Verifikation der Speicherhandhabung in bestehenden C Programmen mit numerischen abstrakten Domänen.

使用数字抽象域验证现有 C 程序中的内存处理。

• 批准号: 154707536
• 负责人: Dr. Axel Simon
• 金额: --
• 依托单位: Lehrstuhl Informatik II: Sprachen, und Beschreibungsstrukturen in der Informatik
• 依托单位国家: 德国
• 项目类别: Independent Junior Research Groups
• 财政年份: 2009
• 资助国家: 德国
• 起止时间: 2008-12-31 至 2013-12-31
• 项目状态: 已结题
• 来源: https://gepris.dfg.de/gepris/projekt/154707536?language=en
• 关键词: Verifikation; der; Speicherhandhabung; bestehenden; Programmen

Formal methods based on specifications and design-by-contract have long been advocated as a way to build reliable software. However, the cost of this approach and the sheer amount of legacy code has triggered much research into the automatic analysis of existing software products for which no specification exists. Given the lack of a full, program-specific specification, an analyzer can at most assert the absence of certain run-time errors since what constitutes a run-time error is defined by the execution environment (as described by, e.g., the C language specification). Interestingly, eliminating run-time errors already eradi- cates the most severe security vulnerabilities that allow arbitrary code execution on foreign hosts since these are based on exploiting incorrect memory management in applications which normally leads to run-time errors. Thus, the proposed research project aims to build a scalable analyzer that is precise enough to prove the absence of memory management errors in legacy C software. The project follows two strands: Firstly, new techniques for examining executable code are sought which will simplify the analysis of closed-source software and allow the analysis of concurrency primitives. Secondly, the project investigates into novel highlevel abstractions that combine shape- and numeric analysis. These abstractions are then applied to functions, enabling a context-sensitive analysis without repeating the analysis for each call-site.

长期以来，基于规范和契约设计的形式化方法一直被提倡作为构建可靠软件的一种方法。然而，这种方法的成本和大量的遗留代码已经引发了对现有软件产品的自动分析的大量研究，这些软件产品没有规范。由于缺乏完整的程序特定规范，分析器最多可以断言不存在某些运行时错误，因为什么构成运行时错误是由执行环境定义的（如由例如，C语言规范）。有趣的是，消除运行时错误已经根除了允许在外部主机上执行任意代码的最严重的安全漏洞，因为这些漏洞是基于利用应用程序中不正确的内存管理，这通常会导致运行时错误。因此，拟议的研究项目的目的是建立一个可扩展的分析，是精确到足以证明在遗留的C软件的内存管理错误的情况下。该项目遵循两个方面：第一，寻找新的技术来检查可执行代码，这将简化闭源软件的分析，并允许并发原语的分析。其次，该项目调查到新的高级抽象，结合联合收割机形状和数值分析。然后将这些抽象应用于函数，从而实现上下文敏感的分析，而无需对每个调用站点重复分析。