Research And Implementation Of C++ Application Program Defect Detection Technology

C++ language is flexible and efficient,compared with Java and other high-level programming languages it needs developers to manage memory by themselves.Therefore,there are a large number of undefined behavior,which can easily produce safety defects.Memory management defect and buffer overflow defect are common security defects in C++application programs,which have high concealment and harmfulness.It is of great practical significance to study the detection of these two kinds of defects.Dynamic binary instrumentation detection technology does not require the source code of the program,and can insert probe to track the running state of the program in real time,which can provide the program running information for the program defect detection with this technology.This technology has a wide range of applications in the field of program detection.The binary code has a low level of abstraction and has a platform correlation,so it is more difficult to write the dynamic binary instrumentation program.This paper first introduces the common defect types and detection methods in C++ application programs,and focuses on the dynamic instrumentation technology and the mainstream binary instrumentation platform.We select Pin as the instrumentation platform in this project finally.Then we do a research on defect detection technologies of C++application programs and design efficient shadow memory based on combination mapping for the memory layout of the C++ application program.This design's memory footprint is only about 35%of the traditional shadow memory.Then,aiming at the specific defect types,this paper proposes a memory-leak detection scheme based on memory block reachability analysis algorithm,a heap buffer overflow detection scheme based on address accessibility decision,and a stack buffer overflow detection scheme based on local variable boundary mapping.Based on the theory mentioned above,we design and implement a tool to detect C++ application program's defects.We use Pin to analyze testing programs by inserting probes and track running states of program based on instruction instrumentation and the library function's replacement technique.The program's memory operation information is stored in shadow memory.The tool uses program's memory information provided by shadow memory and combines with detection mechanism to detect program's defect.Finally,we test the cost of program running and accuracy of the detection method by experiment,and prove the effectiveness of the method.