论文部分内容阅读
为了防止由整数溢出引起的缓冲区溢出,提出了一种简化的基于路径松弛的整数溢出检测方法.表示动态分配缓冲区大小的整型变量发生溢出,极有可能引发缓冲区溢出.该检测方法基于这一发现,在动态测试之前先进行轻量级的静态分析,跟踪与动态分配缓冲区大小相关的关键变量,保存追踪的关键变量在不同地方的取值上限和下限,并将维护信息插入源代码中.测试时通过路径松弛,在执行路径上不仅考虑追踪变量的当前测试用例值,判断程序是否出现整数溢出,还根据插入的维护信息进一步考虑追踪变量可能的取值范围,判断程序是否有可能出现整数溢出.实例研究验证了该方法的有效性,并且与同类方法相比,减少了检测量,提高了检测效率.
In order to prevent buffer overflow caused by integer overflow, a simplified path overflow based integer overflow detection method is proposed, in which an integer variable indicating the size of a dynamically allocated buffer overflows and is likely to trigger a buffer overflow. Based on this finding, a lightweight static analysis is performed prior to dynamic testing, tracking key variables related to dynamically allocating buffer sizes, keeping upper and lower bounds of critical variables tracked in different places, and inserting maintenance information In the source code, the path is relaxed during the test, and not only the current test case value of the tracing variable is taken into consideration in the execution path, but whether the program overflows or not is judged by the inserted maintenance information and the possible range of the tracing variable is also considered. Integer overflow may occur.The case study verifies the effectiveness of this method and reduces the amount of detection and the efficiency of detection compared with similar methods.