Symbolic path simulation is becoming an increasingly important component in many static analysis tasks. The emergence of inter-procedural path-sensitive dataflow algorithms has both raised the demands and posed new challenges for effective techniques in path feasibility analysis.This paper develops a general-purpose path simulator and applies it to support path-sensitive dataflow analysis. The core component of the path simulator is a simulation engine that supports a wide variety of programming language features. This simulation engine can be "wrapped" with an interface layer to support a given client application.As a concrete case study, we discuss the experiences gained in integrating the path simulator with ESP, a software validation tool for C/C++ programs. We apply ESP to validate a future version of Windows against critical security properties. Our results show that the global path simulation mechanism is both critical in improving precision and scalable enough to be of practical use.
展开▼
机译:符号路径模拟正在成为许多静态分析任务中越来越重要的组成部分。程序间路径敏感数据流算法的出现均提出了对路径可行性分析中有效技术的需求和提出了新的挑战。这篇论文开发了通用路径模拟器,并将其应用于路径敏感数据流分析。路径模拟器的核心组件是一种仿真引擎,支持各种编程语言功能。该模拟引擎可以使用接口层“包装”,以支持给定的客户端应用程序。一个具体的案例研究,我们讨论了将路径模拟器与C / C ++程序的软件验证工具集成在集成路径模拟器时获得的经验。我们应用ESP验证未来版本的Windows针对关键的安全性属性。我们的研究结果表明,全局路径仿真机制在提高精度和可扩展到实际使用时都是至关重要的。
展开▼
