Download Value-Range Analysis of C Programs: Towards Proving the by Axel Simon PDF

By Axel Simon

The use of static research suggestions to turn out the partial correctness of C code has lately attracted a lot consciousness as a result of excessive rate of software program blunders - fairly with recognize to safeguard vulnerabilities. although, study into new research concepts is frequently hampered by means of the technical problems of analysing accesses via guidelines, pointer mathematics, coercion among varieties, integer wrap-around and different low-level behaviour. Axel Simon presents a concise, but formal description of a value-range research that soundly approximates the semantics of C courses utilizing structures of linear inequalities (polyhedra).

The research is officially exact right down to the bit-level whereas delivering an actual approximation of all low-level points of C utilizing polyhedral operations and, as such, it offers a foundation for enforcing new analyses which are aimed toward verifying higher-level software homes accurately. One instance of such an research is the monitoring of the NUL place in C string buffers, that's proven as an extension to the elemental research and which thereby demonstrates the modularity of the procedure.

While the ebook specializes in a valid research of C, it is going to be helpful to any researcher and pupil with an curiosity in static research of real-world programming languages. in truth, many techniques offered right here hold over to different languages akin to Java or assembler, to different functions equivalent to taint research, array and form research and doubtless even to different ways comparable to run-time verification and try info generation.

Show description

Read or Download Value-Range Analysis of C Programs: Towards Proving the Absence of Buffer Overflow Vulnerabilities PDF

Best c & c++ books

Software development for the QUALCOMM BREW platform

This article presents a soup-to-nuts exam of what it takes to layout, advance, and installation commercially doable purposes for the QUALCOMM BREW platform.

Learning OpenCV

Книга studying OpenCV studying OpenCVКниги С/С++/Visual C Автор: Gary Bradski, Adrian Kaehler Год издания: 2008 Формат: pdf Издат. :O'Reilly Страниц: 577 Размер: 31 мб ISBN: 978-0-596-51613-0 Язык: Английский0 (голосов: zero) Оценка:Learning OpenCV places you correct in the midst of the quickly increasing box of computing device imaginative and prescient.

Understanding Programming Languages

This ebook compares constructs from C with constructs from Ada when it comes to degrees of abstractions. learning those languages offers a company starting place for an in depth exam of object-oriented language aid in C++ and Ada ninety five. It explains what choices can be found to the language clothier, how language constructs will be utilized in phrases of defense and clarity, how language constructs are applied and which of them should be successfully compiled and the position of language in expressing and imposing abstractions.

Quantum Computation and Information: Ams Special Session Quantum Computation and Information, Washington, D.C., January 19-21, 2000

This e-book is a suite of papers given by means of invited audio system on the AMS precise consultation on Quantum Computation and knowledge held on the January 2000 Annual assembly of the AMS in Washington, DC. The papers during this quantity supply readers a wide creation to the numerous mathematical examine demanding situations posed through the hot and rising box of quantum computation and quantum details.

Extra info for Value-Range Analysis of C Programs: Towards Proving the Absence of Buffer Overflow Vulnerabilities

Example text

By building on these planar algorithms, Chap. 8 presents the Two-Variables-Per-Inequality (TVPI) domain, which provides an efficient way of manipulating polyhedra in which each inequality has at most two variables. The following chapter presents techniques to refine polyhedra around the contained set of integral points, a process that is required to ensure that coefficients of inequalities do not grow indefinitely. Such a guarantee cannot currently be given for general polyhedra. As such, the TVPI domain presents, to our knowledge, the most precise polyhedral domain with a performance guarantee.

The little-endian architecture imposes a similar invariant on the write operation. The notation 1 n−1 copies n bytes from address b to a. 3 The Environment For the sake of defining the concrete semantics of a program P ∈ L(CoreC), let V g denote the global variables of P and let S g its initialisation statements. Moreover, let f1 . . fn be the functions that constitute P and define lookupFunc(fi ) = P fi , V fi , lfi for each function. Here, P fi denotes the formal parameters of fi , V fi , the locally declared variables, and lfi the label of the first basic block of fi .

11, which presents the string buffer analysis as a refinement of the basic analysis of C that is described in the first part of the book. 2 Widening with Landmarks The key to an efficient polyhedral analysis is to accelerate the fixpoint calculation to overcome slowly growing coefficients in inequalities. This process is known as widening [59] and was already applied in Sect. 5. 6 Completeness 17 two consecutive iterations. The full removal of inequalities, however, incurs a substantial precision loss, as witnessed by the Ri states from the last section that describe the state space at the end of the ❢♦r-loop in lines 18–19.

Download PDF sample

Rated 4.27 of 5 – based on 4 votes