Bounds-Checking Entire Programs without Recompiling
نویسندگان
چکیده
"!$# !%#& '( )+* # -, /. 0 12 ) 3546 ",27 '( 8* & 79 / '( 0 & #: #;'(#2, ? 0 & 19 # @* #: , @ !%# 'A B #: C -, 0 1D &E; E8'( '(# 7F 3G H 0 2 G < + # -, # 9 #:'( E >I #? JK + < 9 & + JK 0 E JK 7F !$ E & 0 & . / LM < ; #& 1 ; N < D #:)& 0 '( N M < D D 7O #:)& 0 '('( ) E & ): ) :> ,P < 9 ? 9 #F #:'( E 9 #& ?>5 #F #2, Q . #:'( E & # I> #R #: S #2, :> & -,6 #R T &E; ? & '( 2 G!$# E * 0 B 3 " 0 2 !$# '( * / 8 N (, * ) !%#& 'A &. # ( ,Q /7 'Q* #:EK 0 &* E & M Q #:'( E ?,Q #:)& 0 'O> * AUKVXW Y/ZKU V [CW Y/ZK\0V%] ^ _%_ `O N a 9 !$# 'A B # b G'( )&c; !$ Q #& Q B (!%#: -,d>8* 9!e E A #: < JK C, #F # H ? :3 4b 6, * b# D # # f7 a '( E '( 2 0 B #: I>g ,h #: T, #? i N #: E ,S* g '( #BJK ?,(* 7(* N 0 & #: S N F C # 'j.
منابع مشابه
Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors
Attacks that exploit out-of-bounds errors in C and C++ programs are still prevalent despite many years of research on bounds checking. Previous backwards compatible bounds checking techniques, which can be applied to unmodified C and C++ programs, maintain a data structure with the bounds for each allocated object and perform lookups in this data structure to check if pointers remain within bou...
متن کاملOn the Role of Static Analysis in Operating System Checking and Runtime Verification
of the RPE On the Role of Static Analysis in Operating System Checking and Runtime Verification by Abhishek Rai Stony Brook University 2005 Software inevitably contains bugs. For certain classes of software like operating systems, reliability is a critical requirement. Recent research has shown that several commodity operating systems, even after careful design and extensive testing, still cont...
متن کاملVerifiable Range Analysis Annotations for Array Bounds Check Elimination
For performance reasons, it is desirable for Java just-in-time (JIT) compilers to statically identify array element accesses that can never cause an out of bounds exception, but the most precise analyses are too expensive to run in JIT compilers. We present verifiable annotations that can be added to Java programs to capture the results of range analyses as claimed linear inequalities and proof...
متن کاملA Practical Dynamic Buffer Overflow Detector
Despite previous efforts in auditing software manually and automatically, buffer overruns are still being discovered in programs in use. A dynamic bounds checker detects buffer overruns in erroneous software before it occurs and thereby prevents attacks from corrupting the integrity of the system. Dynamic buffer overrun detectors have not been adopted widely because they either (1) cannot guard...
متن کاملSafe Arrays via Regions and Dependent Types
Arrays over regions of points were introduced in ZPL in the late 1990s and later adopted in Titanium and X10 as a means of simplifying the programming of high-performance software. A region is a set of points, rather than an interval or a product of intervals, and enables the programmer to write a loop that iterates over a region. While convenient, regions do not eliminate the risk of array bou...
متن کامل