| Static analysis does not run the programs, but analyze the source code in order to find bugs. The goal of static analysis isn't to prove the correctness of the program, to find vulnerabilities as many as possible before running the program, and then improve the reliability and robustness.Nowadays, the intra-procedural analysis of C/C++ program has been developed very well. Most of the vulnerabilities are due to the interactions among procedurals, wherefore we need to intensive study theories and techniques of inter-procedural analysis.On the basis of traditional inter-procedural analysis and inter-procedural vulnerability detection, some effective algorithms are put forward for the generation of the function call sequence and local paths. These algorithms are suit to the framework of a compiler - Clang. In the generation of the function call sequence, the recursive downward analysis is used, which ensures that no matter how many times the function are called, the function body will be analyzed only once. In the generation of local paths, control flow graph introduced for reducing the cost of path analysis.Based on Low Level Virtual Machine and the compiler Clang, an inter-procedural analysis prototype system - SimpleIPA is designed and implemented. SimpleIPA use the recursive algorithm to create the control nodes, to analyze every function. And then use the model generation algorithm to generate function summary.The experiment results show that, SimpleIPA can effectively detect the inter-procedural vulnerabilities. |
PDF Full Text Request