The formal semantics of programming languages: an introduction
The formal semantics of programming languages: an introduction
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
AMAST '02 Proceedings of the 9th International Conference on Algebraic Methodology and Software Technology
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
ITS4: A static vulnerability scanner for C and C++ code
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Improving Computer Security Using Extended Static Checking
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Buffer overrun detection using linear programming and static analysis
Proceedings of the 10th ACM conference on Computer and communications security
Precise and efficient static array bound checking for large embedded C programs
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
CCured: type-safe retrofitting of legacy software
ACM Transactions on Programming Languages and Systems (TOPLAS)
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Transparent run-time defense against stack smashing attacks
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Taming false alarms from a domain-unaware c analyzer by a bayesian statistical post analysis
SAS'05 Proceedings of the 12th international conference on Static Analysis
Inferring Min and Max Invariants Using Max-Plus Polyhedra
SAS '08 Proceedings of the 15th international symposium on Static Analysis
Sufficient preconditions for modular assertion checking
VMCAI'08 Proceedings of the 9th international conference on Verification, model checking, and abstract interpretation
Non-disjunctive numerical domain for array predicate abstraction
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Pentagons: A weakly relational abstract domain for the efficient validation of array accesses
Science of Computer Programming
Access analysis-based tight localization of abstract memories
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
Design and implementation of sparse global analyses for C-like languages
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Modeling and analyzing the interaction of C and C++ strings
FoVeOOS'11 Proceedings of the 2011 international conference on Formal Verification of Object-Oriented Software
| Hi-index | 0.00 |
This paper describes a new static analysis to show the absence of memory errors, especially string buffer overflows in C programs. The analysis is specifically designed for the subset of C that is found in critical embedded software. It is based on the theory of abstract interpretation and relies on an abstraction of stores that retains the length of string buffers. A transport structure allows to change the granularity of the abstraction and to concisely define several inherently complex abstract primitives such as destructive update and string copy. The analysis integrates several features of the C language such as multi-dimensional arrays, structures, pointers and function calls. A prototype implementation produces encouraging results in early experiments.