嵌入式C程序指针检测研究与系统实现

发布时间：2018-04-30 16:22

本文选题：嵌入式程序 + 指针缺陷　；参考：《大连理工大学》2012年硕士论文

【摘要】：嵌入式系统技术软硬件结合的优势,在各行各业有着广泛而成熟的应用,是当今计算机科学领域研究的热点问题。C程序指针使用复杂,加之C语言规范并未对指针的使用做过多限制,使得指针的误用难以避免,甚至带来严重的安全隐患。此外,嵌入式程序开发过程依赖于交叉编译环境,导致程序的开发和测试更加困难。因此,针对C程序指针的缺陷检测和可靠性研究,对于保证嵌入式程序的安全稳定运行有着极其重要的意义。程序缺陷检测通常分为两种方法,一种是运行时检测法,即动态检测法,另一种方法不依赖于程序运行,被称为静态检测方法。两种方法各有优点,静态检测执行效率高、设计相对简便且不依赖于检测代码的编译运行,所以更加适应对跨平台开发模式下的嵌入式程序进行缺陷检查。本文通过对国内外静态检测理论与技术的研究,提出了一种基于源代码模型转化与缺陷模式匹配的思想进行缺陷检查的方法。其核心思想是,将源代码转化成能够完整表达源码语义,同时又具有良好结构化查询能力的XML映射模型,同时将缺陷模式采用XML查询语言XQuery构建模型,通过驱动两者之间进行模式匹配最终实现缺陷检查。为了适应不同检测对象或环境的相关要求,提出了构建缺陷知识库的基本方法,通过灵活配置检测方案,执行不同的检测策略。此外,缺陷知识库的设计,使得系统便于开发和维护,同时极大地提高了系统的扩展性。本文所提出的检测系统在开发和测试的过程中进行了大量的测试和检测结果分析,验证了本文所提出指针安全检测方法的正确性和检测系统的实用性。本研究的主要工作获得了国家自然科学基金重大培育计划(航天嵌入式软件可信性度量方法与系统,91018003)的资助,再次感谢基金委对本项目组工作的支持。
[Abstract]:The advantage of the integration of hardware and software of embedded system technology has a wide range of mature applications in various industries, which is a hot issue in the field of computer science. Moreover, the C language specification does not limit the use of pointers too much, which makes it difficult to avoid the misuse of pointers, and even brings serious security risks. In addition, the development process of embedded programs depends on cross-compiling environment, which makes it more difficult to develop and test programs. Therefore, the research on the defect detection and reliability of C program pointer is of great significance to ensure the safe and stable operation of embedded program. Program defect detection is usually divided into two methods, one is runtime detection, that is, dynamic detection, the other is not dependent on program running, so it is called static detection method. The two methods have their own advantages, such as high execution efficiency of static detection, relatively simple design and independent of compiling and running of the detection code, so they are more suitable for defect checking of embedded programs in cross-platform development mode. Based on the research of static detection theory and technology at home and abroad, this paper presents a method of defect checking based on the idea of source code model transformation and defect pattern matching. Its core idea is to transform the source code into a XML mapping model which can express the semantics of the source code and at the same time has a good ability of structured query. At the same time, the defect pattern is constructed by using the XML query language XQuery. The defect checking is realized by driving pattern matching between them. In order to meet the requirements of different detection objects or environments, a basic method of constructing defect knowledge base is proposed. Different detection strategies are implemented through flexible configuration of detection schemes. In addition, the design of defect knowledge base makes the system easy to develop and maintain, and greatly improves the expansibility of the system. In the process of development and testing, a large number of tests and test results have been carried out in the detection system proposed in this paper, which verifies the correctness of the proposed pointer safety detection method and the practicability of the detection system. The main work of this study was supported by the National Natural Science Foundation of China (Space embedded Software credibility Measurement method and system 91018003).
【学位授予单位】：大连理工大学
【学位级别】：硕士
【学位授予年份】：2012
【分类号】：TP368.1;TP311.11

【参考文献】