基于LLVM中间表示的缺陷静态分析工具实现

发布时间：2018-05-14 06:10

本文选题：缺陷检测 + 程序静态分析　；参考：《北京邮电大学》2016年硕士论文

【摘要】：随着计算机软件在数量和规模上不断地增加,传统的用于发掘软件缺陷的人工测试的方式效率低下、成本较高的缺点逐渐暴露出来,一些新的、自动化的方法被用来完成程序缺陷分析这部分工作。程序分析技术作为一种自动化对程序缺陷分析的技术,无论在学术界还是在工业界都有深入的研究和使用,目前这些技术已经逐步替代传统的方式。程序分析技术根据程序是否会被运行分为程序动态分析技术和程序静态分析技术,程序动态分析技术根据通过对程序进行反汇编,得到汇编代码,或者进行指令插桩,或者采用虚拟机模拟运行,通过这样种方式对程序进行分析。程序静态分析技术则不会运行程序,通过对程序源代码或者经过源代码编译生成的中间代码进行分析,一般采用的技术包括,控制流分析、数据流分析、模型检测、污点分析和符号执行等,它们各自都有优缺点。本文使用静态程序方法作为主要的方式对程序缺陷进行分析,采用符号执行技术+SMT求解,实现了一个静态分析工具——MLSA。MLS A使用LLVMIR(LLVM编译器框架的中间语言)作为分析对象,采用符号执行技术,记录程序变量的符号值,对于检测指令和分支指令使用SMT求解判定程序是否存在缺陷和路径的可达性问题。MLSA作为一个静态分析工具,能够完成过程内和过程间分析,目前主要针对C++语言的除零、指针越界访问和死代码三类缺陷进行分析,并支持分析Fortran语言的除零、数组越界程序缺陷。经过实验表明MLSA具有实用工具缺陷分析能力。
[Abstract]:As the number and scale of computer software continue to increase, the traditional manual testing methods used to discover software defects are inefficient, and the disadvantages of higher cost are gradually exposed. Automated methods are used to complete this part of the program defect analysis. As a kind of automatic defect analysis technology, program analysis technology has been deeply studied and used in both academia and industry. At present, these technologies have gradually replaced the traditional methods. Program analysis technology is divided into program dynamic analysis technology and program static analysis technology according to whether the program will be run. According to the program dynamic analysis technology, according to the disassembly of the program, the assembly code is obtained, or the instruction pile is inserted. Or use virtual machine simulation to run, through this way to analyze the program. The program static analysis technology will not run the program, by analyzing the program source code or the intermediate code generated by the source code compilation, the commonly used techniques include, control flow analysis, data flow analysis, model checking, Stain analysis and symbol execution have their own advantages and disadvantages. In this paper, the static program method is used as the main way to analyze the program defects, and the symbolic execution technique SMT is used to solve the problem. A static analysis tool, MLSA.MLSA, using the intermediate language of the LLVMIR(LLVM compiler framework, is implemented as the analysis object. The symbolic execution technique is used to record the symbolic values of program variables. For detecting instructions and branch instructions, SMT is used to solve the reachability problem of whether the program has defects and paths. MLSA is used as a static analysis tool. At present, it mainly analyzes three kinds of defects of C language, such as removing zero, pointer overstepping access and dead code, and supports the analysis of Fortran language's zero removing and array crossing program defect. The experimental results show that MLSA has the ability to analyze the defects of practical tools.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP311.53

【参考文献】