Abstract
Array bounds is the most commonly fault in java programs design, it often leads to wrong results even system crash. To solve these problems, this paper proposed a detecting array bounds method based on symbolic execution. The method generated the abstract syntax tree from the source code, and then created a control flow graph according to the abstract syntax tree. It adopted flaw detectors to detect defects of array bound. Finally, using the standard function to test the ability of this method in detecting array bounds. The results indicated that this method can detect array bounds defects of crossing process indirectly, array bounds defects within process and array bounds defects of crossing process directly very well and it is better than some existing Java methods of detecting array bounds defects.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Hui, X.X., Zhang, Y.: Static analysis of array bound. Comput. Program. Skills Maintenance 4, 2 (2012). doi:10.16184/j.cnki.comprg.2012.04.019
Zhao, P., Li, J., Gong, Y.: Research on static test about array index out of range in java language. Comput. Eng. Appl. 44, 27 (2008). doi:10.3778/j.issn.1002-8331.2008.27.028
Xu, M.C., Liu, J.: A static checking method of array access violation based on abstract syntax tree. Comput. Eng. 32, 108–109 (2006). doi:10.3969/j.issn.1000-3428.2006.01.038
Gao, C.P., Tang, L.Q., Gong, Y.Z., Zhang, W.: Research on static and auto-testing method for array bounds based on integer range aggregation. Mini-Micro Syst. 27, 2222–2227 (2007). doi:10.3969/j.issn.1000-1220.2006.12.009
Ye, Y.F., Ye, J.M., Zhan, Z.M., Lei, Z.X.: Research on fault model of array bound and its detecting method. Microcomput. Inf. 31, 145–147 (2007). doi:10.3969/j.issn.1008-0570.2007.31.062
Zhang, S.J., Shang, Z.W.: Detection of array bound overflow by interval set based on Cppcheck. J. Comput. Appl. 33, 3257–3261 (2013). doi:10.11772/j.issn.1001-9081.2013.11.3257
Delzanno, B.G., Jung, G., Podelski, A.: Static analysis of array bounds as in model checking. Ext. Abstr. BMC Pediatr. 11, 1–8 (2010)
Chen, H.H., Jin, D.H., Gong, Y.Z., Liu, C.C.: A static defect checker for interprocedural array bound. Appl. Mech. Mater. 63–64, 808–813 (2011). doi:10.4028/www.scientific.net/AMM.63-64.808
Gampe, A., Ronne, J.V., Niedzielski, D., Vasek, J., Psarris, K.: Safe, multiphase bounds check elimination in Java. Softw. Pract. Experience 41, 753–788 (2011). doi:10.1002/spe.1028
Lin, J.B., Liu, H.: Research of Symbolic Execution. In: National Conference on Computer Security (2013)
Liang, J.J., Liu, J.F., Zhu, D.D., Chen, K.: Software static test research based on symbolic execution. Comput. Technol. Dev. 23, 42–45 (2013). doi:10.3969/j.issn.1673-629X.2013.06.011
Cadar, C., Sen, K.: Symbolic execution for software testing: three decades later. Commun. ACM 56, 82–90 (2013). doi:10.1145/2408776.2408795
Acknowledgments
This work was supported by National Key R&D Program of China (Grant No. 2016YFB0800700) and National Natural Science Foundation of China (Grant No. U1636115).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Shan, C., Sun, S., Xue, J., Hu, C., Zhu, H. (2017). A Detecting Method of Array Bounds Defects Based on Symbolic Execution. In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R. (eds) Network and System Security. NSS 2017. Lecture Notes in Computer Science(), vol 10394. Springer, Cham. https://doi.org/10.1007/978-3-319-64701-2_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-64701-2_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64700-5
Online ISBN: 978-3-319-64701-2
eBook Packages: Computer ScienceComputer Science (R0)