| 一种多敏感空指针引用错误的静态检测方法 |
| |
| 引用本文: | 白杨,王蠫屏. 一种多敏感空指针引用错误的静态检测方法[J]. 中国科技论文在线, 2014, 0(10): 1131-1136 |
| |
| 作者姓名: | 白杨 王蠫屏 |
| |
| 作者单位: | 清华大学计算机科学与技术系,北京,100084 |
| |
| 摘 要: | 空指针引用错误是一种常见的、难以发现和避免的程序错误。针对该错误,结合传统静态分析方法和符号执行方法,提出一种过程内流敏感、路径敏感和过程间上下文敏感的多敏感静态分析方法。对全局指针、局部指针以及函数的指针类参数进行建模,对指针指向地址进行简化分类。在函数间传递指针的指向状态,在函数内遍历路径,使用约束求解的方式判定路径可达性,当函数分析结束后,在退出点进行指针状态信息合并,以减少漏报和误报。在此基础上,使用人工标注错误触发条件的方式进一步提高分析效率,减少漏报和误报。实验证明,该方法能够高效地检测出各类空指针引用错误。
|
| 关 键 词: | 软件工程 空指针 静态分析 约束求解 符号执行 |
Multi-sensitive static method of detecting null pointer dereference bug |
| |
| Bai Yang,Wang Yuping. Multi-sensitive static method of detecting null pointer dereference bug[J]. Sciencepaper Online, 2014, 0(10): 1131-1136 |
| |
| Authors: | Bai Yang Wang Yuping |
| |
| Affiliation: | Bai Yang,Wang Yuping (Department of Computer Science and Technology, Tsinghua University, Bei j ing 100084, China) |
| |
| Abstract: | Null pointer dereference error is a common bug,which is hard to detect and avoid.A flow-sensitive,path-sensitive and context-sensitive static analysis method is proposed,combined traditional static analysis methods and symbolic execution.Global pointers,local pointers and pointers as function parameters are modeled to simplify the positions of pointers.Pointer states are passed among functions.Constraint solving method is used to determine the path reachability.When completing analyzing a func-tion,pointer states are merged.Furthermore,manual bug trigger conditions annotation is used to improve the efficiency.Experi-ments show that the method is feasible and efficient for all kinds of null pointer dereference errors. |
| |
| Keywords: | software engineering null pointer static analysis SMT symbolic execution |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
