一种基于CIL静态分析的C#程序缺陷检测方法

计算机科学 ›› 2014, Vol. 41 ›› Issue (1): 220-224.

一种基于CIL静态分析的C#程序缺陷检测方法

边攀,梁彬,石文昌

中国人民大学信息学院北京100872;中国人民大学信息学院北京100872;中国人民大学信息学院北京100872

出版日期:2018-11-14 发布日期:2018-11-14
基金资助:
本文受国家自然科学基金项目(61170240,61070192),核高基重大专项(2012ZX01039-004)资助

CIL Static Analysis Method for C# Program Defect Detection

BIAN Pan,LIANG Bin and SHI Wen-chang

Online:2018-11-14 Published:2018-11-14

摘要/Abstract

摘要： 通过静态检测发现源程序中的潜在缺陷,可以帮助程序员在软件发布之前发现并修补程序缺陷,提高软件的安全性。提出一种通过静态分析CIL代码来检测C#程序代码缺陷的方法。采用改进的深度优先搜索算法遍历目标程序的控制流程图,结合历史状态缓存机制,能够大幅度提高检测效率；另外,为便于实施别名分析,还提出一种基于内存区域的变量表示方法。基于所述分析方法,开发了一个C#源代码缺陷静态检测系统,并对实际开源项目进行了检测。实验结果表明,本系统能够高效、准确地检测C#程序中常见类型的缺陷。

关键词: 静态分析,缺陷检测,别名分析,CIL,C#

Abstract: Finding potential defects by statically detecting source code can help programmers find and fix the defects before the software is released,and thus can improve the security of the software．This paper provided a CIL static analysis method to detect defects in C# programs．We adopted an improved depth-first search algorithm to traverse the control flow graph of the target program,and combining with the strategy of caching history states,the performance of the detection can be greatly improved．In addition,to be convenient for alias analysis,we proposed a method based on Memory Region to represent variables．Based on the analysis method described in this paper,we developed a system for detecting defects in C# programs．We applied the system on real C# projects,and the detecting result shows that it can detect common kinds of defects in C# programs efficiently and accurately.

Key words: Static analysis,Defect detection,Alias analysis,CIL,C#

边攀,梁彬,石文昌. 一种基于CIL静态分析的C#程序缺陷检测方法[J]. 计算机科学, 2014, 41(1): 220-224. https://doi.org/

BIAN Pan,LIANG Bin and SHI Wen-chang. CIL Static Analysis Method for C# Program Defect Detection[J]. Computer Science, 2014, 41(1): 220-224. https://doi.org/

参考文献

[1] Aho A V,Lam M S,Ravi S,et al.Compilers:principles,techniques,and tools(2nd Edition)[M]．Addison-Wesley Professional,2007
[2] BlogEngine．http://www.dotnetblogengine.net/
[3] Brian C,Jacob W．Secure programming with static analysis[M]．Addison-Wesley Professional,2007
[4] Alain D．Interprocedural may-alias analysis for pointers:beyond k-limiting [C]∥Proceedings on PLDI．1994:230-241
[5] Seth H,Benjamin C,Xie Yi-chen,et al．A system and language for building system-specific,static analyses [C]∥Proceedings on PLDI．2002:69-82
[6] Heine D L,Lam M S．A practical flow-sensitive and context-sensitive C and C+＋memory leak detector [C]∥Proceedings on PLDI．2003:168-181
[7] 梁彬,候看看,石文昌,等．一种基于安全状态跟踪检查的漏洞静态检测方法研究与实施 [J]．计算机学报,2009,32(5):899-909
[8] Mono.http://www.mono-project.com/Main_Page
[9] SourceGrid.http://sourcegrid.codeplex.com/
[10] 夏一民,罗军,张民选．基于静态分析的安全漏洞检测技术研究[J]．计算机科学,2006,33(10):279-282

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed