Abstract
This paper proposes a method for detecting vulnerability defects caused by tainted data based on state machine. It first uses state machine to define various defect patterns. If the states of state machine is considered as the value propagated in dataflow analysis and the union operation of the state sets as the aggregation operation of dataflow analysis, the defect detection can be treated as a forward dataflow analysis problem. To reduce the false positives caused by intraprocedural analysis, the dynamic information of program was represented approximately by abstract value of variables, and then infeasible path can be identified when some variable’s abstract value is empty in the state condition. A function summary method is proposed to get the information needed for performing interprocedural defect detection. The method proposed has been implemented in a defect testing tools.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
