摘要：软件漏洞检测作为软件开发周期中最重要的环节之一，在软件测试和漏洞分析领域等具有重要意义。 如何描述漏洞以及如何进行漏洞判别是漏洞检测的核心问题。基于此，本文提出一种基于缺陷模式的软件代码漏洞静态检测方法。 该方法首先对几种常见漏洞的缺陷模式进行统一的形式化定义和描述;再利用控制流分析把整个程序空间转化为漏洞可执行路径集；然后利用定义的漏洞语法规则求解漏洞可执行路径集上的漏洞相关节点集；最后利用漏洞判定规则进行判别得出漏洞报告。实验分析验证了定义和描述的缺陷模式的正确性和可行性。 Abstract: as one of the most important links in software development period, software vulnerability detection has important significance in the fields such as software testing, vulnerability analysis, etc. The core problem of vulnerability detection is how to describe the vulnerability and how to decide the vulnerability. Based on this, this paper will propose a static detection method for software code vulnerability based on defect patterns. Firstly, this method will formally define and describe the defect patterns for several common vulnerabilities; then transform the whole program space into vulnerability executable path set by the control flow analysis; and then solve the vulnerability related node set on the vulnerability executable path set by the defined vulnerability grammar rule; finally, work out the vulnerability report by the vulnerability decision rules. The experimental analysis has verified the correctness and feasibility for defined and described vulnerability patterns.
6.2 Success fee scenarios Two success fee scenarios, detailed below, are allowed for under the agreement. Type (i) is anticipated to be the one most likely to be concluded by China Grand Pharmaceutical Group. (i) An investment-type financial commitment is made to i-Optics by China Grand Pharmaceutical Group. This includes a full or partial equity buy-out, equity subscription, debentures, loans, purchase of Intellectual Property [IP] rights and any other form of direct payment to i-Optics falling outside the distribution, sales, licensing and other arrangements described immediately below under (ii).
(ii) A licensing agreement or a distribution/marketing/sales agreement for commercialisation or representation of i-Optics products in China, or some other form of business partnership or joint-venture arrangement, including ones without an immediately quantifiable financial value, is established with i-Optics by China Grand Pharmaceutical Group.
6.2 成功费预案 下面详细介绍了本协议允许的两种成功费预案。中国远大医药集团最有 可能实施第(i)种预案。 (i)中国远大医药集团向i-Optics作出一种投资型的财务承诺。这包括全 部或部分的股权收购，股权认购，信用债券，贷款，知识产权[IP]的购买, 以及（ii）中所描述的分销，销售，认证及其它安排之外的其它形式的直接 支付。
（ii）i-Optics与中国远大医药集团签署了一份授权协议或者一份分销/ 市场/销售协议，用于商业化或代表中国的i-Optics产品，或者某种其它形 式的商业伙伴或合资关系，包括那些无法估计财务价值的形式。