Research On The Static Analysis Of Resource Leak Fault

With the development of software technology, the larger scale of software systems is increasing, the more complex software architecture is becoming, and the more difficult it is to guarantee the reliability and stability of a software system. So the software failure has gradually become one of the bottlenecks restricting the development and application of computer. Resource leak is one of the most dangerous software vulnerabilities affecting the stability and reliability of the software. Studies have shown that resource leaks are the main causes of shutdown failure of the software systems and aging of the service-oriented software systems and it occurs in the software in a very high percentage.Therefore, it’s distinctly imperative to ascertain whether the software has resource leak vulnerabilities.Static analysis is used to detect software vulnerabilities by analyzing and estimating the static characteristics of source code. It has many advantages in detecting vulnerabilities in software applications, so the research on it draws more and more academic attention. However, the current research on the static analysis of resource leak vulnerabilities needs to be improved.Because the faulse positives rate of the current static analysis is high and the scalability of it is poor. The actual availability of the analysis tools needs to be improved.Firstly the high false positives rate is due to a number of factors. Firstly the control flow model of the source program is not accurately, and the static analysis has not the targeted strategy for loop, and the current function summary can not be comprehensive for context sensitive analysis, and the handling of complex data structures is not precise enough.As is well known, the complexity of the high accuration of static analysis is usually high. So this dissertation aims to improve the accuracy of static analysis of resource leak vulnerabilities under the premise of semantic and scalability. We propose the slice techniques and the loop analysis policies which are close to the semantic of source program.we also propose the AFST(Abstract Function Summary Template) template to get the comprehensive context-sensitive analysis for interprocedual analysis. Finally, we optimize the initial fault report to give a good readability fault report for users.The research work and innovation of this dissertation mainly include:(1)This paper proposes a slice analysis technique about resource behavior. Current many resource leak detection method are flow-sensitive, but because of the program abstract methods and path bombing, the efficiency and accuracy needs to be improved. The proposed method is based on definination-use analysis and symbolic execution to obtain a resource behavior slice.The method is actually a multi-level approach. Firstly, it executes the definination-use analysis of the data flow based on the program control flow graph to obtain the allocaiton points M and release points F of the resource. If an allocated resource does not have the corresponding release point, so it can determine the resource is leaked in the first scan. Otherwise, It symbolic execute the program to obtain the constraints of the data flow from M (the point of a resource allocated) to F(the point of the resource freed), The data flow condition is referred to the constraint solver to solve to determine the accessibility from the resource allocation points M to the release points F. The research in this area is the innovation of slice optimization of flow-sensitive static analysis to make the slice more compact and more closely to the source program semantics to reduce the number of the nodes of control flow model and the computation complexity.(2) This paper proposes the method of estimation of Loop iteration number based on the extended Chains of Recurrence Algebra. To reduce complexity, In the current static analysis works the loop iteration is always limited to at most once in static analysis which results in reducing accuracy, especially when the loop iteration number is related to the property of analysis, e.g. memory leak. The path combinatorial explosion happens easily if we simulate all paths every time. So the article presents a mathematical method to estimate the iteration number of while loops based on Chains of Recurrence Algebra (CR). In addition, we introduce a new loop summary in order to analyze nested loops. All the variables in loops are rewritten into mathematically equivalent CR expressions and the closed form function of loop iteration number deduced by the rule system of CR.Then according to the fault property with a loop it determines the police of loop analysis to improve the accuracy of static analysis.(3) This paper proposes the Abstract Function Summary based on Symbolic to accurately implement context-sensitive function analysis. Because current function summary can not analyze all the change of variable name space, such as escaping of variables, arguments passed, and so on. AFST (Abstract Function Summary Template) is based on the symbol are summarized and defined. All the comprehensive variables, parameters, return values passed between functions are summarized to generate a function summary on the resource action. The AFST is instantiated with the call context information to realize the context-sensitve analysis. This research is the innovation to obtain the thorough interprocedural analysis.To evaluate our method, we conducted a series of experiments on the SPEC2000, some open source programs, programs from some articles and some programs which are created by ourselves. In addition, we compared it with other leak detector. The test results show that the method we proposed can more thoroughly find resource leak vulnerabilities than other tools. Our method can improve the analysis accuracy with the scalablity, which demonstrates the superiority and feasibility of our approach.