摘要
利用程序的可伸缩性对程序进行代码切片,识别出受敏感变量影响的关键语句,消除噪声并挖掘程序内部依赖,用以检测代码的漏洞与缺陷。针对切片对依赖过于敏感的问题,提出一种基于敏感语义关联的代码过程间切片方法,提取表征敏感信息的有效语句,捕获语义依赖关联,将代码漏洞触发点转化为上下文敏感的缺陷依赖流,并基于约束规则提升切片效率,结合缺陷约束获取代码漏洞的异常来源。实验结果表明:该方法在代码切片的效率、质量以及漏洞检测的精度上有较好的表现。
By utilizing the scalability of the program to slice the code of the program,key statements affected by sensitive variables can be identified,noise can be eliminated,and the internal dependencies of the program can be mined,so as to detect vulnerabilities and defects in the code.In order to solve the problem of the excessive sensitivity of slicing to dependencies,this paper proposes an inter-procedural slicing method of the code based on sensitive semantic association,which extracts effective statements that represent sensitive information,,captures semantic dependent association,transforms the trigger points of code vulnerabilities into context-sensitive defect dependency flows,improves slicing efficiency based on constraint rules,and obtains the abnormal source of code vulnerabilities in combination with defect constraints.Experimental results show that this method performs well in the efficiency and quality of code slicing and the accuracy of vulnerability detection.
作者
帅活力
唐成华
SHUAI Huoli;TANG Chenghua(Guangxi Key Laboratory of Trusted Software,Guilin University of Electronic Technology,Guilin,Guangxi Zhuang Autonomous Region,541004 China)
出处
《科技资讯》
2024年第4期53-57,共5页
Science & Technology Information
基金
国家自然科学基金(项目编号:62062028)
广西可信软件重点实验室基金(项目编号:202320)
广西研究生教育创新计划项目(项目编号:YCSW2023295)。
关键词
代码切片
敏感语义
控制流
漏洞检测
Code slicing
Sensitive semantics
Control flow
Vulnerability detection
