摘要
CoSy是ACE公司开发的编译器构架,为了保证CoSy C编译器输入程序的安全性,避免产生编译器缓冲区溢出问题,提出了编译器缓冲区溢出判断模型。根据C源程序编译器缓冲区溢出漏洞的特征,建立了编译器缓冲区溢出判断模型;给出了重建CoSy中间表示CCMIR(Common CoSy Medium-level Intermediate Representation)的方法;最后,给出了CC-MIR程序安全性判定算法。实验结果表明,这种模型可以有效地判断输入程序的安全性。因此,通过重建CCMIR模型可以有效地避免CoSy C语言编译器编译过程中的缓冲区溢出问题。
CoSy is a compiler framework developed by ACE company. In order to ensure the security of inputted procedure of CoSy C compiler and avoiding the crisis of compiler's buffer overflow, model of estimating compiler's buffer overflow was put forward. According to analyzing the character of potential compiler's buffer overflow vuInerabilities in C procedure, and the model of estimating compiler 's buffer overflow was founded; A method of rebuilding common CoSy medium-level intermediate representation was put forward; At last, an algorithm of estimating the security of a CCMIR procedure was put forward. It is indicated that the research can satisfactorily validate the security of the inputted procedure. And this rebuilded CCMIR model can effectively avoid the CoSy C language compiler's buffer overflow.
出处
《计算机技术与发展》
2012年第6期93-96,共4页
Computer Technology and Development
基金
中央高校基本科研业务费专项资金(GK201002011)
