Tracking pointers with path and context sensitivity for bug detection in C programs

Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering

Volumn , Issue , 2003, Pages 317-326

  Livshits, V Benjamin ^a   Lam, Monica S ^a  

^a STANFORD UNIVERSITY   (United States)

Author keywords

buffer overruns; context sensitive analysis; error detection; path sensitive analysis; pointer analysis; program analysis; program representation; security flaws; software security; SSA representation

Indexed keywords

BUFFER OVERRUN; CONTEXT-SENSITIVE ANALYSIS; PATH-SENSITIVE ANALYSIS; POINTER ANALYSIS; PROGRAM ANALYSIS; SECURITY FLAWS; SOFTWARE SECURITY;

COMPUTER SOFTWARE; DATA STRUCTURES;

ERROR DETECTION;

EID: 77954463985     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/940071.940114     Document Type: Conference Paper

References (26)

1. R. A. Ballance, A. B. Maccabe, and K. J. Ottenstein. The program dependence web: A representation supporting control-, data-, and demand-driven interpretation of imperative languages. In Proceedings of the ACM SIGPLAN'90 Conference on Programming Language Design and Implementation, pages 257-271, 1990.
2. W. R. Bush, J. D. Pincus, and D. J. Sielaff. A static analyzer for finding dynamic programming errors. In Proceedings of Software Practice and Experience, pages 775-802, 2000.
3. D. R. Chase, M. Wegman, and F. K. Zadeck. Analysis of pointers and structures. In Proceedings of the ACM SIGPLAN'90 Conference on Programming Language Design and Implementation, pages 296-310, 1990.
4. A. Chou, B. Chelf, D. Engler, and M. Heinrich. Using meta-level compilation to check FLASH protocol code. In Proceedings of Architectural Support for Programming Languages and Operating Systems, pages 59-70, 2000.
5. F. C. Chow, S. Chan, S.-M. Liu, R. Lo, and M. Streich. Effective representation of aliases and indirect memory operations in SSA form. In Proceedings of the Sixth International Conference on Compiler Construction, pages 253-267, 1996.
6. Cigital. ITS4: Software security tool. http://www.cigital.com/its4/.
7. R. Cytron, J. Ferrante, B. K. Rosen, M. N. Wegman, and F. K. Zadeck. Efficiently computing static single assignment form and the control dependence graph. ACM Transactions on Programming Languages and Systems, 13(4):451-490, October 1991.
8. R. Cytron and R. Gershbein. Efficient accomodation of may-alias information in SSA form. In Proceedings of the SIGPLAN '93 Conference on Programming Language Design and Implementation, pages 253-267, June 1993.
9. A. DeKok. PScan: A limited problem scanner for C source files. http://www.striker.ottawa.on.ca/~aland/pscan/.
10. R. DeLine and M. Fahndrich. Enforcing high-level protocols in low-level software. In Proceedings of the ACM SIGPLAN'01 Conference on Programming Language Design and Implementation, pages 59-69, 2001.
11. D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the ACM Conference on Operating Systems Design and Implementation, pages 1-16, 2000.
12. D. Evans and D. Larochelle. Improving security using extensible lightweight static analysis. IEEE Software, 19(1):42-51, 2002. (Pubitemid 34069369)
13. Nevin Heintze and Olivier Tardieu. Ultra-fast aliasing analysis using CLA: A million lines of C code. In Proceedings of the ACM SIGPLAN'01 Conference on Programming Language Design and Implementation, pages 146-161, 2001.
14. C. Lapkowski and L. J. Hendren. Extended SSA numbering: Introducing SSA properties to language with multi-level pointers. In Proceedings of the Seventh International Conference on Compiler Construction, pages 128-143, 1998.
15. S.-W. Liao, A. Diwan, R.P. Bosch, A. Ghuloum, and M. Lam. SUIF explorer: An interactive and interprocedural parallelizer. In Proceedings of the 26th Annual ACM Symposium on Principles of Programming Languages, pages 37-48, 1999.
16. A. Pinkus. Yacas manual. http://www.xs4all.nl/~apinkus/manindex.html.
17. S. Sagiv, T.W. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. In Proceedings of the 26th Annual ACM Symposium on Principles of Programming Languages, pages 105-118, 1999.
18. U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting format string vulnerabilities with type qualifiers. In Proceedings of the 10th USENIX Security Symposium, pages 201-220, 2001.
19. Secure Software. RATS, a scanning tool. http://www.securesoftware.com/ rats.
20. B. Steensgaard. Points-to analysis in almost linear time. In Proceedings of the 23th Annual ACM Symposium on Principles of Programming Languages, pages 32-41, 1996.
21. P. Tu and D. Padua. Efficient building and placing of gating functions. In Proceedings of the ACM SIGPLAN'95 Conference on Programming Language Design and Implementation, pages 47-55, 1995.
22. P. Tu and D. Padua. Gated SSA-based demand-driven symbolic analysis for parallelizing compilers. In Proceedings of the 1995 ACM International Conference on Supercomputing, pages 414-423, 1995.
23. D. Wagner, J. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Proceedings of Network and Distributed Systems Security Symposium, pages 3-17, 2000.
24. J. Whaley and M. Rinard. Compositional pointer and escape analysis for Java programs. In Proceedings of Object-oriented Programming, Systems, Languages, and Applications, pages 187-206, 1999.
25. R. P. Wilson. Efficient, Context-Sensitive Pointer Analysis for C Programs. PhD thesis, Stanford University, 1998.
26. R. P. Wilson and M. S. Lam. Efficient context-sensitive pointer analysis for C programs. In Proceedings of the ACM SIGPLAN'90 Conference on Programming Language Design and Implementation, pages 1-12, 1995.