I. Dudina, V. Koshelev, A. Borodin, “Statically detecting buffer overflows in C/C++”, Proceedings of ISP RAS, 28:4 (2016), 149

Proceedings of the Institute for System Programming of the RAS

RUS ENG

JOURNALS PEOPLE ORGANISATIONS CONFERENCES SEMINARS VIDEO LIBRARY PACKAGE AMSBIB

JavaScript is disabled in your browser. Please switch it on to enable full functionality of the website

	General information
	Latest issue
	Archive

	Search papers
	Search references

	RSS
	Latest issue
	Current issues
	Archive issues
	What is RSS

Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
	Find

Personal entry:
Login:
Password:
	Save password
	Enter
	Forgotten password?
	Register

Proceedings of the Institute for System Programming of the RAS, 2016, Volume 28, Issue 4, Pages 149–168
DOI: https://doi.org/10.15514/ISPRAS-2016-28(4)-9 (Mi tisp58)

This article is cited in 5 scientific papers (total in 5 papers)

Statically detecting buffer overflows in C/C++

I. Dudina^ab, V. Koshelev^b, A. Borodin^b

^a CMC MSU
^b ISP RAS

Full-text PDF (773 kB) Citations (5)

References:

PDF

HTML

DOI: https://doi.org/10.15514/ISPRAS-2016-28(4)-9

Abstract: The paper describes a static analysis approach for buffer overflow detection in C/C++ source code. This algorithm is designed to be path-sensitive as it is based on symbolic execution with state merging. For now, it works only with buffers on stack or on static memory with compile-time known size. We propose a formal definition for buffer overflow errors that are caused by executing a particular sequence of program control-flow edges. To detect such errors, we present an algorithm for computing a summary for each program value at any program point along multiple paths. This summary includes all joined values at join points with path conditions. It also tracks value relations such as arithmetic operations, cast instructions, binary relations from constraints. For any buffer access we compute a sufficient condition for overflow using this summary for index variable and the reachability condition for the current function point. If this condition is proved to be satisfiable by an SMT-solver, we use its model given by the solver to detect error path and report the warning with this path. This approach was implemented for Svace static analyzer as the new buffer overflow detector, and it has found a significant amount of unique true warnings that are not covered by the old buffer overflow detector implementations.

Keywords: static analysis, software error detection, buffer overflow, path-sensitivity, symbolic execution.

Bibliographic databases:

Document Type: Article

Language: Russian

Citation: I. Dudina, V. Koshelev, A. Borodin, “Statically detecting buffer overflows in C/C++”, Proceedings of ISP RAS, 28:4 (2016), 149–168

Citation in format AMSBIB

\Bibitem{DudKosBor16}

\by I.~Dudina, V.~Koshelev, A.~Borodin

\paper Statically detecting buffer overflows in C/C++

\jour Proceedings of ISP RAS

\yr 2016

\vol 28

\issue 4

\pages 149--168

\mathnet{http://mi.mathnet.ru/tisp58}

\crossref{https://doi.org/10.15514/ISPRAS-2016-28(4)-9}

\elib{https://elibrary.ru/item.asp?id=27174144}

Linking options:

https://www.mathnet.ru/eng/tisp58

https://www.mathnet.ru/eng/tisp/v28/i4/p149

This publication is cited in the following 5 articles:

Citing articles in Google Scholar: Russian citations, English citations
Related articles in Google Scholar: Russian articles, English articles

Proceedings of the Institute for System Programming of the RAS

Statistics & downloads:
Abstract page:	232
Full-text PDF :	96
References:	33

Что такое QR-код?

Registration to the website

Logotypes