Skip to main content
SpringerLink
Log in

Detecting Memory Access Errors with Flow-Sensitive Conditional Range Analysis

  • Conference paper
Embedded Software and Systems (ICESS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3820))

Included in the following conference series:

Abstract

Accessing an out-of-bounds memory address can lead to nondeterministic behaviors or elusive crashes. Static analysis can detect memory access errors from program source codes without runtime overhead, but existing techniques are either very imprecise or exponential cost. This paper proposes a precise and effective method to detect memory access errors. Firstly, it generates a state for each statement with a flow-sensitive, inter-procedural algorithm. A state includes not only range constraints like the traditional range analysis, but also occurrence conditions of the range constraints. Secondly, it solves states of memory access statement to evaluate the sizes of accessed memory bounds. The costs of state generation and state resolution are polynomial. We have implemented a prototype of the analysis method. Applied to 7 popular programs, the prototype found 40 memory access errors with a high precision of 80%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CERT/CC. Advisories, http://www.cert.org/advisories

  2. Yichen, X., Andy, C., Dawson, E.: ARCHER: Using Symbolic, Path-sensitive Analysis to Detect Memory Access Errors. In: European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), Helsinki, Finland (2003)

    Google Scholar 

  3. Benjamin Livshits, V., Monica, S.L.: Tracking Pointers with Path and Context Sensitivity for Bug Detection in C Programs. In: ESEC/FSE, Helsinki, Finland (2003)

    Google Scholar 

  4. Wagner, D., Foster, J., Brewer, E., Aiken, A.: A first step towards automated detection of buffer overrun vulnerabilities. In: The Symposium on Network and Distributed Systems Security, USA (2000)

    Google Scholar 

  5. Vinod, G., Somesh, J., David, C., David, M., David, V.: Buffer Overrun Detection using Linear Programming and Static Analysis. In: ACM conference on computer and communications security, USA (2003)

    Google Scholar 

  6. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: ACM Symposium on PLDI, USA (1977)

    Google Scholar 

  7. Wunderling, R.: Paralleler und Objektorientierter Simplex-Algorithmus. PhD thesis, Konrad-Zuse-Zentrum fur Informationstechnik Berlin, TR (1996)

    Google Scholar 

  8. Blume, W., Eigenmann, R.: Symbolic range propagation. In: The 9th International Parallel Processing Symposium, USA (1995)

    Google Scholar 

  9. Suan, H.Y., Susan, H.: Pointer-Range analysis. In: Static Analysis Symposium, Italy (2004)

    Google Scholar 

  10. Chris, L., Vikram, A.: LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In: 2nd IEEE / ACM International Symposium on Code Generation and Optimization, USA (2004)

    Google Scholar 

  11. LLVM Language Reference Manual, http://llvm.cs.uiuc.edu/docs

  12. Hastings, R., Joyce, B.: Purify: Fast detection of memory leaks and access errors. In: The Winter USENIX Conference, USA (1992)

    Google Scholar 

  13. Jones, R., Kelly, P.: Backwards-compatible bounds checking for arrays and pointers in C programs. In: The International Workshop on Automatic Debugging, Sweden (1997)

    Google Scholar 

  14. Greg, M.: Bounds Checking Projects, http://gcc.gnu.org/projects/bp/main.html

  15. Olatunji, R., Monica, S.L.: A Practical Dynamic Buffer Overrun Detector. In: Network and Distributed System Security Symposium, USA (2004)

    Google Scholar 

  16. John, W., Mariam, K.: A Comparison of Publicly Available Tools for Dynamic Buffer Overrun Prevention. In: Network and Distributed System Security Symposium, USA (2003)

    Google Scholar 

  17. Nurit, D., Michael, R., Mooly, S.: CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Overruns in C. In: ACM Conference on PLDI, USA (2003)

    Google Scholar 

  18. David, E., David, L.: Improving Security Using Extensible Lightweight Static Analysis. IEEE Software (January/February 2002)

    Google Scholar 

  19. Arnaud, V., Guillaume, B.: Precise and Efficient Static Array Bound Checking for Large Embedded C Programs. In: ACM Conference on PLDI, USA (2004)

    Google Scholar 

  20. Steensgaard, B.: Points-to Analysis in Almost Linear Time. In: ACM Conference on PLDI, USA (1996)

    Google Scholar 

  21. Manuvir, D.: Unification-based pointer analysis with directional assignments. In: ACM Conference on PLDI, USA (2000)

    Google Scholar 

  22. Thomas, H.C., Charles, E.L., Ronald, L.R., Clifford, S.: Introduction to algorithms. The MIT Press, Cambridge (2001)

    MATH  Google Scholar 

  23. Rice, H.G.: Classes of Recursively Enumerable Sets and their Decision Problems. Transactions of the American Mathematical Society (89), 25–29 (1953)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, National University of Defense Technology, Changsha, 410073, P.R. China

    Yimin Xia, Jun Luo & Minxuan Zhang

Authors
  1. Yimin Xia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jun Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Minxuan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, St. Francis Xavier University, Antigonish, Canada

    Laurence T. Yang

  2. School of Computer Science, Northwestern Polytechnical University, 710072, Xi’an, P.R. China

    Xingshe Zhou

  3. Department of Radiology, State University of New York at Stony Brook, L-4, 120 Health Sciences Center, 1793-8460, Stony Brook, New York

    Wei Zhao

  4. College of Computer Science, Zhejiang University, 310027, Hangzhou, Zhejiang, China

    Zhaohui Wu

  5. Northwestern Polytechnical University, No. 127 West Youyi Road, P.O. Box 404, 710072, Xi’an City, Shaanxi Province, China

    Yian Zhu

  6. Department of Mathematics, Statistics and Computer Science, St. Francis Xavier University,  

    Man Lin

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Xia, Y., Luo, J., Zhang, M. (2005). Detecting Memory Access Errors with Flow-Sensitive Conditional Range Analysis. In: Yang, L.T., Zhou, X., Zhao, W., Wu, Z., Zhu, Y., Lin, M. (eds) Embedded Software and Systems. ICESS 2005. Lecture Notes in Computer Science, vol 3820. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599555_32

Download citation

  • DOI: https://doi.org/10.1007/11599555_32

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30881-2

  • Online ISBN: 978-3-540-32297-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation