Complete program execution state modeling method used in defect analysis of source code
A defect analysis and program execution technology, applied in the field of computer information security, can solve problems such as detecting code defects, tool false positives, failure to provide, etc., to achieve the effect of enhancing analysis ability and accurate inspection
Inactive Publication Date: 2011-01-05
刘瑞颖
View PDF0 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Although the modeling method based on lattice and automata is widely used in fields such as compilation optimization, it cannot provide enough information for detecting code defects, especially deep program semantic defects.
Even though some existing tools can detect some code defects based on lattice and automaton modeling, these tools have the disadvantages of false positives and false negatives, and cannot effectively help programmers
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreExamples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0026] The present invention provides a complete program execution state modeling method, including the following steps:
[0027] (1) Set the initial state of the program; the initial state is as follows: for all global variables and function parameters, initialize their values to symbolic values; for all local variables, initialize their values to undefined values; all expressions are Empty; all symbolic constraints are empty; all detector-related information is empty.
[0028] (2) The program is executed along the path;
[0029] (3) A simulation state is associated with each point of the path, and the simulation state is stored in a state manager; the simulation state includes five sub-parts. Each point refers to a location on the program path, such as the entry and exit of a statement. The association is that each statement for the program corresponds to a simulated execution state.
[0030] The simulation state consists of the following five subsections:
[0031] a...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention relates to technology for detecting a defect in a software source code, in particular to a data flow analysis-based complete execution state modeling method, which belongs to the technical field of computer information safety. The complete execution state modeling method is characterized by comprising the following operating steps of: (1) setting an initial state of a program; (2) operating the program along a route; and (3) associating a simulation state at every point of the route, wherein the simulation state comprises five subparts: a, the program position of the simulation state, b, the current environment of the program, c, the current storage of the program, d, the constraint condition of the program, and e, the state data of the program. Complete state modeling has the advantages of recording nearly all execution information and analysis information on an execution route, greatly improving analysis capability without excessively lowering analysis efficiency or excessively increasing storage space, and recording a detailed program state.
Description
technical field [0001] The invention relates to a technology for detecting defects in software source codes, to be precise, it relates to a complete execution state modeling method based on data flow analysis, and belongs to the technical field of computer information security. Background technique [0002] In the source code defect detection technology based on data flow analysis, the modeling technology of data flow information directly determines the defect detection capability. Common modeling techniques include lattice-based modeling, finite-state automata-based modeling, and so on. [0003] Lattice-based modeling represents data flow information as elements in a certain lattice in mathematics. Usually, people use a lattice composed of bit vectors to represent the data flow information in the program. For example, analyze the variable setting information in the program. If there are 10 different variables in the program, the length of the bit vector is 10, and each bi...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More IPC IPC(8): G06F11/36
Inventor 许中兴张
Owner 刘瑞颖