| 基于区域内存模型的C程序静态分析 |
| |
| 引用本文: | 董玉坤,金大海,宫云战,邢颖.基于区域内存模型的C程序静态分析[J].软件学报,2014,25(2):357-372. |
| |
| 作者姓名: | 董玉坤 金大海 宫云战 邢颖 |
| |
| 作者单位: | 网络与交换技术国家重点实验室(北京邮电大学),北京 100876;中国石油大学(华东)计算机与通信工程学院,山东 青岛 266580;网络与交换技术国家重点实验室(北京邮电大学),北京 100876;网络与交换技术国家重点实验室(北京邮电大学),北京 100876;网络与交换技术国家重点实验室(北京邮电大学),北京 100876 |
| |
| 基金项目: | 国家自然科学基金(91318301, 61202080);国家高技术研究发展计划(863)(2012AA011201) |
| |
| 摘 要: | 为了提高程序的静态分析精度,提出了一种应用基于区域的符号化三值逻辑(region-based symbolic threevaluedlogic,简称RSTVL)的静态分析方法.RSTVL能够描述C程序运行时内存中数据结构的形态信息与变量的存储状态,以及可寻址表达式间的各种关系,包括指向关系、层次关系与取值逻辑关系.为了提高静态分析的精度,提出了一种基于RSTVL的流敏感、域敏感的过程内分析与基于符号化函数摘要的上下文敏感的过程间分析,能够精确地分析出每个程序点上的形态信息、数据流信息与指针指向关系.实验结果表明,相对于基于符号化三值逻辑的方法,该分析方法在保证一定分析效率的前提下,能够实现较高准确度的分析.
|
| 关 键 词: | 可寻址表达式 内存模型 静态分析 符号化函数摘要 缺陷检测 |
| 收稿时间: | 5/6/2013 12:00:00 AM |
| 修稿时间: | 2013/12/5 0:00:00 |
Static Analysis of C Programs via Region-Based Memory Model |
| |
| DONG Yu-Kun,JIN Da-Hai,GONG Yun-Zhan and XING Ying.Static Analysis of C Programs via Region-Based Memory Model[J].Journal of Software,2014,25(2):357-372. |
| |
| Authors: | DONG Yu-Kun JIN Da-Hai GONG Yun-Zhan and XING Ying |
| |
| Affiliation: | State Key Laboratory of Networking and Switching Technology (Beijing University of Posts and Telecommunications), Beijing 100876,;College of Computer and Communication Engineering, China University of Petroleum, Qingdao 266580, China;State Key Laboratory of Networking and Switching Technology (Beijing University of Posts and Telecommunications), Beijing 100876,;State Key Laboratory of Networking and Switching Technology (Beijing University of Posts and Telecommunications), Beijing 100876,;State Key Laboratory of Networking and Switching Technology (Beijing University of Posts and Telecommunications), Beijing 100876, |
| |
| Abstract: | In order to improve the precision of static analysis for C procedures, this paper introduces a static analysis method applying region-based symbolic three-valued logic (RSTVL). RSTVL can describe shape of data structures, all kinds of memory states and relations of addressable expressions including alias relations, hierarchical relations and logic relations. To improve precision, a RSTVLbased analysis method is proposed to analyze the shape, dataflow and point-to relationship at every procedure point. The method facilitates flow-sensitive and field-sensitive intra-procedure, and context-sensitive inter-procedure analysis based on symbolic function summary. Experimental results validate that the porposed static analysis method offers higher precision on the precondition with no efficiency loss. |
| |
| Keywords: | addressable expression memory model static analysis symbolic function summary defect detection |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
