| C程序类型隐式转换漏洞的静态检测 |
| |
| 引用本文: | 吕维梅,刘坚.C程序类型隐式转换漏洞的静态检测[J].计算机工程与应用,2005,41(11):80-82. |
| |
| 作者姓名: | 吕维梅 刘坚 |
| |
| 作者单位: | 西安电子科技大学软件工程研究所,西安,710071 |
| |
| 基金项目: | 国家部委预研基金资助项目 |
| |
| 摘 要: | C语言由于其灵活性及支持环境,经常被用于嵌入式和实时开发环境中,所以它已成为一种非常流行的语言。但凡事都有两面性,C语言在提供了很大灵活性的同时也存在不少安全隐患。该文主要讨论C源程序中类型隐式转换导致程序错误的常见表现形式,分析其特征及产生机理,从而提出一种以语法制导翻译的方式形式化描述漏洞,并且给出了其实现方法。
|
| 关 键 词: | 类型转换 安全漏洞 安全模式 静态检测 |
| 文章编号: | 1002-8331-(2005)11-0080-03 |
| 修稿时间: | 2004年10月1日 |
Static Testing C Programs for Implicit Type Conversion Holes |
| |
| Lv Weimei,Liu Jian.Static Testing C Programs for Implicit Type Conversion Holes[J].Computer Engineering and Applications,2005,41(11):80-82. |
| |
| Authors: | Lv Weimei Liu Jian |
| |
| Abstract: | The C language is extremely popular because of its flexibility and support environment.C is often used in embedded and real-time environment.But everything has two sides and while C's flexibility makes it attractive,that also makes it a less reliable programming language.This paper gives the representation of implicit type conversion holes in C programs.Then it analyzes the characteristics of holes and how to occur.At last this paper presents an approach that is syntax-directed translation for defining holes and its implementation. |
| |
| Keywords: | type conversion safety hole safety model static testing |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
