基于符号执行提高缺陷分析的准确性研究

静态分析是检测软件代码缺陷和提升软件代码质量的有效方式. 由于静态分析不实际运行代码，不能获取足够的运行时信息，因此分析结果的准确性有待提高. 相比而言，符号执行技术能够模拟执行程序并收集大量的数据流信息，提升数据流分析的准确程度，弥补静态分析的不足. 为了提高静态分析工具分析程序缺陷的准确性，本文设计并实现了一个代码缺陷检测工具ABAZER-SE，它基于GCC抽象语法树，综合采用符号执行与静态分析技术以检测源代码中的缺陷. 使用Toyota ITC静态分析基准对该工具进行了评估，实验结果表明，本文方法及工具可以提高静态分析结果的准确性. 

Improving the Accuracy of Static Defect Analysis Based on Symbolic Execution

Static analysis is an effective way of detecting defects and improving the quality of software codes. However, without running the programs, it can not collect runtime information, so the accuracy of its analysis result is low, i.e. there are false positives. Symbolic execution method can collect data flow information through simulating the execution of the target program, thereby increasing the accuracy of static analysis. In order to improve the accuracy of static analysis results, this paper designed and developed a defect detection tool ABAZER-SE, which was built on the GCC abstract syntax tree and combined symbolic execution and static analysis techniques. The tool was applied on the Toyota ITC benchmark and the experimental results show that it can improve the accuracy of static defect analysis.