Null Pointer Dereference Detect Based on Judgment Logical in Software Security

doi:10.3969/j.issn.1671-1122.2015.06.008

Abstract

Abstract:

Software security problems caused by null pointer dereference continue to emerge and bring great distress and loss to all aspects. In this paper, we apply static testing method to analyze and detect a kind of null pointer dereference. This paper present a method to detect null pointer dereference using judgment logical information. First, give some definitions and fault classifications about based on logic judgment to detect null pointer dereference fault (BLJDNPDF). Then, using method summary technology to extract indirect null judgment point and indirect pointer dereference point, define method summary’s contents, which contain method feature and post condition, do research on how to generate and transform method summary. Finally, using finite state machine to build model of BLJDNPDF, describe fault model description, and use state machine’s state change and method summary to complete BLJDNPDF detection.

Key words: software security, static analysis, null pointer dereference, null check, method summary

CLC Number:

TP309

Rui-qiang WANG, Da-hai JIN. Null Pointer Dereference Detect Based on Judgment Logical in Software Security[J]. Netinfo Security, 2015, 15(6): 47-54.

Figures/Tables 11

References 15

[1]	宫云战,赵瑞莲,张威,等. 软件测试教程[M]. 北京:机械工业出版社,2008.
[2]	赵云山. 基于符号分析的静态缺陷检测技术研究[D]. 北京:北京邮电大学,2012.
[3]	MANEVICH R, SRIDHARAN M, ADAMS S.PSE: Explaining program failures via postmortem static analysis[C]//In: Proceedings of the 12th ACM SIGSOFT twelfth International Symposium on Foundations of Software Engineering, USA, 2004: 63-72.
[4]	MA X, WANG J, DONG W.Computing must and may alias to detect null pointer dereference[M]. Leveraging Applications of Formal Methods, Verification and Validation, Springer Berlin Heidelberg, 2009.
[5]	XIE Y, AIKEN A.Saturn: A scalable framework for error detection using boolean satisfiability[J]. ACM Transactions on Programming Languages and Systems (TOPLAS), 2007, 29(3): 16.
[6]	MADHAVAN R, KOMONDOOR R.Null dereference verification via over-approximated weakest pre-conditions analysis[C]// Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications, USA, 2011: 1033-1052.
[7]	AYEWAH N, PUGH W, MORGENTHALER J D, et al.Using FindBugs on production software[C]//Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion, USA, 2007: 805-806.
[8]	张晓,李林,许家乐,等. 基于SMC的Android软件保护研究与实现[J]. 信息网络安全,2014,(11):74-78.
[9]	CIFUENTES C, SCHOLZ B.Parfait: designing a scalable bug checker[C]// Proceedings of the 2008 workshop on Static analysis, USA, 2008: 4-11.
[10]	LOGINOV A, YAHAV E, CHANDRA S, et al.Verifying dereference safety via expanding-scope analysis[C]// Proceedings of the 2008 international symposium on Software testing and analysis, USA, 2008: 213-224.
[11]	YORSH G, YAHAV E, CHANDRA S.Generating precise and concise procedure summaries[C]//POPL, USA, 2008: 221-234.
[12]	GULWANI S, TIWARI A.Computing procedure summaries for interprocedural analysis[C]//16th European Symposium on Programming, ESOP 2007, Portugal, 2007: 253-267.
[13]	SHARIR M, PNUELI A.Two approaches to interprocedural data flow analysis[J]. Program Flow Analysis Theory & Applications Chapter, 1981, 19(6):992-1030.
[14]	FOSDICK L D, OSTERWEIL L J.Data flow analysis in software reliability[J]. ACM Computing Surveys (CSUR), 1976, 8(3): 305-330.
[15]	肖庆. 提高静态缺陷检测精度的关键技术研究[D]. 北京:北京邮电大学,2011.