Carraybound: static array bounds checking in C programs based on taint analysis

Fengjuan Gao, Tianjiao Chen, Yu Wang, Lingyun Situ, Linzhang Wang, Xuandong Li
{"title":"Carraybound: static array bounds checking in C programs based on taint analysis","authors":"Fengjuan Gao, Tianjiao Chen, Yu Wang, Lingyun Situ, Linzhang Wang, Xuandong Li","doi":"10.1145/2993717.2993724","DOIUrl":null,"url":null,"abstract":"C programming language never performs automatic bounds checking in order to speed up execution. But bounds checking is absolutely necessary in any program. Because if a variable is out-of-bounds, some serious errors may occur during execution, such as endless loop or buffer overflows. When there are arrays used in a program, the index of an array must be within the boundary of the array. But programmers always miss the array bounds checking or do not perform a correct array bounds checking. In this paper, we perform static analysis based on taint analysis and data flow analysis to detect which arrays do not have correct array bounds checking in the program. And we implement an automatic static tool, Carraybound. And the experimental results show that Carraybound can work effectively and efficiently.","PeriodicalId":20631,"journal":{"name":"Proceedings of the 8th Asia-Pacific Symposium on Internetware","volume":"3 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2016-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 8th Asia-Pacific Symposium on Internetware","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2993717.2993724","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8

Abstract

C programming language never performs automatic bounds checking in order to speed up execution. But bounds checking is absolutely necessary in any program. Because if a variable is out-of-bounds, some serious errors may occur during execution, such as endless loop or buffer overflows. When there are arrays used in a program, the index of an array must be within the boundary of the array. But programmers always miss the array bounds checking or do not perform a correct array bounds checking. In this paper, we perform static analysis based on taint analysis and data flow analysis to detect which arrays do not have correct array bounds checking in the program. And we implement an automatic static tool, Carraybound. And the experimental results show that Carraybound can work effectively and efficiently.
Carraybound:基于污染分析的C程序中的静态数组边界检查
C语言从来没有为了提高执行速度而进行自动边界检查。但是边界检查在任何程序中都是绝对必要的。因为如果一个变量越界,在执行过程中可能会发生一些严重的错误,比如无限循环或缓冲区溢出。当程序中使用数组时,数组的索引必须在数组的边界内。但是程序员总是忽略数组边界检查,或者没有执行正确的数组边界检查。在本文中,我们执行基于污点分析和数据流分析的静态分析,以检测程序中哪些数组没有正确的数组边界检查。我们实现了一个自动静态工具,Carraybound。实验结果表明,Carraybound算法能够有效地进行定位。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信