标签:har 指针 nal 代码 南京 class execution better blank
Soundness: the analysis captures all program behaviors, or the analysis result models all possible executions of the program
? A sound analysis requires to capture all dynamic behaviors
? A soundy analysis aims to capture all dynamic behaviors with certain hard language features unsoundly handled within reason
? An unsound analysis deliberately ignores certain behaviors in its design for better efficiency, precision or accessibility
当然,这只适应于非常简单的reflection
用reflective target method参数确定具体调用的方法和类。
Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders
Native Code允许java代码调用非java代码,一般通过Java Native Interface执行来与c/c++进行交互。
对重要的native code手动建模。例如,对经常调用的arraycopy()函数进行建模,建模后就是一个拷贝循环,但从指针分析角度来讲,看到这个循环,我们就把数组指针进行传递。
https://www.jianshu.com/p/1ca6e11b1e72
Proj THUDBFuzz Paper Reading: 南京大学软件分析课程2020, 16 Soundiness
标签:har 指针 nal 代码 南京 class execution better blank
原文地址:https://www.cnblogs.com/xuesu/p/14341578.html
