| The software security is more and more important. We start from the unit testing of source code, and then study how to detect the potential vulnerabilities of the source code and improve the security of the code. We use the technology of static analysis and constraint solve. This paper has implemented a virtual execution machine of"Phoenix IR", which analyses the"Phoenix IR"directly. It can generate unit testing cases of the normal input or trigger input of potential defects using the method of constraint solve.Symbolic execution is path-sensitive, whose precision of analysis is high. Its consumption of time and space is large, but it is a good way to do unit testing. This paper deals with the analysis of C language, and some complex structures such as pointer, struct, and multidimensional array can be processed well. The tool CUTG supports the inter-procedural analysis. We use the method of simulating the back-end"C2"of Phoenix to construct the base of whole program analysis. This tool uses symbolic expression trees as the storage structure of symbolic manipulation in symbolic execution. CUTG uses the traditional method of depth-first to traversal the path space of being tested code. The major type of vulnerability that CUTG detects is buffer overflow. The harmfulness of buffer overflow is great and it's hard to detect. Also this tool can detect the exception of NULL pointer and the divide zero error. As the Phoenix's large-scale IR instruction set,CUTG has only achieved a part of the instruction modeling. The analytical capacity of CUTG is to be further improved.This paper gives out an experiment of typical example. It can detect the vulnerabilities of the example and generate the test inputs. And it also gives out the experiment of analyzing the source code of wget. It shows that the tool can analyze tens of thousands of lines of source code, and can give results of the analysis with a guiding value. |
PDF Full Text Request