Abstract

A novel method for detecting use-after-free bugs based on the program dynamic analysis is described. In memory unsafe programming languages, such as C or C++, this class of bugs mainly occurs when the program tries to access an area of dynamically allocated memory that has been already freed. For each program execution path, the method checks the correction of the allocation, deallocation, and access operations. Since the dynamic analysis is used, bugs can be found only in the parts of the code that was actually executed. The symbolic program execution with the help of SMT (Satisfiability Modulo Theories) solvers is used. This allows us to generate data the processing of which produces new execution paths.

中文翻译：

---

动态检测释放后使用的错误

摘要

描述了一种基于程序动态分析的免费使用后漏洞检测方法。在内存不安全的编程语言（例如C或C ++）中，此类错误主要发生在程序尝试访问已释放的动态分配内存区域时。对于每个程序执行路径，该方法都会检查分配，释放和访问操作的更正。由于使用了动态分析，因此只能在实际执行的代码部分中发现错误。使用借助于SMT（可满足性模理论）求解器执行的符号程序。这使我们能够生成数据，对其进行处理会产生新的执行路径。