基于程序分析的自动化漏洞挖掘工具的研究

Automated Tools of Digging Holes Based on Program Analysis

研究和设计了一个基于程序分析的源代码漏洞分析与检测工具框架,框架中的各个模块如控制流分析(控制流图的构建、函数调用图的实现及过程内分析与过程间分析等)、数据流分析(求定义引用链、污染数据传播的设计、指针别名分析)、结构分析器、安全调度器、规则构建器,本文主要对代码分析的两个阶段进行了较为详细的介绍,同时对主要采取的过程内和过程间分析算法做了说明。

An static anlysis of tool framework by source code used for analyzing and checking system defects will be studied and designed.such as control flow analysis（including the control flow graph construction,function call graph realization.innerprocedural and interprocedural analysis） data flow analysis（reach defines the chain,polluted data transmitting,pointer alias analysis） structure analyzer,safety dispatcher,procedure constructor.In this paper,the two phases of the code analysis in a more detailed description,while the process of major intra-and inter-process analysis algorithm are illustrated.