Static analysis by abstract interpretation: Application to the detection of heap overflows

Journal in Computer Virology

Volumn 4, Issue 1, 2008, Pages 5-23

  Allamigeon, Xavier ^a,b   Hymans, Charles ^a  

^a AIRBUS GROUP INNOVATIONS   (Germany)

^b DIF   (France)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTATIONAL COMPLEXITY; COMPUTER PROGRAMMING; COMPUTER SOFTWARE; SECURITY OF DATA;

ABSTRACT INTERPRETATION; IMPLEMENTING PROGRAMS;

ABSTRACTING;

EID: 38849111784     PISSN: 17729890     EISSN: 17729904     Source Type: Journal    
DOI: 10.1007/s11416-007-0063-z     Document Type: Article

References (47)

1. Allamigeon, X., Godard, W., Hymans, C.: Static analysis of string manipulations in critical embedded C programs. In: Yi, K. (ed.) Static Analysis, 13th International Symposium (SAS'06), Volume 4134 of Lecture Notes in Computer Science, pp. 35-51, Seoul, Korea, August 2006. Springer, Heidelberg (2006)
2. Ball, T., Cook, B., Das, S., Rajamani, S.: Refining approximations in software predicate abstraction. In: Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pp. 388-403. Springer, Heidelberg, March 2004
3. Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: A static analyzer for large safety-critical software. In: ACM SIGPLAN PLDI'03, Volume 548030, pp. 196-207. ACM, New York, June 2003
4. Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), pp. 82-96, Cape Breton, Nova Scotia, Canada, June 2001. IEEE Computer Society (2001)
5. Blanchet, B.: A computationally sound mechanized prover for security protocols. In: IEEE Symposium on Security and Privacy, pp. 140-154, Oakland, CA, May 2006
6. C Code Analyzer. http://www.drugphish.ch/~jonny/cca.html
7. Chess, B.: Improving computer security using extended static checking. In: SP '02: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 160, Washington, DC, USA, 2002. IEEE Computer Society (2002)
8. Clarke E.M., Emerson E.A. and Sistla A.P. (1986). Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans. Program. Lang. Syst. 8(2): 244-263
9. Clarke E.M., Grumberg O. and Long D.E. (1994). Model checking and abstraction. ACM Trans. Program. Lang. Syst. 16(5): 1512-1542
10. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Conference Record of the Fourth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 238-252, Los Angeles, CA. ACM, New York (1977)
11. Cousot P. and Cousot R. (1979). Constructive versions of Tarski's fixed point theorems. Pac. J. Math. 82(1): 43-57
12. Cousot P. and Cousot R. (1992). Abstract interpretation frameworks. J. Log. Comput. 2(4): 511-547
13. Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: Conference Record of the Fifth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 84-97, Tucson, Arizona, 1978. ACM, New York
14. Coverity. http://www.coverity.com
15. Das, S., Dill, D.L.: Counter-example based predicate discovery in predicate abstraction. In: Formal Methods in Computer-Aided Design. Springer, Heidelberg, November 2002
16. Distefano, D., O'Hearn, P.W., Yang, H.: A local shape analysis based on separation logic. In: Hermanns, H., Palsberg, J. (eds.) Tools and Algorithms for the Construction and Analysis of Systems, 12th International Conference, TACAS 2006, Volume 3920 of Lecture Notes in Computer Science, pp. 287-302. Springer, Heidelberg, March 2006
17. Dor, N., Rodeh, M., Sagiv, M.: Cssv: towards a realistic tool for statically detecting all buffer overflows in C. In: PLDI '03: Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation, pp. 155-167, New York, NY, USA. ACM, New York (2003)
18. Jr. Clarke E.M., Grumberg O. and Peled D.A. (1999). Model Checking. MIT, Cambridge
19. Evans D. and Larochelle D. (2002). Improving security using extensible lightweight static analysis. IEEE Softw. 19(1): 42-51
20. Filliâtre J.-C. (2003). Verification of non-functional programs using interpretations in type theory. J. Funct. Program. 13(4): 709-745
21. Filliâtre, J.-C., Marché, C.: Multi-prover verification of C programs. In: Formal Methods and Software Engineering, 6th International Conference on Formal Engineering Methods, ICFEM 2004. Volume 3308 of Lecture Notes in Computer Science, pp. 15-29. Springer, Heideleberg (2004)
22. Flawfinder. http://www.dwheeler.com/flawfinder/
23. International Organization for Standardization. ISO/IEC 9899:1999: Programming Languages-C. International Organization for Standardization, Geneva, Switzerland, December 1999
24. Ganssle, J.: Big Code. http://www.embedded.com/columns/embeddedpulse/ 171203287?_requestid=1130518
25. Goubault, E., Putot, S.: Static analysis of numerical algorithms. In: Yi, K. (ed.) Static Analysis, 13th International Symposium (SAS'06), Volume 4134 of Lecture Notes in Computer Science, pp. 18-5134, Seoul, Korea, August 2006. Springer Verlag (2006)
26. Graf, S., Saidi, H.: Construction of abstract state graphs with PVS. In: Grumberg, O. (ed.) Proceedings of the 9th International Conference on Computer Aided Verification (CAV'97), Vol. 1254, pp. 72-83. Springer Verlag (1997)
27. GNU grep. http://www.gnu.org/software/grep/
28. Holzmann, G.J.: Static source code checking for user-defined properties. In: Proceedings IDPT 2002, Pasadena, CA, USA (2002)
29. Hymans, C., Levillain, O.: Newspeak: Big Brother is compiling your code. Technical report, EADS France (2007). http://www.penjili.org/newspeak.html
30. Ghidella, J.R., Friedman, J.: Streamlined development of body electronics systems using model-based design. http://www.mathworks.com/company/pressroom/ newsletter/sept06/body_electronics.html
31. Jung, Y., Kim, J., Shin, J., Yi, K.: Taming false alarms from a domain-unaware C analyzer by a bayesian statistical post analysis. In: Siveroni, I., Hankin, C. (eds.) Static Analysis: 12th International Symposium, SAS 2005, London, UK, September 7-9, 2005. Proceedings, Lecture Notes in Computer Science, pp. 203-217. Springer Verlag (2005)
32. Karr M. (1976). Affine relationships among variables of a program. Acta Inf. 6: 133-151
33. Logozzo, F.: Automatic inference of class invariants. In: Proceedings of the 5th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI '04), Volume 2937 of Lectures Notes in Computer Science, January 2004. Springer Verlag (2004)
34. Miné, A.: A new numerical abstract domain based on difference-bound matrices. In: PADO II, Volume 2053 of LNCS, pp. 155-172, May 2001. Springer Verlag. http://www.di.ens.fr/~mine/publi/article-mine-padoII.pdf
35. Miné, A.: The octagon abstract domain. In: AST 2001 in WCRE 2001, IEEE, pp. 310-319. IEEE CS Press, October 2001. http://www.di.ens.fr/~mine/ publi/article-mine-ast01.pdf
36. Miné, A.: Field-sensitive value analysis of embedded C programs with union types and pointer arithmetics. In: ACM SIGPLAN LCTES'06, pp. 54-63. ACM, New York, June 2006. http://www.di.ens.fr/~mine/publi/article-mine-lctes06. pdf
37. Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: Intermediate language and tools for analysis and transformation of C programs. In: CC '02: Proceedings of the 11th International Conference on Compiler Construction, pp. 213-228, London, UK. Springer Verlag (2002)
38. Polyspace. http://www.polyspace.com
39. Rice H.G. (1956). On completely recursively enumerable classes and their key arrays. J. Symb. Log. 21(3): 304-308
40. Pehrson, R.J.: Software development for the Boeing 777. http://www.stsc.hill.af.mil/crosstalk/1996/01/Boein777.asp
41. Sagiv, S., Reps, T.W., Wilhelm, R.: Parametric shape analysis via 3-valued logic. In: Symposium on Principles of Programming Languages, pp. 105-118 (1999)
42. Sankaranarayanan, S., Sipma, H.B., Manna, Z.: Scalable analysis of linear systems using mathematical programming. In: Cousot, R. (ed.) Verification, Model Checking and Abstract Interpretation: Proceedings of the 6th International Conference (VMCAI 2005), Volume 3385 of Lecture Notes in Computer Science, pp. 25-41, Paris, France, 2005. Springer, Berlin (2005)
43. Tarski A. (1955). A lattice-theoretical fixpoint theorem and its applications. Pac. J. Math. 5: 285-309
44. Venet, A., Brat, G.: Precise and efficient static array bound checking for large embedded C programs. In: PLDI '04: Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation, pp. 231-242, New York, NY, USA. ACM, New York (2004)
45. Viega, J., Bloch, J.T., Kohno, Y., McGraw, G.: Its4: A static vulnerability scanner for C and C++ code. In: ACSAC '00: Proceedings of the 16th Annual Computer Security Applications Conference, pp. 257, Washington, DC, USA. IEEE Computer Society (2000)
46. Wagner, D., Foster, J.S., Brewer, E.A., Aiken, A.: A first step towards automated detection of buffer overrun vulnerabilities. In: Network and Distributed System Security Symposium, pp. 3-17, San Diego, CA, February 2000
47. Wikipedia. Source lines of code-Wikipedia, the free encyclopedia. http://en.wikipedia.org/wiki/Lines_of_code