Journal of Xidian University ›› 2021, Vol. 48 ›› Issue (1): 124-132.doi: 10.19665/j.issn1001-2400.2021.01.014

Previous Articles     Next Articles

Detecting use-after-free bugs in embedded C programs

WANG Yaxin1(),LI Xiaoqing1(),WU Gaofei2(),TANG Shijian1(),ZHU Yajie1(),DONG Ting1()   

  1. 1. Beijing Institute of Space Mechanics & Electricity, Beijing 100094,China
    2. School of Cyber Engineering,Xidian University, Xi’an 710071,China
  • Received:2020-08-14 Online:2021-02-20 Published:2021-02-03


Use-after-Free (UaF) bugs in C programs seriously affect the robustness and reliability of embedded systems.Current detection methods are mostly focused on computer operating systems or applications,which does not support complex and variable embedded systems.A static code analysis can achieve the detection without the requirement of execution environment.Therefore,a static taint analysis tool based on the LLVM compiler infrastructure has been implemented to detect UaF bugs in theembedded C code automatically.Experimental results prove that this static analysis method can detect UaF bugs in C programs rapidly with low false positive and false negative.It is also proved that the tool can be applied in large-scale embedded C projects.

Key words: embedded system, C programs, use-after-free, bug detection, static code analysis

CLC Number: 

  • TP312