I. A. Dudina, “Inter-procedural buffer overflows detection in C/C++ source code via static analysis”, Proceedings of ISP RAS, 28:5 (2016), 119

Proceedings of the Institute for System Programming of the RAS

RUS ENG

JOURNALS PEOPLE ORGANISATIONS CONFERENCES SEMINARS VIDEO LIBRARY PACKAGE AMSBIB

JavaScript is disabled in your browser. Please switch it on to enable full functionality of the website

	General information
	Latest issue
	Archive

	Search papers
	Search references

	RSS
	Latest issue
	Current issues
	Archive issues
	What is RSS

Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
	Find

Personal entry:
Login:
Password:
	Save password
	Enter
	Forgotten password?
	Register

Proceedings of the Institute for System Programming of the RAS, 2016, Volume 28, Issue 5, Pages 119–134
DOI: https://doi.org/10.15514/ISPRAS-2016-28(5)-7 (Mi tisp71)

This article is cited in 1 scientific paper (total in 1 paper)

Inter-procedural buffer overflows detection in C/C++ source code via static analysis

I. A. Dudina^ab

^a CMC MSU
^b ISP RAS

Full-text PDF (1309 kB) Citations (1)

References:

PDF

HTML

DOI: https://doi.org/10.15514/ISPRAS-2016-28(5)-7

Abstract: We propose inter-procedural static analysis tool for buffer overflow detection. It is based on previously developed intra-procedural algorithm which uses symbolic execution with state merging. This algorithm is path-sensitive and supports tracking several kinds of value relations such as arithmetic operations, cast instructions, binary relations from constraints. In this paper we provide a formal definition for inter-procedural buffer overflow errors and discuss different kinds of such errors. We use function summaries for inter-procedural analysis, so it provides natural path-sensitivity in some degree. This approach allowed us to improve intra-procedural algorithm by tracking inter-procedural value dependencies. Furthermore, we introduce a technique to extract the sufficient condition of buffer overflow for a function, which is supposed to be stored in the summary of this function and checked at every call site. This approach was implemented for Svace static analyzer as the new buffer overflow detector, and it has shown 64% true-positive ratio on Android 5.0.2.

Keywords: static analysis, software error detection, buffer overflow, path-sensitivity, symbolic execution, context-sensitivity, inter-procedural analysis.

Bibliographic databases:

Document Type: Article

Language: Russian

Citation: I. A. Dudina, “Inter-procedural buffer overflows detection in C/C++ source code via static analysis”, Proceedings of ISP RAS, 28:5 (2016), 119–134

Citation in format AMSBIB

\Bibitem{Dud16}

\by I.~A.~Dudina

\paper Inter-procedural buffer overflows detection in C/C++ source code via static analysis

\jour Proceedings of ISP RAS

\yr 2016

\vol 28

\issue 5

\pages 119--134

\mathnet{http://mi.mathnet.ru/tisp71}

\crossref{https://doi.org/10.15514/ISPRAS-2016-28(5)-7}

\elib{https://elibrary.ru/item.asp?id=27679154}

Linking options:

https://www.mathnet.ru/eng/tisp71

https://www.mathnet.ru/eng/tisp/v28/i5/p119

This publication is cited in the following 1 articles:

Citing articles in Google Scholar: Russian citations, English citations
Related articles in Google Scholar: Russian articles, English articles

Proceedings of the Institute for System Programming of the RAS

Statistics & downloads:
Abstract page:	143
Full-text PDF :	59
References:	21

Что такое QR-код?

Registration to the website

Logotypes