Safer unsafe code for.NET

ACM SIGPLAN Notices

Volumn 43, Issue 10, 2008, Pages 329-345

  Ferrara, Pietro ^a,b   Logozzo, Francesco ^c   Fahndrich, Manuel ^c  

^a ECOLE POLYTECHNIQUE   (France)

^b CA' FOSCARI UNIVERSITY OF VENICE   (Italy)

^c MICROSOFT RESEARCH   (United States)

Author keywords

.NET; Abstract domains; Abstract interpretation; Bounds checking; Design by contract; Pointer indexing; Static analysis

Indexed keywords

ABSTRACTING; C++ (PROGRAMMING LANGUAGE); CODES (SYMBOLS); GEOMETRY; MODEL CHECKING;

.NET; ABSTRACT DOMAINS; ABSTRACT INTERPRETATIONS; BOUNDS CHECKING; DESIGN BY CONTRACTS;

STATIC ANALYSIS;

EID: 67650074761     PISSN: 15232867     EISSN: None     Source Type: Journal    
DOI: 10.1145/1449955.1449791     Document Type: Article

References (34)

1. R. Bagnara, P. M. Hill, and E. Zaffanella. The Parma Polyhedra Library. http://www.cs.unipr.it/ppl/.
2. M. Barnett, B.-Y. E. Chang, R. DeLine, B. Jacobs, and K. R. M. Leino. Boogie: A modular reusable verifier for Object-Oriented programs. In FMCO'05. Springer-Verlag, November 2005.
3. M. Barnett, M. Fähndrich, and F. Logozzo. Foxtrot and Clousot: Language Agnostic Dynamic and Static Contract Checking for. Net. Technical Report MSR-TR-2008-105, Microsoft Research, Redmond, WA, August 2008.
4. M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# programming system: An overview. In CASSIS 2004, 2004.
5. G. P. Brat and A. Venet. Precise and scalable static program analysis at NASA. In IEEE Aerospace Conference. IEEE, 2005.
6. D. R. Cok and J. Kiniry. ESC/Java 2: Uniting ESC/Java and JML. In CASSIS 2004, 2004.
7. P. Cousot. The calculational design of a generic abstract interpreter. In Calculational System Design. NATO ASI Series F. IOS Press, Amsterdam, 1999.
8. P. Cousot and R. Cousot. interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL'77. ACM Press, January 1977.
9. P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In POPL '79, pages 269-282. ACM Press, January 1979.
10. P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In POPL '78. ACM Press, January 1978.
11. Manuvir Das. Unification-based pointer analysis with directional assignments. In Proceedings of the ACM SIGPLAN 2000 Conference on Programming Language Design and Implementation (PLDI-00), pages 35-46. ACM, 2000.
12. N. Dor, M. Rodeh, and M. Sagiv. Cleanness checking of string manipulations in C programs via integer analysis. In SAS'01, LNCS. Springer-Verlag, June 2001.
13. N. Dor, M. Rodeh, and M. Sagiv. CSSV: towards a realistic tool for statically detecting all buffer overflows in c. In PLDI'03. ACM Press, 2003.
14. M. Furr and J. S. Foster. Polymorphic type inference for the JNI. In ESOP'06. Springer-Verlag, April 2006.
15. B. Hackett, M. Das, D. Wang, and Z. Yang. Modular checking for buffer overflows in the large. In ACM ICSE'06. ACM Press, 2006.
16. M. Hirzel and R. Grimm. Jeannie: granting Java native interface developers their wishes. In OOPSLA'07. ACM, October 2007.
17. R. N. Horspool and J. Vitek. Static analysis of postscript code. In ICCL'92. IEEE, 1992.
18. M. Karr. On affine relationships among variables of a program. Acta Informatica, 6 (2) :133-151, July 1976.
19. L. Khachiyan, E. Boros, K. Borys, K. M. Elbassioni, and M. Gurvich. Generating all vertices of a polyhedron is hard. In ACM SODA'06. ACM Press, 2006.
20. S. Liang. Java Native Interface: Programmer's Guide and Specification. Sun Microsystems, 2001.
21. F. Logozzo. Cibai: An abstract interpretation-based static analyzer for modular analysis and verification of Java classes. In VMCAI'07. Springer-Verlag, January 2007.
22. F. Logozzo and M. A. Fähndrich. On the relative completeness of bytecode analysis versus source code analysis. In CC'08, LNCS. Springer-Verlag, March 2008.
23. F. Logozzo and M. A. Fähndrich. Pentagons: A weakly relational abstract domain for the efficient validation of array accesses. In ACM SAC'08 - OOPS. ACM Press, March 2008.
24. J. Matthews and R. B. Findler. Operational semantics for multi-language programs. In POPL'07. ACM, January 2007.
25. B. Meyer. Object-Oriented Software Construction (2nd Edition). Professional Technical Reference. Prentice Hall, 1997.
26. A. Miné. The octagon abstract domain. In WCRE 2001. IEEE Computer Society, October 2001.
27. M. Müller-Olm and H. Seidl. A note on karr's algorithm. In Springer-Verlag, editor, ICALP'04, LNCS, 2004.
28. R. Rugina and C. R. Rinard. Symbolic bounds analysis of pointers, array indices, and accessed memory regions. In Proceedings of the ACM SIGPLAN 2000 Conference on Programming Language Design and Implementation (PLDI- 00), volume 35.5 of ACM Sigplan Notices, pages 182-195, N. Y., June 18-21 2000. ACM Press.
29. R. Rugina and M. C. Rinard. Symbolic bounds analysis of pointers, array indices, and accessed memory regions. ACM Transactions on Programming Languages and Systems, 27 (2) :185-235, 2005.
30. D. A. Schmidt. The internal and external logic of abstract interpretations. In VMCAI'08. Springer-Verlag, January 2008.
31. A. Simon and A. King. Analyzing string buffers in c. In AMAST'02, LNCS. Springer-Verlag, September 2002.
32. A. Simon, A. King, and J. Howe. Two variables per linear inequality as an abstract domain. In LOPSTR'02, LNCS. Springer-Verlag, September 2002.
33. G. Tan and G. Morrisett. Ilea: inter-language analysis across java and c. In OOPSLA'07. ACM, October 2007.
34. D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In NDSS'00, 2000.