Research And Implementation Of Embedded Software Defect Detection Technology Based On Dynamic Methods

The complexity and abstraction of software cause some inevitable errors in the processof the software development nowadays, and it is more difficult to detect the embeddedsoftware defects, due to the limited time and space resources on embedded systems, its highreliability and real-time, and so on. Research on the static analysis began early, and hadmany research findings. However, including a high rate of false positives, static analysis isdifficult to detect the software runtime defects. The dynamic analysis is another fairlywidespread software analysis method which can not only detect some hidden defects, butalso track runtime errors. However the dynamic analysis mainly analyses programs at thelevel of machine code, and because of lacking of source code, accurate syntactic andsemantic information can’t be obtained which increase the difficulty of program analysis.Therefore, the research on embedded software defect detection technology based on thedynamic analysis method has become one difficulty and a hot spot of the current study.From the CVE statistical data, it can be found that buffer overflow occupies a greatproportion in the entire software defects, and the number of integer sign conversion defectsis also increasing every year. At present, there are still plenty of shortcomings in defectdetection techniques for these two defects; and there isn’t an effective detection methodwhich can lead to a downward trend in the number of defects. Therefore, focusing on thesetwo defects and based on the dynamic instrumentation technology which has a rapiddevelopment and been widespread used, this paper puts forward two solutions: bufferoverflow flaw detection method and integer sign conversion defect detection method.Based on the above two methods, the paper carry out the research of embeddedsoftware defect detection technique based on the dynamic analysis method, and achieve adetection system for binary procedural defects based on a virtual simulation environment.The main research contents and innovations are as follows:1. The principle of buffer overflow is studied, and focusing on the buffer overflowdefects, an effective detection method is presented. Firstly we establish a shadow memoryfor the buffer memory to record the accessibility of memory, secondly insert the analysiscode to update the shadow memory, finally identify buffer overflow behavior by checkingthe shadow memory in response to memory accesses operation, and replace thestring-related functions to check the parameters and contents, thus to find buffer overflowdefects. 2. The principle of integer signed/unsigned conversion error is studied. A method ispresented against such a defect which can accurately detect and localize the defects. Firstlyextract the sign type information of the integer variable with the type inference method,then analyze the type information of parameters in memory-related functions, take theresulting collection of conflict types as a potential defect collection, and record theinstruction address information which generates conflict types, finally insert detection codeto determine the real integer sign conversion defects and accurately locate the defect.3. Based on a framework for dynamic binary instrumentation, Valgrind, use the abovemethod to design and implement prototype tools for detecting defects, then combine withan embedded operation platform built by the simulation software (QEMU) to achieve adynamic detection system for embedded software defects. Finally test the system, andverify the effectiveness of the detection system by experiments.