This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

As-if Infinitely Ranged Integer Model

The Secure Coding Initiative at CERT has published a new Technical Note CMU/SEI-2009-TN-023 entitled "As-if Infinitely Ranged Integer Model". 


Integer overflow and wraparound are major causes of software vulnerabilities in the C and C++ programming languages. In this paper we present the as-if infinitely ranged (AIR) integer model, which provides a largely automated mechanism for eliminating integer overflow and integer truncation. The AIR integer model either produces a value equivalent to one that would have been obtained using infinitely ranged integers or results in a runtime constraint violation.? Unlike previous integer models, AIR integers do not require precise traps, and consequently do not break or inhibit most existing optimizations.


David Keaton (self)
Thomas Plum (Plum Hall Inc.)
Robert C. Seacord (SEI/CERT)
David Svoboda (SEI/CERT)
Alex Volkovitsky (SEI/CERT)
Timothy Wilson (SEI/CERT)

A PDF Download of this paper is available at: 

Source code for the As GCC 4.4.0 and GCC 4.5.0 (svn) prototypes can be downloaded form:

I would be interested in hearing your opinions on this work, either publically or privately.? In particular I am interested in discussing the possibility of implementing this model in GCC.

We are continuing work on this project, as described in the report.


Robert C. Seacord
Secure Coding Team Lead
CERT / Software Engineering Institute
Work: +1 412.268.7608
FAX:??? +1 412.268.6989

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]