摘要
内存安全问题已成为影响C/C++程序正确性和可靠性的主要因素。一些现有的静态代码检测工具无法识别全局变量+跨函数内存管理的内存泄露和未定义越界访问这两种缺陷,且其他动态代码检测工具,因需要在运行时进行插桩等操作,会增加额外的开销导致检测效率慢。为解决这些问题,采用LLVM 15提出一种基于中间语言数据依赖关系的内存安全性检测方法,该方法通过获取并分析LLVM中间语言中指令之间的数据依赖,从而进行判断得出结果。在软件保障参考数据集SARD上的相关测试用例集验证了该方法的有效性,相比现有方法,该方法可以检测这两种内存安全性缺陷。
Memory safety has become a major factor affecting the correctness and reliability of C/C++ programs.Some existing static code analysis tools fail to identify two critical scenarios which are memory leaks and out-of-bounds accesses involving global variables and cross-function memory management.Meanwhile,other dynamic code analysis tools incur additional overhead due to runtime instrumentation,leading to slower detection efficiency.To address these issues,a memory safety detection method based on intermediate language data dependency relations was proposed using LLVM 15.This approach involves acquiring and analyzing data dependencies between instructions in the LLVM intermediate language to make judgments and derive results.The effectiveness of this method has been validated through relevant test cases in the SARD reference dataset,demonstrating its capability to detect both types of memory safety issues compared to existing methods.
作者
蒙世满
符祥
MENG Shiman;FU Xiang(School of Software,Nanchang Hangkong University,Nanchang 330063,China)
出处
《湖北大学学报(自然科学版)》
CAS
2024年第3期402-410,共9页
Journal of Hubei University:Natural Science
关键词
内存安全
静态检测
LLVM
中间语言
数据依赖
memory safety
static analysis
LLVM
intermediate language
data dependency
