Inter-procedural buffer overflows detection in C/C++ source code via static analysis

We propose inter-procedural static analysis tool for buffer overflow detection. It is based on previously developed intra-procedural algorithm which uses symbolic execution with state merging. This algorithm is path-sensitive and supports tracking several kinds of value relations such as arithmetic...

Full description

Bibliographic Details
Published in:	Труды Института системного программирования РАН
Main Author:	I. . Dudina
Format:	Article
Language:	English
Published:	Russian Academy of Sciences, Ivannikov Institute for System Programming 2018-10-01
Subjects:	статический анализ поиск дефектов переполнение буфера чувствительность к путям контекстная чувствительность межпроцедурный анализ символьное исполнение
Online Access:	https://ispranproceedings.elpub.ru/jour/article/view/173

Similar Items

Statically detecting buffer overflows in C/C++
by: I. . Dudina, et al.
Published: (2018-10-01)

Path-sensitive bug detection analysis of C# program illustrated by null pointer dereference
by: V. . Koshelev, et al.
Published: (2018-10-01)

C# static analysis framework
by: V. . Koshelev, et al.
Published: (2018-10-01)

Buffer Overflow Detection via Static Analysis: Expectations vs. Reality
by: I. A. Dudina
Published: (2018-10-01)

An approach to the C string analysis for buffer overflow detection
by: I. A. Dudina, et al.
Published: (2018-12-01)

A static analysis tool Svace as a collection of analyzers with various complexity levels
by: A. . Borodin, et al.
Published: (2018-10-01)

Platform for interprocedural static analysis of binary code
by: H. K. Aslanyan
Published: (2018-12-01)

Summary-based method of implementing arbitrary context-sensitive checks for source-based analysis via symbolic execution
by: A. . Dergachev, et al.
Published: (2018-10-01)

Combining dynamic symbolic execution, code static analysis and fuzzing
by: A. Yu. Gerasimov, et al.
Published: (2019-02-01)

Method for exploitability estimation of program bugs
by: A. N. Fedotov
Published: (2018-10-01)

Using static analysis for finding security vulnerabilities and critical errors in source code
by: Arutyun Avetisyan, et al.
Published: (2018-10-01)

Static analyzer Svace for finding of defects in program source code
by: V. P. Ivannikov, et al.
Published: (2018-10-01)

Interprocedural taint analysis for LLVM-bitcode
by: V. K. Koshelev, et al.
Published: (2018-10-01)

Formalization of Error Criteria for static symbolic execution
by: V. K. Koshelev
Published: (2018-10-01)

Buffer overrun detection method in binary code
by: V. V. Kaushan
Published: (2018-10-01)

Incremental source code analysis for C/C++ languages
by: V. O. Savitsky, et al.
Published: (2018-10-01)

Using unreachable code analysis in static analysis tool for finding defects in source code
by: R. R. Mulyukov, et al.
Published: (2018-10-01)

Generation of the weakest preconditions of programs with dynamic memory in symbolic execution
by: A. V. Misonizhnik, et al.
Published: (2024-12-01)

Type inference for Python programming language
by: I. E. Bronshteyn
Published: (2018-10-01)

When stack protection does not protect the stack?
by: Pavel Dovgalyuk, et al.
Published: (2018-10-01)

Next generation intermediate representations for binary code analysis
by: M. A. Solovev, et al.
Published: (2019-02-01)

Automated exploit generation method for stack buffer overflow vulnerabilities
by: V. A. Padaryan, et al.
Published: (2018-10-01)

Approach to detecting types inconsistency errors in a program code in dynamic languages
by: I. E. Bronshteyn
Published: (2018-10-01)

An approach of reachability determination for static analysis defects with help of dynamic symbolic execution
by: A. Y. Gerasimov, et al.
Published: (2018-10-01)

Vulnerabilities Detection via Static Taint Analysis
by: Nikita Vladimirovitch Chimtchik, et al.
Published: (2019-09-01)

Survey on static program analysis results refinement approaches
by: A. Y. Gerasimov
Published: (2018-10-01)

Supporting Java programming in the Svace static analyzer
by: A. P. Merkulov, et al.
Published: (2018-10-01)

Using different views java-programs for static analysis
by: E. A. Karpulevitch
Published: (2018-10-01)

Preventing Attacks on the Easiest Applications with Vulnerabilities by Verification of Their Committed System Calls
by: M. A. Parinov, et al.
Published: (2022-08-01)

ИССЛЕДОВАНИЕ ВОСПРИИМЧИВОСТИ HELIX POMATIA (MOLLUSCA, HELICIDAE) К ПРОТОСТРОНГИЛИДАМ (NEMATODA: PROTOSTRONGYLIDAE) ПРИ МНОГОКРАТНОМ ЗАРАЖЕНИИ
Published: (2016-05-01)

Static Verification Tools for C Programs and Linux Device Drivers: A Survey
by: M. U. Mandrykin, et al.
Published: (2018-10-01)

Input data generation for reaching specific function in program by iterative dynamic analysis
by: A. Y. Gerasimov, et al.
Published: (2018-10-01)

Static detection of error of double locking of mutex
by: Alexey Borodin
Published: (2018-10-01)

Building security predicates for some types of vulnerabilities
by: A. N. Fedotov, et al.
Published: (2018-10-01)

Analysis of program changes nature and searching for unpatched code fragments
by: Mariam Seropovna Arutunian, et al.
Published: (2019-04-01)

Methods and software tools for combined binary code analysis
by: V. A. Padaryan, et al.
Published: (2018-10-01)

Синтез и сенсорные свойства наноматериалов на основе оксида вольфрама (VI)
by: Алексей Владимирович Шапошник, et al.
Published: (2024-06-01)

Analyzing C/C++ code entities and relations for program understanding
by: A. . Belevantsev, et al.
Published: (2018-10-01)

УСТОЙЧИВОСТЬ И РЕЗИСТЕНТНОСТЬ К АНТИБИОТИКАМ ДИАРЕЕГЕННЫХ ESCHERICHIA COLI У ФЕКАЛЬНЫХ НОСИТЕЛЕЙ РАННЕГО ДЕТСКОГО ВОЗРАСТА
by: М. Павлова, et al.
Published: (2023-12-01)

A static approach to estimation of execution time of components in AADL models
by: A. M. Troitskiy, et al.
Published: (2018-10-01)