期刊文献+

基于最弱前置条件的静态分析误报消除技术 被引量:1

Weakest precondition based false alarms reducing for static analysis
下载PDF
导出
摘要 针对程序静态分析技术误报过多的问题,提出一种基于最弱前置条件的静态分析误报消除方法。根据不同的软件安全性质,从目标状态出发,以需求驱动的方式得到过程起始位置的最弱前置条件,判断该条件公式的可满足性来消除误报。将该方法实例化来消除静态分析工具检测数组访问越界和空指针解引用的误报,实验结果表明该方法是有效且实用的。 In view of suffering the problem of high false alarms rate,a false alarm reducing method based on weakest precondition propagation for static analysis is proposed.According to different software security property,the weakest precondition at the beginning of the procedure can be obtained from the target state in a demand-driven way.False alarms will be reduced by determining the satisfiability of the precondition formulae.The approach is instantiated to reduce false alarms for static detection of array bounds violation and null pointer dereference.The experiments show that the technique is successful and suitable for reducing false alarms for static analysis.
作者 陈杰
出处 《计算机工程与应用》 CSCD 2012年第33期1-4,33,共5页 Computer Engineering and Applications
基金 国家自然科学基金(No.61120106006 No.91118007)
关键词 静态分析 误报消除 最弱前置条件 数组访问越界 空指针解引用 static analysis reduce false alarms weakest precondition array bounds violation null pointer dereference
  • 相关文献

参考文献17

  • 1McGraw G.Soffware security[M].[S.1.] : Addison-Wesley, 2006.
  • 2Kim Y,Lee J,Han H,et al.Filtering false alarms of buf- fer overflow analysis using smt solvers[J].Inf Soffw Tech- nol,2010,52(2) :210-219.
  • 3Dor N,Rodeh M,Sagiv M.Cssv:towards a realistic tool for statically detecting all buffer overflows in c[C]//PLDI' 03: Proceedings of the ACM SIGPLAN Conference on Pro- gramming Language Design and Implementation, 2003: 155-167.
  • 4Kremenek T, Engler D.Z-ranking: using statistical analysis to counter the impact of static analysis approximations[C]// SAS' 03:Proceedings of the 10th Annual International Static Analysis Symposium, 2003,2694- 295-315.
  • 5Jung Y, Kim J, Shin J, et al.Taming false alarms from a domain-unaware c analyzer by a bayesian statistical post analysis[C]//SAS, 2005 : 203-217.
  • 6Dijkstra E W.A discipline of programming[M].[S.1.]:Pren- tice Hall Int,1976.
  • 7Kratkiewicz K, Lippmann R.A taxonomy of buffer over- flows for evaluating static and dynamic software testing tools[C]//Proceedings of Workshop on Software Security Assurance Tools, Techniques, and Metrics, 2005 : 44-51.
  • 8Hovemeyer D,Pugh W.Finding more null pointer bugs, but not too many[C]//Proceedings of the 7th ACM SIG- PLAN-SIGSOFT Workshop on Program Analysis for Soft- ware Tools and Engineering.[S.1.] :ACM, 2007 : 9-14.
  • 9Wichmann B A, Canning A A, Clutterbuck D L, et al.In- dustrial perspective on static analysis[J].Software Engi- neering Journal, 1995,10: 69-75.
  • 10Evans D, Larochelle D.Improving security using exten- sible lightweight static analysis[J].IEEE Software,2002, 19(1 ) :42-51.

同被引文献5

引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部