Symbolic path simulation is becoming an increasingly important component in many static analysis tasks. The emergence of inter-procedural path-sensitive dataflow algorithms has both raised the demands and posed new challenges for effective techniques in path feasibility analysis.This paper develops a general-purpose path simulator and applies it to support path-sensitive dataflow analysis. The core component of the path simulator is a simulation engine that supports a wide variety of programming language features. This simulation engine can be "wrapped" with an interface layer to support a given client application.As a concrete case study, we discuss the experiences gained in integrating the path simulator with ESP, a software validation tool for C/C++ programs. We apply ESP to validate a future version of Windows against critical security properties. Our results show that the global path simulation mechanism is both critical in improving precision and scalable enough to be of practical use.
展开▼
机译:在许多静态分析任务中,符号路径仿真正变得越来越重要。过程间路径敏感数据流算法的出现既对路径可行性分析的有效技术提出了要求,也提出了新的挑战。本文开发了一种通用的路径模拟器并将其用于支持路径敏感数据流分析。路径模拟器的核心组件是支持多种编程语言功能的模拟引擎。该仿真引擎可以与接口层“包装在一起”,以支持给定的客户端应用程序。作为一个具体的案例研究,我们讨论了将路径模拟器与ESP集成的经验,ESP是C / C ++程序的软件验证工具。我们使用ESP根据重要的安全属性来验证Windows的未来版本。我们的结果表明,全局路径仿真机制在提高精度和扩展性到实用性方面都至关重要。
展开▼
