System and method for overflow detection using partial evaluations
    1.
    发明授权
    System and method for overflow detection using partial evaluations 有权
    使用部分评估进行溢出检测的系统和方法

    公开(公告)号:US08578343B2

    公开(公告)日:2013-11-05

    申请号:US12688078

    申请日:2010-01-15

    IPC分类号: G06F9/44

    摘要: A method for overflow detection using partial evaluations. The method includes obtaining a section of code from a source code file stored on a storage device, analyzing the section of code to identify a buffer with an index, determining a plurality of statements that are statically-computable and dependent on the index of the buffer, and generating a code segment including the plurality of statements. The method further includes replacing an access statement of the plurality of statements with a conditional statement returning true when bounds of the buffer are exceeded, where the access statement uses the index to access the buffer, adding an unconditional statement returning false to the code segment, and executing the code segment on a computer processor to obtain a determination of whether the bounds of the buffer are exceeded.

    摘要翻译: 一种使用部分评估的溢出检测方法。 该方法包括从存储在存储设备上的源代码文件中获取一段代码,分析代码段以识别具有索引的缓冲区,确定可静态计算并依赖于缓冲区索引的多个语句 ,以及生成包括所述多个语句的代码段。 该方法进一步包括:当条件语句在超出缓冲区的边界时返回true,替换多个语句的访问语句,访问语句使用索引访问缓冲区,向代码段添加返回false的无条件语句, 以及在计算机处理器上执行代码段以获得是否超过了缓冲区的范围的确定。

    System and method for overflow detection USING PARTIAL EVALUATIONS
    2.
    发明申请
    System and method for overflow detection USING PARTIAL EVALUATIONS 有权
    溢出检测的系统和方法使用部分评估

    公开(公告)号:US20110179400A1

    公开(公告)日:2011-07-21

    申请号:US12688078

    申请日:2010-01-15

    IPC分类号: G06F9/44

    摘要: A method for overflow detection using partial evaluations. The method includes obtaining a section of code from a source code file stored on a storage device, analyzing the section of code to identify a buffer with an index, determining a plurality of statements that are statically-computable and dependent on the index of the buffer, and generating a code segment including the plurality of statements. The method further includes replacing an access statement of the plurality of statements with a conditional statement returning true when bounds of the buffer are exceeded, where the access statement uses the index to access the buffer, adding an unconditional statement returning false to the code segment, and executing the code segment on a computer processor to obtain a determination of whether the bounds of the buffer are exceeded.

    摘要翻译: 一种使用部分评估的溢出检测方法。 该方法包括从存储在存储设备上的源代码文件中获取一段代码,分析代码段以识别具有索引的缓冲区,确定可静态计算并依赖于缓冲区索引的多个语句 ,以及生成包括所述多个语句的代码段。 该方法进一步包括:当条件语句在超出缓冲区的边界时返回true,替换多个语句的访问语句,访问语句使用索引访问缓冲区,向代码段添加返回false的无条件语句, 以及在计算机处理器上执行代码段以获得是否超过了缓冲区的范围的确定。

    Method and system for fast static taint analysis
    3.
    发明授权
    Method and system for fast static taint analysis 有权
    快速静电污染分析方法与系统

    公开(公告)号:US08327339B2

    公开(公告)日:2012-12-04

    申请号:US12165533

    申请日:2008-06-30

    IPC分类号: G06F9/44

    CPC分类号: G06F8/70

    摘要: A method for detecting user input dependence in software code. The method including representing the software code with a reachability graph having: a plurality of nodes, where a root node of the plurality of nodes represents an input controlled by a user; a first directed edge connecting a first node of the plurality of nodes and a second node of the plurality of nodes, where the first directed edge represents a data dependency; and a second directed edge connecting a third node of the plurality of nodes and a fourth node of the plurality of nodes, wherein the second directed edge represents a data dependency. The method also includes identifying a fifth node of the plurality of nodes as a reachable node from the root node by traversing the reachability graph from the root node to the reachable node; and marking a portion of the software code represented by the reachable node as user input dependant.

    摘要翻译: 一种用于检测软件代码中的用户输入依赖性的方法。 所述方法包括用可达性图表示所述软件代码,所述可达性图具有:多个节点,所述多个节点中的根节点表示由用户控制的输入; 连接所述多个节点中的第一节点和所述多个节点中的第二节点的第一有向边,其中所述第一有向边表示数据依赖性; 以及连接所述多个节点中的第三节点和所述多个节点中的第四节点的第二有向边,其中所述第二有向边表示数据依赖性。 该方法还包括通过从根节点到可达节点的可达性图来从根节点将多个节点中的第五节点标识为可到达节点; 并且由可达节点表示的软件代码的一部分标记为用户输入依赖。

    Layered static program analysis framework for software testing
    4.
    发明授权
    Layered static program analysis framework for software testing 有权
    用于软件测试的分层静态程序分析框架

    公开(公告)号:US08527965B2

    公开(公告)日:2013-09-03

    申请号:US12102796

    申请日:2008-04-14

    IPC分类号: G06F9/44

    CPC分类号: G06F11/3604

    摘要: A method for analyzing a set of potential bug statements in source code. The method including obtaining a set of static program analyses; recursively reducing the set of potential bug statements in the source code by: selecting a static program analysis for each recursion from the set of static program analyses in order from least time consuming to most time consuming; evaluating the set of potential bug statements using the static program analysis of the set of static program analyses to determine a subgroup of bug free statements of the set of potential bug statements in each recursion; and removing the subgroup of the bug free statements from the set of potential bug statements to reduce the set of potential bug statements in each recursion; thereby filtering at least one subgroup of bug free statements out of the set of potential bug statements in the source code.

    摘要翻译: 一种用于分析源代码中的一组潜在错误语句的方法。 该方法包括获得一组静态程序分析; 通过以下方式递归地减少源代码中潜在的错误语句集合:从最少耗时到最耗时的顺序,从静态程序分析集中选择每个递归的静态程序分析; 使用静态程序分析的静态程序分析来评估潜在的错误语句集合,以确定每个递归中潜在错误语句集合的无bug语句的子组; 并从潜在的错误语句集中删除无bug语句的子组,以减少每次递归中的潜在错误语句集合; 从而从源代码中的潜在错误语句集合中过滤至少一个无bug语句子组。

    METHOD AND SYSTEM FOR FAST STATIC TAINT ANALYSIS
    5.
    发明申请
    METHOD AND SYSTEM FOR FAST STATIC TAINT ANALYSIS 有权
    用于快速静态分析的方法和系统

    公开(公告)号:US20090328009A1

    公开(公告)日:2009-12-31

    申请号:US12165533

    申请日:2008-06-30

    IPC分类号: G06F9/44

    CPC分类号: G06F8/70

    摘要: A method for detecting user input dependence in software code. The method including representing the software code with a reachability graph having: a plurality of nodes, where a root node of the plurality of nodes represents an input controlled by a user; a first directed edge connecting a first node of the plurality of nodes and a second node of the plurality of nodes, where the first directed edge represents a data dependency; and a second directed edge connecting a third node of the plurality of nodes and a fourth node of the plurality of nodes, wherein the second directed edge represents a data dependency. The method also includes identifying a fifth node of the plurality of nodes as a reachable node from the root node by traversing the reachability graph from the root node to the reachable node; and marking a portion of the software code represented by the reachable node as user input dependant.

    摘要翻译: 一种用于检测软件代码中的用户输入依赖性的方法。 所述方法包括用可达性图表示所述软件代码,所述可达性图具有:多个节点,所述多个节点中的根节点表示由用户控制的输入; 连接所述多个节点中的第一节点和所述多个节点中的第二节点的第一有向边,其中所述第一有向边表示数据依赖性; 以及连接所述多个节点中的第三节点和所述多个节点中的第四节点的第二有向边,其中所述第二有向边表示数据依赖性。 该方法还包括通过从根节点到可达节点的可达性图来从根节点将多个节点中的第五节点标识为可到达节点; 并且由可达节点表示的软件代码的一部分标记为用户输入依赖。

    LAYERED STATIC PROGRAM ANALYSIS FRAMEWORK FOR SOFTWARE TESTING
    6.
    发明申请
    LAYERED STATIC PROGRAM ANALYSIS FRAMEWORK FOR SOFTWARE TESTING 有权
    用于软件测试的分层静态程序分析框架

    公开(公告)号:US20090259989A1

    公开(公告)日:2009-10-15

    申请号:US12102796

    申请日:2008-04-14

    IPC分类号: G06F11/36

    CPC分类号: G06F11/3604

    摘要: A method for analyzing a set of potential bug statements in source code. The method including obtaining a set of static program analyses; recursively reducing the set of potential bug statements in the source code by: selecting a static program analysis for each recursion from the set of static program analyses in order from least time consuming to most time consuming; evaluating the set of potential bug statements using the static program analysis of the set of static program analyses to determine a subgroup of bug free statements of the set of potential bug statements in each recursion; and removing the subgroup of the bug free statements from the set of potential bug statements to reduce the set of potential bug statements in each recursion; thereby filtering at least one subgroup of bug free statements out of the set of potential bug statements in the source code.

    摘要翻译: 一种用于分析源代码中的一组潜在错误语句的方法。 该方法包括获得一组静态程序分析; 通过以下方式递归地减少源代码中潜在的错误语句集合:从最少耗时到最耗时的顺序,从静态程序分析集中选择每个递归的静态程序分析; 使用静态程序分析的静态程序分析来评估潜在的错误语句集合,以确定每个递归中潜在错误语句集合的无bug语句的子组; 并从潜在的错误语句集中删除无bug语句的子组,以减少每次递归中的潜在错误语句集合; 从而从源代码中的潜在错误语句集合中过滤至少一个无bug语句子组。