编译前端分析自动构件化代码可靠性加强方法
|
摘要
随着嵌入式系统的广泛应用,嵌入式系统可靠性成为关注的焦点。针对嵌入式系统源程序的可靠性进行研究,提出了基于编译前端分析自动构件化代码加强方法。该方法结合构件化开发技术,设计了一种多层次迭代分析的编译器前端分析方法,对源代码与可靠构件的相似度进行计算,自动提取出相似度高的函数到可靠构件的映射关系。然后通过人机交互选择最佳的可靠构件进行映射,以最大程度加强代码的可靠性。实验结果表明,该方法能够找出90%以上与漏洞代码相匹配的可靠构件代码,且平均正确率高达94.5%,对加强代码本身的可靠性具有明显效果。
Embedded system has been applied in all kinds of fields.The reliability of embedded system has become the focus.To enhance the reliability of source code in embedded systems,this paper proposes a code reliability enhancement method based on automatic component technology and compiler front-end analysis.Combined with the idea of component-based development method,the front-end multi-level iterative analysis method is designed.According to the comparison on the similarity between source code and reliability component code,the code with the same function can be acquired.Then by the human-computer interaction,the best replacement strategy can be selected,and the unreliable source code is replaced by reliable component code.Since the reliable component code is verified,the changed code can be enhanced.The experimental results show that the proposed method can find more than 90% unreliable code segments,and the correct rate is as high as 94.5%,which uses the reliable component code to be replaced.It effectively enhances the reliability of the source code.
Embedded system has been applied in all kinds of fields.The reliability of embedded system has become the focus.To enhance the reliability of source code in embedded systems,this paper proposes a code reliability enhancement method based on automatic component technology and compiler front-end analysis.Combined with the idea of component-based development method,the front-end multi-level iterative analysis method is designed.According to the comparison on the similarity between source code and reliability component code,the code with the same function can be acquired.Then by the human-computer interaction,the best replacement strategy can be selected,and the unreliable source code is replaced by reliable component code.Since the reliable component code is verified,the changed code can be enhanced.The experimental results show that the proposed method can find more than 90% unreliable code segments,and the correct rate is as high as 94.5%,which uses the reliable component code to be replaced.It effectively enhances the reliability of the source code.
引文
[1]Marwedel P.Embedded system design[M].Berlin,Heidelberg:Springer,2011.
[2]He Yanxiang,Wu Wei,Liu Tao,et al.Theory and key implementation techniques of trusted compiler:a survey[J].Journal of Frontiers of Computer Science and Technology,2011,5(1):1-22.
[3]Zhang Huanguo,Li Jing,Pan Danling,et al.Trusted platform module in embedded system[J].Journal of Computer Research and Development,2011,48(7):1269-1278.
[4]Cowan C,Pu C,Hintony H,et al.Stack Guard:automatic adaptive detection and prevention of buffer-overflow attacks[C]//Proceedings of the 7th Conference on USENIX Security Symposium,San Antonio,Jan 26-29,1998.Berkeley:USENIX Association,1998:5.
[5]Richarte G.Four different tricks to bypass stackshield and stackguard protection[EB/OL].(2004-04).http://www1.corest.com/files/files/11/Stack Guard Paper.pdf.
[6]Necula G C,Lee P.Research on proof-carrying code for untrusted-code security[C]//Proceedings of the 1997 IEEE Symposium on Security and Privacy,Oakland,May 4-7,1997.Washington:IEEE Computer Society,1997:204.
[7]Necula G C,Lee P.Safe,untrusted agents using proof-carrying code[C]//LNCS 1419:Mobile Agents and Security.Berlin,Heidelberg:Springer,1998:61-91.
[8]Kozen D.Efficient code certification[R].Ithaca:Cornell University,1998.
[9]Kozen D,Patron M C.Certification of compiler optimizations using Kleene algebra with tests[C]//LNCS 1861:Proceedings of the 1st International Conference on Computational Logic,London,Jul 24-28,2000.Berlin,Heidelberg:Springer,2000:568-582.
[10]Rehman S,Shafique M,Henkel J.Software program-level reliability optimization for dependable code generation[M]//Reliable Software for Unreliable Hardware.Berlin,Heidelberg:Springer,2016:147-169.
[11]Shafique M,Rehman S,Kriebel F,et al.Cross-layer reliability modeling and optimization:compiler and run-time system interactions[C]//Proceedings of the 19th International Workshop on Software and Compilers for Embedded Systems,Sankt Goar,May 23-25,2016.New York:ACM,2016:2-5.
[12]Appel A W.Verified software toolchain[C]//Proceedings of the 20th European Symposium on Programming Languages and Systems,Saarbrücken,Mar 26-Apr 3,2011.Berlin,Heidelberg:Springer,2011:1-17.
[13]Yang Xuejun,Chen Yang,Eide E,et al.Finding and understanding bugs in C compilers[C]//Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation,San Jose,Jun 4-8,2011.New York:ACM,2011:283-294.
[14]Demertzi M,Annavaram M,Hall M W.Analyzing the effects of compiler optimizations on application reliability[C]//Proceedings of the 2011 IEEE International Symposium on Workload Characterization,Austin,Nov 6-8,2011.Washington:IEEE Computer Society,2011:184-193.
[15]Ferreira R R,Parizi R B,Carro L,et al.Compiler optimizations impact the reliability of the control-flow of radiationhardened software[J].Journal of Aerospace Technology&Management,2013,5(3):323-334.
[16]Dong Shiyu,Olivo O,Zhang Lingming,et al.Studying the influence of standard compiler optimizations on symbolic execution[C]//Proceedings of the 26th IEEE International Symposium on Software Reliability Engineering,Gaithersbury,Nov 2-5,2015.Washington:IEEE Computer Society,2015:205-215.
[17]Liu Qingrui,Jung C,Lee D,et al.Compiler-directed lightweight check pointing for fine-grained guaranteed soft error recovery[C]//Proceedings of the 2016 International Conference for High Performance Computing,Networking,Storage and Analysis,Salt Lake City,Nov 13-18,2016.Piscataway:IEEE,2016:20-25.
[18]H?ller A,Kajtazovic N,Rauter T,et al.Evaluation of diverse compiling for software-fault detection[C]//Proceedings of the Design,Automation&Test in Europe Conference&Exhibition,Grenoble,Mar 9-13,2015.New York:ACM,2015:531-536.
[19]Guthaus M R,Ringenberg J S,Ernst D,et al.Mi Bench:a free,commercially representative embedded benchmark suit[C]//Proceedings of the 2001 IEEE International Workshop on Workload Characterization,Austin,Dec 2,2001.Washington:IEEE Computer Society,2001:3-14.
[20]Menendez D,Nagarakatte S.Termination-checking for LLVM peephole optimizations[C]//Proceedings of the 38th International Conference on Software Engineering,Austin,May14-22,2016.New York:ACM,2016:191-202.
[21]Ma Peijun,Wang Tiantian,Su Xiaohong.Automatic grading of student programs based on program understanding[J].Journal of Computer Research and Development,2009,46(7):1136-1142.
[2]何炎祥,吴伟,刘陶,等.可信编译理论及其核心实现技术:研究综述[J].计算机科学与探索,2011,5(1):1-22.
[3]张焕国,李晶,潘丹铃,等.嵌入式系统可信平台模块研究[J].计算机研究与发展,2011,48(7):1269-1278.
[21]马培军,王甜甜,苏小红.基于程序理解的编程题自动评分方法[J].计算机研究与发展,2009,46(7):1136-1142.
[2]He Yanxiang,Wu Wei,Liu Tao,et al.Theory and key implementation techniques of trusted compiler:a survey[J].Journal of Frontiers of Computer Science and Technology,2011,5(1):1-22.
[3]Zhang Huanguo,Li Jing,Pan Danling,et al.Trusted platform module in embedded system[J].Journal of Computer Research and Development,2011,48(7):1269-1278.
[4]Cowan C,Pu C,Hintony H,et al.Stack Guard:automatic adaptive detection and prevention of buffer-overflow attacks[C]//Proceedings of the 7th Conference on USENIX Security Symposium,San Antonio,Jan 26-29,1998.Berkeley:USENIX Association,1998:5.
[5]Richarte G.Four different tricks to bypass stackshield and stackguard protection[EB/OL].(2004-04).http://www1.corest.com/files/files/11/Stack Guard Paper.pdf.
[6]Necula G C,Lee P.Research on proof-carrying code for untrusted-code security[C]//Proceedings of the 1997 IEEE Symposium on Security and Privacy,Oakland,May 4-7,1997.Washington:IEEE Computer Society,1997:204.
[7]Necula G C,Lee P.Safe,untrusted agents using proof-carrying code[C]//LNCS 1419:Mobile Agents and Security.Berlin,Heidelberg:Springer,1998:61-91.
[8]Kozen D.Efficient code certification[R].Ithaca:Cornell University,1998.
[9]Kozen D,Patron M C.Certification of compiler optimizations using Kleene algebra with tests[C]//LNCS 1861:Proceedings of the 1st International Conference on Computational Logic,London,Jul 24-28,2000.Berlin,Heidelberg:Springer,2000:568-582.
[10]Rehman S,Shafique M,Henkel J.Software program-level reliability optimization for dependable code generation[M]//Reliable Software for Unreliable Hardware.Berlin,Heidelberg:Springer,2016:147-169.
[11]Shafique M,Rehman S,Kriebel F,et al.Cross-layer reliability modeling and optimization:compiler and run-time system interactions[C]//Proceedings of the 19th International Workshop on Software and Compilers for Embedded Systems,Sankt Goar,May 23-25,2016.New York:ACM,2016:2-5.
[12]Appel A W.Verified software toolchain[C]//Proceedings of the 20th European Symposium on Programming Languages and Systems,Saarbrücken,Mar 26-Apr 3,2011.Berlin,Heidelberg:Springer,2011:1-17.
[13]Yang Xuejun,Chen Yang,Eide E,et al.Finding and understanding bugs in C compilers[C]//Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation,San Jose,Jun 4-8,2011.New York:ACM,2011:283-294.
[14]Demertzi M,Annavaram M,Hall M W.Analyzing the effects of compiler optimizations on application reliability[C]//Proceedings of the 2011 IEEE International Symposium on Workload Characterization,Austin,Nov 6-8,2011.Washington:IEEE Computer Society,2011:184-193.
[15]Ferreira R R,Parizi R B,Carro L,et al.Compiler optimizations impact the reliability of the control-flow of radiationhardened software[J].Journal of Aerospace Technology&Management,2013,5(3):323-334.
[16]Dong Shiyu,Olivo O,Zhang Lingming,et al.Studying the influence of standard compiler optimizations on symbolic execution[C]//Proceedings of the 26th IEEE International Symposium on Software Reliability Engineering,Gaithersbury,Nov 2-5,2015.Washington:IEEE Computer Society,2015:205-215.
[17]Liu Qingrui,Jung C,Lee D,et al.Compiler-directed lightweight check pointing for fine-grained guaranteed soft error recovery[C]//Proceedings of the 2016 International Conference for High Performance Computing,Networking,Storage and Analysis,Salt Lake City,Nov 13-18,2016.Piscataway:IEEE,2016:20-25.
[18]H?ller A,Kajtazovic N,Rauter T,et al.Evaluation of diverse compiling for software-fault detection[C]//Proceedings of the Design,Automation&Test in Europe Conference&Exhibition,Grenoble,Mar 9-13,2015.New York:ACM,2015:531-536.
[19]Guthaus M R,Ringenberg J S,Ernst D,et al.Mi Bench:a free,commercially representative embedded benchmark suit[C]//Proceedings of the 2001 IEEE International Workshop on Workload Characterization,Austin,Dec 2,2001.Washington:IEEE Computer Society,2001:3-14.
[20]Menendez D,Nagarakatte S.Termination-checking for LLVM peephole optimizations[C]//Proceedings of the 38th International Conference on Software Engineering,Austin,May14-22,2016.New York:ACM,2016:191-202.
[21]Ma Peijun,Wang Tiantian,Su Xiaohong.Automatic grading of student programs based on program understanding[J].Journal of Computer Research and Development,2009,46(7):1136-1142.
[2]何炎祥,吴伟,刘陶,等.可信编译理论及其核心实现技术:研究综述[J].计算机科学与探索,2011,5(1):1-22.
[3]张焕国,李晶,潘丹铃,等.嵌入式系统可信平台模块研究[J].计算机研究与发展,2011,48(7):1269-1278.
[21]马培军,王甜甜,苏小红.基于程序理解的编程题自动评分方法[J].计算机研究与发展,2009,46(7):1136-1142.