面向危险函数调用的多粒度影响分析方法研究  

作　　者：郭严磊 牟永敏[1] 张志华[1] Guo Yanlei;Mu Yongmin;Zhang Zhihua(Beijing Key Laboratory of Internet Culture&Digital Dissemination Research,Beijing Information Science&Technology University,Beijing 100101,China)

机构地区：[1]北京信息科技大学网络文化与数字传播北京市重点实验室,北京100101

出　　处：《计算机应用研究》2021年第5期1491-1497,共7页Application Research of Computers

基　　金：北京市自然科学基金资助项目(Z160002);网络文化与数字传播北京市重点实验室开放课题(5221935409)。

摘　　要：针对软件开发过程中,变量变更造成的缓冲区溢出检测成本高、效率低等问题,提出了一种基于数据拓扑的危险函数调用影响分析方法,从变量粒度和路径粒度分析变量变更对危险函数调用的影响。通过静态分析源代码,提取变量定义、引用及依赖关系信息、危险函数调用信息和函数调用关系等内容;构建变量依赖关系集合,对变更变量进行数据拓扑分析,结合变量在栈内的分布规律,获取变量影响域;结合函数调用关系信息建立变量影响分析模型,获取路径影响域;根据变量影响域和路径影响域获取变更变量对危险函数调用的影响。实验结果表明,此方法界定变量变更对危险函数调用的影响更加精准。该方法可理解性和可用性较高,能够有效提高软件回归测试的精度和效率。In order to solve the high cost and low efficiency of buffer overflow detection in software development due to the influence of variable changes,this paper proposed a method for analyzing the impact of unsafe function calls based on data topology,this method analyzed the impact of variable changes on unsafe function calls with the granularity of variable and path.Extracted information such as variable definitions,references,variable reference,variable dependency,unsafe function calls information and function calls relationship by statically analyzing source code to build a variable dependency set,analyzed data topology of changed variables,and combined distribution of variables in the stack to obtain the variable impact domain.It established a variable impact analysis model by combining function call relations information to obtain path domain.Finally it obtained the influence of variable changes on unsafe function calls according to the variable impact domain and path impact domain.Experimental results show that this method is more accurate in defining the impact of variable changes on unsafe function calls.This method has high comprehensibility and usability,can effectively improve the accuracy and efficiency of software regression testing.

关 键 词：变量依赖 数据拓扑 危险函数 函数调用关系 影响分析 

分 类 号：TP311.5[自动化与计算机技术—计算机软件与理论]