述被调函数之间的关系, 及所述第二错误属性格值受到所述被调 函数影响的信息;  Determining a summary of the called function, the summary including a relationship between the first error attribute value of the reference input and the called function, and the second error attribute value being adjusted by the Information affected by the function;
如果所述第二错误属性格值未受引用输入的第一错误属性格值的影响, 则直接根据所述第二错误属性格值受到所述被调函数影响的信息计算得到第 二错误属性格值;  If the second error attribute value is not affected by the first error attribute value of the reference input, directly calculating the second error attribute according to the information that the second error attribute value is affected by the called function Value
如果所述第二错误属性格值受到引用输入的第一错误属性格值的影响, 则根据所述引用输入的第一错误属性格值与所述被调函数之间的关系计算得 到第二错误属性格值。  If the second error attribute value is affected by the first error attribute value of the reference input, the second error is calculated according to the relationship between the first error attribute value of the reference input and the called function Attribute value.
本发明实施例第二方面提供一种程序的错误检测设备, 包括:  A second aspect of the embodiments of the present invention provides a program error detecting apparatus, including:
程序分析单元, 用于对待分析程序进行分析得到所述待分析程序中每个 程序点的程序分析信息;  a program analysis unit, configured to analyze the program to be analyzed to obtain program analysis information of each program point in the program to be analyzed;
属性格确定单元, 用于确定对所述待分析程序进行检测的错误类型的错 误属性格;  a attribute determining unit, configured to determine an error attribute of an error type that detects the program to be analyzed;
格值计算与传播单元, 用于根据所述程序分析单元得到的程序分析信息 获取所述待分析程序中各个定值点的错误属性格值, 所述错误属性格值与所 述属性格确定单元确定的错误属性格对应;  a lattice value calculation and propagation unit, configured to acquire, according to the program analysis information obtained by the program analysis unit, an error attribute value of each fixed value point in the to-be-analyzed program, the error attribute lattice value and the attribute lattice determining unit The determined error attribute corresponds to;
错误提示单元, 用于根据所述格值计算与传播单元获取的错误属性格值, 对所述错误属性格值具有危险属性的定值点对应的引用点进行错误提示。  The error prompting unit is configured to calculate, according to the lattice value, an error attribute value obtained by the propagation unit, and perform an error prompt on the reference point corresponding to the fixed value point of the fault attribute value having a dangerous attribute.
本发明实施例第二方面的第一种可能的实现方式中, 所述程序分析信息 中包括读副作用和 /或写副作用的信息, 所述程序分析单元具体包括:  In a first possible implementation manner of the second aspect of the embodiment of the present invention, the program analysis information includes information for reading a side effect and/or a write side effect, and the program analyzing unit specifically includes:
刻画单元, 用于将所述待分析程序刻画为静态单赋值 SSA的形式; 副作用信息确定单元,用于确定所述刻画单元刻画的 SSA形式的待分析程 序中解引用的程序点的读副作用和 /或写副作用的信息, 所述读副作用的信息 是指所述解引用的程序点处需要读取的所述待分析程序中的元素信息, 所述 写副作用的信息是所述解引用的程序点处需要写入的所述待分析程序中的元 素信息。 a characterization unit, configured to describe the program to be analyzed as a static single assignment SSA; a side effect information determining unit, configured to determine information of a read side effect and/or a write side effect of the program point dereferenced in the program to be analyzed in the SSA form depicted by the characterization unit, the information of the read side effect being the dereferenced The element information in the program to be analyzed that needs to be read at the program point, and the information of the write side effect is element information in the program to be analyzed that needs to be written at the dereferenced program point.
结合本发明实施例第二方面或第二方面的第一种可能的实现方式, 在本 发明实施例第二方面的第二种可能的实现方式中, 所述待分析程序中包括第 一定值点, 所述第一定值点未调用函数, 所述格值计算与传播单元具体包括: 元素集合获取单元, 用于在所述程序点的程序分析信息中获取影响所述 第一定值点的元素集合;  With reference to the second aspect of the embodiment of the present invention or the first possible implementation manner of the second aspect, in a second possible implementation manner of the second aspect of the embodiment, the program to be analyzed includes the first fixed value. Point, the first fixed value point does not call a function, and the lattice value calculation and propagation unit specifically includes: an element set obtaining unit, configured to acquire, in the program analysis information of the program point, the first fixed value point Collection of elements;
第一格值确定单元, 用于根据所述第一定值点的元素集合确定所述第一 定值点的错误属性格值。  a first trellis value determining unit, configured to determine an error attribute lattice value of the first fixed value point according to the element set of the first fixed value point.
结合本发明实施例第二方面或第二方面的第一种可能的实现方式, 在本 发明实施例第二方面的第三种可能的实现方式中, 若所述待分析程序中包括 第二定值点, 所述第二定值点调用函数, 所述格值计算与传播单元具体包括: 引用格值确定单元, 用于将所述第二定值点处被调函数的引用输入的第 一错误属性格值确定为: 所述第二定值点处主调函数中实参变量或全局量的 错误属性格值;  With reference to the second aspect of the embodiment of the present invention or the first possible implementation manner of the second aspect, in a third possible implementation manner of the second aspect of the embodiment of the present invention, if the program to be analyzed includes the second a value point, the second fixed value point calling function, the lattice value calculation and propagation unit specifically includes: a reference lattice value determining unit, configured to input a reference of the called function at the second fixed value point The error attribute value is determined as: an error attribute value of an actual parameter or a global quantity in the main adjustment function at the second fixed value point;
第二格值计算单元, 用于根据所述第一错误属性格值, 计算所述被调函 数对应的定值输出点的第二错误属性格值;  a second value calculation unit, configured to calculate a second error attribute value of the fixed value output point corresponding to the called function according to the first error attribute value;
输出格值确定单元, 用于将所述第二错误属性格值作为所述主调函数对 应的第二定值点的错误属性格值。  And outputting a value determining unit, configured to use the second error attribute value as an error attribute value of the second fixed point corresponding to the main function.
结合本发明实施例第二方面第三种可能的实现方式, 在本发明实施例第 二方面的第四种可能的实现方式中, 所述第二格值计算单元具体包括:  With reference to the third possible implementation manner of the second aspect of the embodiment of the present invention, in a fourth possible implementation manner of the second aspect of the embodiment, the second value calculation unit specifically includes:
摘要确定单元, 用于确定所述被调函数的摘要, 所述摘要中包括所述引 用输入的第一错误属性格值与所述被调函数之间的关系, 及所述第二错误属 性格值受到所述被调函数影响的信息;  a summary determining unit, configured to determine a summary of the called function, where the summary includes a relationship between a first error attribute value of the reference input and the called function, and the second error attribute Information whose value is affected by the called function;
第一计算单元, 用于如果所述第二错误属性格值未受引用输入的第一错 误属性格值的影响, 则直接根据所述第二错误属性格值受到所述被调函数影 响的信息计算得到第二错误属性格值; a first calculating unit, configured to: if the second error attribute value is not affected by the first error attribute value of the reference input, directly receive the called function according to the second error attribute value The information of the ringing is calculated to obtain the second error attribute value;
第二计算单元, 用于如果所述第二错误属性格值受到引用输入的第一错 误属性格值的影响, 则根据所述引用输入的第一错误属性格值与所述被调函 数之间的关系计算得到第二错误属性格值。  a second calculating unit, configured to: if the second error attribute value is affected by the first error attribute value of the reference input, between the first error attribute value input according to the reference and the called function The relationship is calculated to get the second error attribute value.
本实施例的方法中, 程序的错误检测设备会对待分析程序进行分析得到 的程序分析信息, 并根据程序分析信息获取待分析程序中各个定值点的错误 属性格值, 并对待分析程序中错误属性格值具有危险属性的定值点对应的引 用点进行错误提示。 主要是将对程序错误的检测变换为错误属性格值的计算, 简化了错误检测的过程, 提高程序的错误检测效率; 且由于在计算错误属性 格值时根据程序点的程序分析信息来计算的, 而在得到程序分析信息时程序 的错误检测设备可以考虑到待分析程序的多种敏感性, 得到每个程序点的完 整信息, 使得得到的错误属性格值也比较准确, 提高了对待分析程序的错误 检测精度。  In the method of the embodiment, the error detecting device of the program analyzes the program analysis information obtained by analyzing the analysis program, and obtains the error attribute value of each fixed value point in the program to be analyzed according to the program analysis information, and treats the error in the analysis program. The attribute value has a reference point corresponding to the fixed value point of the dangerous attribute for error prompting. Mainly to convert the detection of program error into the calculation of the error attribute value, simplify the process of error detection, improve the error detection efficiency of the program; and calculate the information according to the program analysis information of the program point when calculating the error attribute value. When the program analysis information is obtained, the error detection device of the program can take into account the various sensitivities of the program to be analyzed, obtain complete information of each program point, and make the obtained error attribute value more accurate, and improve the program to be analyzed. Error detection accuracy.
附图说明 DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案, 下面将对实 施例或现有技术描述中所需要使用的附图作简单地介绍, 显而易见地, 下面 描述中的附图仅仅是本发明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造性劳动性的前提下, 还可以根据这些附图获得其他的附图。  In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any inventive labor.
图 1是本发明实施例提供的一种程序的错误检测方法流程图;  1 is a flowchart of a method for detecting errors of a program according to an embodiment of the present invention;
图 2是本发明实施例中一段待分析程序的示意图;  2 is a schematic diagram of a program to be analyzed in an embodiment of the present invention;
图 3是本发明实施例提供的另一种程序的错误检测方法流程图;  3 is a flowchart of another method for detecting errors in a program according to an embodiment of the present invention;
图 4是本发明实施例中一种确定错误属性格值的方法流程图;  4 is a flow chart of a method for determining an error attribute value in an embodiment of the present invention;
图 5是本发明实施例中另一种确定错误属性格值的方法流程图;  FIG. 5 is a flowchart of another method for determining an error attribute value in an embodiment of the present invention; FIG.
图 6是本发明实施例中确定第二定值点的错误属性格值的结构示意图; 图 7是本发明的应用实施例中待分析程序的示意图;  6 is a schematic structural diagram of determining an error attribute lattice value of a second fixed value point in the embodiment of the present invention; FIG. 7 is a schematic diagram of a program to be analyzed in an application embodiment of the present invention;
图 8是本发明实施例中提供的一种程序的错误检测设备的结构示意图; 图 9是本发明实施例中提供的一种程序的错误检测设备的结构示意图; 图 10是本发明实施例中提供的一种程序的错误检测设备中的部分结构示 意图; 图 11是本发明实施例中提供的一种程序的错误检测设备的结构示意图。 具体实施方式 FIG. 8 is a schematic structural diagram of an error detecting apparatus of a program according to an embodiment of the present invention; FIG. 9 is a schematic structural diagram of an error detecting apparatus of a program according to an embodiment of the present invention; A partial structural diagram of an error detecting device of a program provided; FIG. 11 is a schematic structural diagram of an error detecting apparatus of a program according to an embodiment of the present invention. detailed description
下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进行 清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而 不是全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有作 出创造性劳动前提下所获得的所有其他实施例 , 都属于本发明保护的范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明实施例提供一种程序的错误检测方法, 主要是通过一种静态的方 法对待分析程序进行错误检测, 本实施例的方法是程序的错误检测设备所执 行的方法, 流程图如图 1所示, 包括:  The embodiment of the invention provides a method for detecting errors of a program, which mainly performs error detection on the analysis program by a static method. The method in this embodiment is a method performed by the error detection device of the program, and the flowchart is as shown in FIG. 1 . Show, including:
步骤 101 , 对待分析程序进行分析得到待分析程序中每个程序点的程序分 析信息, 其中一个程序两行之间称为一个程序点, 程序点的程序分析信息是 通过分析后得到的在待分析程序中与该程序点相关的信息, 可以包括实参变 量、 全局量、 函数或语句等组成待分析程序的元素信息。  Step 101: Perform analysis on the analysis program to obtain program analysis information of each program point in the program to be analyzed, where one program is called a program point between two lines, and program analysis information of the program point is obtained after analysis. The information related to the program point in the program may include element information of the program to be analyzed, such as an actual variable, a global quantity, a function, or a statement.
这里在对待分析程序进行分析时, 可以进行具有敏感性的分析, 具体可 以包括如下至少一种分析方式: 流敏感的程序分析、 上下文敏感的程序分析、 域敏感的程序分析和路径敏感的程序分析等, 其中在进行流敏感的程序分析 时, 会考虑程序中语句的顺序, 一般会计算在每个程序点的信息; 在进行域 敏感的程序分析时, 会区分一个结构体内不同的域成员; 在进行上下文敏感 的程序分析时, 会区分同一个函数在不同调用点的信息; 在进行路径敏感的 程序分析时, 会对不同分支条件的谓词的信息进行区分。  Here, when analyzing the analysis program, sensitive analysis can be performed, which can include at least one of the following analysis methods: flow-sensitive program analysis, context-sensitive program analysis, domain-sensitive program analysis, and path-sensitive program analysis. Etc., in the flow-sensitive program analysis, will consider the order of the statements in the program, generally calculate the information at each program point; in the domain-sensitive program analysis, will distinguish different domain members in a structure; When performing context-sensitive program analysis, it distinguishes the information of the same function at different call points; when performing path-sensitive program analysis, it distinguishes the information of predicate of different branch conditions.
本发明实施例中, 为了提高对程序分析的精度, 程序的错误检测设备可 以考虑到多种敏感性的程序分析, 这样才能获取与每个程序点相关的完整信 息, 比如程序点读副作用和 /或写副作用的信息, 程序中影响到该程序点的其 它元素信息等。 其中读副作用的信息是指该程序点处需要读取的程序中的其 它元素信息, 可以记为 μ ( a ) {xl , x2... ... xn} , 其中 a为该程序点处的定值参 数, xi ( i为 1到 n的自然数)可能读取的一个元素; 写副作用的信息是指该程 序点处需要写入的程序中的其它元素信息, 可以记为 X ( a ) {yl , y2... ... ym} , 其中 yi 为1到111的自然数)为可能写入的一个元素。  In the embodiment of the present invention, in order to improve the accuracy of the program analysis, the error detecting device of the program can consider a plurality of sensitive program analysis, so as to obtain complete information related to each program point, such as program side reading side effects and/or Or write side-effect information, other element information in the program that affects the program point, and so on. The information for reading side effects refers to other element information in the program that needs to be read at the program point, and can be recorded as μ ( a ) {xl , x2 ... ... xn} , where a is the point of the program The setting parameter, xi (i is a natural number from 1 to n), an element that can be read; the information for writing side effects refers to other element information in the program that needs to be written at the program point, which can be written as X ( a ) { Yl , y2 ... ... ym} , where yi is a natural number from 1 to 111) is an element that may be written.
例如图 2中所示的程序中, 程序点 7 (即第 7行)处的读副作用的信息为: μ ( q ) {x, y} , 用来指示定值参数 q是读取的 x或 y的值。 For example, in the program shown in Figure 2, the information on the read side effects at program point 7 (ie, line 7) is: μ ( q ) {x, y} , used to indicate that the fixed value parameter q is the value of the read x or y.
步骤 102, 确定对待分析程序进行检测的错误类型的错误属性格。 错误属 性格是指对于程序一种错误类型的属性描述, 用户可以根据实际需要来定义 程序的错误类型, 比如空指针引用, 未赋值, 内存泄漏等, 每个错误属性格 可以包括多个值简称错误属性格值, 比如空指针引用的错误类型的错误属性 格值可以包括: 空(NULL ), 非空(U ULL ), 可能为空( MAYNULL )等。 本实施例中, 程序的错误检测设备可以提供用户选择错误类型的错误属性格 的界面, 并接收用户选择的错误类型的错误属性格。  Step 102: Determine an error attribute of the error type to be detected by the analysis program. The error attribute is a description of the attribute type of the error type of the program. The user can define the error type of the program according to actual needs, such as null pointer reference, unassigned value, memory leak, etc. Each error attribute can include multiple values. The error attribute value, such as the error attribute value of the error type referenced by the null pointer, can include: null (NULL), non-null (U ULL ), possibly empty ( MAYNULL ), and so on. In this embodiment, the error detecting device of the program may provide an interface for the user to select an error attribute type of the error type, and receive an error attribute of the error type selected by the user.
步骤 103 , 根据步骤 101中分析得到的程序分析信息获取待分析程序中各 个定值点的错误属性格值 , 该错误属性格值与步骤 102中确定类型的错误属性 格对应, 这里定值点是一种类型的程序点, 用于对操作变量进行定值。  Step 103: Acquire an error attribute value of each fixed value point in the to-be-analyzed program according to the program analysis information obtained in step 101, where the error attribute lattice value corresponds to the error attribute type determined in step 102, where the fixed value point is A type of program point used to set an manipulated variable.
由于步骤 101中已经获得了与每个程序点相关的完整信息, 这样确定的错 误属性格值就能综合考虑到待分析程序中的各个因素, 具体地, 程序的错误 检测设备可以先根据步骤 101中得到的程序分析信息, 来确定与定值点相关的 实参变量或全局量的错误属性格值, 然后再结合实参变量(或全局量) 与定 值点之间的关系, 并按照该关系进行错误属性格值之间的计算从而得到定值 点的错误属性格值。  Since the complete information related to each program point has been obtained in step 101, the determined error attribute value can comprehensively take into account various factors in the program to be analyzed. Specifically, the error detecting device of the program can be first according to step 101. The program analysis information obtained is used to determine the value of the actual parameter variable or the global value of the error attribute associated with the fixed point, and then combine the relationship between the actual variable (or global quantity) and the fixed point, and according to the The relationship is calculated between the error attribute values to get the error attribute value of the fixed point.
例如, 当错误属性格的类型为空指针引用, 在图 2中所示的程序中, 由于 定值点 7 (即程序点 7处) 的读副作用的信息为: μ ( q ) {x, y} , 与定值参数 q相关的实参变量为 x和 y , 然后根据第 3行到第 6行的语句可知定值点 q的值为 X 或 y, 其中 X和 y的错误属性格值可以为 NULL, UNNULL, 或 MAYNULL, 则 定值点 q的错误属性格值即为 NULL, UNNULL, 或 MAYNULL。  For example, when the type of the error attribute is a null pointer reference, in the program shown in Figure 2, the information on the read side effect of the fixed point 7 (ie, at program point 7) is: μ ( q ) {x, y } , the actual parameter variables associated with the fixed parameter q are x and y. Then, according to the statements in lines 3 to 6, the value of the fixed point q is X or y, where the error attribute values of X and y can be For NULL, UNNULL, or MAYNULL, the error attribute value of the fixed point q is NULL, UNNULL, or MAYNULL.
步骤 104, 对待分析程序中错误属性格值具有危险属性的定值点对应的引 用点进行错误提示。 步骤 103中得到了多个定值点的错误属性格值, 这些错误 属性格值是否危险的属性不同, 比如 NULL的属性为必定危险, UNNULL的属 性为安全, MAYNULL的属性为可能危险, 本实施例中程序的错误检测设备 可以对必定危险和可能危险的错误属性格值对应定值点对应的其它程序点比 如引用点进行错误提示, 且可以将必定危险和可能危险的两种定值点对应的 引用点的错误提示不同, 这样用户可以根据错误提示对待分析程序进行重新 修正等操作。 其中引用点是指定值点处定值操作变量所引用的实参变量或全 局量的程序点, 即操作变量的使用点, 可以用来检查对于操作变量的定值是 否危险。 Step 104: Perform an error prompt on the reference point corresponding to the fixed value point of the fault attribute value in the analysis program with the dangerous attribute. In step 103, the error attribute values of the plurality of fixed value points are obtained. The attributes of the error attribute values are different. For example, the attribute of NULL is mandatory, the attribute of UNNULL is safe, and the attribute of MAYNULL is dangerous. In the example, the error detection device of the program can make an error indication for the other dangerous points corresponding to the fixed value points, such as the reference points, for the dangerous and potentially dangerous error attribute values, and can correspond to the two fixed points of the necessary danger and the possible danger. The error point of the reference point is different, so that the user can re-analyze the analysis program according to the error prompt. Correct the operation. The reference point is the point of the actual parameter or the global quantity referenced by the fixed value operation variable at the specified value point, that is, the use point of the operation variable, which can be used to check whether the fixed value of the operation variable is dangerous.
需要说明的是, 上述步骤 102和 101之间并没有绝对的顺序关系, 可以同 时执行, 也可以顺序执行, 图 1中所示的只是其中一种具体的实现方法。  It should be noted that there is no absolute order relationship between the above steps 102 and 101, and they may be executed simultaneously or sequentially. The specific implementation method shown in FIG. 1 is only one of the specific implementation methods.
可见, 本实施例的方法中, 程序的错误检测设备会对待分析程序进行分 析得到程序分析信息, 并根据程序分析信息获取待分析程序中各个定值点的 错误属性格值, 并对待分析程序中错误属性格值具有危险属性的定值点对应 的引用点进行错误提示。 主要是将对程序错误的检测变换为错误属性格值的 计算, 简化了错误检测的过程, 从而提高了程序的错误检测效率; 且由于在 计算错误属性格值是根据程序点的程序分析信息来计算的 , 而在得到程序分 析信息时程序的错误检测设备可以考虑到待分析程序的多种敏感性, 得到每 个程序点的完整信息, 使得得到的错误属性格值也比较准确, 提高了对待分 析程序的错误检测精度。  It can be seen that, in the method of the embodiment, the error detecting device of the program analyzes the analysis program to obtain the program analysis information, and obtains the error attribute value of each fixed value point in the program to be analyzed according to the program analysis information, and treats the analysis program in the analysis program. The error attribute value has a reference point corresponding to the fixed value point of the dangerous attribute for error indication. It mainly converts the detection of program errors into the calculation of the error attribute value, which simplifies the process of error detection, thereby improving the error detection efficiency of the program; and because the calculation error attribute value is based on the program analysis information of the program point. Calculated, and when the program analysis information is obtained, the error detection device of the program can take into account the various sensitivities of the program to be analyzed, obtain complete information of each program point, and make the obtained error attribute value more accurate, and improve the treatment. Analyze the error detection accuracy of the program.
在一个具体的实施例中, 为了进一步地提高程序的错误检测精度和速度, 程序的错误检测设备在执行上述步骤 101中的分析时, 可以通过如下的步骤来 实现, 流程图如图 3所示, 包括:  In a specific embodiment, in order to further improve the error detection accuracy and speed of the program, the error detecting device of the program may be implemented by performing the following steps in the analysis in the above step 101. The flowchart is as shown in FIG. , including:
A1 : 将待分析程序刻画为静态单赋值( Static Single Assignment, SSA ) 的形式。  A1 : Characterize the program to be analyzed as a Static Single Assignment (SSA).
SSA的形式中,将同一操作变量的不同定值视为不同的变量,可以保证待 分析程序中每一个操作变量引用只有唯一的变量定值到达,也就说 SSA可以表 示定值引用关系的基础上通过引入不同的变量名来区分同一个操作变量在不 同程序点的定值, 这样能够区分源程序中同一操作变量在不同程序点的定值 情况, 从而达到流敏感的程序分析效果。 例如, 当操作变量 q第一次定值时视 为 ql , 在第二次定值时视为 q2, 以此类推。  In the form of SSA, different values of the same manipulated variable are treated as different variables, which can ensure that each operating variable reference in the program to be analyzed has only a unique variable value, that is, the SSA can represent the basis of the fixed value reference relationship. By introducing different variable names to distinguish the fixed values of the same operating variable at different program points, it is possible to distinguish the fixed value of the same operating variable in the source program at different program points, so as to achieve the flow-sensitive program analysis effect. For example, when the manipulated variable q is first fixed, it is treated as ql, the second fixed value is treated as q2, and so on.
B 1: 确定 S S A形式的待分析程序中解引用的程序点的读副作用和 /或写副 作用的信息, 其中, 解引用可以用 *p来表示, 是用来取指针指向地址的内容, 而读副作用的信息是指解引用的程序点处需要读取的待分析程序中的元素信 息, 写副作用是的信息指解引用的程序点处需要写入的待分析程序中的元素 信息。 一般情况下, 具有写副作用信息的程序点都是程序中的调用点, 需要 通过调用其它的被调函数为定值参数来定值, 而具有读副作用信息的程序点 都是程序中直接引用实参变量或全局量等为定值参数来定值。 这样在确定读 / 写副作用的过程中, 需要对一个程序点进行上下文敏感分析, 分析影响该程 序点的上下文的其它信息。 B 1: Determine the read side effect and/or write side effect information of the dereferenced program point in the SSA form to be analyzed, wherein the dereference can be represented by *p, which is used to take the pointer to the content of the address, and read The side effect information refers to the element information in the program to be analyzed that needs to be read at the dereferenced program point, and the information written by the side point is the element in the program to be analyzed that needs to be written at the program point of the reference program. Information. In general, program points with information about writing side effects are call points in the program, and need to be set by calling other called functions as fixed value parameters. Program points with read side effect information are directly referenced in the program. The parameter or global quantity is set as a fixed value parameter. Thus, in determining the side effects of read/write, a context sensitive analysis of a program point is required to analyze other information that affects the context of the program point.
需要说明的是, 在对待分析程序进行分析的过程中, 程序的错误检测设 备还可以将静态单赋值形式的待分析程序刻画为多个元素集合, 元素集合是 指组成待分析程序的各个元素的集合, 主要中可以包括操作变量集合、 函数 集合、 表达式集合和语句集合, 其中表达式集合包括直接变量操作、 运算表 达式和函数表达式等, 语句集合包括分支语句、 跳转语句和赋值语句等。  It should be noted that, in the process of analyzing the program to be analyzed, the error detecting device of the program may also describe the program to be analyzed in the form of static single assignment as a set of multiple elements, and the set of elements refers to the elements constituting the program to be analyzed. A collection, which may include an operation variable set, a function set, an expression set, and a statement set, wherein the expression set includes a direct variable operation, an operation expression, and a function expression, and the statement set includes a branch statement, a jump statement, and an assignment statement. Wait.
例如图 2所示的程序中, 将程序刻画为 SSA的形式后, 第 4行和第 6行的定 值操作为 ql和 q2; 对程序刻画得到操作变量集合 {ql , q2, *q}, 语句集合为 {if ( *x>*y ), else} , 函数集合为 {ql=x, q2=y}; 其中解引用 *q的程序点的读 副作用的信息为: μ ( q ) {x, y}。  For example, in the program shown in FIG. 2, after the program is depicted as the SSA form, the fixed operations of the 4th line and the 6th line are ql and q2; the program variable is obtained by the program variable {ql, q2, *q}, The set of statements is {if ( *x>*y ), else} , and the set of functions is {ql=x, q2=y}; where the information about the read side of the program point dereferencing *q is: μ ( q ) {x , y}.
在另一个具体的实施例中, 程序的错误检测设备在执行上述步骤 103中获 取错误属性格值时, 可以具体根据待分析程序的实际情况来获取, 具体可以 包括如下几种情况:  In another specific embodiment, the error detection device of the program may obtain the value of the error attribute in the step 103, and may be obtained according to the actual situation of the program to be analyzed, and may specifically include the following situations:
( 1 )待分析程序中包括第一定值点, 该第一定值点未调用函数, 参考图 4所示, 程序的错误检测设备可以按照如下步骤来实现错误属性格值的计算: (1) The program to be analyzed includes a first fixed value point, and the first fixed value point does not call the function. Referring to FIG. 4, the error detecting device of the program can implement the calculation of the error attribute value according to the following steps:
A2:在步骤 102得到的各个程序点的程序分析信息中获取影响第一定值点 的元素集合,具体地, 由于在步骤 101中已经得到每个程序点的程序分析信息, 这样程序的错误检测设备即可在程序分析信息中找出能影响第一定值点的元 素集合, 本实施例中可以定义函数 Frelate用于在错误属性格与待分析程序中的 元素集合之间建立关联, 即找出待分析程序中哪些元素与第一定值点的错误 属性格值的计算有关联。 A2: Obtaining a set of elements affecting the first fixed point in the program analysis information of each program point obtained in step 102. Specifically, since the program analysis information of each program point has been obtained in step 101, error detection of the program is performed. The device can find a set of elements in the program analysis information that can affect the first fixed point. In this embodiment, the function F relat can be defined to establish an association between the error attribute and the set of elements in the program to be analyzed, that is, Find out which elements in the program to be analyzed are associated with the calculation of the incorrect attribute value of the first fixed point.
B2: 根据待分析程序中第一定值点的元素集合确定第一定值点的错误属 性格值。  B2: Determine the error attribute value of the first fixed point according to the set of elements of the first fixed point in the program to be analyzed.
具体地, 程序的错误检测设备可以先确定与第一定值点相关的实参变量 或全局量的错误属性格值; 然后再结合实参变量(或全局量) 与定值点之间 的关系, 从而通过错误属性格值之间的计算得到第一定值点的错误属性格值。 本实施例中在执行该步骤时, 可以定义函数 Fmeet (交运算 )和 F n (并运算 ) 来进行错误属性格值之间的计算; 且定义格值映射函数 Fato来确定待分析程序 中各种变量的错误属性格值。 Specifically, the error detecting device of the program may first determine an actual attribute variable or a global quantity of the incorrect attribute value associated with the first fixed point; and then combine the actual variable (or global quantity) with the fixed point The relationship, and thus the error attribute value of the first fixed point is obtained by calculation between the incorrect attribute values. In this embodiment, when performing this step, the functions F meet and F n (the parallel operation) may be defined to perform calculation between the error attribute values; and the lattice value mapping function F ato is defined to determine the program to be analyzed. The error attribute value of the various variables in the variable.
( 2 )待分析程序中包括第一定值点, 还包括第二定值点, 其中第二定值 点调用函数, 在第二定值点处包括主调函数和被调函数。 参考图 5所示, 程序 的错误检测设备可以按照上述步骤 A2到 B2获取第一定值点的错误属性格值, 而按照如下步骤来获取第二定值点的错误属性格值:  (2) The program to be analyzed includes a first fixed value point, and a second fixed value point, wherein the second fixed value point calls a function, and the second fixed value point includes a main adjustment function and a adjusted function. Referring to FIG. 5, the error detecting device of the program can obtain the error attribute value of the first fixed point according to the above steps A2 to B2, and obtain the error attribute value of the second fixed point according to the following steps:
A3 : 将第二定值点处被调函数的引用输入(记为 Use— In ) 的第一错误属 性格值确定为: 第二定值点处主调函数中实参变量或全局量的错误属性格值。 可以记为 Map ( Actual— In(cs), Use— In ), 其中 Map表示错误属性格值的映射, cs表示调用点, Actual— In(cs)表示在调用点 cs处被调用的函数 feseallee的实参变量 或全局量。 具体地, 程序的错误检测设备可以根据第二定值点处的写副作用 的信息, 得到主调函数中实参变量或全局量, 进而得到第一错误属性格值。 A3: The first error attribute value of the reference input of the called function at the second fixed value (denoted as Use_In) is determined as: The error of the actual parameter or the global quantity in the main adjustment function at the second fixed point Attribute value. It can be written as Map (Actually—In(cs), Use— In ), where Map represents the mapping of the wrong attribute value, cs represents the call point, and Actual—In(cs) represents the function f es called at the call point cs — The actual or global amount of eallee . Specifically, the error detecting device of the program may obtain an actual parameter variable or a global quantity in the calling function according to the information of the writing side effect at the second fixed value point, thereby obtaining the first error attribute value.
B3 : 根据第一错误属性格值计算被调函数对应的定值输出点 (记为 Def Out ) 的第二错误属性格值。 可以记为 intra— compute ( fcs canee, ActualIn_VAL(cs)) , 其中, intra— compute表示过程内的错误属性格值的计算, Actualln— VAIXcs)表示在调用点 cs处被调用层函数 feseallee的错误属性格值。 B3: Calculate the second error attribute value of the fixed value output point (denoted as Def Out) corresponding to the called function according to the first error attribute value. It can be recorded as intra-compute ( f cs ca n ee , ActualIn_V AL (cs)) , where intra-compute represents the calculation of the error attribute value in the process, Actualln_V AI Xcs) is called at the call point cs The layer function f es — the error attribute value of eallee .
程序的错误检测设备在计算第二错误属性格值时, 具体可以按照如下步 骤 B31到 B33来实现:  When the error detection device of the program calculates the second error attribute value, it can be implemented according to the following steps B31 to B33:
B31 : 确定被调函数的摘要, 在摘要中包括引用输入的第一错误属性格值 与被调函数之间的关系, 具体地可以是第一错误属性格值与被调函数中各个 操作变量的错误属性格值之间的关系信息; 摘要中还包括第二错误属性格值 受到被调函数影响的信息, 具体地可以是第二错误属性格值与被调函数中各 个操作变量的错误属性格值之间的关系信息。 在确定摘要时, 程序的错误检 测设备可以在上述步骤 101中得到的程序分析信息中查找得到。  B31: determining a summary of the called function, and including, in the summary, a relationship between the first error attribute value of the reference input and the called function, specifically, the first error attribute value and each operation variable in the called function The relationship information between the error attribute values; the summary further includes information that the second error attribute value is affected by the called function, and specifically may be the second error attribute value and the error attribute of each operation variable in the called function Relationship information between values. When determining the digest, the error detecting device of the program can be found in the program analysis information obtained in the above step 101.
B32:如果根据摘要第二错误属性格值未受引用输入的第一错误属性格值 的影响, 则可以直接根据第二错误属性格值受到被调函数影响的信息计算得 到第二错误属性格值, 即通过被调函数中各个操作变量的错误属性格值的计 算得到第二错误属性格值。 B32: If the second error attribute value is not affected by the first error attribute value of the reference input, the second error attribute value may be directly calculated according to the information that the second error attribute value is affected by the adjusted function. , that is, the value of the error attribute value of each operation variable in the called function Calculate the second error attribute value.
B33: 如果第二错误属性格值受到引用输入的第一错误属性格值的影响 , 则可以会根据 )用输入的第一错误属性格值与被调函数之间的关系计算得到 第二错误属性格值, 即通过引用输出的第一错误属性格值与被调函数中其它 各个操作变量的错误属性格值的计算得到第二错误属性格值。  B33: If the second error attribute value is affected by the first error attribute value of the reference input, the second error attribute may be calculated according to the relationship between the input first error attribute value and the called function. The lattice value, that is, the second error attribute value obtained by referring to the first error attribute value of the output and the error attribute value of each of the other operation variables in the called function.
C3: 将第二错误属性格值作为主调函数对应的第二定值点的错误属性格 值。记为 Map(ActualOut— VAL (cs), Actual— Out(cs)) ,其中 ActualOut— VAL (cs)表 示在调用点 cs处被调用函数传出的错误属性格值, Actual— Out(cs)表示在调用 点 cs处被调用函数 feseallee的定值输出值。 C3: The second error attribute value is used as the error attribute value of the second fixed point corresponding to the main function. Recorded as Map (ActualOut - V AL (cs), Actual - Out (cs)), where ActualOut - V AL (cs) represents the value of the error attribute passed by the calling function at the call point cs, Actual_Out(cs ) indicates that the fixed value output value of the function f eseallee is called at the call point cs.
例如图 6所示, 将主调函数中实参变量的错误属性格值传到该主调函数所 调用的被调函数的引用输入处, 并根据摘要中关于该被调函数的定值点的部 分来计算被调函数中定值输出点的错误属性格值, 或直接根据被调函数中各 个相关的操作变量和语句来计算被调函数中定值输出点的错误属性格值, 并 将计算得到的错误属性格值传出作为主调函数对应的第二定值点的错误属性 格值。  For example, as shown in FIG. 6, the error attribute value of the argument variable in the main function is passed to the reference input of the called function called by the main function, and according to the summary point of the digest function of the called function. Partially calculate the error attribute value of the fixed value output point in the called function, or directly calculate the error attribute value of the fixed value output point in the called function according to each relevant operation variable and statement in the called function, and calculate The obtained error attribute value is the error attribute value of the second fixed point corresponding to the main function.
( 3 )待分析程序中包括第二定值点时, 程序的错误检测设备具体可以按 照上述步骤 A3到 C3来获取第二定值点的错误属性格值, 在此不进行赘述。 以下以一个具体的实施例来说明本发明实施例中所述的程序的错误检测 方法, 本实施例中确定的错误类型为空指针引用, 该错误类型的错误属性格 下的错误属性格值包括 NULL, U ULL, 和 MAYNULL, 待分析程序如图 7 所示, 则程序的错误检测设备可以按照如下的步骤对如图 7所示的待分析程序 进行分析:  (3) When the second set point is included in the program to be analyzed, the error detecting device of the program may obtain the error attribute value of the second fixed point according to the above steps A3 to C3, and details are not described herein. The error detection method of the program described in the embodiment of the present invention is described below with reference to a specific embodiment. The error type determined in this embodiment is a null pointer reference, and the error attribute value under the error attribute of the error type includes NULL. , U ULL, and MAYNULL, the program to be analyzed is shown in Figure 7, the error detection device of the program can analyze the program to be analyzed as shown in Figure 7 as follows:
( 1 )对待分析程序进行程序分析  (1) Program analysis of the analysis program
可以按照上述步骤 A1到 C1 , 将待分析程序刻画为 SSA的形式, 其中操作 变量有 ql、 q2及 pi到 p5,经过分析得到程序点 7处的读副作用的信息为: μ ( q ) {x, y} ; 假设程序点 16处 malloc函数分配的内存空间为 mem, 则程序点 18处的 写副作用的信息为: X ( p4 ) {a, b} ;程序点 20处的写副作用的信息为: x ( p5 ) {NULL, b} ; 程序点 21处的读副作用的信息为: μ ( *p ) {NULL, a, *mem, b}, 程序点 23处的读副作用的信息为: μ ( *p ) {NULL, a, *mem, b}。 可见, 一般情况下, 具有写副作用信息的程序点处都是程序的调用点, 而具有读副作用信息的程序点都未调用函数的程序点。 According to the above steps A1 to C1, the program to be analyzed can be described as SSA, wherein the operation variables are ql, q2 and pi to p5, and the information of the read side effect at the program point 7 is analyzed as follows: μ ( q ) {x , y} ; Assume that the memory space allocated by the malloc function at program point 16 is mem, then the information of the write side effect at program point 18 is: X ( p4 ) {a, b} ; the information of the write side effect at program point 20 is : x ( p5 ) {NULL, b} ; The information for the read side effect at program point 21 is: μ ( *p ) {NULL, a, *mem, b}, the information for the read side effect at program point 23 is: μ ( *p ) {NULL, a, *mem, b}. It can be seen that, in general, the program point with the information for writing side effects is the calling point of the program, and the program point with the information for reading the side effect does not call the program point of the function.
( 2 )计算确定的错误属性格(即空指针引用)对应的错误属性格值 首先, 由于程序点 18、 20和 25处是程序的调用点, 则确定与这些调用点 相关的摘要, 得到程序点 18和 20即 boo函数处的引用输入为 X和 y , 定值输出参 数为 q, 引用输入的错误属性格值会影响到定值输出参数的错误属性格值; 而 程序点 25即 foo函数处没有引用输出和定值输出参数, 摘要为空。  (2) Calculate the error attribute value corresponding to the determined error attribute (ie, the null pointer reference) First, since the program points 18, 20, and 25 are the call points of the program, determine the summary associated with the call points, and obtain the program. Point 18 and 20, that is, the reference input at the boo function is X and y, and the fixed value output parameter is q. The error attribute value of the reference input affects the error attribute value of the fixed value output parameter; and the program point 25 is the foo function. There are no reference output and fixed value output parameters, and the summary is empty.
然后,计算程序中包括的第二定值点的错误属性格值,具体如下表 1所示, 将调用点处主调函数的实参变量的错误属性格值作为被调函数 boo中引用输 入的错误属性格值, 然后再根据该被调函数 boo引用输入的摘要得到第二定值 点的错误属性格值。 其中 913111为*9的值, 是通过操作变量 ql和 q2的错误属性格 值的交或并运算得到, 且在确定主调函数的实参变量的错误属性格值时可以 才艮据对应程序点处的写副作用的信息得到。 Then, the error attribute value of the second fixed value included in the program is calculated, as shown in Table 1 below, and the error attribute value of the actual parameter variable of the calling function at the calling point is used as the reference input of the called function boo. The error attribute value, and then the error attribute value of the second fixed point is obtained according to the digest of the input function boo reference. Where 9 13111 is the value of *9, which is obtained by the intersection or parallel operation of the error attribute values of the operation variables ql and q2, and can be used according to the corresponding program when determining the error attribute value of the actual parameter variable of the main function. Information on the side effects of writing is obtained.
表 1 第二定值点的错误属性格值  Table 1 Error attribute value of the second fixed point
Figure imgf000014_0001
Figure imgf000014_0001
计算程序中所包括的各个定值点 (包括第一定值点和第二定值点) 的错 误属性格值, 具体如下表 2所示, 将调用点处主调函数的实参变量的错误属性 格值作为被调函数 boo中引用输入的错误属性格值, 然后再根据该被调函数 boo引用输入的摘要得到第二定值点的错误属性格值。  Calculate the error attribute value of each fixed value point (including the first fixed value point and the second fixed value point) included in the program, as shown in Table 2 below, and the error of the actual parameter variable of the calling key function at the calling point The attribute value is used as the error attribute value of the reference input in the boo of the called function, and then the error attribute value of the second fixed point is obtained according to the digest of the input function boo.
程序中各定值点的错误属性格值
Figure imgf000014_0002
i 10 NULL 危险Error attribute value of each fixed point in the program
Figure imgf000014_0002
i 10 NULL Danger
2 14 U ULL 不危险 2 14 U ULL not dangerous
3 16 MAYNULL 可能危险 p4 18 UNNULL 不危险 3 16 MAYNULL Potential danger p4 18 UNNULL Not dangerous
5 20 MAYNULL 可能危险  5 20 MAYNULL May be dangerous
Pphi 21 MAYNULL 可能危险 Pphi 21 MAYNULL May be dangerous
Pphi 23 UNNULL 不危险 需要说明的是, 对于第 21行及第 23行的 *p而言, 根据这两个程序点处的 写副作用的信息, 第 21行的定值点可能会空指针引用错误; 而结合与该第 23 行的程序点相关的语句, 即第 22行的语句, 第 23行的定值点处不会出现不存 在空指针引用错误, 主要是由于第 22行的程序点是属于特殊控制流 (即非 p时 返回值), 会将 p的错误属性格值更新为安全, 因为当 p具有不安全的错误属性 格值时, 将会直接返回, 这样第 23行的定值点处就不会发生空指针引用错误。 Pphi 23 UNNULL Not dangerous. It should be noted that for the 21st and 23rd lines of *p, according to the information of the write side effects at the two program points, the fixed value of the 21st line may have a null pointer reference error. ; and the statement associated with the program point of the 23rd line, that is, the statement of the 22nd line, there is no null pointer reference error at the fixed point of the 23rd line, mainly because the program point of the 22nd line is Belongs to the special control flow (that is, the return value when not p), it will update the error attribute value of p to be safe, because when p has an unsafe error attribute value, it will return directly, so the value of the 23rd line A null pointer reference error will not occur at the point.
( 3 )错误提示  (3) Error message
根据上述表 2所示, 待分析程序中程序点 10的错误属性格值危险, 可以对 程序点 10处进行危险的提示, 而程序点 16、 20和 21处的错误属性格值可能危 险, 也可以对程序点 16, 及程序点 20对应的引用点 11 , 及程序点 21对应的引 用点 11进行可能危险的提示。  According to the above Table 2, the error attribute value of the program point 10 in the program to be analyzed is dangerous, and the dangerous point can be indicated at the program point 10, and the error attribute value at the program points 16, 20 and 21 may be dangerous, The program point 16 and the reference point 11 corresponding to the program point 20 and the reference point 11 corresponding to the program point 21 can be prompted for danger.
上述的程序的错误检测方法是针对空指针引用的错误类型进行的检测, 在实际应用中还有其它的错误类型, 比如未赋值或内存泄漏等对应的程序的 错误检测方法与上述空指针引用的错误检测方法类似, 在此不进行赘述。 其 中内存泄漏是指在一个程序点处分配一段内存, 但是在程序结束时未回收这 段内存。 本发明实施例还提供一种程序的错误检测设备, 其中各个单元之间可以 按照上述实施例中的方法对待分析程序进行错误检测, 其结构示意图如图 8所 示, 包括:  The error detection method of the above program is to detect the error type of the null pointer reference, and there are other error types in the actual application, such as the error detection method of the corresponding program such as unassigned or memory leak and the reference of the above null pointer. The error detection method is similar and will not be described here. A memory leak is a memory allocated at a program point, but it is not reclaimed at the end of the program. The embodiment of the present invention further provides a program error detecting device, wherein each unit can perform error detection according to the method in the above embodiment, and the structure of the device is shown in FIG.
程序分析单元 10, 用于对待分析程序进行分析得到所述待分析程序中每 个程序点的程序分析信息; 所述程序分析信息是指在所述待分析程序中与所 述程序点相关的信息。 The program analyzing unit 10 is configured to analyze the program to be analyzed to obtain program analysis information of each program point in the program to be analyzed; the program analysis information refers to the program in the program to be analyzed. Describe the information related to the program point.
属性格确定单元 11 , 用于确定对所述待分析程序进行检测的错误类型的 错误属性格。  The attribute determining unit 11 is configured to determine an error attribute of the error type for detecting the program to be analyzed.
格值计算与传播单元 12 , 用于根据所述程序分析单元 10得到的程序分析 信息获取所述待分析程序中各个定值点的错误属性格值, 该错误属性格值与 所述属性格确定单元 11确定的错误属性格对应。 格值计算与传播单元 12可以 先根据程序分析单元 10得到的程序分析信息, 来确定与定值点相关的实参变 量或全局量的错误属性格值, 然后再结合实参变量(或全局量) 与定值点之 间的关系, 并按照该关系进行错误属性格值之间的计算从而得到定值点的错 误属性格值。  The value calculation and propagation unit 12 is configured to acquire, according to the program analysis information obtained by the program analysis unit 10, an error attribute value of each fixed value point in the to-be-analyzed program, and the error attribute value and the attribute lattice are determined. The error attribute determined by unit 11 corresponds. The lattice value calculation and propagation unit 12 may first determine the error attribute value of the actual parameter variable or the global quantity associated with the fixed value point according to the program analysis information obtained by the program analysis unit 10, and then combine the actual parameter variable (or the global quantity). ) and the relationship between the fixed point, and the calculation between the error attribute values according to the relationship to obtain the error attribute value of the fixed point.
错误提示单元 13 , 用于根据所述格值计算与传播单元 12获取的错误属性 格值, 对所述待分析程序中所述错误属性格值具有危险属性的定值点对应的 引用点比如引用点进行错误提示。  The error prompting unit 13 is configured to calculate, according to the lattice value, an error attribute value obtained by the propagation unit 12, and a reference point corresponding to a fixed value point having a dangerous attribute in the error attribute value in the to-be-analyzed program, for example, a reference Click the error message.
本实施例的设备中, 格值计算与传播单元 12根据程序分析单元 10对待分 析程序分析得到的程序分析信息, 获取待分析程序中各个定值点的错误属性 格值, 并由错误提示单元 13对待分析程序中错误属性格值具有危险属性的定 值点对应的引用点处进行错误提示。 主要是将对程序错误的检测变换为错误 属性格值的计算, 简化了错误检测的过程, 可以提高程序的错误检测效率; 且由于在计算错误属性格值时根据程序点的程序分析信息来计算的, 而在得 到程序分析信息时程序分析单元 10可以考虑到待分析程序的多种敏感性, 得 到每个程序点的完整信息, 使得得到的错误属性格值也比较准确, 提高了对 待分析程序的错误检测精度。  In the device of this embodiment, the lattice value calculation and propagation unit 12 obtains the error analysis grid value of each fixed value point in the program to be analyzed according to the program analysis information analyzed by the program analysis unit 10 to be analyzed by the program analysis unit, and is provided by the error prompting unit 13 An error message is given at the reference point corresponding to the fixed value point of the error attribute value in the analysis program that has a dangerous attribute. It mainly converts the detection of program errors into the calculation of the error attribute value, which simplifies the process of error detection, can improve the error detection efficiency of the program; and is calculated according to the program analysis information of the program point when calculating the error attribute value. When the program analysis information is obtained, the program analysis unit 10 can take into account various sensitivities of the program to be analyzed, obtain complete information of each program point, and make the obtained error attribute value more accurate, and improve the program to be analyzed. Error detection accuracy.
参考图 9所示, 在一个具体的实施例中, 程序的错误检测设备除了可以包 括如图 8所示的结构外, 其中的程序分析单元 10具体可以通过刻画单元 110和 副作用信息确定单元 120来实现获取程序点的部分程序分析信息即读副作用 和 /或写副作用的信息, 其中:  Referring to FIG. 9, in a specific embodiment, the error detecting device of the program may include the structure shown in FIG. 8, wherein the program analyzing unit 10 may specifically be configured by the characterization unit 110 and the side effect information determining unit 120. Part of the program analysis information to obtain the program point is information on side effects and/or side effects of reading, wherein:
刻画单元 110 , 用于将所述待分析程序刻画为静态单赋值 SSA的形式; 副作用信息确定单元 120,用于确定所述刻画单元 110刻画的 SSA形式的待 分析程序中解引用的程序点的读副作用和 /或写副作用的信息, 所述读副作用 的信息是指所述解引用的程序点处需要读取的所述待分析程序中的元素信 息, 所述写副作用的信息是所述解引用的程序点处需要写入的所述待分析程 序中的元素信息。 这样格值计算与传播单元 12会根据副作用信息确定单元 120 确定的读 /写副作用的信息来确定各个定值点的错误属性格值。 a characterization unit 110, configured to describe the program to be analyzed as a static single-assignment SSA; the side-effect information determining unit 120 is configured to determine a program point dereferenced in the SSA-formed program to be analyzed by the characterization unit 110 Reading side effects and/or writing side effects, the read side effects The information refers to the element information in the program to be analyzed that needs to be read at the dereferenced program point, and the information of the write side effect is the program to be analyzed that needs to be written at the dereferenced program point. Elemental information in . Thus, the trellis calculation and propagation unit 12 determines the error attribute value of each of the fixed points based on the information of the read/write side effects determined by the side effect information determining unit 120.
进一步地, 程序分析单元 10所包括的刻画单元 110 , 还可以将静态单赋值 形式的待分析程序刻画为多个元素集合, 所述元素集合中包括操作变量集合、 函数集合、 表达式集合和语句集合等。  Further, the characterization unit 110 included in the program analysis unit 10 may further describe the program to be analyzed in a static single assignment form as a set of multiple elements, where the set of elements includes an operation variable set, a function set, an expression set, and a statement. Collections, etc.
参考图 10所示, 在一个具体的实施例中, 程序的错误检测设备除了可以 包括如图 8所示的结构外, 其中如果待分析程序中只包括第一定值点, 该第一 定值点未调用函数, 则格值计算与传播单元 12可以通过元素集合获取单元 120 和第一格值确定单元 121来实现; 如果待分析程序中还包括第二定值点, 该第 二定值点调用函数, 则格值计算与传播单元 12还可以包括引用格值确定单元 122、 第二格值计算单元 123和输出格值确定单元 124, 其中:  Referring to FIG. 10, in a specific embodiment, the error detecting device of the program may include a structure as shown in FIG. 8, wherein the first setting value is included if the program to be analyzed includes only the first fixed value. If the function is not called, the trellis calculation and propagation unit 12 can be implemented by the element set obtaining unit 120 and the first trellis determining unit 121; if the program to be analyzed further includes a second fixed point, the second fixed point Calling the function, the lattice value calculation and propagation unit 12 may further include a reference lattice value determining unit 122, a second lattice value calculating unit 123, and an output lattice value determining unit 124, where:
元素集合获取单元 120 , 用于在所述程序分析单元 10分析得到的程序点的 程序分析信息中获取影响所述第一定值点的元素集合。  The element set obtaining unit 120 is configured to obtain, in the program analysis information of the program point analyzed by the program analyzing unit 10, a set of elements that affect the first fixed point.
第一格值确定单元 121 , 用于根据所述元素集合获取单元 120获取的待分 析程序中第一定值点的元素集合确定所述第一定值点的错误属性格值。 这样 错误单元 13即可根据第一格值确定单元 121确定的第一定值点的错误属性格 值来进行程序的错误提示。  The first trellis value determining unit 121 is configured to determine an error attribute cell value of the first fixed value point according to the element set of the first fixed value point in the to-be-analyzed program acquired by the element set obtaining unit 120. Thus, the error unit 13 can perform an error indication of the program according to the error attribute value of the first fixed point determined by the first value determining unit 121.
具体地, 第一格值确定单元 121可以先确定与第一定值点相关的实参变量 或全局量的错误属性格值; 然后再结合实参变量(或全局量) 与第一定值点 之间的关系, 并按照该关系进行错误属性格值之间的计算从而通过错误属性 格值之间的计算得到第一定值点的错误属性格值。  Specifically, the first trellis value determining unit 121 may first determine an actual attribute variable or a global quantity error attribute value associated with the first fixed value point; and then combine the actual parameter variable (or global quantity) with the first fixed value point. The relationship between the error attribute values is calculated according to the relationship, and the error attribute value of the first fixed point is obtained by calculation between the incorrect attribute values.
引用格值确定单元 122 , 用于将所述第二定值点处被调函数的引用输入的 第一错误属性格值确定为: 所述第二定值点处主调函数中实参变量或全局量 的错误属性格值。 引用格值确定单元 122可以根据程序分析单元 10分析得到的 该主调函数对应的第二定值点处的写副作用的信息, 得到主调函数中实参变 量或全局量, 进而得到第一错误属性格值。  a reference lattice value determining unit 122, configured to determine a first error attribute value of the reference input of the called function at the second fixed value point as: an actual parameter variable in the main adjustment function at the second fixed value point or The global attribute's error attribute value. The reference lattice value determining unit 122 may analyze the obtained information of the write side effect at the second fixed value point corresponding to the main key function according to the program analyzing unit 10, and obtain an actual parameter variable or a global quantity in the main tuning function, thereby obtaining the first error. Attribute value.
第二格值计算单元 123 , 用于根据所述引用格值确定单元 122确定的引用 输入的第一错误属性格值, 计算所述被调函数对应的定值输出点的第二错误 属性格值。 a second trellis value calculation unit 123, configured to use the reference determined by the reference trellis value determining unit 122 Entering a first error attribute value, and calculating a second error attribute value of the fixed value output point corresponding to the called function.
第二格值计算单元 123在计算第二错误属性格值时, 可以通过摘要确定单 元 1230、 第一计算单元 1231和第二计算单元 1232来实现, 其中:  The second trellis value calculation unit 123, when calculating the second error attribute value, may be implemented by the digest determination unit 1230, the first calculation unit 1231, and the second calculation unit 1232, where:
摘要确定单元 1230用于确定所述被调函数的摘要, 摘要中包括所述引用 格值确定单元 122确定的引用输入的第一错误属性格值与所述被调函数之间 的关系, 具体地可以是第一错误属性格值与被调函数中各个操作变量的错误 属性格值之间的关系信息; 及所述第二错误属性格值受到所述被调函数影响 的信息, 具体地可以是第二错误属性格值与被调函数中各个操作变量的错误 属性格值之间的关系信息。 如果所述摘要确定单元 1230确定的摘要中指示所 述第二错误属性格值未受引用输入的第一错误属性格值的影响, 则第一计算 单元 1231可以直接根据第二错误属性格值受到所述被调函数影响的信息计算 得到第二错误属性格值; 如果所述摘要确定单元 1230确定的摘要中指示所述 第二错误属性格值受到引用输入的第一错误属性格值的影响, 则第二计算单 元 1232会根据引用输入的第一错误属性格值与所述被调函数之间的关系计算 计算得到第二错误属性格值。  The summary determining unit 1230 is configured to determine a summary of the called function, and the summary includes a relationship between the first error attribute value of the reference input determined by the reference lattice value determining unit 122 and the called function, specifically And may be the relationship information between the first error attribute value and the error attribute value of each operation variable in the called function; and the second error attribute value is affected by the called function, specifically The relationship between the second error attribute value and the error attribute value of each operation variable in the called function. If the digest determined by the digest determining unit 1230 indicates that the second error attribute value is not affected by the first error attribute value of the reference input, the first calculating unit 1231 may directly receive the value according to the second error attribute value. The information affected by the adjusted function calculates a second error attribute value; if the digest determined by the digest determining unit 1230 indicates that the second error attribute value is affected by the first error attribute value of the reference input, Then, the second calculating unit 1232 calculates and calculates the second error attribute value according to the relationship between the first error attribute value input by the reference and the called function.
上述摘要确定单元 1230可以在程序分析单元 10分析得到的程序分析信息 中得到, 第一计算单元 1231可以按照摘要中的指示, 通过被调函数中各个操 作变量的错误属性格值的计算得到第二错误属性格值; 而第二计算单元 1232 可以按照摘要中的指示, 通过引用输出的第一错误属性格值与被调函数中其 它各个操作变量的错误属性格值的计算得到第二错误属性格值。  The above-mentioned digest determining unit 1230 can be obtained in the program analyzing information analyzed by the program analyzing unit 10, and the first calculating unit 1231 can obtain the second by calculating the error attribute value of each operation variable in the called function according to the instruction in the digest. The second attribute unit 1232 may obtain the second error attribute by calculating the first error attribute value of the output and the error attribute value of each of the other operation variables in the called function according to the indication in the digest. value.
输出格值确定单元 124 , 用于将所述第二格值计算单元 123中第一计算单 元 1231或第二计算单元 1232计算得到的第二错误属性格值作为所述主调函数 对应的第二定值点的错误属性格值。 这样错误单元 13即可根据输出格值确定 单元 124确定的第二错误属性格值来进行程序的错误提示。 本发明实施例还提供一种程序的错误检测设备, 其中各个单元之间可以 按照上述实施例中的方法对待分析程序进行错误检测, 其结构示意图如图 11 所示, 包括分别连接到总线上的存储器 20、 处理器 21、 输入装置 23和输出装 置 24, 其中: 存储器 20中用来储存从输入装置 23输入的数据, 且还可以储存处理器 21 处理数据的必要文件等信息; 输入装置 23和输出装置 24是程序的错误检测设 备与其他设备通信的端口, 还可以包括程序的错误检测设备外接的设备比如 显示器、 键盘、 鼠标和打印机等。 The output trellis value determining unit 124 is configured to use the second error attribute value calculated by the first calculating unit 1231 or the second calculating unit 1232 in the second trellis calculating unit 123 as the second corresponding to the main function The value of the error attribute of the fixed point. Thus, the error unit 13 can perform an error indication of the program according to the second error attribute value determined by the output trellis value determining unit 124. The embodiment of the present invention further provides a program error detecting device, wherein each unit can perform error detection according to the method in the above embodiment, and the structure diagram is as shown in FIG. 11 , including respectively connected to the bus. The memory 20, the processor 21, the input device 23 and the output device 24, wherein: The memory 20 is used to store data input from the input device 23, and may also store information such as necessary files for processing the data by the processor 21; the input device 23 and the output device 24 are ports for communication of the error detecting device of the program with other devices, It can include devices that are external to the error detection device of the program such as monitors, keyboards, mice, and printers.
处理器 21 , 用于对待分析程序进行分析得到所述待分析程序中每个程序 点的程序分析信息; 所述程序分析信息是指在所述待分析程序中与所述程序 点相关的信息; 确定对所述待分析程序进行检测的错误类型的错误属性格; 并根据所述程序分析信息获取所述待分析程序中各个定值点错误属性格值; 最后根据获取的错误属性格值, 对所述错误属性格值具有危险属性的定值点 对应的引用点进行错误提示。  The processor 21 is configured to analyze the program to be analyzed to obtain program analysis information of each program point in the program to be analyzed; the program analysis information refers to information related to the program point in the program to be analyzed; Determining an error attribute type of the error type detected by the program to be analyzed; and acquiring an error attribute value of each fixed point in the to-be-analyzed program according to the program analysis information; and finally, according to the acquired error attribute value, The error attribute value has a reference point corresponding to the fixed value point of the dangerous attribute for error prompting.
其中处理器 21在确定错误属性格值时, 先根据程序分析信息来确定与定 值点相关的实参变量或全局量的错误属性格值, 然后再结合实参变量(或全 局量) 与定值点之间的关系, 并按照该关系进行错误属性格值之间的计算从 而得到定值点的错误属性格值。  When the processor 21 determines the error attribute value, first determines the error attribute value of the actual parameter variable or the global quantity related to the fixed value point according to the program analysis information, and then combines the actual parameter variable (or global quantity) with The relationship between the value points, and the calculation between the error attribute values according to the relationship to obtain the error attribute value of the fixed point.
进一步地, 处理器 21在对待分析程序进行分析时, 可以进行具有敏感性 的分析, 具体可以按照如下步骤得到部分程序分析信息即读副作用和 /或写副 作用的信息, 即处理器 21先将对所述待分析程序刻画为静态单赋值 SSA的形 式; 然后确定 S S A形式的待分析程序中解引用的程序点的读副作用和 /或写副 作用的信息, 所述读副作用的信息是指所述解引用的程序点处需要读取的所 述待分析程序中的元素信息, 所述写副作用的信息是所述解引用的程序点处 需要写入的所述待分析程序中的元素信息。 这样处理器 21会根据确定的读 /写 副作用的信息来确定各个定值点的错误属性格值。 进一步地, 处理器 21在进 行程序分析的过程中, 还可以将静态单赋值形式的待分析程序刻画为多个元 素集合, 所述元素集合中包括操作变量集合、 函数集合、 表达式集合和语句 集合等。  Further, when the processor 21 analyzes the program to be analyzed, the analysis may be performed with sensitivity. Specifically, the information of the partial program analysis information, that is, the side effect of reading and/or the side effect of writing may be obtained according to the following steps, that is, the processor 21 firstly The program to be analyzed is depicted in the form of a static single assignment SSA; then information on the read side effects and/or write side effects of the dereferenced program points in the SSA form is determined, and the information of the read side effects refers to the solution The element information in the program to be analyzed that needs to be read at the referenced program point, and the information of the write side effect is element information in the program to be analyzed that needs to be written at the dereferenced program point. Thus, the processor 21 determines the error attribute value of each fixed point based on the determined read/write side effect information. Further, in the process of performing program analysis, the processor 21 may further describe the to-be-analyzed program in a static single-assignment form as a set of multiple elements, where the set of elements includes an operation variable set, a function set, an expression set, and a statement. Collections, etc.
进一步地, 处理器 21在确定错误属性格值时, 主要有如下几种情况: ( 1 )待分析程序中包括第一定值点, 该第一定值点未调用函数时: 处理器 21 , 具体用于在分析得到的各个程序点的程序分析信息中获取影 响所述第一定值点的元素集合, 并根据获取的待分析程序中第一定值点的元 素集合确定所述第一定值点的错误属性格值; 具体地, 处理器 21可以先确定 与第一定值点相关的实参变量或全局量的错误属性格值; 然后再结合实参变 量(或全局量) 与定值点之间的关系, 并按照该关系进行错误属性格值之间 的计算从而通过错误属性格值之间的计算得到第一定值点的错误属性格值。 Further, when determining the error attribute value, the processor 21 mainly has the following situations: (1) The first program point is included in the to-be-analyzed program, and the function is not called when the first value point is not: the processor 21, Specifically, the method is configured to obtain, in the program analysis information of each program point obtained by the analysis, a set of elements that affect the first fixed point, and according to the obtained first fixed point in the to-be-analyzed program. The set of the determinants determines the value of the error attribute of the first fixed point; specifically, the processor 21 may first determine the value of the actual parameter or the global value of the error attribute associated with the first fixed point; The relationship between the variable (or global quantity) and the fixed point, and the calculation between the error attribute values is performed according to the relationship, so that the error attribute value of the first fixed point is obtained by calculation between the incorrect attribute values.
( 2 )待分析程序中包括第一定值点, 还包括第二定值点, 该第二定值点 调用函数:  (2) The program to be analyzed includes a first fixed point, and a second fixed point, the second fixed point calling function:
处理器 21 , 还用于将所述第二定值点处被调函数的引用输入的第一错误 属性格值确定为: 所述第二定值点处主调函数中实参变量或全局量的错误属 性格值; 根据确定的引用输入的第一错误属性格值, 计算所述被调函数对应 的定值输出点的第二错误属性格值; 并将所述第二错误属性格值作为所述主 调函数对应的第二定值点的错误属性格值。 这样处理器 21即可根据第二错误 属性格值来进行程序的错误提示。  The processor 21 is further configured to determine, by using the reference input value of the called function at the second fixed value, a first error attribute value: an actual parameter variable or a global quantity in the main adjustment function at the second fixed value point The error attribute value; calculating a second error attribute value of the fixed value output point corresponding to the called function according to the first error attribute value input by the determined reference; and using the second error attribute value as The error attribute value of the second fixed value point corresponding to the main key function. Thus, the processor 21 can perform an error indication of the program according to the second error attribute value.
其中, 处理器 21可以根据分析得到的该第二定值处的写副作用的信息, 得到主调函数中实参变量或全局量, 进而得到第一错误属性格值。  The processor 21 may obtain an actual parameter variable or a global quantity in the main adjustment function according to the information of the write side effect at the second fixed value obtained by the analysis, thereby obtaining the first error attribute value.
且处理器 21在计算第二错误属性格格值时, 会先确定被调函数的摘要, 该摘要中包括引用输入的第一错误属性格值与所述被调函数之间的关系, 具 体地可以是第一错误属性格值与被调函数中各个操作变量的错误属性格值之 间的关系信息; 及所述第二错误属性格值受到所述被调函数影响的信息, 具 体地可以是第二错误属性格值与被调函数中各个操作变量的错误属性格值之 间的关系信息。 如果所述摘要中指示所述第二错误属性格值未受引用输入的 第一错误属性格值的影响, 则处理器 21可以直接根据第二错误属性格值受到 所述被调函数影响的信息计算得到第二错误属性格值; 如果所述第二摘要指 示所述第二错误属性格值受到引用输入的第一错误属性格值的影响, 则处理 器 21会根据所述引用输入的第一错误属性格值与所述被调函数之间的关系计 算得到第二错误属性格值。  When the processor 21 calculates the second error attribute lattice value, it first determines a summary of the called function, where the summary includes a relationship between the first error attribute value of the reference input and the called function, specifically Is the relationship information between the first error attribute value and the error attribute value of each operation variable in the called function; and the second error attribute value is affected by the called function, specifically The relationship between the second error attribute value and the error attribute value of each operation variable in the called function. If the digest indicates that the second error attribute value is not affected by the first error attribute value of the reference input, the processor 21 may directly receive the information affected by the called function according to the second error attribute value. Calculating a second error attribute value; if the second summary indicates that the second error attribute value is affected by the first error attribute value of the reference input, the processor 21 inputs the first according to the reference The relationship between the error attribute value and the called function is calculated to obtain a second error attribute value.
上述处理器 21可以在分析得到的程序分析信息中得到摘要; 并可以按照 摘要中的与关于被调函数的定值输出点相关的指示, 通过被调函数中各个操 作变量的错误属性格值的计算得到第二错误属性格值; 或按照摘要的指示, 通过引用输出的第一错误属性格值与被调函数中其它各个操作变量的错误属 性格值的计算得到第二错误属性格值。 The processor 21 may obtain a digest in the analyzed program analysis information; and may use an error attribute value of each operation variable in the called function according to an indication related to the fixed value output point of the called function in the digest. Calculating the second error attribute value; or according to the indication of the summary, the first error attribute value output by reference and the error attribute of each of the other operation variables in the called function The calculation of the personality value yields the second error attribute value.
本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步 骤是可以通过程序来指令相关的硬件来完成, 该程序可以存储于一计算机可 读存储介质中, 存储介质可以包括: 只读存储器 (ROM )、 随机存取存储器 ( RAM ), 磁盘或光盘等。  A person skilled in the art can understand that all or part of the steps of the foregoing embodiments can be completed by a program to instruct related hardware. The program can be stored in a computer readable storage medium. The storage medium can include: Read only memory (ROM), random access memory (RAM), disk or optical disk, etc.
以上对本发明实施例所提供的程序的错误检测方法和设备进行了详细介 施例的说明只是用于帮助理解本发明的方法及其核心思想; 同时, 对于本领 域的一般技术人员, 依据本发明的思想, 在具体实施方式及应用范围上均会 有改变之处, 综上所述, 本说明书内容不应理解为对本发明的限制。  The foregoing detailed description of the error detection method and apparatus of the program provided by the embodiment of the present invention is only for helping to understand the method of the present invention and its core idea; and, for a person of ordinary skill in the art, according to the present invention The present invention is not limited by the scope of the present invention.

Claims

权利要求 Rights request
1、 一种程序的错误检测方法, 其特征在于, 包括: 1. A program error detection method, characterized by including:
对待分析程序进行分析得到所述待分析程序中每个程序点的程序分析信 息; Analyze the program to be analyzed to obtain program analysis information for each program point in the program to be analyzed;
确定对所述待分析程序进行检测的错误类型的错误属性格; Determine the error attribute lattice of the error type detected for the program to be analyzed;
根据所述程序分析信息获取所述待分析程序中各个定值点的错误属性格 值 , 所述错误属性格值与所述确定的错误属性格对应; Obtain the error attribute grid value of each fixed value point in the program to be analyzed according to the program analysis information, and the error attribute grid value corresponds to the determined error attribute grid;
对所述错误属性格值具有危险属性的定值点对应的引用点进行错误提 示。 An error message is provided for the reference point corresponding to the fixed value point whose wrong attribute cell value has dangerous attributes.
2、 如权利要求 1所述的方法, 其特征在于, 所述程序分析信息中包括读 副作用和 /或写副作用的信息, 所述对待分析程序进行分析得到所述待分析程 序中每个程序点的程序分析信息, 具体包括: 2. The method of claim 1, wherein the program analysis information includes information on read side effects and/or write side effects, and the program to be analyzed is analyzed to obtain each program point in the program to be analyzed. Program analysis information, specifically including:
将所述待分析程序刻画为静态单赋值 SSA的形式; Characterize the program to be analyzed as a static single assignment SSA;
确定所述 S S A形式的待分析程序中解引用的程序点的读副作用和 /或写副 作用的信息, 所述读副作用的信息是指所述解引用的程序点处需要读取的所 述待分析程序中的元素信息, 所述写副作用的信息是所述解引用的程序点处 需要写入的所述待分析程序中的元素信息。 Determine information on the read side effects and/or write side effects of the dereferenced program point in the SSA form of the program to be analyzed, where the information on the read side effects refers to the information to be read at the dereferenced program point that needs to be analyzed The element information in the program, the information about writing side effects is the element information in the program to be analyzed that needs to be written at the dereferenced program point.
3、 如权利要求 1或 2所述的方法, 所述待分析程序中包括第一定值点, 所 述第一定值点未调用函数, 所述根据所述程序分析信息获取所述待分析程序 中各个定值点在所述确定的错误属性格下的错误属性格值 , 具体包括: 3. The method according to claim 1 or 2, the program to be analyzed includes a first fixed value point, the first fixed value point does not call a function, and the program to be analyzed is obtained according to the program analysis information. The error attribute grid values of each fixed value point in the program under the determined error attribute grid include:
在所述各个程序点的程序分析信息中获取影响所述第一定值点的元素集 合; Obtain the set of elements that affect the first fixed value point from the program analysis information of each program point;
根据所述第一定值点对应的元素集合确定所述第一定值点的错误属性格 值。 The error attribute grid value of the first fixed value point is determined according to the element set corresponding to the first fixed value point.
4、 如权利要求 1或 2所述的方法, 其特征在于, 若所述待分析程序中包括 第二定值点, 所述第二定值点调用函数, 所述根据所述程序分析信息获取所 述待分析程序中各个定值点在所述确定的错误属性格下的错误属性格值, 具 体包括: 4. The method according to claim 1 or 2, characterized in that, if the program to be analyzed includes a second fixed value point, the second fixed value point calls a function, and the analysis information is obtained according to the program The error attribute grid values of each fixed value point in the program to be analyzed under the determined error attribute grid specifically include:
将所述第二定值点处被调函数的引用输入的第一错误属性格值确定为: 所述第二定值点处主调函数中实参变量或全局量的错误属性格值; 根据所述第一错误属性格值, 计算所述被调函数对应的定值输出点的第 二错误属性格值; The first error attribute grid value of the reference input of the called function at the second fixed value point is determined as: The error attribute grid value of the actual parameter variable or global variable in the calling function at the second fixed value point; according to the first error attribute grid value, calculate the second error of the fixed value output point corresponding to the called function Attribute value;
将所述第二错误属性格值作为所述第二定值点的错误属性格值。 The second error attribute grid value is used as the error attribute grid value of the second fixed value point.
5、 如权利要求 4所述的方法, 其特征在于, 所述根据所述第一错误属性 格值, 计算所述被调函数对应的定值输出点的第二错误属性格值, 具体包括: 确定所述被调函数的摘要, 所述摘要中包括所述引用输入的第一错误属 性格值与所述被调函数之间的关系, 及所述第二错误属性格值受到所述被调 函数影响的信息; 5. The method of claim 4, wherein calculating the second error attribute lattice value of the fixed value output point corresponding to the adjusted function according to the first error attribute lattice value specifically includes: Determine the summary of the called function, the summary includes the relationship between the first error attribute lattice value of the reference input and the called function, and the second error attribute lattice value is affected by the called function. Information about function effects;
如果所述第二错误属性格值未受引用输入的第一错误属性格值的影响, 则直接根据所述第二错误属性格值受到所述被调函数影响的信息计算得到第 二错误属性格值; If the second error attribute lattice value is not affected by the first error attribute lattice value referenced by the input, the second error attribute lattice value is calculated directly based on the information that the second error attribute lattice value is affected by the called function. value;
如果所述第二错误属性格值受到引用输入的第一错误属性格值的影响, 则根据所述引用输入的第一错误属性格值与所述被调函数之间的关系计算得 到第二错误属性格值。 If the second error attribute grid value is affected by the first error attribute grid value of the reference input, the second error is calculated based on the relationship between the first error attribute grid value of the reference input and the called function. Attribute value.
6、 一种程序的错误检测设备, 其特征在于, 包括: 6. A program error detection device, characterized by including:
程序分析单元, 用于对待分析程序进行分析得到所述待分析程序中每个 程序点的程序分析信息; A program analysis unit, used to analyze the program to be analyzed to obtain program analysis information for each program point in the program to be analyzed;
属性格确定单元, 用于确定对所述待分析程序进行检测的错误类型的错 误属性格; The attribute cell determination unit is used to determine the error attribute cell of the error type detected in the program to be analyzed;
格值计算与传播单元, 用于根据所述程序分析单元得到的程序分析信息 获取所述待分析程序中各个定值点的错误属性格值, 所述错误属性格值与所 述属性格确定单元确定的错误属性格对应; The grid value calculation and propagation unit is used to obtain the error attribute grid value of each fixed value point in the program to be analyzed based on the program analysis information obtained by the program analysis unit, the error attribute grid value and the attribute grid determination unit Correspondence of determined wrong attributes;
错误提示单元, 用于根据所述格值计算与传播单元获取的错误属性格值, 对所述错误属性格值具有危险属性的定值点对应的引用点进行错误提示。 An error prompting unit is configured to provide an error prompt for a reference point corresponding to a fixed value point whose erroneous attribute lattice value has a dangerous attribute based on the erroneous attribute lattice value obtained by the lattice value calculation and propagation unit.
7、 如权利要求 6所述的设备, 其特征在于, 所述程序分析信息中包括读 副作用和 /或写副作用的信息, 所述程序分析单元具体包括: 7. The device according to claim 6, wherein the program analysis information includes information on read side effects and/or write side effects, and the program analysis unit specifically includes:
刻画单元, 用于将所述待分析程序刻画为静态单赋值 SSA的形式; 副作用信息确定单元,用于确定所述刻画单元刻画的 SSA形式的待分析程 序中解引用的程序点的读副作用和 /或写副作用的信息, 所述读副作用的信息 是指所述解引用的程序点处需要读取的所述待分析程序中的元素信息, 所述 写副作用的信息是所述解引用的程序点处需要写入的所述待分析程序中的元 素信息。 The characterization unit is used to characterize the program to be analyzed into the form of static single assignment SSA; the side effect information determination unit is used to determine the program to be analyzed in the SSA form described by the characterization unit. Information about the read side effects and/or write side effects of the dereferenced program point in the sequence, the information about the read side effects refers to the element information in the program to be analyzed that needs to be read at the dereferenced program point, the The information about writing side effects is the element information in the program to be analyzed that needs to be written at the dereferenced program point.
8、 如权利要求 6或 7所述的设备, 其特征在于, 所述待分析程序中包括第 一定值点, 所述第一定值点未调用函数, 所述格值计算与传播单元具体包括: 元素集合获取单元, 用于在所述程序点的程序分析信息中获取影响所述 第一定值点的元素集合; 8. The device according to claim 6 or 7, characterized in that the program to be analyzed includes a first fixed value point, the first fixed value point does not call a function, and the grid value calculation and propagation unit specifically It includes: an element set acquisition unit, configured to acquire the element set that affects the first fixed value point from the program analysis information of the program point;
第一格值确定单元, 用于根据所述第一定值点的元素集合确定所述第一 定值点的错误属性格值。 The first grid value determination unit is used to determine the error attribute grid value of the first fixed value point according to the element set of the first fixed value point.
9、 如权利要求 6或 7所述的设备, 其特征在于, 若所述待分析程序中包括 第二定值点, 所述第二定值点调用函数, 所述格值计算与传播单元具体包括: 引用格值确定单元, 用于将所述第二定值点处被调函数的引用输入的第 一错误属性格值确定为: 所述第二定值点处主调函数中实参变量或全局量的 错误属性格值; 9. The device according to claim 6 or 7, characterized in that, if the program to be analyzed includes a second fixed value point, the second fixed value point calls a function, and the grid value calculation and propagation unit specifically It includes: a reference grid value determination unit, used to determine the first error attribute grid value of the reference input of the called function at the second fixed value point as: the actual parameter variable in the calling function at the second fixed value point Or the wrong attribute value of the global variable;
第二格值计算单元, 用于根据所述第一错误属性格值, 计算所述被调函 数对应的定值输出点的第二错误属性格值; The second grid value calculation unit is used to calculate the second error attribute grid value of the fixed value output point corresponding to the adjusted function according to the first error attribute grid value;
输出格值确定单元, 用于将所述第二错误属性格值作为所述主调函数对 应的第二定值点的错误属性格值。 The output grid value determination unit is used to use the second error attribute grid value as the error attribute grid value of the second fixed value point corresponding to the main calling function.
10、 如权利要求 9所述的设备, 其特征在于, 所述第二格值计算单元具体 包括: 10. The device according to claim 9, wherein the second grid value calculation unit specifically includes:
摘要确定单元, 用于确定所述被调函数的摘要, 所述摘要中包括所述引 用输入的第一错误属性格值与所述被调函数之间的关系, 及所述第二错误属 性格值受到所述被调函数影响的信息; A summary determination unit, configured to determine a summary of the called function, where the summary includes the relationship between the first error attribute lattice value of the reference input and the called function, and the second error attribute lattice. Information that the value is affected by the called function;
第一计算单元, 用于如果所述第二错误属性格值未受引用输入的第一错 误属性格值的影响, 则直接根据所述第二错误属性格值受到所述被调函数影 响的信息计算得到第二错误属性格值; The first calculation unit is used to directly calculate the second error attribute value according to the information that the second error attribute value is affected by the called function if the second error attribute value is not affected by the reference input first error attribute value. Calculate the second error attribute value;
第二计算单元, 用于如果所述第二错误属性格值受到引用输入的第一错 误属性格值的影响, 则根据所述引用输入的第一错误属性格值与所述被调函 数之间的关系计算得到第二错误属性格值 , A second calculation unit, configured to calculate the first error attribute cell value based on the reference input and the adjusted function if the second error attribute cell value is affected by the first error attribute cell value input by the reference. The relationship between the numbers is calculated to obtain the second error attribute grid value,
PCT/CN2014/080696 2013-07-08 2014-06-25 Error detection method and device for program WO2015003555A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310284541.7 2013-07-08
CN201310284541.7A CN104281519A (en) 2013-07-08 2013-07-08 Method and equipment for detecting errors of program

Publications (1)

Publication Number Publication Date
WO2015003555A1 true WO2015003555A1 (en) 2015-01-15

Family

ID=52256416

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/080696 WO2015003555A1 (en) 2013-07-08 2014-06-25 Error detection method and device for program

Country Status (2)

Country Link
CN (1) CN104281519A (en)
WO (1) WO2015003555A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110471669A (en) * 2019-08-02 2019-11-19 Xc5有限公司 A kind of detection method and detection device of null pointer dereference

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112527302B (en) * 2019-09-19 2024-03-01 北京字节跳动网络技术有限公司 Error detection method and device, terminal and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060010429A1 (en) * 2004-07-08 2006-01-12 Denso Corporation Method, system and program for model based software development with test case generation and evaluation
US8028276B1 (en) * 2007-06-29 2011-09-27 Oracle America, Inc. Method and system for generating a test file
CN102508767A (en) * 2011-09-30 2012-06-20 东南大学 Software maintenance method based on formal concept analysis
CN102508766A (en) * 2011-09-29 2012-06-20 中国航天科技集团公司第七一〇研究所 Static analysis method of errors during operation of aerospace embedded C language software
CN102662834A (en) * 2012-03-22 2012-09-12 中国电子科技集团公司第五十八研究所 Detection method for buffer overflow of reconstructed CoSy intermediate representation
CN102855183A (en) * 2012-04-18 2013-01-02 清华大学 Static test method and device for misquotation of inner variables by outer pointers

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6823507B1 (en) * 2000-06-06 2004-11-23 International Business Machines Corporation Detection of memory-related errors in computer programs

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060010429A1 (en) * 2004-07-08 2006-01-12 Denso Corporation Method, system and program for model based software development with test case generation and evaluation
US8028276B1 (en) * 2007-06-29 2011-09-27 Oracle America, Inc. Method and system for generating a test file
CN102508766A (en) * 2011-09-29 2012-06-20 中国航天科技集团公司第七一〇研究所 Static analysis method of errors during operation of aerospace embedded C language software
CN102508767A (en) * 2011-09-30 2012-06-20 东南大学 Software maintenance method based on formal concept analysis
CN102662834A (en) * 2012-03-22 2012-09-12 中国电子科技集团公司第五十八研究所 Detection method for buffer overflow of reconstructed CoSy intermediate representation
CN102855183A (en) * 2012-04-18 2013-01-02 清华大学 Static test method and device for misquotation of inner variables by outer pointers

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110471669A (en) * 2019-08-02 2019-11-19 Xc5有限公司 A kind of detection method and detection device of null pointer dereference
CN110471669B (en) * 2019-08-02 2023-09-05 支付宝知识产权控股公司 Null pointer reference detection method and detection device

Also Published As

Publication number Publication date
CN104281519A (en) 2015-01-14

Similar Documents

Publication Publication Date Title
WO2019153544A1 (en) Annotation backend check method and apparatus, computer device and storage medium.
Rountev Precise identification of side-effect-free methods in Java
CN108304307B (en) Performance detection method of intelligent contract on block chain
US10541042B2 (en) Level-crossing memory trace inspection queries
US10942718B2 (en) Systems and/or methods for type inference from machine code
CN111104335B (en) C language defect detection method and device based on multi-level analysis
Devecsery et al. Optimistic hybrid analysis: Accelerating dynamic analysis through predicated static analysis
WO2019061783A1 (en) Data test method and apparatus, electronic device and computer-readable storage medium
WO2020019490A1 (en) Interface testing method, electronic device and storage medium
Wasserrab et al. An operational semantics and type safety prooffor multiple inheritance in c++
JP2014053010A (en) Apparatus and method for detecting source code error location in mixed-mode program
US8539467B2 (en) Method and data processing system for solving resource conflicts in assembler programs
CN109460237A (en) The Compilation Method and device of code
Ivančić et al. DC2: A framework for scalable, scope-bounded software verification
WO2015003555A1 (en) Error detection method and device for program
US8250544B2 (en) Annotating exception information in a computer program
Liu et al. Static analysis for inference of explicit information flow
Dong et al. Memory leak detection in IoT program based on an abstract memory model SeqMM
Koval et al. Lincheck: A practical framework for testing concurrent data structures on JVM
Liu et al. NavyDroid: an efficient tool of energy inefficiency problem diagnosis for Android applications
KR101476536B1 (en) The method and system for inspecting program
Kneuss et al. Runtime instrumentation for precise flow-sensitive type analysis
Zhao Type inference for scripting languages with implicit extension
Manwade et al. Data flow analysis of MPI program using dynamic analysis technique with partial execution
Bai et al. Automated resource release in device drivers

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14823670

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14823670

Country of ref document: EP

Kind code of ref document: A1