电子学报Issue(9):1744-1752,9.DOI:10.3969/j.issn.0372-2112.2014.09.013
基于区域内存模型的空指针引用缺陷检测
Null Pointer Dereference Defect Detected Based on Region-Based Memory Model
摘要
Abstract
In order to fully detect null pointer dereference for C procedures ,this paper introduces a method based on region-based memory model .Firstly ,region-based symbolic three-valued logic (RSTVL ) is proposed ,which can describe shape of data structures ,all kinds of memory states and relations of addressable expressions .Then ,an approach to fully recognizing pointer deref-erences based on abstract syntax tree and procedure summary is introduced .Furthermore ,this paper introduces a null pointer derefer-ence detection method ,which translates pointer dereference detection into region detection applying the result of data flow analysis based on RSTVL ,and detects interprocedural null pointer dereference based on procedure summary .Experiment results show that compared with DTSC-STVL and Klocwork9 ,the proposed method could dramatically reduce null pointer dereference false negative on the precondition of guarantee the detection precision .关键词
空指针引用/内存模型/静态分析/函数摘要/缺陷检测Key words
null pointer dereference/memory model/static analysis/function summary/defect detection分类
信息技术与安全科学引用本文复制引用
董玉坤,宫云战,金大海..基于区域内存模型的空指针引用缺陷检测[J].电子学报,2014,(9):1744-1752,9.基金项目
国家自然科学基金(No .91318301,No .61202080);国家863高技术研究发展计划 ()
