This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

As-if Infinitely Ranged Integer Model


The Secure Coding Initiative at CERT has published a new Technical Note CMU/SEI-2009-TN-023 entitled "As-if Infinitely Ranged Integer Model". 

Abstract:

Integer overflow and wraparound are major causes of software vulnerabilities in the C and C++ programming languages. In this paper we present the as-if infinitely ranged (AIR) integer model, which provides a largely automated mechanism for eliminating integer overflow and integer truncation. The AIR integer model either produces a value equivalent to one that would have been obtained using infinitely ranged integers or results in a runtime constraint violation.? Unlike previous integer models, AIR integers do not require precise traps, and consequently do not break or inhibit most existing optimizations.

Authors:

David Keaton (self)
Thomas Plum (Plum Hall Inc.)
Robert C. Seacord (SEI/CERT)
David Svoboda (SEI/CERT)
Alex Volkovitsky (SEI/CERT)
Timothy Wilson (SEI/CERT)

A PDF Download of this paper is available at: 

http://www.sei.cmu.edu/publications/documents/09.reports/09tn023.html 

Source code for the As GCC 4.4.0 and GCC 4.5.0 (svn) prototypes can be downloaded form:
?
http://www.cert.org/secure-coding/integralsecurity.html 

I would be interested in hearing your opinions on this work, either publically or privately.? In particular I am interested in discussing the possibility of implementing this model in GCC.

We are continuing work on this project, as described in the report.

Thanks,
rCs

----
Robert C. Seacord
Secure Coding Team Lead
CERT / Software Engineering Institute
Work: +1 412.268.7608
FAX:??? +1 412.268.6989


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]