Filters








4,367 Hits in 4.6 sec

Eliminating Stack Overflow by Abstract Interpretation [chapter]

John Regehr, Alastair Reid, Kirk Webb
2003 Lecture Notes in Computer Science  
Our first contribution is a method for statically guaranteeing stack safety by performing whole-program analysis, using an approach based on context-sensitive abstract interpretation of machine code.  ...  Abstract interpretation permits our analysis to accurately model when interrupts are enabled and disabled, which is essential for accurately bounding the stack depth of typical embedded systems.  ...  after a dead-code elimination pass performed by nesC.  ... 
doi:10.1007/978-3-540-45212-6_20 fatcat:dhlzkmegpvanfesqldqgnhpkke

Eliminating stack overflow by abstract interpretation

John Regehr, Alastair Reid, Kirk Webb
2005 ACM Transactions on Embedded Computing Systems  
Our first contribution is a method for statically guaranteeing stack safety by performing whole-program analysis, using an approach based on context-sensitive abstract interpretation of machine code.  ...  Abstract interpretation permits our analysis to accurately model when interrupts are enabled and disabled, which is essential for accurately bounding the stack depth of typical embedded systems.  ...  after a dead-code elimination pass performed by nesC.  ... 
doi:10.1145/1113830.1113833 fatcat:33iivqgjcndb5oyrwyenczggvq

Exploring Research Interest in Stack Overflow – A Systematic Mapping Study and Quality Evaluation [article]

Sarah Meldrum, Sherlock A. Licorish, Bastin Tony Roy Savarimuthu
2020 arXiv   pre-print
This is a noteworthy issue when considering that the Stack Overflow platform is used by numerous software developers.  ...  Academic research tends to provide validation for the practices and processes employed by Stack Overflow and other such forums.  ...  s [37] original classification scheme as our inclusion/exclusion criteria eliminated such studies.  ... 
arXiv:2010.12282v1 fatcat:xshj45cir5g7lbt3bsc6poahea

Representing control in the presence of one-shot continuations

Carl Bruggeman, Oscar Waddell, R. Kent Dybvig
1996 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation - PLDI '96  
The implementation eliminates the copying overhead for one-shot continuations that is inherent in multi-shot continuations.  ...  This paper introduces one-shot continuations, shows how they interact with traditional multi-shot continuations, and describes a stack-based implementation of control that handles both one-shot and multi-shot  ...  We have described how the copying overhead incurred by multi-shot continuations can be eliminated for one-shot continuations.  ... 
doi:10.1145/231379.231395 dblp:conf/pldi/BruggemanWD96 fatcat:2nph6igkn5cfnpr74qntlluwie

Representing control in the presence of one-shot continuations

Carl Bruggeman, Oscar Waddell, R. Kent Dybvig
1996 SIGPLAN notices  
The implementation eliminates the copying overhead for one-shot continuations that is inherent in multi-shot continuations.  ...  This paper introduces one-shot continuations, shows how they interact with traditional multi-shot continuations, and describes a stack-based implementation of control that handles both one-shot and multi-shot  ...  We have described how the copying overhead incurred by multi-shot continuations can be eliminated for one-shot continuations.  ... 
doi:10.1145/249069.231395 fatcat:hdpacjyiz5bn5mfq5xrfa2ugiy

Holographic vulnerability studies

Jedidiah R. Crandall, Daniela Oliveira
2012 Proceedings of the 2012 workshop on New security paradigms - NSPW '12  
abstractions.  ...  First it was time-of-check-to-time-of-use, then buffer overflows, then SQL injection, then cross-site scripting.  ...  Jed Crandall is also supported by the Defense Advanced Research Projects Agency CRASH program under grant #P-1070-113237.  ... 
doi:10.1145/2413296.2413309 dblp:conf/nspw/CrandallO12 fatcat:ll6vefsbureadm4icdy2vbixum

Automatic exploit generation

Thanassis Avgerinos, Sang Kil Cha, Alexandre Rebert, Edward J. Schwartz, Maverick Woo, David Brumley
2014 Communications of the ACM  
This material is based upon work supported by the National Science Foundation under Grant No. 0953751.  ...  This work is also partially supported by grants from Northrop Grumman as part of the Cybersecurity Research Consortium, from Lockheed Martin, and from DARPA Grant No. N10AP20021.  ...  Since ptr is also on the stack, the contents of ptr are garbled by the stack overflow, and might cause the program to crash before the return instruction.  ... 
doi:10.1145/2560217.2560219 fatcat:zag6jznqmfcxjnoeppcgwde2oe

Paradise unplugged: identifying barriers for female participation on stack overflow

Denae Ford, Justin Smith, Philip J. Guo, Chris Parnin
2016 Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2016  
However, in online communities, such as Stack Overflow, this gender gap is even more extreme: only 5.8% of contributors are female.  ...  Still, there were other barriers that equally impacted all Stack Overflow users or affected particular groups, such as industry programmers.  ...  This material is based upon work supported by the National Science Foundation under grant number 1318323.  ... 
doi:10.1145/2950290.2950331 dblp:conf/sigsoft/FordSGP16 fatcat:ro4ey4f55fawvnuswbj3mjhyku

A Taxonomy of Buffer Overflow Characteristics

Matt Bishop, Sophie Engle, Damien Howard, Sean Whalen
2012 IEEE Transactions on Dependable and Secure Computing  
This work develops a taxonomy of buffer overflow vulnerabilities based upon characteristics, or preconditions that must hold for an exploitable buffer overflow to exist.  ...  Significant work on vulnerabilities focuses on buffer overflows, in which data exceeding the bounds of an array is loaded into the array.  ...  This work was supported in part by grant CCF-0905503 from the US National Science Foundation (NSF) to the University of California at Davis.  ... 
doi:10.1109/tdsc.2012.10 fatcat:g7qw7dizu5h7hmaxgbym3vzene

Validation of memory accesses through symbolic analyses

Henrique Nazaré, Izabela Maffra, Willer Santos, Leonardo Barbosa, Laure Gonnord, Fernando Magno Quintão Pereira
2014 Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications - OOPSLA '14  
We validate our claims by incorporating our findings into AddressSanitizer.  ...  Secondly, we show how to deal with integer overflows, a phenomenon that can compromise the correctness of static algorithms that validate memory accesses.  ...  The GreenArrays project is supported by the Intel Corporation (the eCoSoC project), FAPEMIG (the Feps II project), and CAPES (AEX).  ... 
doi:10.1145/2660193.2660205 dblp:conf/oopsla/NazareMSBGP14 fatcat:33stkzvjgbhb3iqp4utnrtpfri

Validation of memory accesses through symbolic analyses

Henrique Nazaré, Izabela Maffra, Willer Santos, Leonardo Barbosa, Laure Gonnord, Fernando Magno Quintão Pereira
2014 SIGPLAN notices  
We validate our claims by incorporating our findings into AddressSanitizer.  ...  Secondly, we show how to deal with integer overflows, a phenomenon that can compromise the correctness of static algorithms that validate memory accesses.  ...  The GreenArrays project is supported by the Intel Corporation (the eCoSoC project), FAPEMIG (the Feps II project), and CAPES (AEX).  ... 
doi:10.1145/2714064.2660205 fatcat:j46w5ih5qreptb7muwzagounum

Later Binding: Just-in-Time Compilation of a Younger Dynamic Programming Language

Max Rottenkolber
2020 European Lisp Symposium  
By using a technique known as tracing just-in-time compilation LuaJIT is able to evaluate high-level language features with great efficiency.  ...  It does this by using only a conservative set of optimization passes, and without resorting to explicit type declarations, or abandoning type safety.  ...  [Soldatov and IPONWEB 2018] After all, the stack overhead of the interpreter is rendered mostly irrelevant in our emitted code.  ... 
doi:10.5281/zenodo.3743225 dblp:conf/els/Rottenkolber20 fatcat:opk6yid3ijhstaimhyiiiyulbm

Low-Level Software Security by Example [chapter]

Úlfar Erlingsson, Yves Younan, Frank Piessens
2010 Handbook of Information and Communication Security  
higher on the stack, and which may have been corrupted by the overflow.)  ...  Some compiler techniques, such as bounds checking, can reduce or eliminate the problem of buffer-overflow vulnerabilities.  ... 
doi:10.1007/978-3-642-04117-4_30 fatcat:k2ncofehifb3nafuscxfmvgxcu

The Correctness-Security Gap in Compiler Optimization

Vijay D'Silva, Mathias Payer, Dawn Song
2015 2015 IEEE Security and Privacy Workshops  
We propose a broad research programme whose goal is to identify, understand, and mitigate the impact of security errors introduced by compiler optimizations.  ...  In this paper, we introduce the correctness-security gap, which arises when a compiler optimization preserves the functionality of but violates a security guarantee made by source code.  ...  Compiler correctness has been formalized in terms of the theory of abstract interpretation in [13] .  ... 
doi:10.1109/spw.2015.33 dblp:conf/sp/DSilvaPS15 fatcat:rlqjzaynvfbmtk4x3cwi77na2e

Buffer Overflow Detection via Static Analysis: Expectations vs. Reality
Статический анализ для поиска переполнения буфера: актуальные направления развитияалгоритмов

I.A. Dudina
2018 Proceedings of the Institute for System Programming of RAS  
Now it can perform interprocedural context-and path-sensitive analysis to detect buffer overflow mainly for static and stack objects with approximately 65% true positive ratio.  ...  Besides, it does not include defects eliminated during the development process (probably with the help of some static analyzer).  ...  To achieve this, many tools use the idea of abstract interpretation [2] .  ... 
doi:10.15514/ispras-2018-30(3)-2 fatcat:nk3gcaxlfvcwfebnq6woqjsrpq
« Previous Showing results 1 — 15 out of 4,367 results