程序回调引起的非法计算静态检测方法

Function pointer is a common syntax in C programs. Because it has the semantics of variables and functions at the same time, it has certain complexity and is often ignored in static analysis. This paper studies the data flow problem related to function pointers, proposes a data flow analysis method that can express the information of function pointers, and uses this data flow analysis method to detect illegal calculations caused by callbacks in C programs, and finally implemented a static analysis tool to detect this type of defect. The paper first discusses the problems of function pointers in data flow analysis, and proposes an extended function call graph construction method and an interval calculation method based on mutable procedure summary. Then, the illegal arithmetic operation caused by callbacks is abstracted into a defect state machine model, and a detection algorithm for this type of illegal arithmetic operation is proposed. Finally, the effectiveness of this data flow analysis method and defect detection method is proved by the experimental comparison results with other static analysis tools.