LCLint: a tool for using specifications to check code
SIGSOFT '94 Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering
Advanced compiler design and implementation
Advanced compiler design and implementation
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Efficient Symbolic Analysis for Optimizing Compilers
CC '01 Proceedings of the 10th International Conference on Compiler Construction
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Tracking pointers with path and context sensitivity for bug detection in C programs
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Scalable error detection using boolean satisfiability
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Compiler Analysis of the Value Ranges for Variables
IEEE Transactions on Software Engineering
The CERT C Secure Coding Standard
The CERT C Secure Coding Standard
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Dynamic test generation to find integer bugs in x86 binary linux programs
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
IntPatch: automatically fix integer-overflow-to-buffer-overflow vulnerability at compile-time
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
As-If Infinitely Ranged Integer Model
ISSRE '10 Proceedings of the 2010 IEEE 21st International Symposium on Software Reliability Engineering
Using type qualifiers to analyze untrusted integers and detecting security flaws in c programs
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Linux kernel vulnerabilities: state-of-the-art defenses and open problems
Proceedings of the Second Asia-Pacific Workshop on Systems
IntFinder: automatically detecting integer bugs in x86 binary program
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
LLBMC: bounded model checking of C and C++ programs using a compiler IR
VSTTE'12 Proceedings of the 4th international conference on Verified Software: theories, tools, experiments
Understanding integer overflow in C/C++
Proceedings of the 34th International Conference on Software Engineering
Undefined behavior: what happened to my code?
Proceedings of the Asia-Pacific Workshop on Systems
Security bugs in embedded interpreters
Proceedings of the 4th Asia-Pacific Workshop on Systems
ASIST: architectural support for instruction set randomization
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
Towards optimization-safe systems: analyzing the impact of undefined behavior
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
SEC'13 Proceedings of the 22nd USENIX conference on Security
Sound input filter generation for integer overflow errors
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Post-compiler software optimization for reducing energy
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
A Study of Linux File System Evolution
ACM Transactions on Storage (TOS)
Communications of the ACM
A study of Linux file system evolution
FAST'13 Proceedings of the 11th USENIX conference on File and Storage Technologies
| Hi-index | 0.02 |
Integer errors have emerged as an important threat to systems security, because they allow exploits such as buffer overflow and privilege escalation. This paper presents KINT, a tool that uses scalable static analysis to detect integer errors in C programs. KINT generates constraints from source code and user annotations, and feeds them into a constraint solver for deciding whether an integer error can occur. KINT introduces a number of techniques to reduce the number of false error reports. KINT identified more than 100 integer errors in the Linux kernel, the lighttpd web server, and OpenSSH, which were confirmed and fixed by the developers. Based on the experience with KINT, the paper further proposes a new integer family with NaN semantics to help developers avoid integer errors in C programs.