本文選題：缺陷檢測 + 程序切片��； 參考：《中國科學(xué)技術(shù)大學(xué)》2017年碩士論文

【摘要】：當(dāng)今計(jì)算機(jī)技術(shù)的發(fā)展日新月異,軟件在我們的生活中扮演著水和電的重要角色。C語言作為一門廣泛應(yīng)用的語言,已有40多年的歷史,它在系統(tǒng)軟件如操作系統(tǒng)、編譯器、數(shù)據(jù)庫等領(lǐng)域中仍然具著強(qiáng)勁的優(yōu)勢,在保持底層運(yùn)行效率的同時,它也給程序員帶來一些負(fù)擔(dān),程序員需要關(guān)注內(nèi)存泄露、空指針和懸空指針解引用、緩沖區(qū)溢出等問題。目前提高軟件可靠性和安全性的方法主要有程序驗(yàn)證、動態(tài)測試和靜態(tài)分析。程序驗(yàn)證目前還未實(shí)現(xiàn)完全的自動化證明,動態(tài)測試的精確性和覆蓋率受到測試集的很大影響,且運(yùn)行時的檢查成本和風(fēng)險(xiǎn)相對較高,靜態(tài)分析則是比較精確和經(jīng)濟(jì)的手段。在靜態(tài)分析領(lǐng)域中,符號執(zhí)行被廣泛用于測試?yán)淖詣由?它的主要思想是對代碼中變量的取值進(jìn)行符號化,模擬執(zhí)行程序中所有可能的路徑,因此隨著程序中的控制結(jié)構(gòu)變得越來越復(fù)雜,所需執(zhí)行的狀態(tài)數(shù)目將急劇增加,嚴(yán)重影響分析工具的伸縮性。針對狀態(tài)爆炸問題,本文提出了兩種在符號執(zhí)行的不同階段的優(yōu)化方法來緩解。第一,使用針對缺陷的程序切片技術(shù)對被測程序的中間表示做預(yù)處理。首先根據(jù)用戶關(guān)心的缺陷生成源程序的切片準(zhǔn)則,然后分析源代碼生成數(shù)據(jù)依賴圖和控制依賴圖,由兩者共同構(gòu)成程序依賴圖,再根據(jù)切片準(zhǔn)則做程序切片,將源程序規(guī)�？s小,最后將切片后的程序交給程序分析工具分析。第二,在符號執(zhí)行引擎執(zhí)行過程中對無副作用的控制結(jié)構(gòu)做程序變換。在靜態(tài)分析工具執(zhí)行到某個函數(shù)時,先分析該函數(shù)的所有控制結(jié)構(gòu),如果某控制結(jié)構(gòu)對程序的后續(xù)執(zhí)行沒有影響,則將該控制結(jié)構(gòu)簡化,為了不影響分析精度,將工具要檢測的缺陷語句提出,這樣減少了路徑數(shù)目,提高了工具的分析性能。筆者所在的課題組目前已實(shí)現(xiàn)了一個基于符號執(zhí)行的C程序靜態(tài)分析工具,應(yīng)用本文提出的優(yōu)化方法,該靜態(tài)分析工具的分析性能獲得了較為明顯的改善。
[Abstract]:Nowadays, with the rapid development of computer technology, software plays an important role in water and electricity in our life. As a widely used language, it has been used for more than 40 years. It has been used in system software such as operating system, compiler, etc. Database and other fields still have strong advantages, while maintaining the underlying efficiency, it also brings some burden to programmers, programmers need to pay attention to memory leaks, null pointer and suspended pointer dereference, buffer overflow and so on. At present, the main methods to improve software reliability and security are program verification, dynamic testing and static analysis. At present, program verification has not been fully automated. The accuracy and coverage of dynamic testing are greatly affected by the test set, and the cost and risk of running inspection are relatively high. Static analysis is a more accurate and economical method. In the field of static analysis, symbolic execution is widely used in automatic generation of test cases. Its main idea is to symbolize the values of variables in the code and simulate all possible paths in the execution program. Therefore, as the control structure in the program becomes more and more complex, the number of states that need to be executed will increase dramatically, which will seriously affect the scalability of the analysis tools. For the problem of state explosion, this paper proposes two optimization methods in different stages of symbolic execution to alleviate the problem. First, the defect-specific program slicing technique is used to preprocess the intermediate representation of the program under test. Firstly, according to the defects concerned by the user, the slicing criteria of the source program are generated, then the source code generation data dependency graph and the control dependency graph are analyzed. The program dependency graph is composed of both of them, and then the program slice is made according to the slicing rule. Reduce the size of the source program, and finally the program after slicing to the program analysis tool analysis. Secondly, the program transformation of the control structure without side effect is made during the execution of the symbol execution engine. When a static analysis tool is executed to a function, all control structures of the function are analyzed first. If a control structure has no effect on the subsequent execution of the program, the control structure is simplified so as not to affect the analysis accuracy. The defect statement to be detected by the tool is proposed, which reduces the number of paths and improves the analysis performance of the tool. The author's research group has implemented a static analysis tool of C program based on symbolic execution. By using the optimization method proposed in this paper, the analysis performance of the static analysis tool has been improved obviously.
【學(xué)位授予單位】：中國科學(xué)技術(shù)大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP311.1

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 朱玲;李兆鵬;梁家彪;鄧維;;C程序精確形狀分析中的規(guī)范語言設(shè)計(jì)[J];小型微型計(jì)算機(jī)系統(tǒng);2016年04期

2 梁家彪;李兆鵬;朱玲;沈咸飛;;支持形狀分析的符號執(zhí)行引擎的設(shè)計(jì)與實(shí)現(xiàn)[J];計(jì)算機(jī)科學(xué);2016年03期

3 張昱;陳意云;李兆鵬;;形狀圖理論的定理證明[J];計(jì)算機(jī)學(xué)報(bào);2016年12期

4 李兆鵬;張昱;陳意云;;A Shape Graph Logic and A Shape System[J];Journal of Computer Science & Technology;2013年06期

5 趙云山;宮云戰(zhàn);劉莉;肖慶;楊朝紅;;提高路徑敏感缺陷檢測方法的效率及精度研究[J];計(jì)算機(jī)學(xué)報(bào);2011年06期

6 林錦濱;蔣凡;;錯誤模式和程序切片的軟件漏洞檢測[J];信息安全與通信保密;2009年11期

，

本文編號：1998479