| 面向危险操作的动态符号执行方法 |
| |
| 引用本文: | 王伟光,曾庆凯,孙浩.面向危险操作的动态符号执行方法[J].软件学报,2016,27(5):1230-1245. |
| |
| 作者姓名: | 王伟光 曾庆凯 孙浩 |
| |
| 作者单位: | 计算机软件新技术国家重点实验室(南京大学), 江苏南京 210046;南京大学计算机科学与技术系, 江苏南京 210046,计算机软件新技术国家重点实验室(南京大学), 江苏南京 210046;南京大学计算机科学与技术系, 江苏南京 210046,计算机软件新技术国家重点实验室(南京大学), 江苏南京 210046;南京大学计算机科学与技术系, 江苏南京 210046 |
| |
| 基金项目: | 国家自然科学基金(61170070,61572248,61431008,61321491);国家科技支撑计划(2012BAK26B01) |
| |
| 摘 要: | 针对缺陷检测的需求,提出了面向危险操作的动态符号执行方法.依据所关注的缺陷类型,定义危险操作及危险操作相关路径,通过计算覆盖不同上下文中危险操作的能力,协助动态符号执行选择高效初始输入,并利用危险操作相关信息引导测试流程.缺陷检测成为定位待测程序内危险操作以及对危险操作相关路径进行检测的过程.实现了面向Linux平台二进制可执行程序的原型系统CrashFinder,实验结果表明,该方法能够更快地发现更多缺陷.
|
| 关 键 词: | 危险操作 动态符号执行 污点分析 路径选择 缺陷检测 |
| 收稿时间: | 2015/7/29 0:00:00 |
| 修稿时间: | 2015/12/22 0:00:00 |
Dynamic Symbolic Execution Method Oriented to Critical Operation |
| |
| WANG Wei-Guang,ZENG Qing-Kai and SUN Hao.Dynamic Symbolic Execution Method Oriented to Critical Operation[J].Journal of Software,2016,27(5):1230-1245. |
| |
| Authors: | WANG Wei-Guang ZENG Qing-Kai and SUN Hao |
| |
| Affiliation: | State Key Laboratory for Novel Software Technology(Nanjing University), Nanjing 210046, China;Department of Computer Science and Technology, Nanjing University, Nanjing 210046, China,State Key Laboratory for Novel Software Technology(Nanjing University), Nanjing 210046, China;Department of Computer Science and Technology, Nanjing University, Nanjing 210046, China and State Key Laboratory for Novel Software Technology(Nanjing University), Nanjing 210046, China;Department of Computer Science and Technology, Nanjing University, Nanjing 210046, China |
| |
| Abstract: | Addressing the requirement for defect detection, this paper proposes critical operation oriented dynamic symbolic execution. First, based on the defined critical operations and the relevant critical paths, a set of initial inputs are evaluated by computing the ability of covering critical operations under different contexts, and efficient initial inputs can be selected for the following dynamic symbolic execution. Second, leveraging the critical operations, dynamic symbolic execution is guided to explore paths which are more prone to defects. In this way, defect detection becomes a process of locating critical operations and exploring critical paths. A prototype system called CrashFinder is implemented and tested on a number of Linux x86 executables. The experimental results show that this approach is effective in initial input evaluation and efficient in defect detection. |
| |
| Keywords: | critical operation dynamic symbolic execution taint analysis path selection defect detection |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
