摘要
A simplified integer overflow detection method based on path relaxation is described for avoiding buffer overflow triggered by integer overflow. When the integer overflow refers to the size of the buffer allocated dynamically, this kind of integer overflow is most likely to trigger buffer overflow. Based on this discovery, through lightly static program analysis, the solution traces the key variables referring to the size of a buffer allocated dynamically and it maintains the upper bound and lower bound of these variables. After the constraint information of these traced variables is inserted into the original program, this method tests the program with test cases through path relaxation, which means that it not only reports the errors revealed by the current runtime value of traced variables contained in the test case, but it also examines the errors possibly occurring under the same execution path with all the possible values of the traced variables. The effectiveness of this method is demonstrated in a case study. Compared with the traditional buffer overflow detection methods, this method reduces the burden of detection and improves efficiency.
为了防止由整数溢出引起的缓冲区溢出,提出了一种简化的基于路径松弛的整数溢出检测方法.表示动态分配缓冲区大小的整型变量发生溢出,极有可能引发缓冲区溢出.该检测方法基于这一发现,在动态测试之前先进行轻量级的静态分析,跟踪与动态分配缓冲区大小相关的关键变量,保存追踪的关键变量在不同地方的取值上限和下限,并将维护信息插入源代码中.测试时通过路径松弛,在执行路径上不仅考虑追踪变量的当前测试用例值,判断程序是否出现整数溢出,还根据插入的维护信息进一步考虑追踪变量可能的取值范围,判断程序是否有可能出现整数溢出.实例研究验证了该方法的有效性,并且与同类方法相比,减少了检测量,提高了检测效率.
基金
The National Natural Science Foundation of China (No.60873050,60703086)
the Opening Foundation of State Key Laboratory of Software Engineering in Wuhan University (No.SKLSE20080717)
