This is the mail archive of the
mailing list for the GCC project.
As-if Infinitely Ranged Integer Model
- From: Robert Seacord <rcs at cert dot org>
- To: "'gcc at gcc dot gnu dot org'" <gcc at gcc dot gnu dot org>
- Date: Fri, 24 Jul 2009 04:12:58 -0400
- Subject: As-if Infinitely Ranged Integer Model
- References: <6A6ECBC0FF056D4998DC6232D489ED6A0155F9710EE7@EXCHANGE.sei.cmu.edu>
The Secure Coding Initiative at CERT has published a new Technical Note CMU/SEI-2009-TN-023 entitled "As-if Infinitely Ranged Integer Model".
Integer overflow and wraparound are major causes of software vulnerabilities in the C and C++ programming languages. In this paper we present the as-if infinitely ranged (AIR) integer model, which provides a largely automated mechanism for eliminating integer overflow and integer truncation. The AIR integer model either produces a value equivalent to one that would have been obtained using infinitely ranged integers or results in a runtime constraint violation.? Unlike previous integer models, AIR integers do not require precise traps, and consequently do not break or inhibit most existing optimizations.
David Keaton (self)
Thomas Plum (Plum Hall Inc.)
Robert C. Seacord (SEI/CERT)
David Svoboda (SEI/CERT)
Alex Volkovitsky (SEI/CERT)
Timothy Wilson (SEI/CERT)
A PDF Download of this paper is available at:
Source code for the As GCC 4.4.0 and GCC 4.5.0 (svn) prototypes can be downloaded form:
I would be interested in hearing your opinions on this work, either publically or privately.? In particular I am interested in discussing the possibility of implementing this model in GCC.
We are continuing work on this project, as described in the report.
Robert C. Seacord
Secure Coding Team Lead
CERT / Software Engineering Institute
Work: +1 412.268.7608
FAX:??? +1 412.268.6989