CN107193742A - A kind of symbolism function digest algorithm of path-sensitive based on state - Google Patents

A kind of symbolism function digest algorithm of path-sensitive based on state Download PDF

Info

Publication number
CN107193742A
CN107193742A CN201710370313.XA CN201710370313A CN107193742A CN 107193742 A CN107193742 A CN 107193742A CN 201710370313 A CN201710370313 A CN 201710370313A CN 107193742 A CN107193742 A CN 107193742A
Authority
CN
China
Prior art keywords
function
program state
path
state
symbolism
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710370313.XA
Other languages
Chinese (zh)
Other versions
CN107193742B (en
Inventor
王晓斌
屈鸿
汪文
汪一文
王留帅
符明晟
杨林川
季江州
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN201710370313.XA priority Critical patent/CN107193742B/en
Publication of CN107193742A publication Critical patent/CN107193742A/en
Application granted granted Critical
Publication of CN107193742B publication Critical patent/CN107193742B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention discloses a kind of symbolism function digest algorithm of path-sensitive based on state, be related to program analysis technique field, the present invention solve prior art due to can not realize that context environmental is sensitive and path-sensitive caused by interprocedural analysis precision is low, EMS memory occupation is too high and the technical problem such as high rate of false alarm.The invention mainly comprises constructor calling figure;To being analyzed in function carry out process;Collect function summary;Made a summary using function;Function summary is instantiated;Delay is carried out to report an error.The present invention is applied in static analysis framework.

Description

A kind of symbolism function digest algorithm of path-sensitive based on state
Technical field
The present invention relates to program analysis technique field, and in particular to a kind of symbolism function of the path-sensitive based on state Digest algorithm.
Background technology
Program correctness analysis is always a major issue in soft project, the present increasingly highlighted in security My god, how to ensure the less leak that has of program of operation, as it is more and more urgent the problem of.Static code analysis technology energy Leak in enough discovery procedure before program operation as early as possible, it is to avoid the cost in program later maintenance, improves program The stability and security of operation.In terms of the scene of limitation static analysis ability is concentrated mainly on interprocedural analysis now, and solve Certainly two main means of interprocedural analysis are the interprocedural analysis based on function inline and the interprocedual point based on function summary Analysis.The characteristics of interprocedural analysis wherein made a summary based on function has simple and quick, but need to be carried in terms of analysis precision It is high.Limitation of the interprocedural analysis based on function summary in terms of analysis precision is mainly reflected in context-sensitive and path-sensitive Two aspects.How to design and not only met context-sensitive characteristic but also met the function summary of path-sensitive characteristic just as process Between the emphasis analyzed and researched.
Sensitive for context environmental, we, will be according to when extracting function summary by the way that function symbolism of making a summary is realized Rely the variable in context environmental or content symbolism, represented using value of symbol (Symbol Value).In specific context Under environment, the information using context information to these symbolism is instantiated, such as when extracting function summary, The value of global variable can not be known, global variable is replaced using value of symbol.And when the place made a summary using the function, pass through The content on the global variable in context information is obtained, global variable is corresponding in being made a summary using the content to function Value of symbol is instantiated.And for path-sensitive, we can store corresponding path condition in function summary, by this The path condition of some same symbolism, the corresponding summary info in different path makes a distinction in being made a summary to function, so as to Passage path condition obtains higher analysis precision when application function is made a summary.And the symbol of the pathname sense based on state Change function summary the characteristics of can not only meet context-sensitive, additionally it is possible to by program state store path condition realize The characteristic of path-sensitive.
In static analysis system, when can be analyzed using the symbolism function summary of the path-sensitive based on state significantly Analysis precision is improved, rate of false alarm and rate of failing to report is significantly decreased, so as to find leak more excessively as early as possible and reduce program Maintenance cost.
The content of the invention
For above-mentioned prior art, present invention aims at provide a kind of symbolism function of the path-sensitive based on state Digest algorithm, existing interprocedual code analysis techniques mainly have two kinds, interprocedural analysis based on function inline and based on letter The interprocedural analysises of number summary, the interprocedural analysis based on function inline due to analyze called function every time, So analysis efficiency is low, corresponding, the interprocedural analysis made a summary based on function is simple, and analysis efficiency is high, can be good at The semanteme of representative function, and two problems are mainly faced based on the interprocedural analysis technology that function is made a summary, how to realize context Environment sensitive and how realizing route is sensitive, realizes that sensitive and path-sensitive the analysis of context environmental can be greatly improved The precision analyzed between journey, symbolism function summary can solve the problem that context environmental sensitive issue, but come for path-sensitive Say and currently there are no effective symbolism function summary model.The present invention solves prior art due to that can not realize that context is quick The technical problems such as interprocedural analysis precision is low caused by sense and path-sensitive, high rate of failing to report and high rate of false alarm.
To reach above-mentioned purpose, the technical solution adopted by the present invention is as follows:
A kind of symbolism function digest algorithm of path-sensitive based on state, comprises the following steps:
Step (1), the function call graph (CallGraph) for building compilation unit, then according to topological order to function call Function in figure analyzed in the process of the context-free based on symbolic execution technique;
Step (2), in process analyze during, the leak of appearance is reported an error, for dependent on context environmental The leak of determination is then postponed till function summary and selectively reported an error again when current function point of invocation is instantiated and is applied;
Step (3), analyzed in process during, for function call sentence, it is first determined whether there is called letter Several function summaries, if it does not exist, then carrying out analyzing in single process to called function, collects the letter of called function Number summary info;
Step (4), analyze, for function call sentence, made a summary if there is the function of called function in process, Then function summary is instantiated using the information of context environmental in current function point of invocation;
After step (5), the summary instantiation of symbolism function, to context ring in each program state in collection function summary The information of border side effect, these side effects are applied in context environmental, and delay is reported an error during function summary application Information is checked, selectively the leak of appearance is reported an error;
Step (6), analyzed in process, in face of current function return statement, collect the program state of current sign It is used as the summary info of current function.
In the above method, described step (1) comprises the following steps:
Step (11), the function call graph using depth first traversal (DFS) structure compilation unit, are adjusted in constructor During figure, ignore that function pointer, which is called, C++ is polymorphic calls and recursive call;
Step (12), according to topological order in function call graph function carry out context-free process in analyze.
In the above method, described step (2) comprises the following steps:
The controlling stream graph (CFG) of analysis constructor first in step (21), process, then using Queue Algorithm (worklistalgorithm) semiology analysis is carried out to the element in controlling stream graph, the process of context-free is carried out to function Interior analysis;
Step (22), in process analyze during report an error if desired, directly report an error, if part in error information Information is then reported an error dependent on context environmental, wherein error information bag by global variable information or formal parameter information structure Include the specifying information reported an error and the path condition information for needing to meet that reports an error, such as pointer value in null pointer dereference and The path condition information met is needed when analyzing null pointer dereference, specific context environmental is only waited until, such as it is specific Global variable value and specific argument value, can just know whether to report an error, for what is determined dependent on context environmental Error information, then be stored in program state, is selectively reported when being delayed to the instantiation of function summary and function summary application It is wrong;
The symbolism function summary φ of step (23), path-sensitive based on statefIt is defined as batch processing state SpAnalysis Modus ponens, wherein program state SpIt is the program state S along reachable path p obtained by after semiology analysis is completedpIn contain Program state S can be reachedpConstraints Cond required for the p of pathp
Step (24), program state SpMiddle constraints CondpIt is expressed as a series of conjunction expression of predicates, constraints CondpFor whether in application function summary, it to be feasible to judge Current Program Status.
In the above method, the step (3) comprises the following steps:
Step (31), function and its function summary carry out tissue using map, are modified using the title in Itanium C++ABI Rule is modified function name, and symbolic name is obtained after modified and map key assignments is used as;
Step (32), in process analyze during, if running into function call, function name is obtained first, then Function name is modified, then searched using the symbolic name after modified in the function gathered makes a summary map, if there is Then carry out step (4);
Step (33), the function if there is no the function are made a summary, then create a new semiology analysis engine instance, make The function is carried out with the semiology analysis engine instance to analyze in the process of context-free.
In the above method, the step (4) comprises the following steps:
Step (41), when running into function call sentence, if there is called function function make a summary φf, then travel through Function summary φfIn symbolic program state Sp, using the information of context environmental to program state SpInstantiated;
Step (42), program state SpThe process of instantiation is divided into two steps, and the first step uses the memory field of context environmental Domain MemContextTo program state SpNon-present stack frame region of memory MemCurStackInstantiated, second step uses global Variate-value is to program state SpIn global variable instantiated.
In the above method, the step (5) comprises the following steps:
Step (51), to program state Sp, can not semiology analysis when first to analyzing in process after being instantiated Symbolic formulation formula is recalculated, then determining program state SpIn path p constraintss CondpWhether solution is had, if Without solution then from function summary φfMiddle deletion program state Sp, if solution, then by the program state S after instantiationpActualDeposit Enter the summary of the function to after instantiation φfActualIn;
Side effect in step (52), function implementation procedure to context environmental, is mainly reflected in in context environmental The modification deposited, using writing function Write (fp, M, Val), wherein fpThe paths of certain in representative function, M represents institute in the paths The internal storage set of modification, Val represents institute's assigned value set on internal memory, side effect SE of the individual paths to context environmentalp= Condp∧Write(fp, M, Val), wherein CondpThe path p path constraints to be met are represented, and then above and below function pair The side effect SE of literary environmentf=Vp∈feas-pathSEpThat is, extracted and obtained by the side effect of feasible program state;
Function summary φ after step (53), traversal instantiationfActualIn all instantiations program state, traversal program There are the value of symbol of side effect and the expression formula of symbolism in state to context environmental, by these values of symbol or symbolic formulation The value of formula is updated to the program state ContextState corresponding to current function point of invocation CallSiteCallSiteIn, obtain one The new program state ContextStateSet of seriesActualized
Function summary φ after step (54), traversal instantiationfActualIn all instantiations program state, extraction procedure Delay error information in state, the delay error information for the condition that reported an error to satisfaction reports an error.
In the above method, the step (6) comprises the following steps:
Step (61), in process analyze during, run into function return statement, current program state obtained first, It is added to the corresponding function summary CurrentSummaryInfo of current function;
Step (62), after all Program paths of function have been analyzed, function name is carried out to modify and obtain symbolic name, then Will<Symbolic name, CurrentSummaryInfo>It is added in function summary storehouse.
Compared with prior art, side effect is applied to function call by the present invention by being made a summary in point of invocation application function Point, so that the semanteme of current function call statement is simulated, and prior art is exactly because existence function (relying on context class) is to upper Hereafter environment side effect, which is defined, constitutes and causes to cannot be directly used to bug excavation work using the limitation of form, and the present invention is also There is following advantage:
First, the symbolism function digest algorithm of the path-sensitive based on state has the characteristic of path-sensitive;
2nd, the symbolism function digest algorithm of the path-sensitive based on state has the characteristic of context-sensitive;
3rd, it is used as function by the intersection of program state after semiology analysis to make a summary, realizes simple;
4th, characteristic of the function summary with symbolism, summary info is succinct, easily instantiation;
5th, function digest algorithm has good autgmentability, can apply in most of static analysis framework.
Brief description of the drawings
Fig. 1 is Structure and Process schematic diagram of the invention;
Fig. 2 is overall flow schematic diagram of the invention.
Embodiment
All features disclosed in this specification, or disclosed all methods or during the step of, except mutually exclusive Feature and/or step beyond, can combine in any way.
The present invention will be further described below in conjunction with the accompanying drawings:
Embodiment 1
Refering to Fig. 1, a kind of symbolism function digest algorithm of path-sensitive based on state is roughly divided into 5 parts. In the constructor calling figure stage, source code is compiled first, in compilation process, constructor calling figure (CallGraph), Analyzed in the last process for carrying out context-free successively to the function in figure using symbolic execution technique according to topological order.In mistake Analysis phase in journey, first constructor controlling stream graph, semiology analysis then is carried out to the element in CFG using Queue Algorithm, In Symbolic Execution, reported an error to can determine, the information that can not be reported an error dependent on context environmental is entered Row record.In function summary collection phase, when running into function return statement, the program state of symbolism is plucked as function Will, and by path condition storage into program state.In the function summary application stage, each program shape of function summary is traveled through first State, is instantiated using context information to the value of symbol in program state, then according to path bar in program state The instantiation result of part selects effective program state to be made a summary as the function after instantiation, finally travels through efficient function and plucks Will, the side effect that function is made a summary is applied to current call site.Reported an error the stage in delay, extract the delay in valid function summary Error information, judges that currently whether should carry out delay reports an error according to instantiation result.
As shown in Fig. 2 a kind of symbolism function digest algorithm of path-sensitive based on state is comprised the following steps that:
(1) function call graph of compilation unit is built, and according to mistake of the topological order to function progress context-free in figure Analyzed in journey, process is as follows:
(11) we build the function call graph of compilation unit using depth first traversal (DFS), are adjusted in constructor During with figure, ignore that function pointer, which is called, C++ is polymorphic calls and recursive call.
(12) function in function call graph is carried out according to topological order analyzing in the process of context-free.
(2) corresponding leak is reported an error during being analyzed in process, for can not be true dependent on context environmental Fixed leak is carried out when postponing till using function summary, and process is as follows:
(21) controlling stream graph (CFG) of constructor first is analyzed in process, then using Queue Algorithm (worklist Algorithm semiology analysis) is carried out to the element in CFG, the mistake of context-free is carried out to function using symbolic execution technique When being analyzed in journey.
(22) report an error, directly reported an error if desired during analysis, for that can not be determined dependent on context environmental Error information, then be stored in program state, carry out when the instantiation of function summary and during function summary application delay report It is wrong.
(23) the symbolism function summary φ of the path-sensitive based on statefIt is defined as batch processing state SpDisjunction expression. Wherein program state SpIt is obtaining after being completed along reachable path p semiology analysis, containing in program state to reach Constraints required for the program state.
(24) constraints Cond in program statepIt is expressed as a series of conjunction expression of predicates, path condition CondpFor Whether in application function summary, it is feasible to judge Current Program Status.
(3) during being analyzed in process, discriminant function call statement is made a summary with the presence or absence of function, is made a summary in the absence of function When collect summary info, process is as follows:
(31) function and its function summary carry out tissue using map, and rule is modified using the title in Itanium C++ABI Function name is modified, map key assignments is used as using the symbolic name after modified.
(32) during being analyzed in process, if running into function call, function name is obtained first, then to function Name is modified, then using the symbolic name after modified from the function that gathers make a summary map in lookup, if there is then carrying out Above-mentioned steps (4).
(33) made a summary if there is no the function of the function, then create a new semiology analysis engine instance, use this Semiology analysis engine instance carries out analyzing in the process of context-free to the function.
(4) for function call sentence, make a summary, instantiated in function call point, process is as follows if there is function:
(41) when running into function call sentence, if there is the function summary φ of called functionf, then φ is traveled throughfIn symbol Number change program state Sp, program state is instantiated using context information.
(42) program state SpThe process of instantiation is divided into two steps, and the first step uses the region of memory of context environmental MemContextTo SpNon-present stack frame region of memory MemCurStackInstantiated.Second step is using global variable value to journey Global variable in sequence state is instantiated.
(5) after being instantiated to function summary, being made a summary using function and carrying out delay reports an error, and process is as follows:
(51) to program state SpAfter being instantiated, first in process analyze when can not semiology analysis symbolism Expression formula is recalculated, and then whether the path condition in determining program state has solution, is made a summary if without solution from function φfMiddle deletion program state.If solution, then by the program state S after instantiationpActualIt is deposited into the function after instantiation Make a summary φfActualIn.
(52) side effect in function implementation procedure to context environmental, is mainly reflected in and context environmental internal memory is repaiied Change, use Write (fp, M, VAL) represent, wherein fpThe paths of certain in representative function, it is interior that M represents to be changed in the paths Set is deposited, VAL represents institute's assigned value set on internal memory.Side effect SE of the individual paths to context environmentalp=Condp∧Write (fp, M, Val), wherein CondpRepresent the path p path conditions to be met.And the side effect SE of function pair context environmentalf =∨p∈feas-pathSEpThat is, extracted and obtained by the side effect of feasible program state.
(53) function summary φ after traversal instantiationfActualIn all instantiations program state, traversal program state In have the value of symbol of side effect and the expression formula of symbolism to context environmental, by these values of symbol or symbolic formulation formula Value is updated to the program state ContextState corresponding to current call site CallSiteCallSiteIn, and obtain a series of new Program state ContextStateSetActualized
(54) function summary φ after traversal instantiationfActualIn all instantiations program state, extraction procedure state In delay error information, judge whether that satisfaction reports an error condition, satisfaction then reports an error.
(6) in being analyzed in process, in face of function return statement, the program state for collecting current sign is used as the function Summary info, process is as follows:
(61) during being analyzed in process, function return statement is run into, current program state S is obtained firstp, by its It is added to the corresponding function summary CurrentSummaryInfo of current function.
(62) after all Program paths of function have been analyzed, function name modify to obtain symbolic name, then will<Symbol Number name, CurrentSummaryInfo>It is added in function summary storehouse.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any Belong to those skilled in the art the invention discloses technical scope in, the change or replacement that can be readily occurred in, all should It is included within the scope of the present invention.

Claims (7)

1. the symbolism function digest algorithm of a kind of path-sensitive based on state, it is characterised in that comprise the following steps:
Step (1), the function call graph for building compilation unit, then carry out base according to topological order to the function in function call graph In analysis in the process of the context-free of symbolic execution technique;
Step (2), in process analyze during, the leak of appearance is reported an error, for being determined dependent on context environmental Leak then postpone till function summary function call point instantiate and apply when selectively reported an error again;
Step (3), analyzed in process during, for function call sentence, it is first determined whether there is called function Function is made a summary, if it does not exist, then carrying out analyzing in single process to called function, the function for collecting called function is plucked Want information;
Step (4), analyzed in process, for function call sentence, make a summary, then exist if there is the function of called function Current function point of invocation is instantiated using the information of context environmental to function summary;
After step (5), the summary instantiation of symbolism function, to context environmental pair in each program state in collection function summary The information of effect, these side effects are applied in context environmental, to delay error information during function summary application Checked, selectively the leak of appearance is reported an error;
Step (6), analyzed in process, in face of current function return statement, collect the program state conduct of current sign The summary info of current function.
2. a kind of symbolism function digest algorithm of path-sensitive based on state according to claim 1, its feature exists In described step (1) comprises the following steps:
Step (11), the function call graph using depth first traversal structure compilation unit, in constructor calling figure process In, ignore that function pointer, which is called, C++ is polymorphic calls and recursive call;
Step (12), according to topological order in function call graph function carry out context-free process in analyze.
3. a kind of symbolism function digest algorithm of path-sensitive based on state according to claim 2, its feature exists In described step (2) comprises the following steps:
The controlling stream graph of analysis constructor first in step (21), process, then using Queue Algorithm in controlling stream graph Element carries out semiology analysis, and function is carried out to analyze in the process of context-free;
Step (22), in process analyze during report an error if desired, directly report an error, for true dependent on context environmental Fixed error information, then be stored in program state, is selected when being delayed to the instantiation of function summary and function summary application Ground reports an error;
The symbolism function summary φ of step (23), path-sensitive based on statefIt is defined as batch processing state SpExtract Formula, wherein program state SpIt is the program state S along reachable path p obtained by after semiology analysis is completedpIn contain energy Enough reach program state SpConstraints Cond required for the p of pathp
Step (24), program state SpMiddle constraints CondpIt is expressed as a series of conjunction expression of predicates, constraints CondpWith Whether when in application function summary, it is feasible to judge Current Program Status.
4. a kind of symbolism function digest algorithm of path-sensitive based on state according to claim 1, its feature exists In the step (3) comprises the following steps:
Step (31), function and its function summary carry out tissue using map, and rule is modified using the title in Itanium C++ABI Function name is modified, symbolic name is obtained after modified and map key assignments is used as;
Step (32), in process analyze during, if running into function call, function name is obtained first, then to letter It is several to be modified, then searched using the symbolic name after modified in the function that gathers makes a summary map, if there is then entering Row step (4);
Step (33), the function if there is no the function are made a summary, then create a new semiology analysis engine instance, use this Semiology analysis engine instance carries out analyzing in the process of context-free to the function.
5. a kind of symbolism function digest algorithm of path-sensitive based on state according to claim 3, its feature exists In the step (4) comprises the following steps:
Step (41), when running into function call sentence, if there is called function function make a summary φf, then travel through function and pluck Want φfIn symbolic program state Sp, using the information of context environmental to program state SpInstantiated;
Step (42), program state SpThe process of instantiation is divided into two steps, and the first step uses the region of memory of context environmental MemContextTo program state SpNon-present stack frame region of memory MemCurStackInstantiated, second step is become using global Value is to program state SpIn global variable instantiated.
6. a kind of symbolism function digest algorithm of path-sensitive based on state according to claim 3, its feature exists In the step (5) comprises the following steps:
Step (51), to program state SpAfter being instantiated, first in process analyze when can not semiology analysis symbolism Expression formula is recalculated, then determining program state SpIn path p constraintss CondpWhether solution is had, if without solution From function summary φfMiddle deletion program state Sp, if solution, then by the program state S after instantiationpActualIt is deposited into reality Function summary φ after exampleizationfActualIn;
Step (52), using writing function Write (fp, M, Val), wherein fpThe paths of certain in representative function, M represents the paths Middle changed internal storage set, Val represents institute's assigned value set on internal memory, side effect SE of the individual paths to context environmentalp =Condp∧Write(fp, M, Val), wherein CondpThe path p path constraints to be met are represented, and then in function pair The hereafter side effect SE of environmentf=Vp∈feas-pathSEp
Function summary φ after step (53), traversal instantiationfActualIn all instantiations program state, traversal program state In have the value of symbol of side effect and the expression formula of symbolism to context environmental, by these values of symbol or symbolic formulation formula Value is updated to the program state ContextState corresponding to current function point of invocation CallSiteCallSiteIn, obtain a series of New program state ContextStateSetActualized
Function summary φ after step (54), traversal instantiationfActualIn all instantiations program state, extraction procedure state In delay error information, the delay error information of condition of being reported an error to satisfaction reports an error.
7. a kind of symbolism function digest algorithm of path-sensitive based on state according to claim 1, its feature exists In the step (6) comprises the following steps:
Step (61), in process analyze during, run into function return statement, current program state obtained first, by it It is added to the corresponding function summary CurrentSummaryInfo of current function;
Step (62), after all Program paths of function have been analyzed, function name is carried out to modify and obtain symbolic name, then will< Symbolic name, CurrentSummaryInfo>It is added in function summary storehouse.
CN201710370313.XA 2017-05-23 2017-05-23 State-based path-sensitive symbolized function abstract algorithm Active CN107193742B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710370313.XA CN107193742B (en) 2017-05-23 2017-05-23 State-based path-sensitive symbolized function abstract algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710370313.XA CN107193742B (en) 2017-05-23 2017-05-23 State-based path-sensitive symbolized function abstract algorithm

Publications (2)

Publication Number Publication Date
CN107193742A true CN107193742A (en) 2017-09-22
CN107193742B CN107193742B (en) 2020-09-04

Family

ID=59874904

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710370313.XA Active CN107193742B (en) 2017-05-23 2017-05-23 State-based path-sensitive symbolized function abstract algorithm

Country Status (1)

Country Link
CN (1) CN107193742B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108572915A (en) * 2018-03-15 2018-09-25 北京邮电大学 A kind of aacode defect detection method and system
CN109426615A (en) * 2017-09-01 2019-03-05 深圳市源伞新科技有限公司 Null pointer dereference detection method, system, equipment and the medium of interprocedual
CN109816428A (en) * 2018-12-18 2019-05-28 深圳市东深电子股份有限公司 A kind of water per analysis system and method based on big data machine learning
CN109948338A (en) * 2019-03-19 2019-06-28 中南大学 Android application Path-sensitive triggering method based on static analysis
CN115729560A (en) * 2022-11-22 2023-03-03 支付宝(杭州)信息技术有限公司 Program code processing method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001001256A1 (en) * 1999-06-30 2001-01-04 Sun Microsystems, Inc. Method and apparatus for static analysis of software code
CN103744776A (en) * 2013-11-04 2014-04-23 北京邮电大学 Static analysis method and system based on symbolic function abstracts
CN103927258A (en) * 2014-04-08 2014-07-16 北京邮电大学 Method for refining static defect detection on basis of state partitions
US8881113B2 (en) * 2011-08-01 2014-11-04 Salesforce.Com, Inc. Contextual exception management in multi-tenant systems
CN104732152A (en) * 2015-04-07 2015-06-24 南京大学 Buffer overflow loophole automatic detection method based on symbolic execution path pruning
CN104794401A (en) * 2015-04-15 2015-07-22 南京大学 Static-analysis-assisted symbolic execution vulnerability detection method
CN106681851A (en) * 2016-12-08 2017-05-17 中国石油大学(华东) Defect report missing analysis and solving method of code-level memory in program

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001001256A1 (en) * 1999-06-30 2001-01-04 Sun Microsystems, Inc. Method and apparatus for static analysis of software code
US8881113B2 (en) * 2011-08-01 2014-11-04 Salesforce.Com, Inc. Contextual exception management in multi-tenant systems
CN103744776A (en) * 2013-11-04 2014-04-23 北京邮电大学 Static analysis method and system based on symbolic function abstracts
CN103927258A (en) * 2014-04-08 2014-07-16 北京邮电大学 Method for refining static defect detection on basis of state partitions
CN104732152A (en) * 2015-04-07 2015-06-24 南京大学 Buffer overflow loophole automatic detection method based on symbolic execution path pruning
CN104794401A (en) * 2015-04-15 2015-07-22 南京大学 Static-analysis-assisted symbolic execution vulnerability detection method
CN106681851A (en) * 2016-12-08 2017-05-17 中国石油大学(华东) Defect report missing analysis and solving method of code-level memory in program

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
王晓斌等: "形式语言与自动机中关于ε的一些问题", 《计算机科学》 *
董玉坤: "空指针引用缺陷充分性检测技术研究", 《中国博士学位论文全文数据库信息科技辑》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109426615A (en) * 2017-09-01 2019-03-05 深圳市源伞新科技有限公司 Null pointer dereference detection method, system, equipment and the medium of interprocedual
CN109426615B (en) * 2017-09-01 2022-01-28 深圳市源伞新科技有限公司 Inter-process null pointer dereference detection method, system, device, and medium
CN108572915A (en) * 2018-03-15 2018-09-25 北京邮电大学 A kind of aacode defect detection method and system
CN109816428A (en) * 2018-12-18 2019-05-28 深圳市东深电子股份有限公司 A kind of water per analysis system and method based on big data machine learning
CN109948338A (en) * 2019-03-19 2019-06-28 中南大学 Android application Path-sensitive triggering method based on static analysis
CN109948338B (en) * 2019-03-19 2020-03-17 中南大学 Android application sensitive path triggering method based on static analysis
CN115729560A (en) * 2022-11-22 2023-03-03 支付宝(杭州)信息技术有限公司 Program code processing method and device
CN115729560B (en) * 2022-11-22 2024-05-17 支付宝(杭州)信息技术有限公司 Program code processing method and device
WO2024109167A1 (en) * 2022-11-22 2024-05-30 支付宝(杭州)信息技术有限公司 Program code processing method and apparatus

Also Published As

Publication number Publication date
CN107193742B (en) 2020-09-04

Similar Documents

Publication Publication Date Title
CN107193742A (en) A kind of symbolism function digest algorithm of path-sensitive based on state
US8930919B2 (en) Modernization of legacy software systems based on modeled dependencies
CN104268085B (en) A kind of discovering software vulnerabilities system and method based on attributes extraction
CN104573503B (en) The detection method and device that a kind of internal storage access overflows
CN101937438A (en) Method and device for extracting webpage content
CN103713933B (en) Focus function, the assemblage method of variable, apparatus and system in computer program
CN105808438B (en) A kind of Reuse of Test Cases method based on function call path
WO2016161178A1 (en) System and method for automated cross-application dependency mapping
CN102073825A (en) Path drive-based executable program security detection method and system
CN103488674A (en) Computing system and method for implementing and controlling thereof
CN103678123B (en) One is applicable to processor system single-particle soft error tender spots recognition methods
CN105045715A (en) Programming mode and mode matching based bug clustering method
CN109325062A (en) A kind of data dependence method for digging and system based on distributed computing
CN109710599A (en) A kind of group dividing method and device of knowledge based map
CN103744788B (en) The characteristic positioning method analyzed based on multi-source software data
CN105487983A (en) Sensitive point approximation method based on intelligent route guidance
CN103455417B (en) A kind of software error alignment system based on Markov model and location of mistake method
CN107579844A (en) It is a kind of that failure method for digging is dynamically associated based on service path and frequency matrix
CN102495796A (en) Software vulnerability test method based on unit testing
CN104104659B (en) Communication fingerprint extraction method and device
CN113886832A (en) Intelligent contract vulnerability detection method, system, computer equipment and storage medium
CN107766253A (en) A kind of method of the automatic maintenance test script based on model change
CN109634569A (en) Process implementation method, device, equipment and readable storage medium storing program for executing based on note
CN110955892B (en) Hardware Trojan horse detection method based on machine learning and circuit behavior level characteristics
CN106021401A (en) Extensible entity analysis algorithm based on reverse indices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant