ARCHER: Using Symbolic, Path-sensitive Analysis to Detect Memory Access Errors

Proceedings of the Joint European Software Engineering Conference (ESEC) and SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)

Volumn , Issue , 2003, Pages 327-336

  Xie, Yichen ^a   Chou, Andy ^a   Engler, Dawson ^a  

^a STANFORD UNIVERSITY   (United States)

Author keywords

Buffer overflow; Buffer overrun; Error detection; Memory access errors; Security; Static analysis

Indexed keywords

BUFFER STORAGE; C (PROGRAMMING LANGUAGE); CONSTRAINT THEORY; DATA STORAGE EQUIPMENT; SECURITY OF DATA; SOFTWARE ENGINEERING; STATISTICAL METHODS;

BUFFER OVERFLOW; BUFFER OVERRUN; MEMORY ACCESS ERRORS;

COMPUTER SOFTWARE;

EID: 1542317050     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (24)

1. K. Ashcraft and D.R. Engler. Using programmer-written compiler extensions to catch security holes. In IEEE Symposium on Security and Privacy, Oakland, California, May 2002.
2. R. Bodik, R. Gupta, and V. Sarkar. ABCD: Eliminating array bounds checks on demand. In SIGPLAN Conference on Programming Language Design and Implementation, pages 321-333, June 2000.
3. W.R. Bush, J.D. Pincus, and D.J. Sielaff. A static analyzer for finding dynamic programming errors. Software: Practice and Experience, 30(7):775-802, June 2000.
4. B. Chess. Improving computer security using extended static checking. In IEEE Symposium on Security and Privacy, Oakland, California, May 2002.
5. Microsoft Corporation. AST Toolkit. http://research.microsoft.com/sbt/.
6. N. Dor, M. Rodeh, and M. Sagiv. CSSV: towards a realistic tool for statically detecting all buffer overflows in c. In Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, pages 155-167. ACM Press, June 2003.
7. D.R. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of Operating Systems Design and Implementation (OSDI), September 2000.
8. D.R. Engler, D.Y. Chen, S. Hallem, A. Chou, and B. Chelf. Bugs as deviant behavior: A general approach to inferring errors in systems code. In Proceedings of the Eighteenth ACM Symposium on Operating Systems Principles, 2001.
9. C. Flanagan and K.R.M. Leino. Houdini, an annotation assistant for ESC/Java. In Symposium of Formal Methods Europe, pages 500-517, March 2001.
10. C. Flanagan, K.R.M. Leino, M. Lillibridge, G. Nelson, J.B. Saxe, and R. Stata. Extended static checking for Java. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pages 234-245. ACM Press, 2002.
11. C. Flanagan and S. Qadeer. Predicate abstraction for software verification. In Proceedings of the 29th Annual Symposium on Principles of Programming Languages, June 2002.
12. D. Freedman, R. Pisani, and R. Purves. Statistics. W W Norton & Co., third edition, September 1997.
13. S. Hallem, B. Chelf, Y. Xie, and D.R. Engler. A system and language for building system-specific, static analyses. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, Berlin, Germany, June 2002.
14. R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proceedings of the Winter USENIX Conference, December 1992.
15. Intrinsa. A technical introduction to PREfix/Enterprise. Technical report, Intrinsa Corporation, 1998.
16. R.W.M. Jones and P.H.J. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In Automated and Algorithmic Debugging, pages 13-26, May 1997.
17. W. Landi, B. G. Ryder, and S. Zhang. Interprocedural modification side effect analysis with pointer aliasing. In Proceedings of the ACM SIGPLAN 1993 Conference on Programming Language Design and Implementation, pages 56-67. ACM Press, 1993.
18. D. Larochelle and D. Evans. Statically detecting likely buffer overflow vulnerabilities. In 10th USENIX Security Symposium, August 2001.
19. G.C. Necula, S. McPeak, S.P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of c programs. In International Conference on Compiler Construction, March 2002.
20. G.C. Necula, S. McPeak, and W. Weimer. CCured: type-safe retrofitting of legacy code. In Symposium on Principles of Programming Languages, pages 128-139, January 2002.
21. W. Pugh. The omega test: a fast and practical integer programming algorithm for dependence analysis. In Supercomputing, pages 4-13, November 1991.
22. B. Schneier. Risks to cybersecurity. Congressional Testimony by Federal Document Clearing House, June 2003.
23. M.N. Velev and R.E. Bryant. Effective use of boolean satisfiability procedures in the formal verification of superscalar and VLIW microprocessors. Journal of Symbolic Computation, special issue on Integration of Automated Reasoning and Computer Algebra Systems, 2002.
24. D. Wagner, J. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In The 2000 Network and Distributed Systems Security Conference. San Diego, CA, February 2000.