Static Analysis For C/C++ Program Base On Symbolic Execute

With the continuous development of software technology,the scale of the software is more and more magnificent,the complexity is higher and higher,leading to the software reliability and security become more and more difficult to ensure.Among them,the memory leaks and array index out of bounds are difficult to location and tracking,and are the most likely to cause serious software defects of software failure.Research has shown that memory leaks and array index out of bounds are the main reasons which would cause software defects,therefore,they are of great value to research.This article uses the method of static analysis to detect the software defects.Static analysis has the features of high speed,low cost and efficient,is one of the most studied of defects detection technology.But the false alarm and non-response rates of static analysis for memory leaks and array index out of bounds are high.In order to deal with the shortages above,this paper's main research work and innovation points include:(1)For the problem of array index out of memory and path explosion in symbolic execution,this paper puts forward a method for loop times calculation and loop unrolling.This method converts loop iteration to a first order differential equation,calculate loop times according to differential equation,then convert the loop into conditional branch,to solve the problem of symbolic execution path explode,and check the array index out of bounds defects.(2)In order to resolve the problem of low efficiency of memory leak and a rray out of memory defects detection,this paper puts forward a contex t-sensitive memory simulation method.According to the transfer of sta te whether memory leak fault exists,the method of memory modeling and simulation of the memory state and behavior,build the memory state t ransition diagram.(3)According to the above two innovations,implements a prototype system of static analysis.The system adopts the methods of symbolic execution and constraint solving,to detect defect in C/C++ code.On CWE,open source software libxslt-1.1.20,openssh3.5p1,lhttpd0.1,bftpd1.0.24,and self-organizing data sets,the static analysis method of this paper has carried on the comparative analysis of the results,respectively,shows the feasibility and effectiveness of the proposed method.