Data Flow Analysis for Sequential Storage Structures

被引：0

作者：

Wang S.-D. ^{[1
]}

Yin W.-J. ^{[1
]}

Dong Y.-K. ^{[1
]}

Zhang L. ^{[1
]}

Liu H. ^{[1
]}

机构：

[1] College of Computer Science and Technology, China University of Petroleum, Qingdao

来源：

Ruan Jian Xue Bao/Journal of Software | 2020年 / 31卷 / 05期

基金：

中国国家自然科学基金;

关键词：

Abstract memory model; Data flow analysis; Inter-prcedural analysis; Memory leak; Sequential storage structure;

D O I：

10.13328/j.cnki.jos.005949

中图分类号：

学科分类号：

摘要：

Sequential storage structures such as array and continuous memory block allocated dynamically by malloc are widely used in C programs. But traditional data flow analysis fails to adequately describe their structures and operations. When pointers are used to access the sequential storage structures in C programs, existing data flow analysis methods basically pay attention to only points-to information and do not consider the numerical properties offset. In addition, it does not consider the unsafe problem caused by out of bounds when offset occurs, which leads to inaccurate analysis for sequential storage structure. To improve the precision for analyzing sequential storage structures, an abstract memory model SeqMM is proposed to describe sequential storage structures, which can effectively describe points-to relationships and offset. Then there are three operations are summarized, such as the pointer-related transfer operation, predicate operation, and loop operation traversing sequential storage structures, and it is also considered that whether the index is out of bounds to ensure the security of operation execution when analyzing these operations. After that, mapping rules are introduced for parameters referencing sequential storage structure to corresponding arguments. Finally, a memory leak detection algorithm is proposed to detect memory leak in 5 open-source projects. The experimental results indicate that SeqMM can effectively describe sequential storage structure and various operations in C programs, and the results of data flow analysis can be used to detect memory leaks when a reasonable balance between accuracy and efficiency occurs. © Copyright 2020, Institute of Software, the Chinese Academy of Sciences. All rights reserved.

引用

页码：1276 / 1293

页数：17

共 30 条

[1] Dong YK, Jin DH, Gong YZ, Xing Y., Static analysis of C programs via region-based memory model, Ruan Jian Xue Bao/Journal of Software, 25, 2, pp. 357-372, (2014)
[2] James CK., Symbolic execution and program testing, Communications of the ACM, 19, 7, pp. 385-394, (1976)
[3] Xu ZX, Kremenek T, Zhang J., A memory model for static analysis of C programs, Proc. of the Int'l Conf. on Leveraging Applications of Formal Methods, pp. 535-548, (2010)
[4] Zhang J., Symbolic execution of program paths involving pointer structure variables, Proc. of the Int'l Conf. on Quality Software, pp. 87-92, (2004)
[5] Hackett B, Rugina R., Region-based shape analysis with tracked locations, ACM SIGPLAN Notices, 40, 1, pp. 310-323, (2005)
[6] Dong LM, Wang J, Chen LQ, Liu JC., Field-sensitive memory model for memory safety of heap-manipulating programs, Computer Science, 39, 9, pp. 109-114, (2012)
[7] Zhao YS, Wang YW, Gong YZ, Chen HH, Xiao Q, Yang ZH., STVL: Improve the precision of static defect detection with symbolic three-values logic, Proc. of the 18th Asia Pacific Software Engineering Conf, pp. 179-186, (2011)
[8] Yin BH, Chen LQ, Wang J., Analysis of program with pointer arithmetic by combining points to and numer, Computer Science, 42, 7, pp. 32-37, (2015)
[9] Steensgaard B., Points-to analysis in almost linear time, Proc. of the ACM SIGPLAN-SIGACT Symp. on Principles of Programming Languages, pp. 32-41, (1996)
[10] Andersen LO., Program analysis and specialization for the C programming language, (1994)

← 1 2 3 →