Open AccessIDENTIFICATION OF HIDDEN VULNERABILITIES IN THE SOURCE CODE MULTI-THREAD PROGRAMS BY ANALYSIS OF FUNCTIONAL TRANSITIONS
Author(s) -
Дмитрий Андреевич Моргунов
Publication year - 2020
Publication title -
vestnik urfo. bezopasnostʹ v informacionnoj sfere
Language(s) - English
Resource type - Journals
eISSN - 2225-5443
pISSN - 2225-5435
DOI - 10.14529/secur200207
Subject(s) - computer science , thread (computing) , source code , programming language , model checking , code (set theory) , concurrency , set (abstract data type)
The article presents a new set-theoretic model and procedures that reduce the time required to detect hidden vulnerabilities in the source code of multi-threaded computer programs, as well as the results of mathematical modeling. Hidden vulnerabilities in the article are under-stood as vulnerabilities leading to data races and deadlocks, since they have a stochastic nature of manifestation during testing, which greatly complicates their identification. The presented model describes the state of each thread of a multi-threaded computer program currently exe-cuting a function and the contents of the function call stack. At the same time, it remains pos-sible to use the model in verification by the Model Checking method, and also eliminates the need to solve the problem of searching for the model invariant. The presented procedures make it possible to formulate specifications for the verification method on models, the implementa-tion of which makes it possible to identify vulnerabilities leading to data races and deadlocks in the source code of multithreaded programs