计算机工程与应用 ›› 2016, Vol. 52 ›› Issue (19): 31-36.

• 理论与研发 • 上一篇    下一篇

C程序非法计算缺陷的静态检测

董玉坤   

  1. 中国石油大学(华东) 计算机与通信工程学院,山东 青岛 266580
  • 出版日期:2016-10-01 发布日期:2016-11-18

Illegal computing defect detection by static analysis for C program

DONG Yukun   

  1. College of Computer and Communication Engineering, China University of Petroleum, Qingdao, Shandong 266580, China
  • Online:2016-10-01 Published:2016-11-18

摘要: 为实现基于静态分析技术自动的检测C程序中的非法计算缺陷,提出了一种基于区域内存模型进行非法计算缺陷检测的方法。对C程序中的非法计算缺陷操作归纳总结出其受限集,以对相应运算进行约束;通过抽象的区域内存模型表示实际的内存存储,实现了基于抽象内存区域内存模型的数据流分析;基于数据流分析的结果,判定C程序中的受限操作是否违背受限集的约束,以实现非法计算缺陷的检测。5个实际工程的检测结果分析表明,该方法可有效地检测出C程序的各类非法计算缺陷。

关键词: 缺陷检测, 非法计算, 静态分析, 抽象内存模型

Abstract: In order to automatically detect illegal computing defects for C procedures based on static analysis, this paper introduces a method based on region-based memory model. Firstly, a restricted set is proposed, which can describe the constraint of illegal computing operation. Then, an abstract region-based memory model is introduced to describe actual memory, and dataflow analysis is implemented based on this model. Furthermore, this paper introduces an illegal computing defect detection method based on the result of dataflow analysis, which determines the illegal computing operation by judging restricted operations whether or not violate constraints. Experimental results of five real projects show that this method can detect various illegal computing defects.

Key words: defect detection, illegal computing, static analysis, abstract memory model