PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
Efficiently computing static single assignment form and the control dependence graph
ACM Transactions on Programming Languages and Systems (TOPLAS)
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Symbolic bounds analysis of pointers, array indices, and accessed memory regions
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Symbolic execution and program testing
Communications of the ACM
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Buffer overrun detection using linear programming and static analysis
Proceedings of the 10th ACM conference on Computer and communications security
Modular checking for buffer overflows in the large
Proceedings of the 28th international conference on Software engineering
An empirical evaluation of chains of recurrences for array dependence testing
Proceedings of the 15th international conference on Parallel architectures and compilation techniques
Saturn: A scalable framework for error detection using Boolean satisfiability
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special issue on POPL 2005
Using Valgrind to detect undefined value errors with bit-precision
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Calysto: scalable and precise extended static checking
Proceedings of the 30th international conference on Software engineering
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Parfait: designing a scalable bug checker
Proceedings of the 2008 workshop on Static analysis
Asterisk™: the future of telephony, 2nd edition
Asterisk™: the future of telephony, 2nd edition
Marple: a demand-driven path-sensitive buffer overflow detector
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
SoftBound: highly compatible and complete spatial memory safety for c
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
BegBunch: benchmarking for C bug detection tools
Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009)
JPF-SE: a symbolic execution extension to Java PathFinder
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Boosting the performance of flow-sensitive points-to analysis using value flow
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Static deep error checking in large system applications using parfait
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Precise and scalable context-sensitive pointer analysis via value flow graph
Proceedings of the 2013 international symposium on memory management
Hi-index | 0.00 |
Although buffer overflow detection has been studied for more than 20 years, it is still the most common source of security vulnerabilities in systems code. Different approaches using symbolic analysis have been proposed to detect this vulnerability. However, existing symbolic analysis techniques are either too complex to scale to millions of lines of code (MLOC), or too simple to effectively handle loops and complex program structures. In this paper, we present a novel symbolic analysis algorithm for buffer overflow detection that applies simple rules to solve relevant control and data dependencies. Our approach is path-sensitive and effectively handles loops and complex program structures. Scalability is achieved by using a simple symbolic value representation, filtering out irrelevant dependencies in symbolic value computation and computing symbolic values on demand. Evaluation of our approach shows that it is both practical and effective:the analysis runs over 8.6 MLOC of the OpenSolarisTM Operating system/Networking (ON)codebase in 11 minutes and finds hundreds of buffer overflows with a false positive rate of less than 10%.