WO2016173172A1 - Method and apparatus for detecting heap memory operation - Google Patents

Method and apparatus for detecting heap memory operation Download PDF

Info

Publication number
WO2016173172A1
WO2016173172A1 PCT/CN2015/088906 CN2015088906W WO2016173172A1 WO 2016173172 A1 WO2016173172 A1 WO 2016173172A1 CN 2015088906 W CN2015088906 W CN 2015088906W WO 2016173172 A1 WO2016173172 A1 WO 2016173172A1
Authority
WO
WIPO (PCT)
Prior art keywords
memory
memory block
heap
determining
address
Prior art date
Application number
PCT/CN2015/088906
Other languages
French (fr)
Chinese (zh)
Inventor
汪世龙
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016173172A1 publication Critical patent/WO2016173172A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation

Definitions

  • the present invention relates to the field of computers, and in particular to a method and apparatus for detecting heap memory operations.
  • the illegal operations are generally as follows: the heap memory block is read and written across the boundary, the unallocated heap memory is read and written, and the heap that has been released is read and written. Memory, repeatedly freeing heap memory, releasing incorrect heap memory addresses, and more.
  • the above illegal operation has always been one of the most vulnerable, most harmful and most difficult problems in the software development process.
  • the method for solving the above illegal operation is to use the C/C++ heap memory to illegally access the dynamic detection tool.
  • the current C/C++ heap memory illegal access dynamic detection tool has three defects: first, the number of illegal operations that can be detected is small; second, the detection tool itself has extra memory overhead, resulting in many Software, especially embedded software, can't run normally. Third, the detection tool is inefficient, and it can't run normally in high performance requirements, especially in the more intense software.
  • the embodiment of the invention provides a method and a device for detecting a heap memory operation, so as to at least solve the problem that the detection efficiency of the existing heap memory illegal operation detecting tool in the related art is low.
  • a method for detecting a heap memory operation includes: determining an operation type of operating on a heap memory; obtaining memory structure information for expressing a heap memory; and performing operation type and memory structure information pair The operation is tested.
  • detecting the operation according to the operation type and the memory structure information includes: determining the memory block corresponding to the operation in the heap memory Determining the state of the memory block according to the state information of the memory block; determining the legality of the operation according to the operation type and the determined state of the memory block.
  • determining the legality of the operation includes at least one of the following: when the operation type is accessing the memory block, and the status of the memory block is released.
  • the operation is an illegal operation for accessing the released memory block; if the operation type is a read operation on the memory block, and the initialization state of the memory block is uninitialized, the operation is determined to be an illegal operation of reading the uninitialized memory block; In the case where the operation type is to release the memory block and the state of the memory block is released, the determination operation is an illegal operation of repeatedly releasing the memory block.
  • the step of detecting the operation according to the operation type and the memory structure information includes: determining that the operation is in the heap memory block. Fuck The scope of the operation is determined according to the operation scope and the attribute information of the memory block, wherein the attribute information of the memory block includes: a start address of the corresponding memory block operating in the heap memory and a used length of the memory block.
  • the step of determining the legitimacy of the operation according to the operation range and the attribute information of the memory block includes: determining whether the operation range is within a range determined by a start address of the memory block and a used length of the memory block; In the case of no, the operation is determined to be an illegal operation.
  • the step of detecting the operation according to the operation type and the memory structure information includes: when the operation is a release operation The operation release address is determined; if the attribute information corresponding to the release address is not obtained in the memory structure information, the operation is determined to be an illegal operation for releasing the non-memory address.
  • a heap memory operation detecting apparatus comprising: a determining module configured to determine an operation type for operating a heap memory; and an acquisition module configured to acquire a memory structure for expressing a heap memory Information; the detection module is configured to detect the operation based on the type of operation and the memory structure information.
  • the detecting module further includes: a first determining unit configured to determine a memory block corresponding to the operation in the heap memory; and a second determining unit configured to determine a state of the memory block according to the state information of the memory block;
  • a judging unit is configured to determine the legitimacy of the operation according to the type of operation and the determined state of the memory block.
  • the first determining unit includes at least one of the following subunits: the first determining subunit is configured to determine that the operation type is to access the memory block, and the state of the memory block is released.
  • the operation is an illegal operation for accessing the released memory block;
  • the second determining subunit is set to read the uninitialized memory when the operation type is a read operation on the memory block and the initialization state of the memory block is uninitialized.
  • the third determining sub-unit is set to determine that the operation is an illegal operation of repeatedly releasing the memory block if the operation type is to release the memory block and the state of the memory block is released.
  • the third determining unit is configured to determine an operation range of the operation in the heap memory block; the second determining unit is configured to determine the legality of the operation according to the operation range and the attribute information of the memory block, where
  • the attribute information of the memory block includes: a start address of a corresponding memory block operating in the heap memory and a used length of the memory block.
  • the second determining unit includes: a fourth determining subunit, configured to determine whether the operating range is within a range determined by a starting address of the memory block and a used length of the memory block; the first determining subunit, setting In the case where the judgment result is negative, it is determined that the operation is an illegal operation.
  • the detecting module further includes: a second determining subunit, configured to determine a release address of the operation when the operation is a release operation; and the fifth determining subunit is configured to obtain the memory structure information In the case of releasing the attribute information corresponding to the address, it is determined that the operation is an illegal operation of releasing the non-heap memory address.
  • the operation type for determining the operation of the heap memory is adopted; the memory structure information for expressing the heap memory is obtained; the operation is detected according to the operation type and the memory structure information, and the existing heap in the related art is solved.
  • the memory illegal operation detection tool detects the problem of low efficiency, thereby achieving the effect of improving the efficiency of the detection heap memory operation.
  • FIG. 1 is a flow chart of a method of detecting a heap memory operation in accordance with an embodiment of the present invention
  • FIG. 2 is a schematic diagram of a memory domain in a method for detecting a heap memory operation according to an embodiment of the present invention
  • FIG. 3 is a flow chart of an alternate method of detecting a heap memory operation in accordance with an embodiment of the present invention
  • FIG. 4 is a flowchart of an alternative method of detecting a heap memory operation in accordance with an embodiment of the present invention.
  • FIG. 5 is a block diagram showing the structure of a detecting apparatus for a heap memory operation according to an embodiment of the present invention.
  • FIG. 1 is a flowchart of a method for detecting a heap memory operation according to an embodiment of the present invention. As shown in FIG. 1, the process includes the following steps:
  • Step S102 determining an operation type for operating the heap memory.
  • the foregoing operation type may be an access operation or a release operation.
  • the heap memory may be a heap memory area, and multiple memory blocks of the same length may be divided in the heap memory area.
  • the operation on the heap memory is an operation on the heap memory area, that is, The operation of the memory block.
  • Step S104 acquiring memory structure information for expressing the heap memory.
  • the memory structure information used to describe the heap memory may be obtained by compiling the address of the heap memory provided by the instrumentation mechanism.
  • the foregoing memory structure information may be divided into two parts, and the first part information may be status information of the memory block, such as idle. Status, used status, released status, etc.
  • the second part of information may be attribute information of the memory block, such as the length of use of the memory block, the starting address of the memory block, and the like.
  • Step S106 detecting the operation according to the operation type and the memory structure information.
  • the foregoing operation may be detected according to the structure information corresponding to the heap memory for the operation type, that is, determining that the operation for the heap memory is legal or illegal.
  • the memory structure information of the above-mentioned heap memory detects the legality of the above operation, and greatly reduces the memory consumption in the detection process compared with the related detection tool, and can realize the heap efficiently in the concurrently running software.
  • the detection of memory operations solves the problem of low detection efficiency of the existing heap memory illegal operation detection tool.
  • the foregoing heap memory may include at least one memory block, and the foregoing memory structure information may be status information of the memory block.
  • the step of detecting the operation according to the operation type and the memory structure information may include:
  • Step S1061 determining a memory block corresponding to the operation in the heap memory.
  • Step S1062 determining the state of the memory block according to the state information of the memory block.
  • Step S1063 determining the legality of the operation according to the operation type and the determined state of the memory block.
  • the memory block corresponding to the heap memory address may be obtained by using the heap memory address, that is, the operation object, and the state information of the memory block may be saved at the end of the memory block, and then combined with the operation type and the state of the memory block. Whether the operation is legal.
  • the heap memory may be a memory domain, and the memory domain may include multiple memory blocks, and the state of the memory block may be recorded in key information of the memory block.
  • the foregoing heap memory may be composed of a memory domain including a plurality of memory blocks, and provides a method for obtaining key information of the memory block according to the heap memory address:
  • the heap memory address Ptr can be obtained first, and then the memory area management structure corresponding to the heap memory address Ptr is obtained according to the pre-defined mapping relationship according to the heap memory address Ptr, and the memory area is recorded in the memory area management structure.
  • Starting address P0 and memory block length Sb and then obtaining the above key information according to the heap memory address Ptr, the starting address P0 of the memory area, and the memory block length Sb: according to the formula Calculate the starting address Pb of the memory block corresponding to Ptr.
  • the starting address of the key information of the memory block can be obtained by adding Sb to the starting address Pb of the memory block and subtracting the size Si of the key information of the memory block.
  • the key information in the above memory block can record the status of the above memory block, such as the idle state FREED, the used state USED, initialized or not initialized.
  • the solution provides a method for establishing the mapping relationship described above, and provides a method for establishing a mapping relationship between a heap memory address and a memory domain management structure.
  • the method utilizes the existing Radix Tree mechanism to establish a data structure of a mapping relationship between an arbitrary address and a memory domain management structure.
  • the result of any memory address and (&) domain page is used as the base tree index, and the pointer of the corresponding memory domain management structure is saved in the element position corresponding to the index; if the memory address is not heap memory, the corresponding element of the index stores 0 value. .
  • the steps are as follows: initialize the radix tree, set the contents of all elements to 0; when the memory allocator newly establishes the memory domain, register the memory domain management structure corresponding to all the domain pages of the newly created memory domain to the radix tree.
  • the save content of the elements found by all the domain pages as an index is modified to a new memory domain management structure pointer; when the memory allocator destroys the memory domain, the memory domain management structure corresponding to all the domain pages of the newly created memory domain is written off to the base tree. Modify the save content of the elements found by all domain pages as an index to 0.
  • step S1063 according to the operation type and the determined status of the memory block, the step of determining the legality of the operation may be classified into at least one of the following:
  • the determination operation is an illegal operation of accessing the released memory block.
  • the current state information of the memory block may be stored at the end of the memory block.
  • FREED idle state
  • the operation is determined to be the access. Illegal access to the memory block has been released.
  • the operation is determined to be an illegal operation of reading the uninitialized memory block.
  • the current state information of the memory block may be saved at the end of the memory block, and the current state information may be a current initialization state of the memory block, and the current initialization state of the memory block is uninitialized (the initialization flag of the memory block at this time) In the case of 1), it is determined that the current read operation is an illegal operation of reading an uninitialized memory block.
  • the determination operation is an illegal operation of repeatedly releasing the memory block.
  • the state of the memory block corresponding to the release address may be obtained according to the pre-defined mapping relationship according to the release address Pf.
  • FREED “idle state”
  • the memory block is released. If the above memory block is released at this time, it is determined that the current operation is an illegal operation of releasing the released memory block.
  • the foregoing step, the step of step S106, the step of detecting the operation according to the operation type and the memory structure information may include:
  • step S1064 the operation range of the operation in the heap memory block is determined.
  • Step S1066 Determine the legality of the operation according to the operation range and the attribute information of the memory block, where the attribute information of the memory block includes: a start address of the corresponding memory block operating in the heap memory and a used length of the memory block.
  • the attribute information of the memory block can be obtained through the address of the heap memory, and the legality of the operation is detected through the operation range and the attribute information of the memory block.
  • the above heap memory can be composed of a memory domain including a plurality of memory blocks as an example, and an alternative scheme for determining the legality of the operation according to the operation range, the starting address of the memory block, and the length of use of the memory block is provided:
  • the access range of the operation provided by the compiler instrumentation mechanism and the start address Ptr of the memory access are obtained, and the memory block start address Pb and the memory block key information corresponding to the Ptr are obtained by using the above-mentioned scheme for obtaining the key information of the memory block.
  • the use length USER_SIZE of the memory block can also be recorded, and the legality of the current operation can be determined according to the memory block start address Pb, the use length of the memory block USER_SIZE, and the access range of the current access.
  • step S1066 according to the operating range, and the starting address of the memory block and the used length of the memory block, the step of determining the legality of the operation may include:
  • Step S10661 determining whether the operation range is within a range determined by the start address of the memory block and the use length of the memory block.
  • step S10662 if the result of the determination is negative, it is determined that the operation is an illegal operation.
  • the used length USER_SIZE of the memory block can be read. If the current memory access range is not completely within Pb to Pb+USER_SIZE-1, it is determined that the memory operation is an illegal access of the out-of-bound type.
  • step S106 the step of detecting the operation according to the operation type and the memory structure information may further include:
  • step S1067 in the case where the operation is a release operation, the release address of the operation is determined.
  • step S1068 if the attribute information corresponding to the release address is not obtained in the memory structure information, the operation is determined to be an illegal operation of releasing the non-heap memory address.
  • the release address Pf is not the address of the heap memory, and the operation is specifically to release the non-heap memory. operating.
  • the release address is an error. Address, this operation is an illegal release operation that releases the error heap memory address.
  • the detection method of the heap memory operation may be divided into an illegal access detection and an illegal release detection of the heap memory, and the foregoing two detection methods are described below in conjunction with FIG. 3 and FIG. 4:
  • Step S21 The detected program runs.
  • Step S22 The detected program accesses the memory, and triggers the heap memory illegal access check.
  • Step S23 Using the mapping relationship between the heap memory address and the memory domain management structure, determine whether the memory accessed this time is heap memory. If not, the process jumps to step S31, and if yes, step S24 is performed.
  • Step S24 Check whether the unallocated memory area is accessed, that is, check by using a detection method for accessing the unallocated memory area, and read out the memory domain state. If it is an uninitialized state, it is determined that the current memory operation is accessing the unallocated memory area. The illegal access, jump to step S30. If it is initialized, continue to the next step.
  • Step S25 Using the method of finding the memory block start address and the memory block key information according to any heap memory address, the memory block start address Pb and the key information recorded at the end of the memory block are obtained.
  • Step S26 Check if the memory block that has been released is accessed, and check by using the detection method of accessing the released memory block. That is, the memory block status is read from the memory block key information, and if the status is FREED, it is determined that the current access is accessing the released memory block. Go to step S30. Otherwise continue to the next step.
  • Step S27 It is checked whether it is an out-of-bounds access and is checked by a detection method of the out-of-bounds access. That is, the USER_SIZE in the key information of the memory block is read. If the current memory access range is not completely within Pb to Pb+USER_SIZE-1, it is determined that the current access is an out-of-bounds access, and the process proceeds to step S30. Otherwise continue to the next step.
  • Step S28 Check whether the operation of reading the uninitialized memory block is checked by using the detection method of reading the uninitialized memory block. That is, the memory block uninitialization flag is read from the memory block key information. If the flag is 1 and this time is a read access, it is determined that the current access is an uninitialized memory block, and the process proceeds to step S30. Otherwise, if this is a write access, set the memory block uninitialization flag to 0 and continue to the next step.
  • Step S29 It is determined that the current access is legal, and the process proceeds to step S31.
  • Step S30 Output detection information.
  • Step S31 The heap memory illegal access detection ends, and the detected program continues to run.
  • step S10 the detected program runs.
  • step S20 the detected program releases the memory, and triggers the heap memory illegal release detection.
  • step S301 it is checked whether the non-memory is released. That is, according to the address Pf introduced at the time of release, the mapping relationship between the heap memory address and the memory domain management structure is used to find the memory domain corresponding to the Pf. If the corresponding memory domain cannot be found, it is determined that the non-heap memory is released, and the process goes to step S80; otherwise, step S40 is performed.
  • Step S40 using the method of finding the memory block start address and the memory block key information according to any heap memory address, obtaining the memory block start address Pb and the key information recorded at the end of the memory block;
  • step S50 it is checked whether the released memory block is released. That is, the memory block status is read from the memory block key information, and if the status is FREED, it is determined that the memory is repeatedly released, and the process proceeds to step S80. Otherwise, step S60 is performed.
  • step S60 it is checked whether the error heap memory address is released, that is, if Pf is not equal to Pb, it is determined that the error heap memory address is released, and the process goes to step S80; otherwise, the process proceeds to the next step.
  • step S70 it is determined that the current release is legal, the memory is released, and the process proceeds to step S90.
  • step S80 the detection information is output.
  • step S90 the heap memory illegal release detection ends, and the detected program continues to run.
  • the method of the embodiment of the present invention can be implemented based on a heap memory allocator of a specific algorithm.
  • the heap memory allocator of this particular algorithm has the following characteristics: Characteristic 1.
  • the heap memory allocator manages memory based on a large memory area (referred to as a memory domain) of a virtual address, that is, requests and releases memory from the system in units of memory domains.
  • this embodiment can provide a method for recording key information of a memory block: the existing heap memory allocation interface takeover method can be utilized, the heap memory allocation/release interface provided by the C library is taken over, and the memory is inserted at the end of the allocated memory block.
  • the key information of the memory block may include: a memory block state, that is, FREED and USED. FREED indicates that the memory block is in an idle state; USED indicates that the memory block has been allocated to the user.
  • the key information of the memory block may include: a memory block size (USER_SIZE) that the user wishes to apply.
  • the key information of the memory block may further include: an uninitialized flag, that is, the memory block is not initialized, the flag is 1, and the flag is initialized. Set to 0.
  • the embodiment may further provide a method for establishing a mapping relationship between a heap memory address and a memory domain management structure.
  • the method utilizes the existing Radix Tree mechanism to establish a data structure of a mapping relationship between an arbitrary address and a memory domain management structure.
  • the result of any memory address and (&) domain page is used as the base tree index, and the pointer of the corresponding memory domain management structure is saved in the element position corresponding to the index; if the memory address is not heap memory, the corresponding element of the index stores 0 value. .
  • the specific steps of the method are as follows: initialize the radix tree, set all element save contents to 0; when the memory allocator newly establishes the memory domain, register the memory domain management structure corresponding to all the domain pages of the newly built memory domain to the radix tree.
  • the save content of the elements found by all the domain pages as an index is modified to a new memory domain management structure pointer; when the memory allocator destroys the memory domain, the memory domain management structure corresponding to all the domain pages of the newly created memory domain is written off to the base tree. Modify the save content of the elements found by all domain pages as an index to 0.
  • the embodiment may further provide a method for finding the starting address of the memory block and the key information of the memory block according to the heap memory address Ptr.
  • the specific steps of the method are as follows: according to the mapping relationship between the heap memory address and the memory domain management structure, find the memory domain management structure corresponding to the heap memory address, and read the starting address P0 and the memory block length Sb of the memory domain; Calculate the starting address Pb of the memory block corresponding to Ptr; Pb plus Sb and then subtract the size Si of the memory block key information to obtain the starting address of the key information of the memory block.
  • the method for recording the key information of the memory block, the method for establishing the mapping relationship between the heap memory address and the memory domain management structure, and the method for finding the memory block start address and the memory block key information according to the heap memory address Ptr, this embodiment A detection method that can illegally access heap memory can be provided. It should be noted that the detection point of the illegal access of the heap memory is implemented by using the compiler to compile the instrumentation mechanism, that is, when the detected software performs memory access. The compiled instrumentation mechanism provides the starting address and access range for this memory access.
  • the detection method of the above-mentioned heap memory illegal access includes: a method for detecting an unallocated memory area.
  • the starting address Ptr of the memory access is provided, and the mapping relationship between the heap memory address and the memory domain management structure is used to find the memory domain corresponding to the Ptr. If the state of the memory domain is uninitialized, the current memory is determined. A memory operation is an illegal access to an unallocated memory area.
  • the detecting method of the illegal access of the heap memory may further include: accessing the detection method of the released memory block.
  • the starting address Ptr of the memory access is provided, and the memory block starting address and the key information of the memory block are found by using any heap memory address, and the key information of the memory block is obtained.
  • Read out the memory block in the key information of the memory block If the memory block status is FREED, it is determined that this memory operation is an illegal access to the released memory block.
  • the detection method of the illegal access of the heap memory further includes: a detection method of the outbound access.
  • the starting address Ptr of the memory access is provided, and the memory block starting address and the memory block key information are found by using any heap memory address, and the memory block starting address Pb corresponding to the Ptr is obtained.
  • Memory block key information Read USER_SIZE in the key information of the memory block. If the memory access range is not completely within Pb to Pb+USER_SIZE-1, it is determined that the memory operation is an illegal access of the out-of-bound type.
  • the method for detecting illegal access of the heap memory further includes: detecting a method for detecting the uninitialized memory block.
  • the specific steps of the method are as follows: when the memory block is allocated, the uninitialization flag in the key information is set to 1 by using the method of recording the key information of the memory block; when the memory is accessed, the starting address Ptr of the memory access is provided according to the compiled instrumentation mechanism. Use any heap memory address to find the memory block start address and memory block key information, obtain the memory block key information, and read the memory block uninitialization flag.
  • the uninitialization flag is set to 0; if this is a read access, it is judged whether the memory block uninitialization flag is 1, and if it is 1, it is determined that the current operation is illegal to read the uninitialized memory block. operating.
  • this embodiment may also provide a detection method for illegal release of memory.
  • the detection method for illegally releasing memory includes: releasing the detection method of non-heap memory. According to the address Pf that is introduced at the time of release, the memory domain corresponding to the Pf is searched by using the mapping relationship between the heap memory address and the memory domain management structure. If the corresponding memory domain is not found, it indicates that Pf is not a heap memory address, and it can be determined that this memory operation is an illegal release of releasing non-heap memory.
  • the method for detecting the illegal release of the memory further includes: a method for repeatedly releasing the memory block. According to the address Pf that is sent at the time of release, the method of finding the starting address of the memory block and the key information of the memory block by using any heap memory address is used to obtain the key information of the memory block. Read the status of the memory block in the key information of the memory block. If the status of the memory block is FREED, it is determined that the memory operation is an illegal release of the repeatedly released memory block.
  • the method for detecting the illegal release of the memory further includes: a method for detecting the error of the memory address of the error heap.
  • the memory block start address Pb is obtained by using any heap memory address to find the memory block start address and the memory block key information. If Pf is not equal to Pb, it is determined that this memory operation is an illegal release of the error heap memory address.
  • the solution of the present application can achieve the following effects: it can check the illegality of various heap memories, and the memory consumption is lower and faster. Heap memory illegal operation detection method.
  • the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation.
  • the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic).
  • the disc, the disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods of various embodiments of the present invention.
  • a detection device for the operation of the stack memory is further provided, and the device is used to implement the above embodiments and preferences.
  • the term “module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • the apparatus includes: a determining module 50 configured to determine an operation type for operating a heap memory; and an obtaining module 52, setting To obtain the memory structure information for expressing the heap memory, the detecting module 54 is configured to detect the operation according to the operation type and the memory structure information.
  • the detecting module 54 may include: a first determining unit, configured to determine a memory block corresponding to the operation in the heap memory; and a second determining unit, configured to determine, according to status information of the memory block, a state of the memory block; the first determining unit is configured to determine the legitimacy of the operation according to the operation type and the determined state of the memory block.
  • the foregoing first determining unit may include at least one of the following subunits: the first determining subunit is configured to: when the operation type is to access the memory block, and the state of the memory block is released In case, the operation is determined to be an illegal operation of accessing the released memory block; the second determining subunit is configured to perform a read operation on the memory block in the operation type, and the initialization state of the memory block is In the case of uninitialization, it is determined that the operation is an illegal operation of reading an uninitialized memory block; the third determining subunit is set to release the memory block in the operation type, and the state of the memory block is In the case of releasing the state, it is determined that the operation is an illegal operation of repeatedly releasing the memory block.
  • the detecting module 54 may further include: a third determining unit configured to determine an operating range of operation in the heap memory block; and a second determining unit configured to determine the operation according to the operating range and the attribute information of the memory block Legitimacy, wherein the attribute information of the memory block includes: a start address of a corresponding memory block operating in the heap memory and a used length of the memory block.
  • the foregoing second determining unit may include: a fourth determining subunit, configured to determine whether the operating range is within a range determined by a starting address of the memory block and a used length of the memory block; The subunit is determined to be set to determine that the operation is an out-of-boundary illegal operation if the determination result is negative.
  • the detecting module 54 may further include: a second determining subunit, configured to determine a release address of the operation if the operation is a release operation, and a fifth determining subunit configured to be in the memory In the case where the information corresponding to the release address is not obtained in the structure information, it is determined that the operation is an illegal operation of releasing the error-release non-memory address.
  • Embodiments of the present invention also provide a storage medium.
  • the foregoing storage medium may be configured to store program code for performing the following steps:
  • the operation is detected according to the operation type and the memory structure information.
  • the storage medium is further arranged to store program code for performing the following steps:
  • the storage medium is further arranged to store program code for performing the following steps:
  • the storage medium is further arranged to store program code for performing the following steps:
  • the storage medium is further arranged to store program code for performing the following steps:
  • the storage medium is further arranged to store program code for performing the following steps:
  • the foregoing storage medium may include, but not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • a mobile hard disk e.g., a hard disk
  • magnetic memory e.g., a hard disk
  • the processor executes according to the stored program code in the storage medium:
  • the operation is detected according to the operation type and the memory structure information.
  • the processor executes according to the stored program code in the storage medium:
  • the processor executes according to the stored program code in the storage medium:
  • the processor executes according to the stored program code in the storage medium:
  • the processor executes according to the stored program code in the storage medium:
  • the processor executes according to the stored program code in the storage medium:
  • modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices.
  • they may be implemented by program code executable by a computing device such that they may be stored in a storage device by a computing device and, in some cases, may be executed in a different order than herein.
  • the steps shown or described are either made separately into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.
  • the above-described embodiments and the preferred embodiments solve the problem that the detection efficiency of the existing heap memory illegal operation detecting tool in the related art is low, thereby achieving the effect of improving the efficiency of detecting the heap memory operation.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A method and apparatus for detecting a heap memory operation. The method comprises: determining an operation type of an operation which is performed on a heap memory (S102); acquiring memory structure information used to present the heap memory (S104); and according to the operation type and the memory structure information, detecting the operation (S106). The problem where the detection efficiency of an existing heap memory unauthorized operation detection tool is low is solved, and the effect of improving the heap memory unauthorized operation detection efficiency is thereby realized.

Description

堆内存操作的检测方法及装置Method and device for detecting heap memory operation 技术领域Technical field
本发明涉及计算机领域,具体而言,涉及一种堆内存操作的检测方法及装置。The present invention relates to the field of computers, and in particular to a method and apparatus for detecting heap memory operations.
背景技术Background technique
在应用软件运行的过程中,会存在对应用软件的堆内存进行非法操作,该非法操作一般为如下几种:堆内存块越界读写、读写未分配的堆内存、读写已经释放的堆内存、重复释放堆内存、释放错误的堆内存地址等。上述非法操作一直都是软件开发过程中最易发、危害最大又最难解决的问题之一,目前解决上述非法操作的方法是采用C/C++堆内存非法访问动态检测工具。During the running of the application software, there will be illegal operations on the heap memory of the application software. The illegal operations are generally as follows: the heap memory block is read and written across the boundary, the unallocated heap memory is read and written, and the heap that has been released is read and written. Memory, repeatedly freeing heap memory, releasing incorrect heap memory addresses, and more. The above illegal operation has always been one of the most vulnerable, most harmful and most difficult problems in the software development process. At present, the method for solving the above illegal operation is to use the C/C++ heap memory to illegally access the dynamic detection tool.
这里需要说明的是,目前普遍存在的C/C++堆内存非法访问动态检测工具存在三个缺陷:第一、能检测的非法操作类型少;第二、检测工具本身额外内存开销大,导致在许多软件特别是嵌入式软件上无法正常运行;第三、检测工具检测效率低下,在性能要求较高特别是并发较激烈的软件中无法正常运行。It should be noted that the current C/C++ heap memory illegal access dynamic detection tool has three defects: first, the number of illegal operations that can be detected is small; second, the detection tool itself has extra memory overhead, resulting in many Software, especially embedded software, can't run normally. Third, the detection tool is inefficient, and it can't run normally in high performance requirements, especially in the more intense software.
发明内容Summary of the invention
本发明实施例提供了一种堆内存操作的检测方法及装置,以至少解决相关技术中现有的堆内存非法操作检测工具检测效率低的问题。The embodiment of the invention provides a method and a device for detecting a heap memory operation, so as to at least solve the problem that the detection efficiency of the existing heap memory illegal operation detecting tool in the related art is low.
根据本发明的一个方面,提供了一种堆内存操作的检测方法,包括:确定对堆内存进行操作的操作类型;获取用于表述堆内存的内存结构信息;依据操作类型,以及内存结构信息对操作进行检测。According to an aspect of the present invention, a method for detecting a heap memory operation includes: determining an operation type of operating on a heap memory; obtaining memory structure information for expressing a heap memory; and performing operation type and memory structure information pair The operation is tested.
在本发明实施例中,在内存结构信息包括堆内存所包括的内存块的状态信息的情况下,依据操作类型,以及内存结构信息对操作进行检测包括:确定操作在堆内存所对应的内存块;依据内存块的状态信息确定内存块的状态;依据操作类型,以及确定的内存块的状态,判定操作的合法性。In the embodiment of the present invention, in the case that the memory structure information includes the state information of the memory block included in the heap memory, detecting the operation according to the operation type and the memory structure information includes: determining the memory block corresponding to the operation in the heap memory Determining the state of the memory block according to the state information of the memory block; determining the legality of the operation according to the operation type and the determined state of the memory block.
在本发明实施例中,依据操作类型,以及确定的内存块的状态,判定操作的合法性包括以下至少之一:在操作类型为对内存块进行访问,且内存块的状态为已释放的情况下,判定操作为访问已释放内存块的非法操作;在操作类型为对内存块进行读操作,且内存块的初始化状态为未初始化的情况下,判定操作为读未初始化内存块的非法操作;在操作类型为对内存块进行释放,且内存块的状态为已释放的情况下,判定操作为重复释放内存块的非法操作。In the embodiment of the present invention, according to the operation type and the determined status of the memory block, determining the legality of the operation includes at least one of the following: when the operation type is accessing the memory block, and the status of the memory block is released. The operation is an illegal operation for accessing the released memory block; if the operation type is a read operation on the memory block, and the initialization state of the memory block is uninitialized, the operation is determined to be an illegal operation of reading the uninitialized memory block; In the case where the operation type is to release the memory block and the state of the memory block is released, the determination operation is an illegal operation of repeatedly releasing the memory block.
在本发明实施例中,在内存结构信息包括堆内存所包括的内存块的属性信息的情况下,依据操作类型,以及内存结构信息对操作进行检测的步骤包括:确定操作在堆内存块中的操 作范围;依据操作范围,以及内存块的属性信息判定操作的合法性,其中,内存块的属性信息包括:操作在堆内存中对应的内存块的起始地址以及内存块的使用长度。In the embodiment of the present invention, in the case that the memory structure information includes the attribute information of the memory block included in the heap memory, the step of detecting the operation according to the operation type and the memory structure information includes: determining that the operation is in the heap memory block. Fuck The scope of the operation is determined according to the operation scope and the attribute information of the memory block, wherein the attribute information of the memory block includes: a start address of the corresponding memory block operating in the heap memory and a used length of the memory block.
在本发明实施例中,依据操作范围,以及内存块的属性信息判定操作的合法性的步骤包括:判断操作范围是否在内存块的起始地址和内存块的使用长度确定的范围内;在判断结果为否的情况下,确定操作为越界非法操作。In the embodiment of the present invention, the step of determining the legitimacy of the operation according to the operation range and the attribute information of the memory block includes: determining whether the operation range is within a range determined by a start address of the memory block and a used length of the memory block; In the case of no, the operation is determined to be an illegal operation.
在本发明实施例中,在内存结构信息包括堆内存所包括的内存块的属性信息的情况下,依据操作类型,以及内存结构信息对操作进行检测的步骤包括:在操作为释放操作的情况下,确定操作的释放地址;在内存结构信息中获取不到释放地址对应的属性信息的情况下,判定操作为释放非内存地址的非法操作。In the embodiment of the present invention, in the case that the memory structure information includes the attribute information of the memory block included in the heap memory, the step of detecting the operation according to the operation type and the memory structure information includes: when the operation is a release operation The operation release address is determined; if the attribute information corresponding to the release address is not obtained in the memory structure information, the operation is determined to be an illegal operation for releasing the non-memory address.
根据本发明的另一方面,提供了一种堆内存操作的检测装置,包括:确定模块,设置为确定对堆内存进行操作的操作类型;获取模块,设置为获取用于表述堆内存的内存结构信息;检测模块,设置为依据操作类型,以及内存结构信息对操作进行检测。According to another aspect of the present invention, there is provided a heap memory operation detecting apparatus comprising: a determining module configured to determine an operation type for operating a heap memory; and an acquisition module configured to acquire a memory structure for expressing a heap memory Information; the detection module is configured to detect the operation based on the type of operation and the memory structure information.
在本发明实施例中,检测模块还包括,第一确定单元,设置为确定操作在堆内存所对应的内存块;第二确定单元,设置为依据内存块的状态信息确定内存块的状态;第一判断单元,设置为依据操作类型,以及确定的内存块的状态,判定操作的合法性。In the embodiment of the present invention, the detecting module further includes: a first determining unit configured to determine a memory block corresponding to the operation in the heap memory; and a second determining unit configured to determine a state of the memory block according to the state information of the memory block; A judging unit is configured to determine the legitimacy of the operation according to the type of operation and the determined state of the memory block.
在本发明实施例中,第一判断单元包括至少如下子单元之一:第一判断子单元,设置为在操作类型为对内存块进行访问,且内存块的状态为已释放的情况下,判定操作为访问已释放内存块的非法操作;第二判断子单元,设置为在操作类型为对内存块进行读操作,且内存块的初始化状态为未初始化的情况下,判定操作为读未初始化内存块的非法操作;第三判断子单元,设置为在操作类型为对内存块进行释放,且内存块的状态为已释放的情况下,判定操作为重复释放内存块的非法操作。In the embodiment of the present invention, the first determining unit includes at least one of the following subunits: the first determining subunit is configured to determine that the operation type is to access the memory block, and the state of the memory block is released. The operation is an illegal operation for accessing the released memory block; the second determining subunit is set to read the uninitialized memory when the operation type is a read operation on the memory block and the initialization state of the memory block is uninitialized. The illegal operation of the block; the third determining sub-unit is set to determine that the operation is an illegal operation of repeatedly releasing the memory block if the operation type is to release the memory block and the state of the memory block is released.
在本发明实施例中,第三确定单元,设置为确定操作在堆内存块中的操作范围;第二判断单元,设置为依据操作范围,以及内存块的属性信息判定操作的合法性,其中,内存块的属性信息包括:操作在堆内存中对应的内存块的起始地址以及内存块的使用长度。In the embodiment of the present invention, the third determining unit is configured to determine an operation range of the operation in the heap memory block; the second determining unit is configured to determine the legality of the operation according to the operation range and the attribute information of the memory block, where The attribute information of the memory block includes: a start address of a corresponding memory block operating in the heap memory and a used length of the memory block.
在本发明实施例中,第二判断单元包括:第四判断子单元,设置为判断操作范围是否在内存块的起始地址和内存块的使用长度确定的范围内;第一确定子单元,设置为在判断结果为否的情况下,确定操作为越界非法操作。In the embodiment of the present invention, the second determining unit includes: a fourth determining subunit, configured to determine whether the operating range is within a range determined by a starting address of the memory block and a used length of the memory block; the first determining subunit, setting In the case where the judgment result is negative, it is determined that the operation is an illegal operation.
在本发明实施例中,检测模块还包括:第二确定子单元,设置为在操作为释放操作的情况下,确定操作的释放地址;第五判断子单元,设置为在内存结构信息中获取不到释放地址对应的属性信息的情况下,判定操作为释放非堆内存地址的非法操作。In the embodiment of the present invention, the detecting module further includes: a second determining subunit, configured to determine a release address of the operation when the operation is a release operation; and the fifth determining subunit is configured to obtain the memory structure information In the case of releasing the attribute information corresponding to the address, it is determined that the operation is an illegal operation of releasing the non-heap memory address.
通过本发明实施例,采用确定对堆内存进行操作的操作类型;获取用于表述堆内存的内存结构信息;依据操作类型,以及内存结构信息对操作进行检测,解决了相关技术中现有的堆内存非法操作检测工具检测效率低的问题,进而达到了提高检测堆内存操作的效率的效果。 Through the embodiment of the present invention, the operation type for determining the operation of the heap memory is adopted; the memory structure information for expressing the heap memory is obtained; the operation is detected according to the operation type and the memory structure information, and the existing heap in the related art is solved. The memory illegal operation detection tool detects the problem of low efficiency, thereby achieving the effect of improving the efficiency of the detection heap memory operation.
附图说明DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1是根据本发明实施例的堆内存操作的检测方法的流程图;1 is a flow chart of a method of detecting a heap memory operation in accordance with an embodiment of the present invention;
图2是根据本发明实施例的堆内存操作的检测方法中的内存域的示意图;2 is a schematic diagram of a memory domain in a method for detecting a heap memory operation according to an embodiment of the present invention;
图3是根据本发明实施例的可选地堆内存操作的检测方法的流程图;3 is a flow chart of an alternate method of detecting a heap memory operation in accordance with an embodiment of the present invention;
图4是根据本发明实施例的可选地堆内存操作的检测方法的流程图;以及4 is a flowchart of an alternative method of detecting a heap memory operation in accordance with an embodiment of the present invention;
图5是根据本发明实施例的堆内存操作的检测装置的结构框图。FIG. 5 is a block diagram showing the structure of a detecting apparatus for a heap memory operation according to an embodiment of the present invention.
具体实施方式detailed description
下文中将参考附图并结合实施例来详细说明本发明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It is to be understood that the terms "first", "second" and the like in the specification and claims of the present invention are used to distinguish similar objects, and are not necessarily used to describe a particular order or order.
在本实施例中提供了一种堆内存操作的检测方法,图1是根据本发明实施例的堆内存操作的检测方法的流程图,如图1所示,该流程包括如下步骤:In this embodiment, a method for detecting a heap memory operation is provided. FIG. 1 is a flowchart of a method for detecting a heap memory operation according to an embodiment of the present invention. As shown in FIG. 1, the process includes the following steps:
步骤S102,确定对堆内存进行操作的操作类型。Step S102, determining an operation type for operating the heap memory.
具体的,上述操作类型可以为访问操作,也可以为释放操作。Specifically, the foregoing operation type may be an access operation or a release operation.
这里需要说明的是,上述堆内存可以为一个堆内存区域,在上述堆内存区域中可以划分多个长度相同的内存块,对堆内存的操作即为对上述堆内存区域的操作,也即对内存块的操作。It should be noted that the heap memory may be a heap memory area, and multiple memory blocks of the same length may be divided in the heap memory area. The operation on the heap memory is an operation on the heap memory area, that is, The operation of the memory block.
步骤S104,获取用于表述堆内存的内存结构信息。Step S104, acquiring memory structure information for expressing the heap memory.
具体的,可以通过编译插桩机制提供的堆内存的地址获取到用于表述堆内存的内存结构信息,上述内存结构信息可以分为两部分,第一部分信息可以为内存块的状态信息,比如空闲状态、被使用状态、释放状态等。第二部分信息可以为内存块的属性信息,比如内存块的使用长度,内存块的起始地址等。Specifically, the memory structure information used to describe the heap memory may be obtained by compiling the address of the heap memory provided by the instrumentation mechanism. The foregoing memory structure information may be divided into two parts, and the first part information may be status information of the memory block, such as idle. Status, used status, released status, etc. The second part of information may be attribute information of the memory block, such as the length of use of the memory block, the starting address of the memory block, and the like.
步骤S106,依据操作类型,以及内存结构信息对操作进行检测。Step S106, detecting the operation according to the operation type and the memory structure information.
具体的,在本方案中,可以根据针对操作类型结合与该堆内存对应的结构信息来对上述操作进行检测,即确定上述针对堆内存的操作是合法或违法。Specifically, in the solution, the foregoing operation may be detected according to the structure information corresponding to the heap memory for the operation type, that is, determining that the operation for the heap memory is legal or illegal.
上述步骤中,通过先获取堆内存的内存结构信息,然后结合针对堆内存操作的操作类型 和上述堆内存的内存结构信息检测上述操作的合法性,与相关检测工具相比,极大的降低检测过程中对内存的消耗,并且在并发运行激烈的软件中也可以高效率的实现对堆内存操作的检测,从而解决了现有的堆内存非法操作检测工具检测效率低的问题。In the above steps, by first obtaining the memory structure information of the heap memory, and then combining the operation type for the heap memory operation And the memory structure information of the above-mentioned heap memory detects the legality of the above operation, and greatly reduces the memory consumption in the detection process compared with the related detection tool, and can realize the heap efficiently in the concurrently running software. The detection of memory operations solves the problem of low detection efficiency of the existing heap memory illegal operation detection tool.
可选地,上述堆内存可以包括至少一个内存块,上述内存结构信息可以为内存块的状态信息,上述步骤S106,依据操作类型,以及内存结构信息对操作进行检测的步骤可以包括:Optionally, the foregoing heap memory may include at least one memory block, and the foregoing memory structure information may be status information of the memory block. In step S106, the step of detecting the operation according to the operation type and the memory structure information may include:
步骤S1061,确定操作在堆内存所对应的内存块。Step S1061, determining a memory block corresponding to the operation in the heap memory.
步骤S1062,依据内存块的状态信息确定内存块的状态。Step S1062, determining the state of the memory block according to the state information of the memory block.
步骤S1063,依据操作类型,以及确定的内存块的状态,判定操作的合法性。Step S1063, determining the legality of the operation according to the operation type and the determined state of the memory block.
具体的,可以通过堆内存地址来获取堆内存地址所对应的内存块,即操作对象,在上述内存块的尾部可以保存有内存块的状态信息,再结合上述操作类型和上述内存块的状态判定操作是否合法。Specifically, the memory block corresponding to the heap memory address may be obtained by using the heap memory address, that is, the operation object, and the state information of the memory block may be saved at the end of the memory block, and then combined with the operation type and the state of the memory block. Whether the operation is legal.
可选地,上述堆内存可以为一个内存域,该内存域可以包括多个内存块,内存块的状态可以记录在内存块的关键信息中。Optionally, the heap memory may be a memory domain, and the memory domain may include multiple memory blocks, and the state of the memory block may be recorded in key information of the memory block.
在一种可选的实施例中,以上述堆内存可以由包含多个内存块的内存域组成为例,提供一种根据堆内存地址来获取内存块的关键信息的方法:In an optional embodiment, the foregoing heap memory may be composed of a memory domain including a plurality of memory blocks, and provides a method for obtaining key information of the memory block according to the heap memory address:
可以首先先获取堆内存地址Ptr,再根据堆内存地址Ptr通过预先定义好的映射关系去获取上述堆内存地址Ptr所对应的内存区域管理结构,在该内存区域管理结构中则记录着内存区域的起始地址P0和内存块长度Sb,然后根据堆内存地址Ptr、内存区域的起始地址P0和内存块长度Sb得到上述关键信息:根据公式
Figure PCTCN2015088906-appb-000001
计算出Ptr对应的内存块的起始地址Pb,通过内存块的起始地址Pb加上Sb再减去内存块关键信息的大小Si,即可获得该内存块关键信息的起始地址。这里需要说明的是,在上述内存块的关键信息可以记录着上述内存块状态,比如空闲状态FREED,已使用状态USED,已初始化或未初始化。First, the heap memory address Ptr can be obtained first, and then the memory area management structure corresponding to the heap memory address Ptr is obtained according to the pre-defined mapping relationship according to the heap memory address Ptr, and the memory area is recorded in the memory area management structure. Starting address P0 and memory block length Sb, and then obtaining the above key information according to the heap memory address Ptr, the starting address P0 of the memory area, and the memory block length Sb: according to the formula
Figure PCTCN2015088906-appb-000001
Calculate the starting address Pb of the memory block corresponding to Ptr. The starting address of the key information of the memory block can be obtained by adding Sb to the starting address Pb of the memory block and subtracting the size Si of the key information of the memory block. It should be noted that the key information in the above memory block can record the status of the above memory block, such as the idle state FREED, the used state USED, initialized or not initialized.
在一种可选的实施例中,本方案提供了一种建立上述映射关系方法,提供了一种建立堆内存地址和内存域管理结构的映射关系的方法。本方法是利用现有的基数树(Radix Tree)机制,建立一套任意地址与内存域管理结构映射关系的数据结构。即将任一内存地址与(&)域页的结果作为基数树索引,并在索引对应的元素位置保存对应的内存域管理结构的指针;如果该内存地址不是堆内存则索引对应的元素保存0值。建立的步骤如下:初始化基数树,将所有元素保存内容置为0;在内存分配器新建立内存域时,向基数树注册新建内存域所有域页对应的内存域管理结构。即将所有域页作为索引找到的元素的保存内容修改为新建内存域管理结构指针;在内存分配器销毁内存域时,向基数树注销新建内存域所有域页对应的内存域管理结构。即将所有域页作为索引找到的元素的保存内容修改为0。In an optional embodiment, the solution provides a method for establishing the mapping relationship described above, and provides a method for establishing a mapping relationship between a heap memory address and a memory domain management structure. The method utilizes the existing Radix Tree mechanism to establish a data structure of a mapping relationship between an arbitrary address and a memory domain management structure. The result of any memory address and (&) domain page is used as the base tree index, and the pointer of the corresponding memory domain management structure is saved in the element position corresponding to the index; if the memory address is not heap memory, the corresponding element of the index stores 0 value. . The steps are as follows: initialize the radix tree, set the contents of all elements to 0; when the memory allocator newly establishes the memory domain, register the memory domain management structure corresponding to all the domain pages of the newly created memory domain to the radix tree. The save content of the elements found by all the domain pages as an index is modified to a new memory domain management structure pointer; when the memory allocator destroys the memory domain, the memory domain management structure corresponding to all the domain pages of the newly created memory domain is written off to the base tree. Modify the save content of the elements found by all domain pages as an index to 0.
可选地,步骤S1063,依据操作类型,以及确定的内存块的状态,判定操作的合法性的步骤可以分为如下至少一个方案: Optionally, in step S1063, according to the operation type and the determined status of the memory block, the step of determining the legality of the operation may be classified into at least one of the following:
方案一:Option One:
在操作类型为对内存块进行访问,且内存块的状态为已释放的情况下,判定操作为访问已释放内存块的非法操作。In the case where the operation type is access to the memory block and the state of the memory block is released, the determination operation is an illegal operation of accessing the released memory block.
具体的,在上述内存块的尾部可以保存有内存块的当前状态信息,在内存的当前状态为FREED(空闲状态)的时候,如果此时对上述内存块进行访问,则判定本次操作为访问已释放内存块的非法访问。Specifically, the current state information of the memory block may be stored at the end of the memory block. When the current state of the memory is FREED (idle state), if the memory block is accessed at this time, the operation is determined to be the access. Illegal access to the memory block has been released.
方案二:Option II:
在操作类型为对内存块进行读操作,且内存块的初始化状态为未初始化的情况下,判定操作为读未初始化内存块的非法操作。In the case where the operation type is a read operation on the memory block and the initialization state of the memory block is uninitialized, the operation is determined to be an illegal operation of reading the uninitialized memory block.
具体的,在上述内存块的尾部可以保存有内存块的当前状态信息,该当前状态信息可以为内存块的当前初始化状态,在内存块当前的初始化状态为未初始化(此时内存块的初始化标志为1)的情况下,则判定本次读操作为读未初始化内存块的非法操作。Specifically, the current state information of the memory block may be saved at the end of the memory block, and the current state information may be a current initialization state of the memory block, and the current initialization state of the memory block is uninitialized (the initialization flag of the memory block at this time) In the case of 1), it is determined that the current read operation is an illegal operation of reading an uninitialized memory block.
方案三:third solution:
在操作类型为对内存块进行释放,且内存块的状态为释放状态的情况下,判定操作为重复释放内存块的非法操作。In the case where the operation type is to release the memory block and the state of the memory block is the released state, the determination operation is an illegal operation of repeatedly releasing the memory block.
具体的,可以根据释放地址Pf通过上述预先定义好的映射关系去获取该释放地址对应内存块的状态,在内存块的当前状态为FREED(空闲状态)的时候,则说明内存块以被释放过,如果此时对上述内存块进行释放,则判定本次操作为释放已经释放的内存块的非法操作。Specifically, the state of the memory block corresponding to the release address may be obtained according to the pre-defined mapping relationship according to the release address Pf. When the current state of the memory block is FREED (idle state), the memory block is released. If the above memory block is released at this time, it is determined that the current operation is an illegal operation of releasing the released memory block.
可选地,在上述内存结构信息中也可以包括堆内存所包括的内存块的属性信息,其中,上述步骤S106,依据操作类型,以及内存结构信息对操作进行检测的步骤可以包括:Optionally, the foregoing step, the step of step S106, the step of detecting the operation according to the operation type and the memory structure information may include:
步骤S1064,确定操作在堆内存块中的操作范围。In step S1064, the operation range of the operation in the heap memory block is determined.
步骤S1066,依据操作范围,以及内存块的属性信息判定操作的合法性,其中,内存块的属性信息包括:操作在堆内存中对应的内存块的起始地址以及内存块的使用长度。Step S1066: Determine the legality of the operation according to the operation range and the attribute information of the memory block, where the attribute information of the memory block includes: a start address of the corresponding memory block operating in the heap memory and a used length of the memory block.
具体的,可以通过堆内存的地址来获取内存块的属性信息,再通过操作范围、内存块的属性信息来对操作的合法性进行检测。Specifically, the attribute information of the memory block can be obtained through the address of the heap memory, and the legality of the operation is detected through the operation range and the attribute information of the memory block.
仍旧以上述堆内存可以由包含多个内存块的内存域组成为例,提供一种依据操作范围,以及内存块的起始地址和内存块的使用长度,判定操作的合法性的可选方案:Still, the above heap memory can be composed of a memory domain including a plurality of memory blocks as an example, and an alternative scheme for determining the legality of the operation according to the operation range, the starting address of the memory block, and the length of use of the memory block is provided:
首先获取编译插桩机制提供的操作的访问范围以及本次内存访问的起始地址Ptr,利用上述获取内存块的关键信息的方案获取到Ptr对应的内存块起始地址Pb和内存块关键信息,在上述内存块关键信息中还可以记录着内存块的使用长度USER_SIZE,则可以根据内存块起始地址Pb、内存块的使用长度USER_SIZE、本次访问的访问范围来判定本次操作的合法性。 Firstly, the access range of the operation provided by the compiler instrumentation mechanism and the start address Ptr of the memory access are obtained, and the memory block start address Pb and the memory block key information corresponding to the Ptr are obtained by using the above-mentioned scheme for obtaining the key information of the memory block. In the above-mentioned memory block key information, the use length USER_SIZE of the memory block can also be recorded, and the legality of the current operation can be determined according to the memory block start address Pb, the use length of the memory block USER_SIZE, and the access range of the current access.
可选地,步骤S1066,依据操作范围,以及内存块的起始地址和内存块的使用长度,判定操作的合法性的步骤可以包括:Optionally, in step S1066, according to the operating range, and the starting address of the memory block and the used length of the memory block, the step of determining the legality of the operation may include:
步骤S10661,判断操作范围是否在内存块的起始地址和内存块的使用长度确定的范围内。Step S10661, determining whether the operation range is within a range determined by the start address of the memory block and the use length of the memory block.
步骤S10662,在判断结果为否的情况下,确定操作为越界非法操作。In step S10662, if the result of the determination is negative, it is determined that the operation is an illegal operation.
具体的,可以读出内存块的使用长度USER_SIZE,如果本次内存访问范围不完全在Pb到Pb+USER_SIZE-1以内则判定本次内存操作是越界类型的非法访问。Specifically, the used length USER_SIZE of the memory block can be read. If the current memory access range is not completely within Pb to Pb+USER_SIZE-1, it is determined that the memory operation is an illegal access of the out-of-bound type.
可选地,步骤S106,依据操作类型,以及内存结构信息对操作进行检测的步骤还可以包括:Optionally, in step S106, the step of detecting the operation according to the operation type and the memory structure information may further include:
步骤S1067,在操作为释放操作的情况下,确定操作的释放地址。In step S1067, in the case where the operation is a release operation, the release address of the operation is determined.
步骤S1068,在内存结构信息中获取不到释放地址对应的属性信息的情况下,判定操作为释放非堆内存地址的非法操作。In step S1068, if the attribute information corresponding to the release address is not obtained in the memory structure information, the operation is determined to be an illegal operation of releasing the non-heap memory address.
具体的,如果根据释放地址Pf根据上述映射关系获取不到该释放地址对应的属性信息的情况下,则说明该释放地址Pf为不是堆内存的地址,本次操作具体为释放非堆内存的非法操作。Specifically, if the attribute information corresponding to the release address is not obtained according to the foregoing mapping relationship, the release address Pf is not the address of the heap memory, and the operation is specifically to release the non-heap memory. operating.
可选地,如果根据上述释放地址Pf获取到了属性信息,但是该内存结构信息中的内存块的属性信息中的内存块的起始地址Pb不等于Pf的情况下,说明该释放地址为一个错误地址,本次操作为释放错误堆内存地址的非法释放操作。Optionally, if the attribute information is obtained according to the release address Pf, but the start address Pb of the memory block in the attribute information of the memory block in the memory structure information is not equal to Pf, the release address is an error. Address, this operation is an illegal release operation that releases the error heap memory address.
可选地,堆内存操作的检测方法可以分为堆内存的非法访问检测和非法释放检测,下面结合图3和图4对上述两种检测方法进行描述:Optionally, the detection method of the heap memory operation may be divided into an illegal access detection and an illegal release detection of the heap memory, and the foregoing two detection methods are described below in conjunction with FIG. 3 and FIG. 4:
非法访问检测:Illegal access detection:
步骤S21:被检测程序运行。Step S21: The detected program runs.
步骤S22:被检测程序访问内存,触发堆内存非法访问检查。Step S22: The detected program accesses the memory, and triggers the heap memory illegal access check.
步骤S23:利用堆内存地址和内存域管理结构的映射关系,判断本次访问内存是否是堆内存。如果不是则跳转到步骤S31,如果是则执行步骤S24。Step S23: Using the mapping relationship between the heap memory address and the memory domain management structure, determine whether the memory accessed this time is heap memory. If not, the process jumps to step S31, and if yes, step S24 is performed.
步骤S24:检查是否访问未分配的内存区域,即利用访问未分配的内存区域的检测方法进行检查,读出内存域状态,如果为未初始化状态则判定本次内存操作是访问未分配的内存区域的非法访问,跳转到步骤S30。如果为已初始化状态则继续下一步。Step S24: Check whether the unallocated memory area is accessed, that is, check by using a detection method for accessing the unallocated memory area, and read out the memory domain state. If it is an uninitialized state, it is determined that the current memory operation is accessing the unallocated memory area. The illegal access, jump to step S30. If it is initialized, continue to the next step.
步骤S25:利用根据任一堆内存地址找到其所属的内存块起始地址和内存块关键信息的方法,获取内存块起始地址Pb和记录在内存块尾部的关键信息。Step S25: Using the method of finding the memory block start address and the memory block key information according to any heap memory address, the memory block start address Pb and the key information recorded at the end of the memory block are obtained.
步骤S26:检查是否是访问已释放的内存块,利用访问已释放内存块的检测方法检查。即从内存块关键信息读出内存块状态,如果状态为FREED则判定本次访问是访问已释放内存块, 跳转到步骤S30。否则继续下一步。Step S26: Check if the memory block that has been released is accessed, and check by using the detection method of accessing the released memory block. That is, the memory block status is read from the memory block key information, and if the status is FREED, it is determined that the current access is accessing the released memory block. Go to step S30. Otherwise continue to the next step.
步骤S27:检查是否为越界访问,利用越界访问的检测方法检查。即读出内存块关键信息中的USER_SIZE,如果本次内存访问范围不完全在Pb到Pb+USER_SIZE-1以内则判定本次访问是越界访问,跳转到步骤S30。否则继续下一步。Step S27: It is checked whether it is an out-of-bounds access and is checked by a detection method of the out-of-bounds access. That is, the USER_SIZE in the key information of the memory block is read. If the current memory access range is not completely within Pb to Pb+USER_SIZE-1, it is determined that the current access is an out-of-bounds access, and the process proceeds to step S30. Otherwise continue to the next step.
步骤S28:检查是否是读未初始化内存块操作,利用读未初始化内存块的检测方法检查。即从内存块关键信息中读出内存块未初始化标志,如果标志为1且本次为读访问则判定本次访问是读未初始化内存块,跳转到步骤S30。否则如果本次是写访问则将内存块未初始化标志置为0,并继续下一步。Step S28: Check whether the operation of reading the uninitialized memory block is checked by using the detection method of reading the uninitialized memory block. That is, the memory block uninitialization flag is read from the memory block key information. If the flag is 1 and this time is a read access, it is determined that the current access is an uninitialized memory block, and the process proceeds to step S30. Otherwise, if this is a write access, set the memory block uninitialization flag to 0 and continue to the next step.
步骤S29:判定本次访问合法,跳转到步骤S31。Step S29: It is determined that the current access is legal, and the process proceeds to step S31.
步骤S30:输出检测信息。Step S30: Output detection information.
步骤S31:堆内存非法访问检测结束,被检测程序继续运行。Step S31: The heap memory illegal access detection ends, and the detected program continues to run.
非法释放检测:Illegal release test:
步骤S10,被检测程序运行。In step S10, the detected program runs.
步骤S20,被检测程序释放内存,触发堆内存非法释放检测。In step S20, the detected program releases the memory, and triggers the heap memory illegal release detection.
步骤S301,检查是否为释放非内存。即根据释放时传入的地址Pf,利用堆内存地址和内存域管理结构的映射关系,查找Pf对应的内存域。如果找不到对应的内存域则判定为释放非堆内存,跳转到步骤S80;否则执行步骤S40。In step S301, it is checked whether the non-memory is released. That is, according to the address Pf introduced at the time of release, the mapping relationship between the heap memory address and the memory domain management structure is used to find the memory domain corresponding to the Pf. If the corresponding memory domain cannot be found, it is determined that the non-heap memory is released, and the process goes to step S80; otherwise, step S40 is performed.
步骤S40,利用根据任一堆内存地址找到其所属的内存块起始地址和内存块关键信息的方法,获取内存块起始地址Pb和记录在内存块尾部的关键信息;Step S40, using the method of finding the memory block start address and the memory block key information according to any heap memory address, obtaining the memory block start address Pb and the key information recorded at the end of the memory block;
步骤S50,检查是否是释放已释放的内存块。即从内存块关键信息读出内存块状态,如果状态为FREED则判定为重复释放内存,跳转到步骤S80。否则执行步骤S60。In step S50, it is checked whether the released memory block is released. That is, the memory block status is read from the memory block key information, and if the status is FREED, it is determined that the memory is repeatedly released, and the process proceeds to step S80. Otherwise, step S60 is performed.
步骤S60,检查是否是释放错误堆内存地址,即如果Pf不等于Pb则判定为释放错误堆内存地址,跳转到步骤S80;否则继续下一步。In step S60, it is checked whether the error heap memory address is released, that is, if Pf is not equal to Pb, it is determined that the error heap memory address is released, and the process goes to step S80; otherwise, the process proceeds to the next step.
步骤S70,判定本次释放合法,释放内存,跳转到步骤S90。In step S70, it is determined that the current release is legal, the memory is released, and the process proceeds to step S90.
步骤S80,输出检测信息。In step S80, the detection information is output.
步骤S90,堆内存非法释放检测结束,被检测程序继续运行。In step S90, the heap memory illegal release detection ends, and the detected program continues to run.
下面结合具体的实施例对堆内存操作的检测方法进行进一步的说明:The detection method of the heap memory operation is further described below in conjunction with a specific embodiment:
首先,本发明实施例方法可以基于特定算法的堆内存分配器来实现。这种特定算法的堆内存分配器具有如下特性:特性一,堆内存分配器基于一块虚拟地址连续的大内存区域(简称内存域)来管理内存,即以内存域为单位向***申请和释放内存;特性二,所有的内存域 始终按照特定的长度对齐(特定的长度本文称之为域页);特性三,提供用户使用的内存块从内存域中切割,一个内存域可以切割若干内存块但一个内存域切割的所有内存块长度相同;特性四,内存域所有内存完全、完整切分为内存块,没有剩余内存作它用;特性五,每一个内存域存在一个对应的内存域管理结构记录该内存域起始地址、切割的内存块长度和初始化状态(未初始化表示不可提供给用户使用)等信息。内存区域的结构如图2所示。First, the method of the embodiment of the present invention can be implemented based on a heap memory allocator of a specific algorithm. The heap memory allocator of this particular algorithm has the following characteristics: Characteristic 1. The heap memory allocator manages memory based on a large memory area (referred to as a memory domain) of a virtual address, that is, requests and releases memory from the system in units of memory domains. ; feature two, all memory domains Always aligned to a specific length (a specific length is referred to herein as a domain page); feature three provides a memory block used by the user to cut from the memory domain, and a memory domain can cut several memory blocks but all memory blocks cut by one memory domain The length is the same; characteristic four, the memory domain all memory is completely and completely divided into memory blocks, there is no remaining memory for other purposes; characteristic five, each memory domain has a corresponding memory domain management structure to record the memory domain starting address, cutting The memory block length and initialization status (uninitialized means that it is not available to the user). The structure of the memory area is shown in Figure 2.
然后,本实施例可以提供一种记录内存块关键信息的方法:可以利用现有的堆内存分配接口接管方法,接管C库提供的堆内存分配/释放接口,并在分配的内存块尾部***内存块关键信息。其中,该内存块关键信息可以包括:内存块状态,即FREED和USED。FREED表示本内存块处于空闲状态;USED表示本内存块已分配给用户使用。内存块关键信息还额可以包括:用户希望申请的内存块大小(USER_SIZE),可选地,内存块关键信息还可以包括:未初始化标志,即本内存块未初始化则标志为1,初始化后标志置为0。Then, this embodiment can provide a method for recording key information of a memory block: the existing heap memory allocation interface takeover method can be utilized, the heap memory allocation/release interface provided by the C library is taken over, and the memory is inserted at the end of the allocated memory block. Block key information. The key information of the memory block may include: a memory block state, that is, FREED and USED. FREED indicates that the memory block is in an idle state; USED indicates that the memory block has been allocated to the user. The key information of the memory block may include: a memory block size (USER_SIZE) that the user wishes to apply. Optionally, the key information of the memory block may further include: an uninitialized flag, that is, the memory block is not initialized, the flag is 1, and the flag is initialized. Set to 0.
接着,本实施例还可以提供一种建立堆内存地址和内存域管理结构的映射关系的方法。该方法是利用现有的基数树(Radix Tree)机制,建立一套任意地址与内存域管理结构映射关系的数据结构。即将任一内存地址与(&)域页的结果作为基数树索引,并在索引对应的元素位置保存对应的内存域管理结构的指针;如果该内存地址不是堆内存则索引对应的元素保存0值。本方法具体步骤如下:初始化基数树,将所有元素保存内容置为0;在内存分配器新建立内存域时,向基数树注册新建内存域所有域页对应的内存域管理结构。即将所有域页作为索引找到的元素的保存内容修改为新建内存域管理结构指针;在内存分配器销毁内存域时,向基数树注销新建内存域所有域页对应的内存域管理结构。即将所有域页作为索引找到的元素的保存内容修改为0。Then, the embodiment may further provide a method for establishing a mapping relationship between a heap memory address and a memory domain management structure. The method utilizes the existing Radix Tree mechanism to establish a data structure of a mapping relationship between an arbitrary address and a memory domain management structure. The result of any memory address and (&) domain page is used as the base tree index, and the pointer of the corresponding memory domain management structure is saved in the element position corresponding to the index; if the memory address is not heap memory, the corresponding element of the index stores 0 value. . The specific steps of the method are as follows: initialize the radix tree, set all element save contents to 0; when the memory allocator newly establishes the memory domain, register the memory domain management structure corresponding to all the domain pages of the newly built memory domain to the radix tree. The save content of the elements found by all the domain pages as an index is modified to a new memory domain management structure pointer; when the memory allocator destroys the memory domain, the memory domain management structure corresponding to all the domain pages of the newly created memory domain is written off to the base tree. Modify the save content of the elements found by all domain pages as an index to 0.
接着,本实施例还可以提供一种根据堆内存地址Ptr找到其所属的内存块起始地址和内存块关键信息的方法。本方法具体步骤如下:根据堆内存地址和内存域管理结构的映射关系,找出堆内存地址对应的内存域管理结构,读出内存域的起始地址P0和内存块长度Sb;根据公式
Figure PCTCN2015088906-appb-000002
计算出Ptr对应的内存块的起始地址Pb;Pb加上Sb再减去内存块关键信息的大小Si,即可获得该内存块关键信息的起始地址。Then, the embodiment may further provide a method for finding the starting address of the memory block and the key information of the memory block according to the heap memory address Ptr. The specific steps of the method are as follows: according to the mapping relationship between the heap memory address and the memory domain management structure, find the memory domain management structure corresponding to the heap memory address, and read the starting address P0 and the memory block length Sb of the memory domain;
Figure PCTCN2015088906-appb-000002
Calculate the starting address Pb of the memory block corresponding to Ptr; Pb plus Sb and then subtract the size Si of the memory block key information to obtain the starting address of the key information of the memory block.
基于上述记录内存块关键信息的方法、建立堆内存地址和内存域管理结构的映射关系的方法、根据堆内存地址Ptr找到其所属的内存块起始地址和内存块关键信息的方法,本实施例可以提供堆内存非法访问的检测方法。需要说明的是,堆内存非法访问的检测点是利用编译器编译插桩机制实现的,即在被检测软件进行内存访问时进行。编译插桩机制提供本次内存访问的起始地址和访问范围。上述堆内存非法访问的检测方法包括:访问未分配的内存区域的检测方法。根据编译插桩机制提供本次内存访问的起始地址Ptr,利用堆内存地址和内存域管理结构的映射关系,找出Ptr对应的内存域,如果内存域的状态为未初始化,则判定本次内存操作是访问未分配的内存区域的非法访问。The method for recording the key information of the memory block, the method for establishing the mapping relationship between the heap memory address and the memory domain management structure, and the method for finding the memory block start address and the memory block key information according to the heap memory address Ptr, this embodiment A detection method that can illegally access heap memory can be provided. It should be noted that the detection point of the illegal access of the heap memory is implemented by using the compiler to compile the instrumentation mechanism, that is, when the detected software performs memory access. The compiled instrumentation mechanism provides the starting address and access range for this memory access. The detection method of the above-mentioned heap memory illegal access includes: a method for detecting an unallocated memory area. According to the compiler instrumentation mechanism, the starting address Ptr of the memory access is provided, and the mapping relationship between the heap memory address and the memory domain management structure is used to find the memory domain corresponding to the Ptr. If the state of the memory domain is uninitialized, the current memory is determined. A memory operation is an illegal access to an unallocated memory area.
可选地,堆内存非法访问的检测方法还可以包括:访问已释放内存块的检测方法。根据编译插桩机制提供本次内存访问的起始地址Ptr,利用任一堆内存地址找到其所属的内存块起始地址和内存块关键信息的方法,获取内存块关键信息。读出内存块关键信息中的内存块状 态,如果内存块状态为FREED则判定本次内存操作是访问已释放内存块的非法访问。Optionally, the detecting method of the illegal access of the heap memory may further include: accessing the detection method of the released memory block. According to the compiler instrumentation mechanism, the starting address Ptr of the memory access is provided, and the memory block starting address and the key information of the memory block are found by using any heap memory address, and the key information of the memory block is obtained. Read out the memory block in the key information of the memory block If the memory block status is FREED, it is determined that this memory operation is an illegal access to the released memory block.
可选地,堆内存非法访问的检测方法还包括:越界访问的检测方法。根据编译插桩机制提供本次内存访问的起始地址Ptr,利用任一堆内存地址找到其所属的内存块起始地址和内存块关键信息的方法,获取Ptr对应的内存块起始地址Pb和内存块关键信息。读出内存块关键信息中的USER_SIZE,如果本次内存访问范围不完全在Pb到Pb+USER_SIZE-1以内则判定本次内存操作是越界类型的非法访问。Optionally, the detection method of the illegal access of the heap memory further includes: a detection method of the outbound access. According to the compiler instrumentation mechanism, the starting address Ptr of the memory access is provided, and the memory block starting address and the memory block key information are found by using any heap memory address, and the memory block starting address Pb corresponding to the Ptr is obtained. Memory block key information. Read USER_SIZE in the key information of the memory block. If the memory access range is not completely within Pb to Pb+USER_SIZE-1, it is determined that the memory operation is an illegal access of the out-of-bound type.
可选地,堆内存非法访问的检测方法还包括:读未初始化内存块的检测方法。该方法具体步骤如下:内存块分配时利用记录内存块关键信息的方法将关键信息中的未初始化标志置为1;内存访问时,根据编译插桩机制提供本次内存访问的起始地址Ptr,利用任一堆内存地址找到其所属的内存块起始地址和内存块关键信息的方法,获取内存块关键信息,读出内存块未初始化标志。如果本次访问是写访问则将未初始化标志置为0;如果本次是读访问,则判断内存块未初始化标志是否为1,如果为1则判定本次操作是读未初始化内存块的非法操作。Optionally, the method for detecting illegal access of the heap memory further includes: detecting a method for detecting the uninitialized memory block. The specific steps of the method are as follows: when the memory block is allocated, the uninitialization flag in the key information is set to 1 by using the method of recording the key information of the memory block; when the memory is accessed, the starting address Ptr of the memory access is provided according to the compiled instrumentation mechanism. Use any heap memory address to find the memory block start address and memory block key information, obtain the memory block key information, and read the memory block uninitialization flag. If the access is a write access, the uninitialization flag is set to 0; if this is a read access, it is judged whether the memory block uninitialization flag is 1, and if it is 1, it is determined that the current operation is illegal to read the uninitialized memory block. operating.
可选地,本实施例还可以提供内存非法释放的检测方法。Optionally, this embodiment may also provide a detection method for illegal release of memory.
内存非法释放的检测方法包括:释放非堆内存的检测方法。根据释放时传入的地址Pf,利用堆内存地址和内存域管理结构的映射关系,查找Pf对应的内存域。如果找不到对应的内存域则表明Pf并不是堆内存地址,即可判定本次内存操作是释放非堆内存的非法释放。The detection method for illegally releasing memory includes: releasing the detection method of non-heap memory. According to the address Pf that is introduced at the time of release, the memory domain corresponding to the Pf is searched by using the mapping relationship between the heap memory address and the memory domain management structure. If the corresponding memory domain is not found, it indicates that Pf is not a heap memory address, and it can be determined that this memory operation is an illegal release of releasing non-heap memory.
可选地,内存非法释放的检测方法还包括:重复释放内存块的检测方法。根据释放时传入的地址Pf,利用任一堆内存地址找到其所属的内存块起始地址和内存块关键信息的方法,获取内存块关键信息。读出内存块关键信息中的内存块状态,如果内存块状态为FREED则判定本次内存操作是重复释放内存块的非法释放。Optionally, the method for detecting the illegal release of the memory further includes: a method for repeatedly releasing the memory block. According to the address Pf that is sent at the time of release, the method of finding the starting address of the memory block and the key information of the memory block by using any heap memory address is used to obtain the key information of the memory block. Read the status of the memory block in the key information of the memory block. If the status of the memory block is FREED, it is determined that the memory operation is an illegal release of the repeatedly released memory block.
可选地,内存非法释放的检测方法还包括:释放错误堆内存地址的检测方法。根据释放时传入的地址Pf,利用任一堆内存地址找到其所属的内存块起始地址和内存块关键信息的方法,获取内存块起始地址Pb。如果Pf不等于Pb则判定本次内存操作是释放错误堆内存地址的非法释放。Optionally, the method for detecting the illegal release of the memory further includes: a method for detecting the error of the memory address of the error heap. According to the address Pf introduced at the time of release, the memory block start address Pb is obtained by using any heap memory address to find the memory block start address and the memory block key information. If Pf is not equal to Pb, it is determined that this memory operation is an illegal release of the error heap memory address.
综上,针对现有检测工具检测类型较少、内存消耗大、检测效率低下的缺陷,本申请的方案可以实现效果如下:能实现检查各种堆内存违法的、内存消耗更低和更加快速的堆内存非法操作检测方法。In summary, in view of the defects of the existing detection tools, such as less type of detection, large memory consumption, and low detection efficiency, the solution of the present application can achieve the following effects: it can check the illegality of various heap memories, and the memory consumption is lower and faster. Heap memory illegal operation detection method.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明实施例的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic). The disc, the disc, includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods of various embodiments of the present invention.
在本实施例中还提供了一种堆内存操作的检测装置,该装置用于实现上述实施例及优选 实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In the embodiment, a detection device for the operation of the stack memory is further provided, and the device is used to implement the above embodiments and preferences. The embodiments have not been described again. As used below, the term "module" may implement a combination of software and/or hardware of a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
图5是根据本发明实施例的堆内存操作的检测装置的结构框图,如图5所示,该装置包括:确定模块50,设置为确定对堆内存进行操作的操作类型;获取模块52,设置为获取用于表述所述堆内存的内存结构信息;检测模块54,设置为依据所述操作类型,以及所述内存结构信息对所述操作进行检测。5 is a structural block diagram of a detecting apparatus for a heap memory operation according to an embodiment of the present invention. As shown in FIG. 5, the apparatus includes: a determining module 50 configured to determine an operation type for operating a heap memory; and an obtaining module 52, setting To obtain the memory structure information for expressing the heap memory, the detecting module 54 is configured to detect the operation according to the operation type and the memory structure information.
可选地,检测模块54可以包括:第一确定单元,设置为确定所述操作在所述堆内存所对应的内存块;第二确定单元,设置为依据所述内存块的状态信息确定所述内存块的状态;第一判断单元,设置为依据所述操作类型,以及确定的所述内存块的状态,判定所述操作的合法性。Optionally, the detecting module 54 may include: a first determining unit, configured to determine a memory block corresponding to the operation in the heap memory; and a second determining unit, configured to determine, according to status information of the memory block, a state of the memory block; the first determining unit is configured to determine the legitimacy of the operation according to the operation type and the determined state of the memory block.
可选地,上述第一判断单元可以包括至少如下子单元之一:第一判断子单元,设置为在所述操作类型为对所述内存块进行访问,且所述内存块的状态为已释放的情况下,判定所述操作为访问已释放内存块的非法操作;第二判断子单元,设置为在所述操作类型为对所述内存块进行读操作,且所述内存块的初始化状态为未初始化的情况下,判定所述操作为读未初始化内存块的非法操作;第三判断子单元,设置为在所述操作类型为对所述内存块进行释放,且所述内存块的状态为释放状态的情况下,判定所述操作为重复释放内存块的非法操作。Optionally, the foregoing first determining unit may include at least one of the following subunits: the first determining subunit is configured to: when the operation type is to access the memory block, and the state of the memory block is released In case, the operation is determined to be an illegal operation of accessing the released memory block; the second determining subunit is configured to perform a read operation on the memory block in the operation type, and the initialization state of the memory block is In the case of uninitialization, it is determined that the operation is an illegal operation of reading an uninitialized memory block; the third determining subunit is set to release the memory block in the operation type, and the state of the memory block is In the case of releasing the state, it is determined that the operation is an illegal operation of repeatedly releasing the memory block.
可选地,上述检测模块54还可以包括:第三确定单元,设置为确定操作在堆内存块中的操作范围;第二判断单元,设置为依据操作范围,以及内存块的属性信息判定操作的合法性,其中,内存块的属性信息包括:操作在堆内存中对应的内存块的起始地址以及内存块的使用长度。Optionally, the detecting module 54 may further include: a third determining unit configured to determine an operating range of operation in the heap memory block; and a second determining unit configured to determine the operation according to the operating range and the attribute information of the memory block Legitimacy, wherein the attribute information of the memory block includes: a start address of a corresponding memory block operating in the heap memory and a used length of the memory block.
可选地,上述第二判断单元可以包括:第四判断子单元,设置为判断所述操作范围是否在所述内存块的起始地址和所述内存块的使用长度确定的范围内;第一确定子单元,设置为在判断结果为否的情况下,确定所述操作为越界非法操作。Optionally, the foregoing second determining unit may include: a fourth determining subunit, configured to determine whether the operating range is within a range determined by a starting address of the memory block and a used length of the memory block; The subunit is determined to be set to determine that the operation is an out-of-boundary illegal operation if the determination result is negative.
可选地,检测模块54还可以包括:第二确定子单元,设置为在所述操作为释放操作的情况下,确定所述操作的释放地址,第五判断子单元,设置为在所述内存结构信息中获取不到所述释放地址对应的信息的情况下,判定所述操作为释放错误释堆非内存地址的非法操作。Optionally, the detecting module 54 may further include: a second determining subunit, configured to determine a release address of the operation if the operation is a release operation, and a fifth determining subunit configured to be in the memory In the case where the information corresponding to the release address is not obtained in the structure information, it is determined that the operation is an illegal operation of releasing the error-release non-memory address.
本发明的实施例还提供了一种存储介质。可选地,在本实施例中,上述存储介质可以被设置为存储用于执行以下步骤的程序代码:Embodiments of the present invention also provide a storage medium. Optionally, in the embodiment, the foregoing storage medium may be configured to store program code for performing the following steps:
S1,确定对堆内存进行操作的操作类型。S1, determining the type of operation that operates on the heap memory.
S2,获取用于表述所述堆内存的内存结构信息。S2. Obtain a memory structure information for expressing the heap memory.
S3,依据所述操作类型,以及所述内存结构信息对所述操作进行检测。S3. The operation is detected according to the operation type and the memory structure information.
可选地,存储介质还被设置为存储用于执行以下步骤的程序代码: Optionally, the storage medium is further arranged to store program code for performing the following steps:
S1,确定所述操作在所述堆内存所对应的内存块;S1. Determine a memory block corresponding to the operation in the heap memory.
S2,依据所述内存块的状态信息确定所述内存块的状态;S2. Determine a state of the memory block according to status information of the memory block.
S3,依据所述操作类型,以及确定的所述内存块的状态,判定所述操作的合法性。S3. Determine the legality of the operation according to the operation type and the determined status of the memory block.
可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:Optionally, the storage medium is further arranged to store program code for performing the following steps:
S1,在所述操作类型为对所述内存块进行访问,且所述内存块的状态为已释放的情况下,判定所述操作为访问已释放内存块的非法操作;S1. When the operation type is accessing the memory block, and the state of the memory block is released, determining that the operation is an illegal operation for accessing the released memory block;
S2,在所述操作类型为对所述内存块进行读操作,且所述内存块的初始化状态为未初始化的情况下,判定所述操作为读未初始化内存块的非法操作;S2. When the operation type is a read operation on the memory block, and the initialization state of the memory block is uninitialized, determining that the operation is an illegal operation of reading an uninitialized memory block;
S3,在所述操作类型为对所述内存块进行释放,且所述内存块的状态为已释放的情况下,判定所述操作为重复释放内存块的非法操作。S3. In the case that the operation type is to release the memory block, and the state of the memory block is released, it is determined that the operation is an illegal operation of repeatedly releasing the memory block.
可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:Optionally, the storage medium is further arranged to store program code for performing the following steps:
S1,确定所述操作在所述堆内存块中的操作范围;S1, determining an operation range of the operation in the heap memory block;
S2,依据所述操作范围,以及所述内存块的属性信息判定所述操作的合法性,其中,所述内存块的属性信息包括:所述操作在所述堆内存中对应的内存块的起始地址以及所述内存块的使用长度。S2, determining the legality of the operation according to the operating range and the attribute information of the memory block, where the attribute information of the memory block includes: the operation of the corresponding memory block in the heap memory The start address and the length of use of the memory block.
可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:Optionally, the storage medium is further arranged to store program code for performing the following steps:
S1,判断所述操作范围是否在所述内存块的起始地址和所述内存块的使用长度确定的范围内;S1. Determine whether the operating range is within a range determined by a starting address of the memory block and a used length of the memory block.
S2,在判断结果为否的情况下,确定所述操作为越界非法操作。S2. If the determination result is no, the operation is determined to be an illegal operation.
可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:Optionally, the storage medium is further arranged to store program code for performing the following steps:
S1,在所述操作为释放操作的情况下,确定所述操作的释放地址;S1, in a case where the operation is a release operation, determining a release address of the operation;
S2,在所述内存结构信息中获取不到所述释放地址对应的所述属性信息的情况下,判定所述操作为释放非内存地址的非法操作。S2. If the attribute information corresponding to the release address is not obtained in the memory structure information, determine that the operation is an illegal operation of releasing a non-memory address.
可选地,在本实施例中,上述存储介质可以包括但不限于:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。Optionally, in this embodiment, the foregoing storage medium may include, but not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory. A variety of media that can store program code, such as a disc or a disc.
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行:Optionally, in this embodiment, the processor executes according to the stored program code in the storage medium:
S1,确定对堆内存进行操作的操作类型。S1, determining the type of operation that operates on the heap memory.
S2,获取用于表述所述堆内存的内存结构信息。 S2. Obtain a memory structure information for expressing the heap memory.
S3,依据所述操作类型,以及所述内存结构信息对所述操作进行检测。S3. The operation is detected according to the operation type and the memory structure information.
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行:Optionally, in this embodiment, the processor executes according to the stored program code in the storage medium:
S1,确定所述操作在所述堆内存所对应的内存块;S1. Determine a memory block corresponding to the operation in the heap memory.
S2,依据所述内存块的状态信息确定所述内存块的状态;S2. Determine a state of the memory block according to status information of the memory block.
S3,依据所述操作类型,以及确定的所述内存块的状态,判定所述操作的合法性。S3. Determine the legality of the operation according to the operation type and the determined status of the memory block.
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行:Optionally, in this embodiment, the processor executes according to the stored program code in the storage medium:
S1,在所述操作类型为对所述内存块进行访问,且所述内存块的状态为已释放的情况下,判定所述操作为访问已释放内存块的非法操作;S1. When the operation type is accessing the memory block, and the state of the memory block is released, determining that the operation is an illegal operation for accessing the released memory block;
S2,在所述操作类型为对所述内存块进行读操作,且所述内存块的初始化状态为未初始化的情况下,判定所述操作为读未初始化内存块的非法操作;S2. When the operation type is a read operation on the memory block, and the initialization state of the memory block is uninitialized, determining that the operation is an illegal operation of reading an uninitialized memory block;
S3,在所述操作类型为对所述内存块进行释放,且所述内存块的状态为已释放的情况下,判定所述操作为重复释放内存块的非法操作。S3. In the case that the operation type is to release the memory block, and the state of the memory block is released, it is determined that the operation is an illegal operation of repeatedly releasing the memory block.
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行:Optionally, in this embodiment, the processor executes according to the stored program code in the storage medium:
S1,确定所述操作在所述堆内存块中的操作范围;S1, determining an operation range of the operation in the heap memory block;
S2,依据所述操作范围,以及所述内存块的属性信息判定所述操作的合法性,其中,所述内存块的属性信息包括:所述操作在所述堆内存中对应的内存块的起始地址以及所述内存块的使用长度。S2, determining the legality of the operation according to the operating range and the attribute information of the memory block, where the attribute information of the memory block includes: the operation of the corresponding memory block in the heap memory The start address and the length of use of the memory block.
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行:Optionally, in this embodiment, the processor executes according to the stored program code in the storage medium:
S1,判断所述操作范围是否在所述内存块的起始地址和所述内存块的使用长度确定的范围内;S1. Determine whether the operating range is within a range determined by a starting address of the memory block and a used length of the memory block.
S2,在判断结果为否的情况下,确定所述操作为越界非法操作。S2. If the determination result is no, the operation is determined to be an illegal operation.
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行:Optionally, in this embodiment, the processor executes according to the stored program code in the storage medium:
S1,在所述操作为释放操作的情况下,确定所述操作的释放地址;S1, in a case where the operation is a release operation, determining a release address of the operation;
S2,在所述内存结构信息中获取不到所述释放地址对应的所述属性信息的情况下,判定所述操作为释放非内存地址的非法操作。S2. If the attribute information corresponding to the release address is not obtained in the memory structure information, determine that the operation is an illegal operation of releasing a non-memory address.
可选地,本实施例中的具体示例可以参考上述实施例及可选实施方式中所描述的示例,本实施例在此不再赘述。For example, the specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the optional embodiments, and details are not described herein again.
显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上, 可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。It will be apparent to those skilled in the art that the various modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. On, Alternatively, they may be implemented by program code executable by a computing device such that they may be stored in a storage device by a computing device and, in some cases, may be executed in a different order than herein. The steps shown or described are either made separately into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above description is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
工业实用性Industrial applicability
如上所述,通过上述实施例及优选实施方式,解决了相关技术中现有的堆内存非法操作检测工具检测效率低的问题,进而达到了提高检测堆内存操作的效率的效果。 As described above, the above-described embodiments and the preferred embodiments solve the problem that the detection efficiency of the existing heap memory illegal operation detecting tool in the related art is low, thereby achieving the effect of improving the efficiency of detecting the heap memory operation.

Claims (12)

  1. 一种堆内存操作的检测方法,包括:A method for detecting heap memory operations, including:
    确定对堆内存进行操作的操作类型;Determine the type of operation that operates on heap memory;
    获取用于表述所述堆内存的内存结构信息;Obtaining memory structure information for expressing the heap memory;
    依据所述操作类型,以及所述内存结构信息对所述操作进行检测。The operation is detected according to the operation type and the memory structure information.
  2. 根据权利要求1所述的方法,其中,在所述内存结构信息包括所述堆内存所包括的内存块的状态信息的情况下,依据所述操作类型,以及所述内存结构信息对所述操作进行检测包括:The method according to claim 1, wherein, in the case where the memory structure information includes status information of a memory block included in the heap memory, the operation is performed according to the operation type and the memory structure information Testing includes:
    确定所述操作在所述堆内存所对应的内存块;Determining, by the memory block corresponding to the operation in the heap memory;
    依据所述内存块的状态信息确定所述内存块的状态;Determining a state of the memory block according to status information of the memory block;
    依据所述操作类型,以及确定的所述内存块的状态,判定所述操作的合法性。The legitimacy of the operation is determined according to the type of operation and the determined state of the memory block.
  3. 根据权利要求2所述的方法,其中,依据所述操作类型,以及确定的所述内存块的状态,判定所述操作的合法性包括以下至少之一:The method of claim 2, wherein determining the legitimacy of the operation comprises at least one of: according to the type of operation and the determined state of the memory block:
    在所述操作类型为对所述内存块进行访问,且所述内存块的状态为已释放的情况下,判定所述操作为访问已释放内存块的非法操作;And determining, in the case that the operation type is accessing the memory block, and the state of the memory block is released, determining that the operation is an illegal operation of accessing the released memory block;
    在所述操作类型为对所述内存块进行读操作,且所述内存块的初始化状态为未初始化的情况下,判定所述操作为读未初始化内存块的非法操作;When the operation type is a read operation on the memory block, and the initialization state of the memory block is uninitialized, determining that the operation is an illegal operation of reading an uninitialized memory block;
    在所述操作类型为对所述内存块进行释放,且所述内存块的状态为已释放的情况下,判定所述操作为重复释放内存块的非法操作。In the case that the operation type is to release the memory block, and the state of the memory block is released, it is determined that the operation is an illegal operation of repeatedly releasing the memory block.
  4. 根据权利要求1所述的方法,其中,在所述内存结构信息包括所述堆内存所包括的内存块的属性信息的情况下,依据所述操作类型,以及所述内存结构信息对所述操作进行检测的步骤包括:The method according to claim 1, wherein, in the case where the memory structure information includes attribute information of a memory block included in the heap memory, the operation is performed according to the operation type and the memory structure information The steps to perform the test include:
    确定所述操作在所述内存块中的操作范围;Determining an operation range of the operation in the memory block;
    依据所述操作范围,以及所述内存块的属性信息判定所述操作的合法性,其中,所述内存块的属性信息包括:所述操作在所述堆内存中对应的内存块的起始地址以及所述内存块的使用长度。Determine the validity of the operation according to the operating range and the attribute information of the memory block, where the attribute information of the memory block includes: a start address of the corresponding memory block in the heap memory And the length of use of the memory block.
  5. 根据权利要求4所述的方法,其中,依据所述操作范围,以及所述内存块的属性信息判定所述操作的合法性的步骤包括:The method according to claim 4, wherein the step of determining the legitimacy of the operation according to the operation range and the attribute information of the memory block comprises:
    判断所述操作范围是否在所述内存块的起始地址和所述内存块的使用长度确定的范围内;Determining whether the operating range is within a range determined by a starting address of the memory block and a used length of the memory block;
    在判断结果为否的情况下,确定所述操作为越界非法操作。 In the case where the determination result is negative, it is determined that the operation is an illegal operation.
  6. 根据权利要求1所述的方法,其中,在所述内存结构信息包括所述堆内存所包括的内存块的属性信息的情况下,依据所述操作类型,以及所述内存结构信息对所述操作进行检测的步骤包括:The method according to claim 1, wherein, in the case where the memory structure information includes attribute information of a memory block included in the heap memory, the operation is performed according to the operation type and the memory structure information The steps to perform the test include:
    在所述操作为释放操作的情况下,确定所述操作的释放地址;Determining a release address of the operation if the operation is a release operation;
    在所述内存结构信息中获取不到所述释放地址对应的所述属性信息的情况下,判定所述操作为释放非内存地址的非法操作。If the attribute information corresponding to the release address is not obtained in the memory structure information, it is determined that the operation is an illegal operation of releasing a non-memory address.
  7. 一种堆内存操作的检测装置,包括:A detection device for a heap memory operation, comprising:
    确定模块,设置为确定对堆内存进行操作的操作类型;Determining the module, set to determine the type of operation that operates on the heap memory;
    获取模块,设置为获取用于表述所述堆内存的内存结构信息;Obtaining a module, configured to obtain memory structure information for expressing the heap memory;
    检测模块,设置为依据所述操作类型,以及所述内存结构信息对所述操作进行检测。The detecting module is configured to detect the operation according to the operation type and the memory structure information.
  8. 根据权利要求7所述的装置,其中,所述检测模块还包括,The apparatus of claim 7 wherein said detecting module further comprises
    第一确定单元,设置为确定所述操作在所述堆内存所对应的内存块;a first determining unit, configured to determine a memory block corresponding to the operation in the heap memory;
    第二确定单元,设置为依据所述内存块的状态信息确定所述内存块的状态;a second determining unit, configured to determine a state of the memory block according to status information of the memory block;
    第一判断单元,设置为依据所述操作类型,以及确定的所述内存块的状态,判定所述操作的合法性。The first determining unit is configured to determine the legality of the operation according to the operation type and the determined status of the memory block.
  9. 根据权利要求8所述的装置,其中,所述第一判断单元包括至少如下子单元之一:The apparatus of claim 8, wherein the first determining unit comprises at least one of the following subunits:
    第一判断子单元,设置为在所述操作类型为对所述内存块进行访问,且所述内存块的状态为已释放的情况下,判定所述操作为访问已释放内存块的非法操作;a first determining subunit, configured to determine that the operation is an illegal operation of accessing the released memory block if the operation type is to access the memory block, and the state of the memory block is released;
    第二判断子单元,设置为在所述操作类型为对所述内存块进行读操作,且所述内存块的初始化状态为未初始化的情况下,判定所述操作为读未初始化内存块的非法操作;a second determining subunit, configured to determine that the operation is illegal to read an uninitialized memory block if the operation type is a read operation on the memory block and an initialization state of the memory block is uninitialized operating;
    第三判断子单元,设置为在所述操作类型为对所述内存块进行释放,且所述内存块的状态为已释放的情况下,判定所述操作为重复释放内存块的非法操作。The third determining subunit is configured to determine that the operation is an illegal operation of repeatedly releasing the memory block if the operation type is to release the memory block and the state of the memory block is released.
  10. 根据权利要求7所述的装置,其中,所述检测模块还包括,The apparatus of claim 7 wherein said detecting module further comprises
    第三确定单元,设置为确定所述操作在内存块中的操作范围;a third determining unit, configured to determine an operation range of the operation in the memory block;
    第二判断单元,设置为依据所述操作范围,以及所述内存块的属性信息判定所述操作的合法性,其中,所述内存块的属性信息包括:所述操作在所述堆内存中对应的内存块的起始地址以及所述内存块的使用长度。The second determining unit is configured to determine the validity of the operation according to the operating range and the attribute information of the memory block, where the attribute information of the memory block includes: the operation corresponds to the operation in the heap memory The starting address of the memory block and the length of use of the memory block.
  11. 根据权利要求10所述的装置,其中,所述第二判断单元包括:The apparatus according to claim 10, wherein said second determining unit comprises:
    第四判断子单元,设置为判断所述操作范围是否在所述内存块的起始地址和所述内 存块的使用长度确定的范围内;a fourth determining subunit, configured to determine whether the operating range is within a start address and the end of the memory block The length of use of the block is determined within the range;
    第一确定子单元,设置为在判断结果为否的情况下,确定所述操作为越界非法操作。The first determining subunit is configured to determine that the operation is an out of border illegal operation if the determination result is negative.
  12. 根据权利要求7所述的装置,其中,所述检测模块还包括:The apparatus of claim 7, wherein the detecting module further comprises:
    第二确定子单元,设置为在所述操作为释放操作的情况下,确定所述操作的释放地址;a second determining subunit, configured to determine a release address of the operation if the operation is a release operation;
    第五判断子单元,设置为在所述内存结构信息中获取不到所述释放地址对应的属性信息的情况下,判定所述操作为释放非堆内存地址的非法操作。 The fifth determining subunit is configured to determine that the operation is an illegal operation of releasing the non-heap memory address if the attribute information corresponding to the release address is not obtained in the memory structure information.
PCT/CN2015/088906 2015-04-29 2015-09-02 Method and apparatus for detecting heap memory operation WO2016173172A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510212937.XA CN106201851A (en) 2015-04-29 2015-04-29 The detection method of heap memory operation and device
CN201510212937.X 2015-04-29

Publications (1)

Publication Number Publication Date
WO2016173172A1 true WO2016173172A1 (en) 2016-11-03

Family

ID=57198072

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/088906 WO2016173172A1 (en) 2015-04-29 2015-09-02 Method and apparatus for detecting heap memory operation

Country Status (2)

Country Link
CN (1) CN106201851A (en)
WO (1) WO2016173172A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110795247A (en) * 2019-10-28 2020-02-14 天津津航计算技术研究所 High-efficiency dynamic memory management method applied to MCU
CN111338794A (en) * 2020-02-18 2020-06-26 苏州洞察云信息技术有限公司 Memory out-of-range monitoring method and device and storage medium
CN113377522A (en) * 2020-03-09 2021-09-10 大唐移动通信设备有限公司 Method and device for processing memory blocks in memory pool, electronic equipment and storage medium

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109117357A (en) * 2017-06-23 2019-01-01 中兴通讯股份有限公司 It record global variable information and detects global variable and crosses the border the method, apparatus of operation
CN111859372B (en) * 2020-07-29 2023-08-22 中国工商银行股份有限公司 Heap memory attack detection method and device and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101110042A (en) * 2006-07-20 2008-01-23 中兴通讯股份有限公司 Method for detecting memory accessing outside
CN102650959A (en) * 2012-03-31 2012-08-29 华为技术有限公司 Method and equipment for detecting memory unit
CN103116529A (en) * 2011-07-18 2013-05-22 英飞凌科技股份有限公司 Method and apparatus for realtime detection of heap memory corruption by buffer overruns

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101110042A (en) * 2006-07-20 2008-01-23 中兴通讯股份有限公司 Method for detecting memory accessing outside
CN103116529A (en) * 2011-07-18 2013-05-22 英飞凌科技股份有限公司 Method and apparatus for realtime detection of heap memory corruption by buffer overruns
CN102650959A (en) * 2012-03-31 2012-08-29 华为技术有限公司 Method and equipment for detecting memory unit

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110795247A (en) * 2019-10-28 2020-02-14 天津津航计算技术研究所 High-efficiency dynamic memory management method applied to MCU
CN110795247B (en) * 2019-10-28 2023-06-30 天津津航计算技术研究所 Efficient dynamic memory management method applied to MCU
CN111338794A (en) * 2020-02-18 2020-06-26 苏州洞察云信息技术有限公司 Memory out-of-range monitoring method and device and storage medium
CN113377522A (en) * 2020-03-09 2021-09-10 大唐移动通信设备有限公司 Method and device for processing memory blocks in memory pool, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN106201851A (en) 2016-12-07

Similar Documents

Publication Publication Date Title
US10089191B2 (en) Selectively persisting application program data from system memory to non-volatile data storage
JP5425286B2 (en) How to track memory usage in a data processing system
WO2016173172A1 (en) Method and apparatus for detecting heap memory operation
KR100873943B1 (en) System and method of reading non-volatile computer memory
US20210351911A1 (en) Techniques for preventing memory timing attacks
TWI416323B (en) Method,system and semiconductor device for management workload
US10824362B2 (en) File migration to persistent memory
TWI380178B (en) System and method for managing memory errors in an information handling system
US10643736B2 (en) Method, apparatus and electronic device for read/write speed testing
US7730358B2 (en) Stress testing method of file system
WO2021169163A1 (en) File data access method and apparatus, and computer-readable storage medium
CN109460406A (en) A kind of data processing method and device
US8589657B2 (en) Operating system management of address-translation-related data structures and hardware lookasides
WO2019120226A1 (en) Data access prediction method and apparatus
US20120124429A1 (en) Apparatus and method for tracing memory access information
TW201241622A (en) System and method for debugging programs
US10684954B2 (en) Page cache on persistent memory
CN113792299B (en) Method for protecting Linux system based on ftrace technology
US9804968B2 (en) Storage system and data writing method
JP5936241B2 (en) Analysis system, analysis method and program
US10831656B2 (en) System and method to improve input output command latency by dynamic size logical to physical caching
CN112748854B (en) Optimized access to a fast storage device
CN106227839A (en) The expansion method of a kind of lustre file system and device
CN107766216A (en) It is a kind of to be used to obtain the method and apparatus using execution information
KR20090131142A (en) Apparatus and method for memory management

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15890547

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15890547

Country of ref document: EP

Kind code of ref document: A1