Local sensitive program analysis method based on abstract syntax tree and theorem proof

Abstract

The invention discloses a local sensitive program analysis method based on an abstract syntax tree and theorem proof. The local sensitive program analysis method comprises the steps of constructing the abstract syntax tree AST without syntax errors for program codes; traversing an abstract syntax tree AST of the program code, collecting a to-be-detected node and related nodes of the to-be-detectednode, forming a related logic expression of the to-be-detected node according to the to-be-detected node and related node information, and inputting the related logic expression into a theorem prover; and the theorem prover solves the to-be-detected node through the logic expression, and if an abnormal condition exists in the solved to-be-detected node value, judging that the program has a semantic defect. According to the method, by collecting the local context and the local path information of the program node, some wrong alarms are avoided, the usability is improved, semantic defect detection of the program code is achieved, and the problem that a traditional symbolic execution tool is long in time consumption for analyzing the code due to path explosion is solved.

Description

technical field [0001] The invention relates to the field of program code detection in the field of computer information security, in particular to a local sensitive program analysis method based on abstract syntax tree and theorem proof. Background technique [0002] In static code analysis based on abstract syntax tree traversal, the static code analysis tool framework traverses the abstract syntax tree (AST) generated by each source code file, and developers can create corresponding node matchers and perform Registration, when the static code analysis tool finds a node that matches the node matcher when traversing the syntax tree, it will save the node in memory and notify the client through the callback function. After completing the registration of the node matcher, the developer implements the alarm mechanism in the callback function, and outputs the code position of the corresponding node and the alarm content to the command line. Based on the above framework, static...

AI Technical Summary

Problems solved by technology

Based on the above framework, static code analysis tools are very efficient and accurate when dealing with grammatical issues in programs, but cannot handle path-sensitive semantic issues

[0003] When the above method analyzes the source code file, because the traversal process is inconsistent with the code execution process, and the state of the object will not be recorded during the traversal process, the semantics of the program cannot be analyzed at the matching node, and it can only be judged from the grammatical level Whether there is a program exception, so the mechanism of the static code analysis tool based on the abstract syntax tree can only detect the grammar rules of the energy code file, but cannot realize the detection of the semantic rules

[0004] From the perspective of program analysis, many program problems need to be detected at the semantic level of the program. If this semantics is abandoned and each source code file is analyzed only from the grammatical level, it is impossible to comprehensively analyze the program. detection, resulting in greatly reduced analysis results

However, symbolic execution tools have relatively low operating performance, are often powerless for complex programs, and have a high rate of false positives and false negatives

Images