当前位置: X-MOL 学术Program. Comput. Softw. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Dynamic Program Analysis Tools in GCC and CLANG Compilers
Programming and Computer Software ( IF 0.7 ) Pub Date : 2020-08-08 , DOI: 10.1134/s0361768820010089
N. I. V’yukova , V. A. Galatenko , S. V. Samborskii

Abstract

Ever increasing software security requirements, the growing size of software projects, and the desire to reduce the time of software development and release require tools for the dynamic analysis that would detect vulnerabilities in С and С++ programs and prevent their exploitation. Two types of dynamic analysis tools implemented in the gcc and clang compilers are considered; these tools are called sanitizers. The sanitizers of the first type can detect memory access bugs, data type mismatch bugs, and other vulnerabilities that often remain unnoticed under conventional testing. A combination of sanitizers with testing on automatically generated random data help detect vulnerabilities more effectively. The sanitizers of the other type serve for preventing security threats for programs executed in production mode. These tools have low overheads; and they are designed for maintaining the integrity of the program control flow. The use of sanitizers to a large extent compensates for some drawbacks of С and С++, such as unsecure memory operation, unsecure work with data types, and others. However, a number of issues that are briefly discussed in the last section remain unresolved.


中文翻译:

GCC和CLANG编译器中的动态程序分析工具

摘要

不断增长的软件安全要求,不断增长的软件项目规模以及减少软件开发和发布时间的需求要求用于动态分析的工具能够检测С和С++程序中的漏洞并阻止其利用。考虑了在gcc和clang编译器中实现的两种动态分析工具:这些工具称为消毒剂。第一种类型的清理程序可以检测到内存访问错误,数据类型不匹配错误以及其他漏洞,而这些漏洞在常规测试中通常不会被发现。将消毒剂与对自动生成的随机数据进行测试相结合,可以更有效地检测漏洞。另一种类型的消毒器用于防止在生产模式下执行的程序受到安全威胁。这些工具的开销很低;并且它们旨在维护程序控制流的完整性。消毒剂的使用在很大程度上弥补了С和С++的某些缺陷,例如不安全的内存操作,不安全的数据类型工作等等。但是,上一节中简要讨论的许多问题仍未解决。
更新日期:2020-08-08
down
wechat
bug