Research And Implementation Of Source Code Cross Process Analysis Based On Semantic Pattern

With the ever-increasing scale of software,the development time and loopholes of the software are also increasing.In the process of software development,using static analysis software to analyze the developed program code can effectively find loopholes that exist in the program and difficult to find during the later code review.At the same time,it can also improve the software code quality and shorten the development cycle.The work of this paper is to design a back-end semantic model and a semantic model-based cross-process analysis model for a static analysis tool for C language,so that the C language static analysis tool can maintain analyzing efficiency of the software under the condition of detecting multiple target vulnerabilities.This article first classifies the target vulnerabilities to be detected into three categories: memory leaks,dangerous function vulnerabilities,and pollution propagation vulnerabilities.Then analyze the program semantic information that needs to be collected to detect these vulnerabilities,and then design a semantic model based on these semantic information to represent the program state during static analysis.Specifically,this paper designs and implements a triplet model of variable symbol entries,memory objects,and value objects to collect the semantic information needed to detect memory leaks and dangerous function leaks.Then this paper designs and implements a BDD-based tuple collection model to collect the semantic information needed to detect the pollution propagation vulnerability.Use these two models together to represent the program status of the static analysis software when it detects three types of vulnerabilities.Then according to the above semantic model,the traversal framework is designed when the static analysis software backend performs data flow analysis on the control flow graph of the target code.Under this framework,when the back-end performs control-flow graph traversal,it is necessary to bind the control-flow graph node with the state of the semantic model when analyzing the node.In the branch node,the state is divided into two parts,and the node splits the path according to the status of each true and false branch.At the end of the function,the end states of all branch nodes are merged to lay the foundation for the establishment of function patterns.When the static analysis software analyzes to the function call statement,cross-process analysis is performed without constraints is very easy to cause Path explosion,which is also an important factor affecting the efficiency of back-end analysis of static analysis software.This article avoids the direct cross-process analysis when parsing a function call statement from two perspectives.One is that if a function can know its effect through the pre-configuration information,then directly through the configuration information to check or process the function parameters to avoid a direct cross-process analysis;the second is to establish the relationship between the entrance and exit status of a function?In the model,when it encounters a function call statement,queries existing patterns to perform pattern matching and pattern reuse.In this way,multiple cross-process analysis of common functions is avoided.This article establishes a function pointer mode for function pointer-pointing relations,and uses an abstract label to simulate the pointer-pointing relationship at the entry of the function.The mapping of the pointers to the entry and exit points of the function is mapped to represent the pointer-to-relationship processing behavior of the function for multiple pointer parameters and global pointer variables.This article establishes a function value model for function processing of general values(shaping values,pollution variables,and string values),and establishes a mapping relationship between the parameter values and global variables values at the entrance to the function,return values and global variable values at the exit.The value mode indicates the processing behavior of the function for general values.In order to verify the effectiveness of the above design,the final static analysis tool was tested in terms of function and performance.The test finally achieved the desired effect.The software implements a proper vulnerability detection function and balances the efficiency at the same time.