Research And Implementation Of C Code Memory Safety Vulnerabilities Detection

C language is currently the most widely used programming language,in the extensive use of the same time there have been a lot of code security vulnerabilities.If we do not pay attention to these security vulnerabilities,often cause many unexpected consequences and losses.So the C code security vulnerability detection is particularly important to us.In all security vulnerabilities,memory security vulnerabilities have the greatest consequences and losses.So the detection of memory security vulnerabilities become very meaningful.The work of this paper is for a C code static analysis and detection tools to achieve memoryrelated security vulnerabilities detection,so that we can find the common memory security vulnerabilities in the actual code,and error reporting.For this paper,the design of effective methods to complete the detection of memory security vulnerabilities is the focus of research.This paper first classifies common memory security vulnerabilities and have a detailed analysis of the detection requirements for memory security vulnerabilities.According to the results of the analysis,the overall design of memory security vulnerability detection is completed,and the memory security rule model and static integer value estimation model are constructed to realize memory related detection.According to the overall design,this paper designs and realizes the memory security rule model.Because in the actual code detection,different users will have different memory detection needs,so we need to modify the configuration check items.This model first defines a variety of memory security rules based on the detection requirements of the memory security vulnerabilities,and implements the configurable functions.At the same time,this paper realizes the transmission and analysis of memory security rules from front to back,and saves the security rules of user configuration in the designed data structure for later use.And then the detailed implementation of the various security sub-rules,and completed the memory security rules in the back-end traversal framework embedded to ensure that security rules in the call for vulnerability detection and validity.Finally,this paper designs a detection method for the common memory security vulnerabilities by the memory security rules.Then,because some memory security vulnerabilities need to use the integer value information,this paper designs and implements the static integer value estimation model.The main function of the model is to estimate and collect the integer values in the function,and ensure that the follow-up vulnerability detection in the relevant value of the use of inspection.In order to implement the model,it is necessary to improve the original abstract syntax tree traversal framework.This paper first adds the return parameters to each tree node in the traversal grammar so that the value set information of the integer value can be passed and collected at the time of traversal to bind to the corresponding variable.And then is in the traversal of the grammar,embeds the semantic action of the integer value on all tree nodes to complete the calculation and update the value set.In this paper,we design the inspection method for the memory security vulnerabilities by static integer value estimation model.Finally,this article uses a well-designed security tool for several common memory security vulnerabilities were classified test.The results of the test show that the memory security rule model and the static integer value estimation model constructed in this paper have achieved the expected results,and realized the security check tool for C code memory security vulnerability detection requirements.