Program static analysis is of great value of source code software vulnerability detection, but it is often limited by scalability bottlenecks. Constraint solvers are inefficient due to complex program dependencies on millions of lines of program source code. A single solver is difficult to get the balance between the accuracy and the time cost. This paper discusses the program dependence and constraint solving of static value-flow analysis, and specifically implements a solver rating system based on static taint analysis, which selects the most efficient solver for program dependence of critical path to reduce the false-positives and time cost of static vulnerability detection. Through testing for Juliet test sets and several real-world projects, we found that the overall performance of the system was better than other single SMT solvers or default scheduling strategies.
Static analysis is a popular approach for finding vulnerability in software. However, suffered from its imprecision, it is quite difficult and time-consuming to confirm static warnings. It also leads to a vulnerability verification problem. In this paper, we regard the verification problem as line reachability problem and utilize directed symbolic execution to verify specific bug. Existing techniques mostly relied on static heuristic metric but neglected some special dynamic metrics. For this reason, we designed a new search strategy named as DCCM which modifies others forward strategy via collecting critical constraint during the process of dynamic symbolic execution. By conduct contrast experiments on example program and five real-world C projects, we find out that DCCM performs well than KLEE RP, KLEE CoverNew and SDSE search strategy on many testing scenarios.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.