当前位置:
X-MOL 学术
›
Program. Comput. Softw.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Dynamic Program Analysis Tools in GCC and CLANG Compilers
Programming and Computer Software ( IF 0.7 ) Pub Date : 2020-08-08 , DOI: 10.1134/s0361768820010089 N. I. V’yukova , V. A. Galatenko , S. V. Samborskii
中文翻译:
GCC和CLANG编译器中的动态程序分析工具
更新日期:2020-08-08
Programming and Computer Software ( IF 0.7 ) Pub Date : 2020-08-08 , DOI: 10.1134/s0361768820010089 N. I. V’yukova , V. A. Galatenko , S. V. Samborskii
Abstract
Ever increasing software security requirements, the growing size of software projects, and the desire to reduce the time of software development and release require tools for the dynamic analysis that would detect vulnerabilities in С and С++ programs and prevent their exploitation. Two types of dynamic analysis tools implemented in the gcc and clang compilers are considered; these tools are called sanitizers. The sanitizers of the first type can detect memory access bugs, data type mismatch bugs, and other vulnerabilities that often remain unnoticed under conventional testing. A combination of sanitizers with testing on automatically generated random data help detect vulnerabilities more effectively. The sanitizers of the other type serve for preventing security threats for programs executed in production mode. These tools have low overheads; and they are designed for maintaining the integrity of the program control flow. The use of sanitizers to a large extent compensates for some drawbacks of С and С++, such as unsecure memory operation, unsecure work with data types, and others. However, a number of issues that are briefly discussed in the last section remain unresolved.中文翻译:
GCC和CLANG编译器中的动态程序分析工具