基于行为监测的嵌入式操作系统堆栈溢出测试

计算机工程与科学 ›› 2022, Vol. 44 ›› Issue (11): 1918-1923.

基于行为监测的嵌入式操作系统堆栈溢出测试

杨兴达1,2,陈灿1,2,方菱1,2

(1.安徽大学物质科学与信息技术研究院，安徽合肥 230000；
2.中国科学院合肥物质科学研究院，安徽合肥 230000)

收稿日期:2021-09-14 修回日期:2021-10-26 接受日期:2022-11-25 出版日期:2022-11-25 发布日期:2022-11-25
基金资助:
安徽省重点研究与开发计划(202004a05020041)

Stack overflow test for embedded operating systems based on behavior monitoring

YANG Xing-da1,2,CHEN Can1,2,FANG Ling1,2

(1.Institutes of Physical Science and Information Technology,Anhui University,Hefei 230000；
2.Hefei Institutes of Physical Science,Chinese Academy of Sciences,Hefei 230000,China)

Received:2021-09-14 Revised:2021-10-26 Accepted:2022-11-25 Online:2022-11-25 Published:2022-11-25

摘要/Abstract

摘要： 堆栈测试是嵌入式操作系统安全评估的重要环节，堆栈溢出会覆盖邻近堆栈中的数据，造成数据错乱进而引发系统崩溃。然而捕获并定位堆栈溢出具有一定难度。首先，溢出数据可能会侵占操作系统中其它任务的私有堆栈，而发生溢出的任务本身没有异常表现，以致难以确定堆栈溢出的根源；其次，由于操作系统任务的优先级差异，堆栈溢出的暴露时间可能滞后于其发生时间。提出了一种基于实时堆栈分配与回收行为监测的动态堆栈测试方法，首先在堆栈行为测试点插入桩函数，以采集任务堆栈的测试码；然后设置上位机测试程序，以分析测试码并提供测试结果，实现实时捕获并定位堆栈溢出。利用此方法，在基于车载远程信息处理终端的实际测试中，定位到了3处造成系统崩溃或复位的堆栈溢出异常，评估了操作系统堆栈的安全性。另外，根据测试结果，优化了堆栈大小的静态分配，在单个任务中最多节省了42%的堆栈空间，并将整个任务RAM压缩至原来的63%。

关键词: 操作系统, 程序插桩, 堆栈测试, 动态测试

Abstract: Stack test is an important part of security evaluation of embedded operating systems. Stack overflow will overwrite the data in the adjacent stack, resulting in data confusion and system crash. However, catching and locating stack overflows can be difficult. Firstly, the overflow data may invade the private stack of other tasks in the operating system, and the overflowing task itself has no abnormal behavior, so that it is difficult to determine the root cause of the stack overflow. Secondly, stack overflows may be exposed later than their occurrence due to the priority differences of the operating system tasks. In this research, a dynamic stack test method based on real-time stack allocation and recovery behavior monitoring is proposed. Firstly, instrumentation is inserted at the stack behavior test point to collect the test code of the test stack. Then, the Upper Test (UT) is set to analyze the test code and provide the test result, which can realize the real-time capture and locate the stack overflow. In the actual test based on telematics terminal, this method is used to locate three stack overflow that caused the system to crash or reset, and the safety of the operating system stack is eval-uated. In addition, according to the test results, the static allocation of the stack size is optimized, which saves up to 42% of the stack space in a single task and compresses the entire RAM of tasks to 63% of the original.

Key words: operating system, instrumentation, stack test, dynamic test

杨兴达, 陈灿, 方菱, . 基于行为监测的嵌入式操作系统堆栈溢出测试[J]. 计算机工程与科学, 2022, 44(11): 1918-1923.

YANG Xing-da, CHEN Can, FANG Ling, . Stack overflow test for embedded operating systems based on behavior monitoring[J]. Computer Engineering & Science, 2022, 44(11): 1918-1923.

参考文献［12］

［1］	Junko Y.Toyota case:Single bit flip that killed［EB/OL］.［2013-10-25］.https://www.eetimes.com/toyota-case-single-bit-flip-that-killed.
［2］	Yan K,Liu D,Meng F Z.A highly automated binary software vulnerability risk evaluation method for off-by-one stack based buffer overflow［C］ ∥Proc of 2015 IEEE International Conference on Computer and Communications,2015:16-20.
［3］	Zhang G,Liu Z.Study on approach of determining size of μC/OS-II task stack［J］. Journal of Computers,2011,6(4):676-682.
［4］	Xie W G,Hu J C,Kudjo P K,et al.A new detection method for stack overflow vulnerability based on component binary code for third-party component［C］∥Proc of 2018 IEEE SmartWorld,Ubiquitous Intelligence & Computing,Advanced & Trusted Computing,Scalable Computing & Communications,Cloud & Big Data Computing,Internet of People and Smart City Innovation,2018:1255-1259.
［5］	Choi K,Kim S,Seok M G,et al.Maximum stack memory monitoring method assisted by static analysis of the stack usage profile［C］∥Proc of International Conference on Computer Science and its Applications,2018:756-765.
［6］	Yu Quan-xi,Zhang Yi-kun,Hu Yan-jing,et al.Data collection in embedded software path coverage test［J］.Computer Engineering,2009,35(21):54-56.(in Chinese)
［7］	Fang L,Takashi K,Do T B N,et al.Formal model-based test for AUTOSAR multicore RTOS［C］∥Proc of 2012 IEEE 5th International Conference on Software Testing,Verification and Validation,2012:251-259.
［8］	Wei Qiang,Hu Ding-wen,Wang Qing-xian.Design and implementation of object code based dynamic testing frame-work［J］.Computer Engineering and Applications,2008,44(6):113-116.(in Chinese)
［9］	Li Qian,Mei Lin,Ling Hui,et al.EASTT:An embedded application software test system［J］.Computer Engineering & Science,2002,24(2):66-69.(in Chinese)
［10］	Liang Xiao-bing,Kong Ling-da,Liu Yan,et al.Lightweight dynamic binary instrumentation algorithm for embedded software［J］.Netinfo Security,2021,21(4):89-95.(in Chinese)
［11］	Khamparia A,Banu J S.Program analysis with dynamic instrumentation pin and performance tools［C］∥Proc of 2013 IEEE International Conference on Emerging Trends in Computing,Communication and Nanotechnology,2013:436-440.
［12］	Zhang Peng,Yang Qiu-hui,Li Hai-nu.Research of memory leak detection method on embedded system［J］.Computer Engineering and Applications,2013,49(14):56-59.(in Chinese)
	附中文参考文献：
［6］	于全喜，张毅坤，胡燕京，等.嵌入式软件路径覆盖测试数据采集［J］,计算机工程，2009,35(21):54-56.
［8］	魏强,胡定文,王清贤.目标码动态测试框架的设计及实现［J］.计算机工程与应用,2008,44(6):113-116.
［9］	李茜,梅琳,凌辉,等.EASTT:一种嵌入式应用软件测试系统［J］.计算机工程与科学,2002,24(2):66-69.
［10］	梁晓兵,孔令达,刘岩,等.轻量级嵌入式软件动态二进制插桩算法［J］.信息网络安全,2021,21(4):89-95.
［12］	张鹏,杨秋辉,李海怒.嵌入式软件内存泄露检测方法研究［J］.计算机工程与应用,2013,49(14):56-59.