Value-Range Analysis of C Programs : Towards Proving the Absence of Buffer Overflow Vulnerabilities
Publication year: 2008
ISBN: 978-1-84800-017-9
Internet Resource: Please Login to download book
The use of static analysis techniques to prove the partial correctness of C code has recently attracted much attention due to the high cost of software errors - particularly with respect to security vulnerabilities. However, research into new analysis techniques is often hampered by the technical difficulties of analysing accesses through pointers, pointer arithmetic, coercion between types, integer wrap-around and other low-level behaviour. Axel Simon provides a concise, yet formal description of a value-range analysis that soundly approximates the semantics of C programs using systems of linear inequalities (polyhedra). The analysis is formally specified down to the bit-level while providing a precise approximation of all low-level aspects of C using polyhedral operations and, as such, it provides a basis for implementing new analyses that are aimed at verifying higher-level program properties precisely. One example of such an analysis is the tracking of the NUL position in C string buffers, which is shown as an extension to the basic analysis and which thereby demonstrates the modularity of the approach.
Subject: Computer Science / Programming Languages, Compilers, Interpreters / Logics and Meanings of Programs / Software Engineering / Numeric Computing / C programming language / D programming language / Rack / Turing / Variable / abstract interpretation / algorithm / algorithms / buffer overflow vulnerabilities / polyhedral analysis / programming / programming language / semantics / static analysis / value-range analysis
