Tao Zhang
ABSTRACT
In modern research on program analysis and static vulnerability detection techniques, variables have consistently remained a critical focal point, especially concerning hazardous variables associated with crucial program operations. Analyzing the value ranges of variables in a program not only enhances the accuracy of program analysis but also provides further support for static vulnerability detection. This paper proposes a variable value range analysis method based on path analysis. By combining control flow graph analysis, data flow analysis, and abstract interpretation, it comprehensively analyzes the process from variable definition to its usage, iteratively capturing value ranges during the process to obtain more precise value range results. Experimental results demonstrate that the method presented in this paper accurately determines variable value ranges and is compatible with the analysis of various types of variables. Moreover, the paper's method successfully validates multiple security vulnerabilities, thereby substantiating its practical application value.
- Alefeld G and Mayer G. 2000. Interval analysis: theory and applications. J. Comput. Appl. Math. 121, 12, 421–464.Google Scholar
Digital Library
- Chapoutot A and Martel M. 2009. Abstract simulation: A static analysis of simulink models. In: International Conference on Embedded Software and Systems, ICESS 2009, pp. 83–92.Google Scholar
- Xu Z and Zhang J. 2006. A test data generation tool for unit testing of C programs. QSIC, pp. 107-116.Google Scholar
- Xu Z, Zhang J, Xu Z and Wang J. 2014. Canalyze: A static bug-finding tool for C programs. ISSTA, pp. 425-428.Google Scholar
- Ma C, Chen L, Yi X, Fan G and Wang J. 2022. NuMFUZZ: A Floating-Point Format Aware Fuzzer for Numerical Programs. 2022 29th Asia-Pacific Software Engineering Conference (APSEC), pp. 338-347.Google Scholar
- Bagnara R, Bagnara A, Biselli B, Chiari M and Gori R. 2022. Correct approximation of IEEE 754 floating-point arithmetic for program verification. Constraints 27, 1-2, 29.Google ScholarDigital Library
- Barr E T, Vo T, Le V and Su Z. 2013. Automatic detection of floating-point exceptions. In The 40th annual ACM SIGPLAN-SIGACT symposium on principles of programming languages, POPL ‘13, Rome, Italy-January 23-25, 2013, pp. 549–560.Google Scholar
- Brain M, D'Silva V, Griggio A, Haller L and Kroening D. 2014. Deciding floating-point logic with abstract conflict driven clause learning. Formal Methods in System Design 45, 2, 213–245.Google ScholarDigital Library
- Dernehl C, Hansen N and Kowalewski S. 2016. Combining abstract interpretation with symbolic execution for a static value range analysis of block diagrams. Software Engineering and Formal Methods: 14th International Conference, SEFM 2016, Held as Part of STAF 2016, Vienna, Austria, July 4-8, 2016, Proceedings 14. Springer International Publishing.Google Scholar
- Chen C, 2021. A range adjusted measure of super-efficiency in integer-valued data envelopment analysis with undesirable outputs. Journal of Systems Science and Information 9.4, pp. 378-398.Google ScholarCross Ref
- Schubert P D, Hermann B and Bodden E. 2019. Phasar: An inter-procedural static analysis framework for c/c++. International Conference on Tools and Algorithms for the Construction and Analysis of Systems. Cham: Springer International Publishing.Google Scholar
- Gershuni E, 2019. Simple and precise static analysis of untrusted Linux kernel extensions. Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation.Google ScholarDigital Library
- Filus K, 2021. Efficient feature selection for static analysis vulnerability prediction. Sensors 21, 4, 1133.Google ScholarCross Ref
- Lu K, Pakki A and Wu Q. 2019. Detecting Missing-Check Bugs via Semantic-and Context-Aware Criticalness and Constraints Inferences. In 28th USENIX Security Symposium (USENIX Security 19), pp. 1769-1786.Google Scholar
Index Terms
- A variable value range analysis method based on path propagation
Recommendations
Symbolic range analysis of pointers
CGO '16: Proceedings of the 2016 International Symposium on Code Generation and OptimizationAlias analysis is one of the most fundamental techniques that compilers use to optimize languages with pointers. However, in spite of all the attention that this topic has received, the current state-of-the-art approaches inside compilers still face ...
Static analysis for detecting taint-style vulnerabilities in web applications
The number and the importance of web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, ...
Accurate static branch prediction by value range propagation
The ability to predict at compile time the likelihood of a particular branch being taken provides valuable information for several optimizations, including global instruction scheduling, code layout, function inlining, interprocedural register ...
Comments