Ensuring Safe Usage of Buffers in Programming Language C
نویسنده
چکیده
We consider the problem of buffer overflows in C programs. This problem is very important because buffer overflows are suitable targets for security attacks and sources of serious programs’ misbehavior. Buffer overflow bugs can be detected at run-time by dynamic analysis, and before run-time by static analysis. In this paper we present a new static, modular approach for automated detection of buffer overflows. Our approach is flow-sensitive and inter-procedural, and it deals with both statically and dynamically allocated buffers. Its architecture is flexible and pluggable — for instance, for checking generated correctness and incorrectness conditions, it can use any external automated theorem prover that follows SMT-LIB standards. The system uses an external and easily extendable knowledge database that stores all the reasoning rules so they are not hard-coded within the system. We also report on our prototype implementation, the FADO tool, and on its experimental results.
منابع مشابه
Resource-Based Programming in Plaid
Many modern programming challenges center on the correct handling of abstract resources whose use is constrained in some way. These constraints include initialization before use, resource cleanup, safe coordination among threads, and usage protocols. Unlike class-based languages, the resource-based programming language Plaid models interfaces, representation, and behavior using states, and an o...
متن کاملDeveloping a software for simulation of gaseous detectors with Monte carlo method in c++ programming language
In this paper we consider a gaseous detector and supposed, because of pass of an ionizing radiation, an electron created inside it. By numerical simulation with monte carlo method and concluding the impacts, scatterings and creation of secondary electrons, we find the trajectory of initial and secondary electrons. Dependence of number of secondary electrons to applied electrical field is invest...
متن کاملResource-Safe Systems Programming with Embedded Domain Specific Languages
We introduce a new overloading notation that facilitates programming, modularity and reuse in Embedded Domain Specific Languages (EDSLs), and use it to reason about safe resource usage and state management. We separate the structural language constructs from our primitive operations, and show how precisely-typed functions can be lifted into the EDSL. In this way, we implement a generic framewor...
متن کاملImplementation of a Fail - Safe ANSI C Compiler
Programs written in the C language often suffer from nasty errors due to dangling pointers and buffer overflow. Such errors in Internet server programs are often exploited by malicious attackers to “crack” an entire system, and this has become a problem affecting society as a whole. The root of these errors is usually corruption of on-memory data structures caused by out-of-bound array accesses...
متن کاملResource Usage Analysis and Its Application to Resource Certification
Resource usage is one of the most important characteristics of programs. Automatically generated information about resource usage can be used in multiple ways, both during program development and deployment. In this paper we discuss and present examples on how such information is obtained in COSTA, a state of the art static analysis system. COSTA obtains safe symbolic upper bounds on the resour...
متن کامل