Open Access
Detecting Errors with Configurable Whole-program Dataflow Analysis
Samuel Z. Guyer,Emery D. Berger,Calvin Lin +2 more
- 01 Jan 2002
TL;DR: An automatic compiler-based approach for detecting programming errors that uses a configurable and scalable whole-program dataflow analysis engine driven by highlevel programmer-written annotations that can automatically detect a wide range of programmer errors in C programs.
read more
Abstract: In this paper, we present an automatic compiler-based approach for detecting programming errors. Our system uses a configurable and scalable whole-program dataflow analysis engine driven by highlevel programmer-written annotations. We show that our system can automatically detect a wide range of programmer errors in C programs, including improper use of libraries, information leaks, and security vulnerabilities. We show that the aggressive compiler analysis that our system performs yields precise results. Further, our system detects a wide range of errors with greater scalability than previous automatic approaches. For one important class of security vulnerabilities, our system automatically finds all known errors in five medium to large C programs without producing any false positives.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Patent
Apparatus and method for analyzing and supplementing a program to provide security
Brian Chess,Arthur Do,Roger Thornton +2 more
- 25 Aug 2006
TL;DR: In this paper, the authors propose to insert protective instructions into program instructions to detect and respond to attacks during execution of the program instructions, such as injection vulnerabilities, potential repetitive attacks, sensitive information, and HTTP attributes.
310
Broadway: A Compiler for Exploiting the Domain-Specific Semantics of Software Libraries
Samuel Z. Guyer,Calvin Lin +1 more
- 27 Jun 2005
TL;DR: This paper describes the Broadway compiler and its experiences in using it to support domain-specific compiler optimizations, and describes how this system can optimize parallel linear algebra codes written using the PLAPACK library.
Error checking with client-driven pointer analysis
Samuel Z. Guyer,Calvin Lin +1 more
- 01 Oct 2005
TL;DR: A new client-driven pointer analysis algorithm that automatically adjusts its precision in response to the needs of client analyses is presented, often producing results as accurate as fixed-precision algorithms that are many times more costly.
Large-scale analysis of format string vulnerabilities in Debian Linux
Karl Chen,David Wagner +1 more
- 14 Jun 2007
TL;DR: This article used type-qualifier inference to detect format string vulnerabilities in C/C++ source code in the Debian 3.1 Linux distribution and found 1,533 format string taint warnings.
Preventing format-string attacks via automatic and efficient dynamic checking
Michael F. Ringenburg,Dan Grossman +1 more
- 07 Nov 2005
TL;DR: This work proposes preventing format-string attacks with a combination of static dataflow analysis and dynamic white-lists of safe address ranges, which establish that this approach provides better protection than previous work and incurs little performance overhead.
References
Temporal and modal logic
E. Allen Emerson
- 02 Jan 1991
TL;DR: In this article, a multiaxis classification of temporal and modal logic is presented, and the formal syntax and semantics for two representative systems of propositional branching-time temporal logics are described.
3.1K
Design and code inspections to reduce errors in program development
Michael Fagan
- 01 Jan 2002
TL;DR: It is shown that by using inspection results, a mechanism for initial error reduction followed by ever-improving error rates can be achieved.
1.2K
Abstract Interpretation Frameworks
Patrick Cousot,Radhia Cousot +1 more
TL;DR: Interpretation Frameworks Patrick Cousot LIENS, Ecole Normale Superieur Superieure 45, rue d’Ulm 75230 Paris cedex 05 (France) cousot@dmi.ens.fr Radhia Cousot LIX, ecole Polytechnique 91128 Palaiseau cedEx ( France) radhia@polytechnique.fr
•Proceedings Article
Detecting format string vulnerabilities with type qualifiers
Umesh Shankar,Kunal Talwar,Jeffrey S. Foster,David Wagner +3 more
- 13 Aug 2001
TL;DR: A new system for automatically detecting format string security vulnerabilities in C programs using a constraint-based type-inference engine and new techniques for presenting the results of such an analysis to the user in a form that makes bugs easier to find and to fix are presented.
•Book
Programming perl, third edition
Larry Wall,Tom Christiansen,Jon Orwant +2 more
- 14 Jul 2000
TL;DR: Programming Perl as discussed by the authors is a comprehensive introduction to the Perl language and its culture, as one might expect only from its authors, and it has been widely used in the Perl community.
68