Title :
Simplifying Buffer Overflow Detection Using Site-Safe Expressions
Author :
Chen, Shikun ; Li, Zhoujun
Author_Institution :
Sch. of Comput. Sci., Nat. Univ. of Defence Technol., Changsha, China
Abstract :
We present a highly automated technique to identify buffer overflows in C source code, and implement the approach in our prototype cboc. It is a sound tool, and of particular significance is its ability to easily deal with pointer expressions and dynamic memory allocations, which are integral parts of the buffer overflow problem. Our implementation hinges on a key design consideration: introducing the notion of site-safe expression allows us to manage pointer de-reference expediently, and the expense is that it may yield some false alarms. Fortunately, only a small number of false alarms are reported, and all probable false alarms belong to a special alarm type non-site-safe. Experiments show that cboc is competitive with state-of-the-art model checker CBMC.
Keywords :
program verification; C source code; buffer overflow detection; buffer overflow problem; dynamic memory allocations; false alarms; formal verification; model checker; pointer dereference; site-safe expressions; Arithmetic; Buffer overflow; Computer science; Contracts; Data mining; Fasteners; Information science; Natural languages; Prototypes; Safety; buffer overflow; pointers; symbolic execution;
Conference_Titel :
Computer and Information Science, 2009. ICIS 2009. Eighth IEEE/ACIS International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-0-7695-3641-5
DOI :
10.1109/ICIS.2009.158
