摘要
随着软件规模越来越大,如何保证程序的可靠性和安全性越来越受到人们的关注。由于C语言缺乏内存安全检测的机制,导致使用C语言编写的程序容易存在安全漏洞,所以针对C语言的可靠性研究也很越来越多。当前,软件可靠性和安全性常用的验证方法是静态分析和动态分析,动态分析由于能真实反映程序中存在的问题而得到广泛应用。目前针对程序内存安全性的分析工具对较小规模的程序能够正确检测,但是在大规模程序中无法有效地对程序进行插桩和检测。针对此问题,该文在基于指针技术的内存安全分析技术的基础上,采用源代码插桩实现了大规模C程序内存分析工具Movec,并对其进行了有效性和性能实验。通过实验表明,该方法可以有效且高效地对大规模程序进行安全性分析。
With the increasing scale of software,how to ensure the reliability and security of the program has attracted more and more attention.Due to the lack of memory security detection mechanism in C language,programs written in C language are prone to security vulnerabilities,so there are more and more researches on the reliability of C language.At present,the commonly used verification methods for software reliability and security are static analysis and dynamic analysis.Dynamic analysis,which can truly reflect the problems in the program,is widely used.Current analysis tools for program memory security can correctly detect small-scale programs,but they can’t effectively instrument and detect the program in a large scale.In response to this problem,on the basis of the memory security analysis technology based on pointer technology,we use source code instrumentation to implement the large-scale C program memory analysis tool Movec and test its effectiveness and performance.Experiment shows that the proposed method can effectively and efficiently analyze the safety of large-scale programs.
作者
王冲
孙毅
仵俊
WANG Chong;SUN Yi;WU Jun(School of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211100,China)
出处
《计算机技术与发展》
2021年第7期92-96,共5页
Computer Technology and Development
基金
国家自然科学基金(U1533130)。
关键词
动态分析
大规模C程序
内存安全性
源代码插桩
基于指针
dynamic analysis
large-scale C program
memory safety
source code instrumentation
pointer-based