System for detecting software bug triggered during practical running of computer program

Abstract

The invention relates to a system for detecting a software bug triggered during practical running of a computer program in the technical field of computers. The system comprises a binary code dynamic inserting module, a program basic block recognizing module, a function call graph constructing module, a control flow graph constructing module, a function recognizing module and a static analysis module. By combining two technologies of dynamic program analysis and static analysis path complementation, the invention not only can detect the bugs which can be triggered during the practical runningof the program but also can reach higher program path coverage rate, carry out bug detects on the path which is not covered in the dynamic analysis process, improve the success rate of bug detection and reduce the false rate of the bugs. Meanwhile, the static analysis path complementation technology only analyzes a path which is not executed in dynamic analysis instead of all program paths, thereby greatly reducing the cost on time and system resources.

Description

Technical field [0001] The present invention relates to a detection system in the field of computer technology, in particular to a detection system that triggers software vulnerabilities when a computer program is actually running. Background technique [0002] Program analysis technology refers to the analysis technology that deduces the structure and data flow of a computer program. In the process of software maintenance testing and software understanding, we need to analyze the structure and data flow of the target program. The output of the program analysis system is generally a data flow diagram and a control flow diagram. The data flow diagram expresses the process of information transformation and transmission in the program system by means of diagrams, especially when data is referenced and defined; the control flow diagram often uses a diagram or abstract syntax tree to describe the program structure. [0003] Dynamic program analysis technology is a technology to analyze...

AI Technical Summary

Problems solved by technology

[0004] However, both dynamic program analysis and static program analysis have their insurmountable shortcomings

For dynamic program analysis technology, because the program can only be executed along one path during each dynamic execution, in order to achieve satisfactory path coverage, we must repeat the dynamic analysis for a sufficient number of times, but even so It is also difficult to achieve 100% path coverage

For static program analysis technology, although it can achieve 100% program path coverage, it cannot detect those vulnerabilities that are triggered when the program is actually running, and the false alarm rate of general vulnerabilities is high. Static analysis of an entire large program can incur significant time and system resource overhead

More importantly, existing related systems often require program source code to perform program analysis and vulnerability detection, and cannot directly analyze the binary code of the target program. This shortcoming also limits the use of these systems

Images