摘 要:为了实现极致的性能,C 语言将操纵内存的权限以指针的方式暴露给开发人员。但是C 语言编译器GCC 和Clang 都不提供内存安全检测,导致开发人员使用C 语言编写的项目可能含有潜在的内存安全性漏洞。可以先使用检测工具定位错误,然后执行GDB 来验证。文章介绍了GDB 调试C 程序时所采用的方法和技巧,并使用GDB 验证了内存检测工具AddressSanitizer 和Movec 在大规模测试集SPEC 上检测的有效性。
关键词:调试;GDB;内存安全;大规模C 程序
DOI:10.19850/j.cnki.2096-4706.2021.21.040
基金项目:国家自然科学基金:内存安全性和形式化规约的运行时验证(62172217)
中图分类号:TP311 文献标识码:A 文章编号:2096-4706(2021)21-0152-03
A Method on Debugging Memory Errors for Large-scale C Program
WU Jun
(College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 211106, China)
Abstract: In order to achieve the ultimate performance, C language exposes the authority to manipulate memory to developers in the form of pointers. However, neither the C language compilers GCC nor Clang provides memory safety detection, which leads to potential memory safety vulnerabilities in projects written in C language by developers. You can use the detection tool to locate the error first, and then execute GDB to verify. This paper introduces methods and techniques being used when GDB debug C program, and uses GDB to verify the effectiveness of the memory detection tools AddressSanitizer and Movec on the large-scale test set SPEC.
Keywords: debugging; GDB; memory safety; large-scale C program
参考文献:
[1] 朱云龙,陈哲,王哲民,等. 针对C 语言的面向方面语言设计与实现 [J]. 小型微型计算机系统,2016,37(12):2679-2684.
[2] 陈韬,王明明. 基于多线程监控器的运行时验证 [J]. 计算机技术与发展,2019,29(2):29-34.
[3] CHEN Z,YAN J Q,LI W M,et al. Poster: Runtime Verification of Memory Safety via Source Transformation [C]// 2018 IEEE/ACM 40th International Conference on Software Engineering:Companion (ICSE-Companion).Gothenburg:IEEE,2018:264-265.
[4] 赵晓柯,丁丽萍,吴伟,等.EBound:一种高效的空间内存错误检测方法 [J]. 计算机应用与软件,2015,32(7):288-292.
[5] HENNING J L. SPEC CPU2006 benchmark descriptions [J]. ACM SIGARCH Computer Architecture News,2006,34(4):1-17.
[6] 田雪.C 程序静态分析中并发性漏洞检测技术的研究 [D].北京:北京邮电大学,2018.
[7] 严峻琦.C 程序内存安全错误的运行时检测技术研究与实现 [D]. 南京:南京航空航天大学,2017.
作者简介:仵俊(1997—),男,汉族,江苏南京人,硕士研究生在读,研究方向:软件验证。