Carraybound:基于污染分析的C程序中的静态数组边界检查

Proceedings of the 8th Asia-Pacific Symposium on Internetware Pub Date : 2016-09-18 DOI:10.1145/2993717.2993724

Fengjuan Gao, Tianjiao Chen, Yu Wang, Lingyun Situ, Linzhang Wang, Xuandong Li

{"title":"Carraybound:基于污染分析的C程序中的静态数组边界检查","authors":"Fengjuan Gao, Tianjiao Chen, Yu Wang, Lingyun Situ, Linzhang Wang, Xuandong Li","doi":"10.1145/2993717.2993724","DOIUrl":null,"url":null,"abstract":"C programming language never performs automatic bounds checking in order to speed up execution. But bounds checking is absolutely necessary in any program. Because if a variable is out-of-bounds, some serious errors may occur during execution, such as endless loop or buffer overflows. When there are arrays used in a program, the index of an array must be within the boundary of the array. But programmers always miss the array bounds checking or do not perform a correct array bounds checking. In this paper, we perform static analysis based on taint analysis and data flow analysis to detect which arrays do not have correct array bounds checking in the program. And we implement an automatic static tool, Carraybound. And the experimental results show that Carraybound can work effectively and efficiently.","PeriodicalId":20631,"journal":{"name":"Proceedings of the 8th Asia-Pacific Symposium on Internetware","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2016-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Carraybound: static array bounds checking in C programs based on taint analysis\",\"authors\":\"Fengjuan Gao, Tianjiao Chen, Yu Wang, Lingyun Situ, Linzhang Wang, Xuandong Li\",\"doi\":\"10.1145/2993717.2993724\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"C programming language never performs automatic bounds checking in order to speed up execution. But bounds checking is absolutely necessary in any program. Because if a variable is out-of-bounds, some serious errors may occur during execution, such as endless loop or buffer overflows. When there are arrays used in a program, the index of an array must be within the boundary of the array. But programmers always miss the array bounds checking or do not perform a correct array bounds checking. In this paper, we perform static analysis based on taint analysis and data flow analysis to detect which arrays do not have correct array bounds checking in the program. And we implement an automatic static tool, Carraybound. And the experimental results show that Carraybound can work effectively and efficiently.\",\"PeriodicalId\":20631,\"journal\":{\"name\":\"Proceedings of the 8th Asia-Pacific Symposium on Internetware\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-09-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 8th Asia-Pacific Symposium on Internetware\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2993717.2993724\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 8th Asia-Pacific Symposium on Internetware","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2993717.2993724","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

C语言从来没有为了提高执行速度而进行自动边界检查。但是边界检查在任何程序中都是绝对必要的。因为如果一个变量越界，在执行过程中可能会发生一些严重的错误，比如无限循环或缓冲区溢出。当程序中使用数组时，数组的索引必须在数组的边界内。但是程序员总是忽略数组边界检查，或者没有执行正确的数组边界检查。在本文中，我们执行基于污点分析和数据流分析的静态分析，以检测程序中哪些数组没有正确的数组边界检查。我们实现了一个自动静态工具，Carraybound。实验结果表明，Carraybound算法能够有效地进行定位。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Carraybound: static array bounds checking in C programs based on taint analysis

C programming language never performs automatic bounds checking in order to speed up execution. But bounds checking is absolutely necessary in any program. Because if a variable is out-of-bounds, some serious errors may occur during execution, such as endless loop or buffer overflows. When there are arrays used in a program, the index of an array must be within the boundary of the array. But programmers always miss the array bounds checking or do not perform a correct array bounds checking. In this paper, we perform static analysis based on taint analysis and data flow analysis to detect which arrays do not have correct array bounds checking in the program. And we implement an automatic static tool, Carraybound. And the experimental results show that Carraybound can work effectively and efficiently.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 8th Asia-Pacific Symposium on Internetware

自引率

0.00%

发文量