| 基于抽象语法树的数组越界的静态检测方法 |
| |
| 引用本文: | 徐明昌,刘坚.基于抽象语法树的数组越界的静态检测方法[J].计算机工程,2006,32(1):108-109,205. |
| |
| 作者姓名: | 徐明昌 刘坚 |
| |
| 作者单位: | 西安电子科技大学软件工程研究所,西安,710071 |
| |
| 摘 要: | 针对数组访问越界这一类安全漏洞,以源程序的抽象语法树作为分析对象,提出了一种新的静态解决方案。该方案通过分析数组访问越界安全漏洞的表现,抽象出安全模式,然后根据安全模式以及遍历ast过程中记录的节点属性构建安全规则,最后在安全规则的指导下实现对安全漏洞的检测。
|
| 关 键 词: | 数组访问越界 抽象语法树(AST) 安全漏洞 安全模式 安全规则 |
| 文章编号: | 1000-3428(2006)01-0108-02 |
| 收稿时间: | 2004-12-01 |
| 修稿时间: | 2004-12-01 |
A Static Checking Method of Array Access Violation Based on Abstract Syntax Tree |
| |
| XU Mingchang,LIU Jian.A Static Checking Method of Array Access Violation Based on Abstract Syntax Tree[J].Computer Engineering,2006,32(1):108-109,205. |
| |
| Authors: | XU Mingchang LIU Jian |
| |
| Abstract: | A new static solving method to array access violation is presented according to the abstract syntax tree of the program. The safety pattern is obtained by the analysis of the safety vulnerability of the array access violation. Then the safety rules are constructed according to the safety pattern and the attributes of the nodes computed during the traveling of the ast. Finally the check of the safety vulnerability is realized based on the safety rules. |
| |
| Keywords: | Array access violation Abstract syntax tree Safety vulnerability Safety pattern Safety rule |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
