摘要
提出一种基于序列模式匹配的应用编程接口(API)误用缺陷检测方法。首先根据已经发现的API误用缺陷实例,结合补丁文件中缺陷修复前后的代码信息,刻画API误用模式,然后在目标被测软件中利用改进的AC(ahocorasick)算法搜索符合误用模式的API调用序列并报告相似缺陷。设计了基于序列模式的API误用检测系统(ADSP),以MUBench等文献收录的63个API误用缺陷为基础,分析开源代码仓库GitHub中的2.241 1×10^(4)个Java文件,检测出2 416个相似的API误用缺陷,证实了方法的有效性。
A method of application programming interface(API) misuse bug detection was proposed based on sequence pattern matching.Firstly,misuse patterns were specified based on the already identified API misuse bug instances combined with the code information before and after the bug repair in the patch file.An improved AC(aho-corasick) algorithm was then used to search in the test software for API calling sequences that conform to misuse patterns,and report similar bugs. A detection system AD_SP(API misuse detector using sequence pattern) was designed based on 63 classic API misuse bugs,and 2 416 similar API misuse defects in 2.241 1×10^(4) Java files were detected out in the open source repository GitHub,which proves the effectiveness of the method.
作者
曾杰
贲可荣
张献
徐永士
ZENG Jie;BEN Kerong;ZHANG Xian;XU Yongshi(Department of Computer and Data Engineering,Naval University of Engineering,Wuhan 430033,China)
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2021年第2期108-114,132,共8页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
十三五国防预研项目。
